last executing test programs:

1m55.248330207s ago: executing program 32 (id=25):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000001200)=0x8a4, 0x4)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr', 0x3)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000100)=[{0x6, 0x7, 0x0, 0x8001}]}, 0x10)
stat(0x0, 0x0)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)

1m14.615265833s ago: executing program 1 (id=288):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000140)={'ip6tnl0\x00', &(0x7f0000000040)={'ip6_vti0\x00', <r1=>0x0, 0x2f, 0x2, 0x4, 0xec58, 0x40, @mcast1, @private2, 0x7, 0x1, 0x8, 0x8}})
sendmsg$nl_route_sched(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=@getchain={0x3c, 0x66, 0x0, 0x70bd25, 0x25dfdbfc, {0x0, 0x0, 0x0, r1, {0x2, 0xd}, {0x2}, {0xf, 0xa}}, [{0x8, 0xb, 0x8}, {0x8, 0xb, 0x3f}, {0x8, 0xb, 0x3d}]}, 0x3c}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000d00000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r2], 0x0, 0x2, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb2570000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sched_setaffinity(r3, 0x8, &(0x7f0000000000)=0x6)
clock_getres(0x8, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r9, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
syz_mount_image$ext4(0x0, &(0x7f00000001c0)='./file0\x00', 0x2169802, 0x0, 0x0, 0x0, &(0x7f00000001c0))
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r10=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r10, &(0x7f0000000200)=ANY=[@ANYBLOB="1500000065ffff"], 0x15)
r11 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0xf, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r11}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1c}, {}, {0x85, 0x0, 0x0, 0x47}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1m13.544700995s ago: executing program 1 (id=289):
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x248, 0x9b99}, 0x37, [0xfffffff8, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x7, 0x4, 0x25cd, 0x1, 0xb1, 0xa, 0xa2b9, 0x6, 0x7, 0xe4, 0x6, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x1, 0x8, 0xd, 0x4, 0x12a3, 0x6, 0x1, 0x2, 0x6, 0x7, 0x81, 0x8a, 0x79, 0x8002, 0x10000, 0x0, 0x91, 0x4, 0x4, 0x16, 0x8, 0x5, 0x401, 0xfffffff5, 0x405, 0xa7, 0xc1, 0x9, 0xf9a2, 0x80000001, 0xff, 0x6, 0x2, 0x2, 0x2, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x9, 0x4], [0x9, 0x23, 0x6, 0x9, 0x4, 0xc66, 0xa8a9, 0x20000073, 0x8e, 0x8, 0x7, 0x5, 0x2, 0x809, 0x4, 0xa7, 0x1000, 0x0, 0x200b398, 0x400080, 0x1, 0x4, 0x1c, 0x7, 0x1, 0x4, 0x3, 0xb, 0xffffff7f, 0x400, 0x6, 0x4c2336d3, 0x4, 0x0, 0xfffffff4, 0x401, 0x46, 0xf1, 0x4, 0x1, 0x4, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x1, 0x1cb, 0x1, 0x80000004, 0x6, 0x438, 0x2, 0x9, 0x95, 0x7fffffff, 0x4, 0xfffffff9, 0x1, 0x1000, 0xfffff801, 0x5], [0x7, 0x2, 0xffff, 0xc, 0x2, 0x2e6bf783, 0x80000005, 0x5, 0x5, 0x491, 0x9, 0x200006, 0x8, 0x400, 0x2, 0x400, 0x41, 0xa, 0xee4b, 0x2000004, 0x1, 0x8000003, 0x5, 0x9, 0x3, 0x3, 0x9, 0x3, 0xc7, 0xffe, 0x100007, 0x2, 0x400, 0x3e55, 0x1, 0xd3, 0x8, 0x3437, 0x3, 0xd, 0x7, 0x601, 0x101, 0xdd80, 0x60a0, 0x7f, 0x9d2e, 0x10000, 0x1, 0x2, 0x2, 0x6, 0x20008000, 0x3, 0x3, 0xd500, 0x8, 0x77, 0x9, 0x2, 0x10000, 0xfffffffd, 0x8, 0x1], [0xa772, 0x6, 0x5, 0x1afa, 0xbfa, 0x8, 0x5, 0x7f, 0x55, 0x40, 0xff, 0x1005, 0x1, 0x7, 0x1e, 0x209, 0x81, 0x3, 0x9d86, 0xf5c, 0xfffffff7, 0x8, 0x140f2, 0x5396, 0x3, 0x6, 0x80008001, 0x7777, 0x1, 0x3, 0x100, 0xd8ce, 0x7fffffff, 0x100009, 0xc, 0x32c, 0x3, 0x1ff, 0x2010803, 0xffffffff, 0x10000, 0x0, 0x8004, 0x8, 0x3, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x6, 0xfffffff9, 0x5, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x6, 0x8, 0x14000, 0x1, 0x9]}, 0x45c)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x601, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
mount$9p_fd(0x0, 0x0, 0x0, 0x2804000, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0xfffffffffffffffe, 0x40000000000180, 0x2, 0x6, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0x7, 0x4, 0x5, 0x4, 0x8], 0x25000, 0x304})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = dup(r4)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x50, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

1m13.466398069s ago: executing program 3 (id=292):
futex(&(0x7f000000cffc)=0x1, 0x6, 0x4, 0x0, 0x0, 0x1)
futex(&(0x7f0000000000)=0x2, 0x5, 0x2, 0x0, &(0x7f0000000040)=0x88000, 0x3000005)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r3 = dup3(r2, r1, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$TIOCSBRK(r3, 0x5427)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/syz0\x00', 0x200002, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000440)="97713b46fbaa2b1044f2d408ffca802db4d770eb9874f493e0ef367e4bde497c403b450c72ff2417d079bb892435a1e107fa5c0ecd207d9e6f2a209bf148e6bc56955cb53347d1499097488fcad724a1"})
read$FUSE(r0, &(0x7f00000034c0)={0x2020}, 0x3ba)

1m12.59128282s ago: executing program 3 (id=295):
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
bind$netlink(0xffffffffffffffff, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x400}, 0xc)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r1 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
getsockopt$bt_rfcomm_RFCOMM_LM(r1, 0x12, 0x3, &(0x7f0000000000), &(0x7f0000000040)=0x4)
ioctl$TCXONC(r0, 0x540a, 0x0)
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000100)={0x9, 0x4e45, 0x7b4e, 0xff0, 0x16, "19cf3409340a45b6a2e4789781253f89df291f"})
unshare(0x62070e00)
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0)
ioctl$UI_GET_SYSNAME(r2, 0x8040552c, 0x0)

1m12.553967683s ago: executing program 3 (id=296):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'ip6tnl0\x00'})
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff, 0x4}, 0x10)
sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r0, <r1=>0xffffffffffffffff}, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x6, 0x10, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000000100000000000000086aa5b7080000000000007b8af8ff00000000b708000035f500007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000a40)={r2, 0x0, 0xe, 0x0, &(0x7f0000000680)="e02742e8680d85ff9782762f0800", 0x0, 0x80000800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

1m12.482761756s ago: executing program 1 (id=297):
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'wlan0\x00'})
getsockname$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000080))
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448e2, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x8001}, 0x4)
syz_emit_ethernet(0x2e, &(0x7f0000000000)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @random="e43f6642531e", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0xe000, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x1, 0x1, 0x10, 0x0, @void}}}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x1ffffc54, &(0x7f0000000680)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x40}, 0x94)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x2000, &(0x7f0000000000)='%', 0x0, 0xd01, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

1m10.69367424s ago: executing program 1 (id=301):
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000040)='./file0\x00', 0x10, &(0x7f0000000100)=ANY=[@ANYBLOB="73686f72746e616d653d77696e39352c73686f72746e616d653d77696e6e742c756e695f786c6174653d302c756e695f786c6174653d312c757466383d312c757466383d312c646973636172642c757466383d302c756e695f786c6174653d302c666c7573682c73686f72746e616d653d6d697865642c73686f72746e616d653d6c6f7765722c646f733178666c6f7070792c73686f72746e616d653d77696e6e742c73686f72746e616d653d6c6f7765722c757466382c0014697a7960fb374b722c64329787434c6c9f891d2e309efaf1d4e529e1ba0f697fedffb095592bc19d5a8f8141ee9bf46262f3a2b1452bf206c0e2ae8a465e6e1be6eeb5d588035a24458d476fc1f9a234cdc4ba352a41856102000000000000006357ee95fffb99cde923a6c2e7eee552c60119e2822287367b0526cec2098d6ef88304699e83b0d070ad82774d8cc230dc844fa4ed26ec244085d833e4e2309d01aea46150e5d791371358a8ecd02c1e8795d500af4694cc800962a672fd461d94ad695620623ccf81ae84a48df7d0ffafbb72f694c5e1bb70d4b394fd631e5801e7"], 0x3, 0x2b5, &(0x7f0000000380)="$eJzs3c9qY1UYAPDvpkkaLZIsXIngXczCjWUyWxdmkApiV0oW/gEdnBkYmjDQQGBUDF35BC5c+B7uXLlR3PgGgg/gziKFIze5TWKbpk1rWun8fpsezvm+nO/k3PYuLvf0s1f7ew+fDh4ffPV7NBpZVDrRicMsWlGJY6kUAMCtcJhS/Hmp+3u1sq6aAID1mrv/184I2Tzd9da6ywIA1uiDDz967/7u7s77ed6I6H8z7GYx+TkZv/84nkQvHsXdaMbR7FlASpP2O+/u7kQ1L7TiTn807BaZ/U9/nX9sUOS3oxmtxfntfGIufzTs1uLFiCyLeNIpCrkXzXj5VH4xvnNvQX506/F6o1xkMf92NOO3z+Np9OLh+JnGbP6v23n+dvr2ry8/LoKL/Gw07G6O42bSxnXvDQAAAAAAAAAAAAAAAAAAAAAAt9d2PtWKO/2iqzx/Z+NoPL79r/Hx+TqV8fgkP4uojxsnzgcapfj++Hydu3mep2wSPzvfpxqvVKN6YwsHAAAAAAAAAAAAAAAAAACA/5HBsy/2HvR6j/b/k0b5kv/0tf7Lfk5nrue1WB68udJcsVGGF7WejGn//El/2lMsYvXiD18a1vKIZTXXTvW8UNRz/hR/p5RSlkVcbZtqF5nrnMbW8pjiC/7xu6039h5k532HjeON+2F+qB77g2cn9jSyovHTLxfb7rTS5VdfElMvr5gLfc7WFX+J3vxjMlnZk62wilrZiLMuv8ZK1/M1/QECAAAAAAAAAAAAAAAAAACmZi/9Lhg8WJpaWVtRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHDNZv//f4XGqExeHJNSGk176rE/uOElAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Bz4JwAA///l5m1V")
mkdirat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x1c0)
pwrite64(0xffffffffffffffff, 0x0, 0x0, 0xe7c)
r0 = openat(0xffffffffffffff9c, 0x0, 0x143, 0x100)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0x40305829, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
umount2(0x0, 0x2)

1m10.68936952s ago: executing program 3 (id=302):
syz_mount_image$msdos(&(0x7f00000000c0), &(0x7f00000001c0)='./file0\x00', 0x800082, &(0x7f0000000680)=ANY=[@ANYBLOB="756d61736b3d30303030303030303030303030303030303030333737372c616c6c6f775f7574696d653d30303030303030332c000000000083ec4c0d6e84de0249d09f31ef580c3d00000000"], 0x1, 0x1b1, &(0x7f0000000240)="$eJzs3cFqE0EYB/Bv23UbxEPP4mHBi6egPkFUWiguCMoe9KRQvbQi2MvqqW/hG/gqvo7k1FskTmhoWcEetrvJ/n6XfOx/wnwzgcwpk/cPPp8cfzn79PPXj5hMsshnMYuLLPZjJ3YjOY8rstanAMDGuFgs4vci+Y/hz2+hJQCgYzc8/wGALeD8B4Dxcf4DwPi8efvu5bOqOnhdlpOI+XlTN3V6TfnhUXXwuPxrf/2uedPUu5f5k5SXV/M7cXeVP23Ni3j0MOXL7MWrKuV5GtHUe3Hc1vAs62AXAAAAAAAAAAAAAAAAAAAAAADgdk3LS633+0ynxT/yVB0eFatn1+/3yeN+3jJh0ckyAAAAAAAAAAAAAAAAAAAAYKOdfft+8uH09OPX4RbzYbQxtOJe55/g3mqGvle67cVynwfQxrWixy8lAAAAAAAAAAAAAAAAAAAYqfWPfvvuBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD6s/7//+6K5Tw7fS8UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBR+xMAAP//+cFD/w==")
bpf$LINK_GET_FD_BY_ID(0x1e, 0x0, 0x0)
mkdir(&(0x7f0000000580)='./file0\x00', 0x4)
mount(&(0x7f0000000ac0)=@loop={'/dev/loop', 0x0}, &(0x7f0000000b00)='./file1\x00', 0x0, 0x1000, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x441, 0x104)
fallocate(r0, 0x10, 0x4000, 0x4000)

1m10.571155797s ago: executing program 1 (id=303):
syz_usb_connect$cdc_ecm(0x2, 0x0, 0x0, 0x0)

1m10.545203498s ago: executing program 3 (id=304):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$VT_GETSTATE(r0, 0x5603, &(0x7f00000000c0)={0x2, 0x3, 0xe})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x1, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x0, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37}, 0x20)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000000c0)={r4, 0x20, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f0000001500)=""/4081, 0xff1}}, 0x10)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x4)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x20802, 0x0)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000240)='/proc/partitions\x00', 0x0, 0x0)
sendfile(r2, r7, 0x0, 0x2000002389b)
ioctl$TCSETSF(r5, 0x5404, &(0x7f0000000140)={0x0, 0x10000c1, 0x100, 0x7, 0x7, "7a5898fa00000600"})
r8 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYRESOCT=r6], 0x0, 0x26}, 0x28)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000003c0)={r8, 0x20, &(0x7f0000000100)={0x0, 0x4e, 0x0, 0x0}}, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
sendmmsg$unix(r9, &(0x7f00000bd000), 0x0, 0x4000000)

1m10.494343891s ago: executing program 1 (id=305):
futex(&(0x7f000000cffc)=0x1, 0x6, 0x4, 0x0, 0x0, 0x1)
futex(&(0x7f0000000000)=0x2, 0x5, 0x2, 0x0, &(0x7f0000000040)=0x88000, 0x3000005)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r3 = dup3(r2, r1, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0)
r5 = mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$TIOCSBRK(r3, 0x5427)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000440)="97713b46fbaa2b1044f2d408ffca802db4d770eb9874f493e0ef367e4bde497c403b450c72ff2417d079bb892435a1e107fa5c0ecd207d9e6f2a209bf148e6bc56955cb53347d1499097488fcad724a1"})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xc, 0x0, &(0x7f0000000180)=[@free_buffer={0x40086303, r5}], 0x0, 0x0, 0x0})
read$FUSE(r0, &(0x7f00000034c0)={0x2020}, 0x3ba)

1m10.419839226s ago: executing program 33 (id=305):
futex(&(0x7f000000cffc)=0x1, 0x6, 0x4, 0x0, 0x0, 0x1)
futex(&(0x7f0000000000)=0x2, 0x5, 0x2, 0x0, &(0x7f0000000040)=0x88000, 0x3000005)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r3 = dup3(r2, r1, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0)
r5 = mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$TIOCSBRK(r3, 0x5427)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000440)="97713b46fbaa2b1044f2d408ffca802db4d770eb9874f493e0ef367e4bde497c403b450c72ff2417d079bb892435a1e107fa5c0ecd207d9e6f2a209bf148e6bc56955cb53347d1499097488fcad724a1"})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xc, 0x0, &(0x7f0000000180)=[@free_buffer={0x40086303, r5}], 0x0, 0x0, 0x0})
read$FUSE(r0, &(0x7f00000034c0)={0x2020}, 0x3ba)

1m10.375619598s ago: executing program 3 (id=308):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
r3 = socket(0x10, 0x3, 0x0)
write(r3, 0x0, 0x0)
recvmmsg(r3, &(0x7f0000005c80)=[{{0x0, 0x0, 0x0}}], 0x344, 0x10122, 0x0)
r4 = io_uring_setup(0x67ab, &(0x7f00000000c0)={0x0, 0x4d09, 0x2000, 0x3, 0x10000003})
io_uring_enter(r4, 0x0, 0x0, 0xf, 0x0, 0x0)
setresuid(0x0, 0x0, 0x0)
lstat(&(0x7f0000000280)='./file0\x00', &(0x7f00000003c0))
sendmmsg$unix(r3, &(0x7f000000a7c0), 0x0, 0x9)
syz_open_dev$tty1(0xc, 0x4, 0x1)
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000600), 0x1, 0x555, &(0x7f0000000640)="$eJzs3U9oHNUfAPDvzCb59U9+JhURWxQDHipIt9larHpqe7GHggU9iHhoaDc1dNOEJAUTemjBi1BB1KuHXgTP3iV3byKoN48iVJGIJyEyu7PJmuwmIWSdJPP5wOy+N2+T9747vMx7M/NIAKU1lr2kEScj4noSMdJRNhB54Vjrcyt/3LuRbUmsrr71exJJvq/9+SR/P55njkTEd5cjnqxsrnd+cen2RKNRn8vzZxemZ8/OLy6dmZqeuFW/Vb9TO/fq+Qvjr9XO1/Ys1odfffbLlatvPvvxh++/Mvl940wSF2M4L+uMY6+Mxdjad9Ip+14v7HVlBRroOPYcLJX8+A1GxNMxEpW812dGYuphoY0D+mq1ErEKlFSi/0NJtccB7bl9P+bB+9njS60J0Ob4B1rXRuJIc250bCXpmBm15ruje1B/Vsff9059kW3Rp+sQW7n/ICKe6RZ/0mzbaPMqThZ/+q/404gYz9+z/ed2Wf/YhvxBiv9iR/yXd1l/0fEDUE7Ll1on8s3nv3Rt/BNdxj/DXc5du1H0+a/3+G89/kqP8d+1Hdbx80dXPu1V1jn+y7as/vZY8L/w+EHEqa7xJ2vxJ13iz8Y913dYxxs//HalV1nR8a8+ijjddf6zfkcr2fr+5NnJqUZ9vPXatY5vvn3vy171Fx1/dvyP9Yh/q+Of7ZvdYR1fX3s03ats+/jTX4eSt5upoXzPBxMLC3O1iKHk6ub920xE2p9p/44s/hdf2Lr/d4v/aDZ32GH8s+/cXtl9/P2VxX9zl8f/kx3W8de7d5/rVVZ0/AAAAAAAAHCYpM1nOZK0upZO02q1tYb3qTiWNmbmF16anLl752brmY/RGEzbd7pHWvkky9fy52Hb+XMb8i9HxImI+LxytJmv3php3Cw6eAAAAAAAAAAAAAAAAAAAANgnjm9Y//9npbX+HyiJgaIbABRG/4fy0v+hvPR/KC/9H8pL/4fy0v+hvPR/KC/9H8pL/4fy0v8BAAAA4FA68fzyT0lE3H/9aHPLDOVlg4W2DOi3tOgGAIWpFN0AoDBu/UN5meMDyTblR3oVLG/3kwAAAAAAAAAAAADAXjl90vp/KCvr/6G8rP+H8rL+H8rLHB+w/h8AAAAAAAAAAAAA9r/h5pak1Xwt8HCkabUa8f+IGI3BZHKqUR+PiCci4sfK4P+yfK3oRgMAAAAAAAAAAAAAAAAAAMAhM7+4dHui0ajPSUhISKwliv7LBAAAAAAAAAAAAAAAAAAA5bO+6LfolgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAcdb//3//EkXHCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcTP8EAAD//wugIGI=")
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f00000001c0)={0x80}, 0x10)
shutdown(r5, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b702000002000000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000bd000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3a, 0x10, &(0x7f0000000340), 0xd58495bc, 0x0, 0xffffffffffffffff, 0xffffffffffffff5b}, 0x42)
r7 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'bridge0\x00'}, 0x0, 0x148, 0x170, 0x0, {0x0, 0x4000000}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00', {0xff}, {}, 0x0, 0x0, 0x0, 0x4b}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0xfffffffe, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528)

1m10.33077767s ago: executing program 34 (id=308):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
r3 = socket(0x10, 0x3, 0x0)
write(r3, 0x0, 0x0)
recvmmsg(r3, &(0x7f0000005c80)=[{{0x0, 0x0, 0x0}}], 0x344, 0x10122, 0x0)
r4 = io_uring_setup(0x67ab, &(0x7f00000000c0)={0x0, 0x4d09, 0x2000, 0x3, 0x10000003})
io_uring_enter(r4, 0x0, 0x0, 0xf, 0x0, 0x0)
setresuid(0x0, 0x0, 0x0)
lstat(&(0x7f0000000280)='./file0\x00', &(0x7f00000003c0))
sendmmsg$unix(r3, &(0x7f000000a7c0), 0x0, 0x9)
syz_open_dev$tty1(0xc, 0x4, 0x1)
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000600), 0x1, 0x555, &(0x7f0000000640)="$eJzs3U9oHNUfAPDvzCb59U9+JhURWxQDHipIt9larHpqe7GHggU9iHhoaDc1dNOEJAUTemjBi1BB1KuHXgTP3iV3byKoN48iVJGIJyEyu7PJmuwmIWSdJPP5wOy+N2+T9747vMx7M/NIAKU1lr2kEScj4noSMdJRNhB54Vjrcyt/3LuRbUmsrr71exJJvq/9+SR/P55njkTEd5cjnqxsrnd+cen2RKNRn8vzZxemZ8/OLy6dmZqeuFW/Vb9TO/fq+Qvjr9XO1/Ys1odfffbLlatvPvvxh++/Mvl940wSF2M4L+uMY6+Mxdjad9Ip+14v7HVlBRroOPYcLJX8+A1GxNMxEpW812dGYuphoY0D+mq1ErEKlFSi/0NJtccB7bl9P+bB+9njS60J0Ob4B1rXRuJIc250bCXpmBm15ruje1B/Vsff9059kW3Rp+sQW7n/ICKe6RZ/0mzbaPMqThZ/+q/404gYz9+z/ed2Wf/YhvxBiv9iR/yXd1l/0fEDUE7Ll1on8s3nv3Rt/BNdxj/DXc5du1H0+a/3+G89/kqP8d+1Hdbx80dXPu1V1jn+y7as/vZY8L/w+EHEqa7xJ2vxJ13iz8Y913dYxxs//HalV1nR8a8+ijjddf6zfkcr2fr+5NnJqUZ9vPXatY5vvn3vy171Fx1/dvyP9Yh/q+Of7ZvdYR1fX3s03ats+/jTX4eSt5upoXzPBxMLC3O1iKHk6ub920xE2p9p/44s/hdf2Lr/d4v/aDZ32GH8s+/cXtl9/P2VxX9zl8f/kx3W8de7d5/rVVZ0/AAAAAAAAHCYpM1nOZK0upZO02q1tYb3qTiWNmbmF16anLl752brmY/RGEzbd7pHWvkky9fy52Hb+XMb8i9HxImI+LxytJmv3php3Cw6eAAAAAAAAAAAAAAAAAAAANgnjm9Y//9npbX+HyiJgaIbABRG/4fy0v+hvPR/KC/9H8pL/4fy0v+hvPR/KC/9H8pL/4fy0v8BAAAA4FA68fzyT0lE3H/9aHPLDOVlg4W2DOi3tOgGAIWpFN0AoDBu/UN5meMDyTblR3oVLG/3kwAAAAAAAAAAAADAXjl90vp/KCvr/6G8rP+H8rL+H8rLHB+w/h8AAAAAAAAAAAAA9r/h5pak1Xwt8HCkabUa8f+IGI3BZHKqUR+PiCci4sfK4P+yfK3oRgMAAAAAAAAAAAAAAAAAAMAhM7+4dHui0ajPSUhISKwliv7LBAAAAAAAAAAAAAAAAAAA5bO+6LfolgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAcdb//3//EkXHCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcTP8EAAD//wugIGI=")
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f00000001c0)={0x80}, 0x10)
shutdown(r5, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b702000002000000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000bd000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3a, 0x10, &(0x7f0000000340), 0xd58495bc, 0x0, 0xffffffffffffffff, 0xffffffffffffff5b}, 0x42)
r7 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'bridge0\x00'}, 0x0, 0x148, 0x170, 0x0, {0x0, 0x4000000}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00', {0xff}, {}, 0x0, 0x0, 0x0, 0x4b}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0xfffffffe, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528)

1m10.322314581s ago: executing program 0 (id=309):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000140)={'ip6tnl0\x00', &(0x7f0000000040)={'ip6_vti0\x00', <r1=>0x0, 0x2f, 0x2, 0x4, 0xec58, 0x40, @mcast1, @private2, 0x7, 0x1, 0x8, 0x8}})
sendmsg$nl_route_sched(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=@getchain={0x3c, 0x66, 0x0, 0x70bd25, 0x25dfdbfc, {0x0, 0x0, 0x0, r1, {0x2, 0xd}, {0x2}, {0xf, 0xa}}, [{0x8, 0xb, 0x8}, {0x8, 0xb, 0x3f}, {0x8, 0xb, 0x3d}]}, 0x3c}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000d00000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000008000000000", @ANYRES32=r2], 0x0, 0x2, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb2570000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sched_setaffinity(r3, 0x8, &(0x7f0000000000)=0x6)
clock_getres(0x8, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r9, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
syz_mount_image$ext4(0x0, &(0x7f00000001c0)='./file0\x00', 0x2169802, 0x0, 0x0, 0x0, &(0x7f00000001c0))
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r10=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r10, &(0x7f0000000200)=ANY=[@ANYBLOB="1500000065ffff"], 0x15)
r11 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0xf, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r11}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1c}, {}, {0x85, 0x0, 0x0, 0x47}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1m9.387881535s ago: executing program 0 (id=311):
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'wlan0\x00'})
getsockname$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000080))
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448e2, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x8001}, 0x4)
syz_emit_ethernet(0x2e, &(0x7f0000000000)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @random="e43f6642531e", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0xe000, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x1, 0x1, 0x10, 0x0, @void}}}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x1ffffc54, &(0x7f0000000680)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x40}, 0x94)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x2000, &(0x7f0000000000)='%', 0x0, 0xd01, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

1m9.387412555s ago: executing program 0 (id=312):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x0, &(0x7f0000000240)=0x9)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x7)
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r0, 0xee01, 0x0)
keyctl$join(0x1, &(0x7f0000000080)={'syz', 0x2})
mmap(&(0x7f00001e9000/0x4000)=nil, 0x4000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xf0667000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0xfffffffffffffeca)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000001600000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068b910734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e18781baa31b924d840024baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f00000000c0)='syzkaller\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)
syz_open_procfs(0x0, &(0x7f0000000280)='net/icmp\x00')
close(0xffffffffffffffff)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000500)=ANY=[@ANYBLOB="660a0000000000006111740000000000180000000000000000000000000000009500000000000000403d42af09ee435ca8eb536c91229c303b620edc379ad5e3060007db24bf004318c7bf29cef65fa18de311c66eabf1571afe75776156fe07589f6afa47fa"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94)
openat$null(0xffffffffffffff9c, &(0x7f0000000100), 0x490042, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$can_raw(0x1d, 0x3, 0x1)
bind$can_raw(r3, &(0x7f0000000200), 0x10)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
sendfile(r4, r4, 0x0, 0xd)
dup(r5)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001d80)}, 0x80)
r6 = socket$inet6(0xa, 0x2, 0x0)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000340)={&(0x7f0000000580)=ANY=[@ANYBLOB="942e4cc64b405e4644b41fd7eb6f4a000000b2d26f095f49900074d72b8a40d7cfbb076cf9d701a59c5cd36e156e28a5dc48f1d6432f8a16821c43fefaef104925f77c988a0c81784f02bb7b1a80be3777409f5a35e413bc974195e3a6ac7f684ca9394d1b066863374927d6b7849c45c6d6a3e54d74710c2758face5fafa384d4af9a1973f8a63bde52a1b0bec66b6e3767a3af53bf0d19704e3ac37a7eb79a76921337644e715ddd4d42c15411f5b3ca9481deb370440c5363e144e87c1c868c", @ANYRES16=0x0, @ANYBLOB="00002bbd7000fedbdf25010000001800068014000400ff0100000000000000000000000000012800018008000300ac1e0001060001000a00000014000400fc02000000000000000000000000000140000180060005004e220000080006000000000014000400fc010000000000000000000000000001060001000a0000000800060000000000080003000a010101"], 0x94}, 0x1, 0x0, 0x0, 0x4000810}, 0x0)
setsockopt$inet6_int(r6, 0x29, 0x31, &(0x7f0000000000)=0x8000, 0x4)

1m9.166079958s ago: executing program 0 (id=314):
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
mount$bind(0x0, &(0x7f00000004c0)='./file0\x00', 0x0, 0x2125099, 0x0)
r0 = syz_mount_image$fuse(0x0, &(0x7f0000000740)='./file0\x00', 0x8000, 0x0, 0x1, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000009c0), 0x8, &(0x7f0000000240))
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x2a05404, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
read$FUSE(r1, &(0x7f0000002f80)={0x2020, 0x0, 0x0, <r2=>0x0}, 0x2020)
statx(r0, &(0x7f00000051c0)='./file0/../file0\x00', 0x4000, 0x10, &(0x7f0000005200)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
getgroups(0x9, &(0x7f0000005300)=[<r4=>0x0, 0xee00, 0xee01, 0xffffffffffffffff, 0xee00, 0xffffffffffffffff, 0x0, 0x0, 0xee01])
getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000005440)={{{@in=@multicast1, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}}, {{@in6=@mcast1}, 0x0, @in6=@private2}}, &(0x7f0000005540)=0xe8)
r6 = getgid()
syz_fuse_handle_req(r1, &(0x7f0000000a00)="b7c6732564d5b8c7a29360347a3a0c5c87bddaf3cdb6c171277efd7ee0e0a610d61c40bf4a9b14eaf7797219900d9d0dd80dd30e6f169451ecf81fcd03696b99128c34d4ebe703cc8e11e43f0d1658792292f664ffc17192b1d45b546897b0bb3061b1bc50242cbb9de7c9f0928419b4fb10da837ea93c83d77d9dda36d9002ecac0d5d2a88026a1d5592592c8c7487f41793f9308b456691ffe5538e9b58839b022cb23c6fd76c130eeab86da05ed1611b5197c83fd83354a0bee5b6dcc5a0fd13c1de32a7f3c56cb06f1aa5346a1337801e791e3666b0dcc737ae06cbec4f4aabd81af9803433d14780b53c2f7528f1271fa0f10c6a43bcd55e1c681005c600314be5012e55352e13894302c5c54790991c644fcae949bfa06f2b6c6382ad77fc3a14dc5e11beb796e65967d6eaec56e2dbb4245dea0f1edbdff8337b24ed41efa65b36fedc06794576905aefb7a189f60ab634a4e44e7055ed61f0c2af51a9085149195efced7dbcf41772c0adba6774514165cacc07620bb24f139181cd5cc8adfb35b5ef1e4d698317b347c3247cd32fa9de5198857194c430142bde201d7b708a119c3b26e6293f303018daa2c00a54c98127ce53d6196e2d97cf7074f20fa5afc3a8f205911efa9376dba4dd257a56670cc33d124751c75a382140ec5ccae664d9922cddee98676b0b5cb60330f681b4cbdf28665284901fad5800fe239d7be625d9d5675995798c81edd696b982669402be64b989dd159af42a82a83a613fa1bc60a03f7e638f48479ae1912e1f8d246305beaf7c418c2226b84903d39002f56e5f2187f473b3f853d94ffbcaa29508d660a6db6321ac65540644f31df12860f380316e77a6693505a18867cd86b78e2485660f556d94e2257d21bb1c3b8055eb17196b7ef92d5b5fed726f4e39f994ec9f0afddddf56534e59f1544d40107e584e8e61669fe8b50179a370493ce1b07638b556443bde75c9ab249da8db1619dbd3e3782242b86755e95ab0360fa7dd9a57713f8d6afcadf106de917932d780ff0f2d5a77d9aaf3d6bcb934f3f0c416f01f08beddd3fbf5f653e041156da8be14933b4b654d4cfdc00c29721985353415fe1d2a18088b2069579ec3aa7b60a94c0673c169f8e7cacf5e3dca3848ea5de813118cf6a601861433ea3c3cf62a76a4a7498ff70cf6b841abe13a3af330f3f1c8a2de6d42801c1859af503d1687a6372ba5c4eeec64bf2b194dd58c3a65682becc9e10ed6d1c598884ef06407ab83dc46341d964bc6fcb9005988ade7efa4a3d51638375ee150c684dab44ee4853083b8a58443446fb142f60b8b4a57f645134c9d0eb753f1d977a0cb5c889a860b0f631633133843413677558c01fa2c8be497db5583e491dc08d7a6b788e3fadd937975ce990072bff5c43b5b64a8dca5d29794aeff3c19cf1fb4dcd6b0748ad5b32b45eee80d042c0ed106a04b6a2739e5d2f70164c36ae4bd40812b71bf34f8ed1803ae4912abf20c0e34b44df0e26d6c8918bb2331432ffc104a9a951ebdb3e004f100255e110ce2ca372b32ceaae645dd0dac14871ca41052aa14d7a6d966ddd73ffc73e6df1209eee058e2a3ba9a649bd52f92048768e9bdb17846cbdc11c8dc1c38448e2f19608a296d1fe12c0e999ae5b06f126dfdb502143d18a0ed5e03c55d1aabfb47353a16809556e3fd6ba12a8408a5efb9b3b787e9297c62b8f9d544ab04b52098f78b001898d33018aa9075627ba0a82a78ce683271c7825007a30e034a4ea14ff1c97b36e4e18278d76cae77539dff63c109e718789b751734f461090b3ed7e11b48c3251603a225011e68819a1ab682ddd7336ebf8b5184030dd95b29541d3ac0ce1800b72b199cdf505e57811935b0ad08da9fadf71581e17c99e38094de3519dca5453e9b5925add2e8c3ded411440760c30b5c88db7cbf79812862f95174eca049c4b3aa0ceaff64eb014804ff073879a8b28ad4534d0690d86d4f1889df56c71787e9b12119b424ea6902ee5604335d4ac666633a57d0a5e31aecbd55dabf99963c4f2059a4df26a6a3ca6d3c176f9ed976bdbbee9a248746ff72f51aaee4ccf56d7553d1dad4d6af35a9eb86e6218fd9f07ca07ec3f4e0d49308b76794d38917f0d069a736f3dcb9363a9930021676943f85d976c30c801222ba97fdb0a6b7057262c081ca2a71817fb06f30b158cc141fada099ad347434ab94c26e07c9452ccf60b9a7ed789ad92edf0df5f9339864cf89ab25f73058c62ce0919be5b66134360446c3cb54891148d2bcae9d54dea97bf5b3263ee8d928d7abdbe83d52e8776356c6b005629270928d366436322d21653672def5c80768994a5ab0e11346ae5cf08bc6b0b98fb99390806bb9cb6701b21d086ed509c925ea8e50ff52f70d8465f9250e10adada38f3f73da09fb0243bb03e609b072b656a317a14c5e114e7f3269517688fec06c7691777c7388a28e7db4312fe3a3b0e2e78a380aa056abb947105ddc7d5d8fd684f21b155559e59d55098147053ac939d3d235e0754c2d07399669c6d26427141ac8aa51a1683ea02eeed5897baf7f1c9624d0f8384c58e4bce2edb9444db9e6a04c3cfce6c62187ae86f309bf80769e237d705de7b2bedf59b11c140d63dec019baeff55cff9d79acc1896e08cfc5821c87ba9dc9e617f3bf8f97e8274d516ab2f2625eb604864726feb84ab3133bed99e6aa6124f44a2de890501fae56265ef9a2801b5de9ede65c44160db83d53633a286eb5858660ac405d762e1cb7f28cf4ce9fa506c3ba18e0fec4a1cd9a2ec6168880f8c6aa34d6f75500c0f9155db7aeb806b884c7ba00fa16bcae7d19c73dbb9f1b46d33aa03a782ed54ae4189e19e5c5d04c4dfd91621faa4ab5ad2340aac34257f5c4fef011dc855326262bd16d04311e4d400415a3b4e574f3fb69ab16871fd349467e6dac1572c0b06e424ea4c681bbc719b81659515d61a1be25124cef57a3d1c06fee1258082e2a0d9c49acd8bcad82646e46fe552337df109d76018ab1a8909c14051fec7d5343887a5135427bb86bf695fa37a16029451cab81fd0f85607a180b3145b7d0a695c34dec6abca7ec93a4cd5919b783c6474ff71c434f8b3e75c1bf1e13faa317e162414e9c45f6d70c0a543feca1f373a516f5d0ca38d0a6dd07ff3b2d7fa7aeda14501ab1534cecb72ae3dbaa1d7a240699007df701f968f7cbcb7616f185ed6d680cd35ace3bfac5023a3c6257709dba54bd4e889846c533335b82076b44a86b635ad6dfda372c51e0d732ab15c28f0398dc728484a58d6c6e9e83580d166bfde2bbd621a80e9c56c1e8fcdb5056a2a4541f25262efe9c5c1dc5615d69bf39df0f3e0ba73f0a6d093bb5fd432bd95f2364c6d61d8f1ead22ce91657084beea1a3347a190da25035a08dab423feb1f6dee30796f76a2373e0a85f7aa71a8f296d82c68222394c7247304982efccbada561639ec0fd83cf5d446539ca2dac3a7c3ab2ec735fe3f809b656f38cae5740110a127c36b13f09490e22257ff7c49dbaaf2686083ccab3f6ce19e36621c27f251fd403da4a7fdbe01bb7511b43a6d89d25cbf6f67998214b6d1b9b1d26b178395aabb601d833cf1705b72d67cbfcdaeaa62474a434737ebdbf6ed7462f63fe666059220ed585b2fe30c25ae39f026937818f694113c8b6e0234289f7d6eb9c4e917b9e981b0c3456f81722364fa35a196ccf2291aec0f3aea59bf378107b474e7024fd8cee9870032082bc7d9c87eff755f4633da5e9d5bed36e4352a6609b2d573ee6e38a0ad6e59c86676d9a6bf62651131bc5d7915ea8da8ceb8dc047c30d782a5137179ed2e42a72e6beaf7fae4d7f25fe6c4cc85cf5a329d51f1d60292b851212041e7a6d01caf6a7f154838c7999b026d15e6dc5c9b36ec59f95f958ef856745560093d15576822d3fe32b2cdb5afd9aaea4c949152df148ec937f0b4d9d978f2aef2d807d665ffddac758308e5d6e957a6046a390bd49b6f88603372b5a033117313fe04f3cb320ae41a9519fab61053743a35125ad6d7cfbbb4243d3c7896ed961a957329ddba3f90f34c272ce5eb14b7bdab985799bdd47ad597fff6440b7ac151b1326e35dbc692c5a01fd841d91fa30615d8f1093ac6edac47829851d1cab88fdc09ba8bba3c3240d1f795914a0016373d043042c531d7204963c6744657eb5c057208531a1c228b4e5b30059e4c428be6f659f8a47187b4472e49aed87d65d379a89deba81dd6b0b01cc60ff2b20a66fb00d8f7539e7dd74f07aa9121f9d7395abd04eaa1937488890311bee8a69eac7b745590fb02a0b91d18d3ff9be983273268e7b66bc7598cdfc46ff890aef0ee73637d459ecab3107693aa1daa547b96990b2b2e2c8aebc24bee751e00c6de1e435af6820194271c0cf7074af3b50b71e846ddcfe88bfa293e0699ebd80e87282f4c54e38f8caaa886d1d1e845f897e4bf2bf3da703a94487442523d8e5ec1f94d8d395bba4eccc2bc16156a62c6680e35f8e516b774c7144fbfab8ef5e2f743edde3dd31b27aafc05bb1f5f7acbb0e98c9c85a2663a3c0cc1e030b8ad6143ea96efcbc78a9b23d6f0256d7fee6d35c98c28fe75b07e3a06b3cc8d9fe2b2cc033f66df7220c273d0639590b46e2b52b7d544d94f6e2d453d49a428dc5d8f62ed13e865c3a37da7f0b95095b6d25a208bcabe2b840cd60aab9df51b33d650b608e69cab75086d9d6c1f98158128e296a7ce9012e7b4b402fbd8003ebc8ab03b47f33432178815ea81513444f97360c01b33aac319660fd6e9d9c296e0f5ee0190134b15e25ea1c3fade07d012ee86f15f2005b244b12bf22db16cb8bb4ffc0d021dbb008f49f8aac7bb39e2955f0162b00e31487b569e5961dcb6dc35cde6f0ad2090dfbcd67338eb417c38327c9c0d9cc717abe812ac2ae72332910a6422896c71d4264386d10fd3fcb8244c336ec2f52cf525a79e2d50c3f6d877368f91635ba27d32393c9e2a71995c2e5f5aab32980cf9e289be630345d7f926dab474628fbc15879e81454d9ea100187f3438eb685f2c3b7fefc608e64be966240314e6077214b6cff5849a41d9e7a3e3a14c342fb174885392df1e5d88e5a81833235991a897876676328b41f382a150a651e98605081ed3aafcae638462f32d90121d4b8f893bbe2c16b8e3f2bdb222ca79054408faf181a9b82ea3bf4e0070c1ef7564c29d4b510f744c78c16b7a530fcb92a60d48d92d1a25cae6b63047f36c3d1fb61af4c35a1f7daa6658d3f1dfeac968e8f3fe50b848d0ac66f1eb681040f3b43ce91c0b3b64cd54a1c8f52ad7030c17389875bea67e1b1984165ef5a29af56800726650dfe65ae01cea0c42d9fcf79fa9448783e9ae03a26a3134eb144251ef20764adcfdb1595f18f0f758a1a6755def2c31c7fdc8cd420f7ed1c8c5d0781372582ae3c60b039d091ba969448148ee6220609a674e2f9b4e1e577786967d4f738690f6a91606bf71e319aa064395db3ed671e6f593bb6fc4e62c6efee0094f0d6e6adbb25142ed57c41a29c587b09dd809bb0d389426c256e91de188838081fbd0b47ff9ef47144e4bd4cf2953588733f4d575000512602478f017f5133b1395da3f60614304a71c1afb39cb543c485350ee1e2959e6678428ffb4f7bdec598c2409d0bf5a1ccb8a7ec1fe56973252e432ab60bc5766fb061e81b06ad3000e24f39904f89f18e2d4be08f444a3fdb56641cad1a77e4fccccc3c63200c0fda4b03a24446a6cd6fef3d6797757b04ffea6481222ffa9ec40825b91f1bcd43fe1dfb352754eded8914ec7931dfc34936d40677dc281e36bd783d182eff8d5f49480ef5299c70578a124aa3ca6d221d9155c6d792aa50c295c877b19e46e8aa62587446e00683ae14a00d50e9b9327cb719e29a9dacb885a3939413a3e3cda6dc81ffcb08b02cd2e789c4e8cf192c4c7b03360590802d8fd949d33e3ed025cbcea2fcb8c4bfb32805463a72a50be46fcc1189df9030b6de1783b8f0e28c9dd7187d7dc9cac3a3002da5a31db128f60c3206287259b8a6788b08ac87f32b0360ca715718dfc7030a3dfcc6188e4c02665a60b7dccb61f2e6a0f991505fc6071c3b3c06b0524e12528a61590c5962cda39e698ae9adc8d3b094de0df4e89b84b647cd7b2434d97bd0e9e19777668f4b8eb787a4571f8f359e86ca7adbd45b8f19ca3efa6c85da8dcd378c190246cece075ade918734c47dab7d2e2698550f93401098b974a76ec0e6b425d8ec3bb9ad3e88541c91c5bd9258ce0c8e2adc47c1b4b3dd9b91d6fe5df255344e2aa7ecf75b8dff8708727c922587c86f3c6039810143b46c457022e19986f77a6ddfa309837ebc091b271dfb6a2554a80161930b7860a2f8379ab545e5b493c45a8d3a08a7b498182e9d530510269b3782363a61fe2bf0117071f7ac18bc70c6f97a89618cd30abfaf68df18290c858cc898df80b39fb803ade3e0913c5761a944ed1509cba1704be793e7ed78cacdf1555bd441923b60aa28f5a369a0683bca2cd9510faae48bf73230fa4feb814bc9b27d14c04c7106c134a6a880c4ccd2aa0a1f1f9b6a702e5ba786fcbf8a9903c87d2252dea8535e80d5cdda92ec9abb95bd0dd113922b741adca3a10d85eed9def70709fcab5c848944e5b2aa1b6cbb85c009a091f789ba5578baf4341a6b934c7d2a354c40a49cf5b1a5e3d31d37d16c3aa9835612560a8bfff0c1e47762fea819b3c74d6bdcf303ea21abcb0f0b33a492bb9410c292433d96e3533be87848a6683e5ae1e528b46420dec925ec99ea84069c6286dc0261f6a1f19f8786628fae05c99f552f2ed0c2836e1c081d7047f731d37c4f4cc5299794de99bea9c00f528bd18aec21491f3a15aa37e81b1e6eeaa27e51e1749963d203e19b1bf5a915c3be58ddb2d91b3ca3d7f933058ce7486357fe807a1bac29e38c96988e20bd5e2309d0273cd6a776dfadf6994e49ecf20f21e0eff67c11de482d9da18b27cba8af7e5992875b60a7994fb51f72f666865045875397b33300dba8d31b5131e6e7965a1b99b95c368326da5247c16ba78495924bf83da61f36232975228e514c5d69c2493dc467ab107e326db1a7999d3aeae4d26106d6c0f885c9a7b4039a1c995d81da7c49c39f2ed513944045901cc7734e5535b66fe4b0bcd79d71efadb50926e5401d64ca916fa766c3d2390e7dddfd8da8d323d4ec38ebeaa169862e71184959c5def5afefbd60324a237e723c846adfc6da32a0ba614ed769b0470eb755f020dddf500c65aad344fb8eb4d8656f0e3d48b96986e3daec0bb6115d12117310fb377e331ad3afd6c66c28d5e68267a2101ed9f3de47f25d7295e4121916dd486bf6218231dcbc063dd00741f46296d589d0693c6ce657d9ca4a050af3423038cd59479f09b9f435825154e01e0390f1b679b603298b922badd711d25b6f7002b8e529a190059f0bf104070f290ce21b77935dcfefdbc6ed22d47a3696727b31f2edce0d625a493d6b7b52cf6f55a15a67216c74d27df4a68f08c95bb02369449d84a1765b0bd96161ba718e277e2144d0689730bad41d6e9727a84a9b0c26f6b055f63effc8ef220d956d79926116ab04eed5a188f32c544485850cf7bbe3eca83aa7bf5a541f822ca18f9de0f93b5c8d8363bc526e5b4bc4e4821416671474d7dd9de99756a65e5a28bf2fcd5a09a5e37886cbf8436a44b45f2bd195f6d5f3739b0bfb3cfd810807aa7dff31870180c6bdd8951b95afbfe8d9ecfcea0926542d66824258a8892fd3fd4f91f23ba587374dd3624b329c81cc1ae0759e7c269ac1ddb58caba06a3f2246255bbe4e7f92e2a7dba6b36e4dcda992902fdad1bc60750a1ab82f977515a24146719c1cc3c1b8458582406336f21087cd84b656ecfc7500dbc8aa56a3cff9d7ca350335b9fb9096c14895912f03d68448c2db85e7e38e0d2cfedccb5350db48cf41e7d5f70ac9115bccfff84db8cac19808962cbf978681389941b6c83fe884ca1629bf2e3242def116a40b11f61f9d913c52ea1f209dabe72d4ec116c20f971d9192f365a21daa0071d5d04290ffc4aeeda0e6a3636bc26e36bab6a49c8ed8de9e0e1a60b5b94dcdabb59e4b5972b8f18bb78677225da60de5fac669f4ba768dc4625a17639de7cf0826339595e5e45b62a3664ba1beb681ed35fb0962eef4f0c6f8051f36b99bd093d49efdddd406583e719b96ea88042a0d826f758a9db1d4849170a64530de46879f87703f5fa74b39b3cc55911a00e58e3b3598b8436467ec874648a2752c0405533c8251a60ba925a4733771e1ba37524d359c2008de9472cfbda15f77ebdd1cdaa2b87524567f65b46207e9f8971ebd274835b8341d91085e388626b9f2f50b16365d5748b2e07b3a9303ccb6e3544c227e6c73b1912cb8ba732ff08934dba2026b2faeeab7e1b99db8ea15f814e9003ac5f350256c3e414fb792a8514163f729e70ae82213e5d659f10709ef610d2800d42078fb0155d285f2e304a5c063605356112ed83d8aa42c76cfef413bd1675fcd91f0bda51328bcad0b2e1a45817a31a03fbec219c586bdcdf892d1c4960d9156a60587520689c5731b5da8619a46a3322f5d638aadbe8eb8c5d4abb2219f3029b6433daf393d7559548cdfee6230c0d7b664d324da0569aee109802bb9afa5bd7ca497cc66677324051a19bc60ebc09a0246b3980d6e438b1d166992a40cb34fb75bb66bc71c817723c02f7d195f205e3b463f02a1475f4a34fc2795ba9f61ba05562e12e7e3b0f38e9462782ceadd518243f8fa54073ea257bdfeb632b86e55bb0bf7b9f9c98e95c3b32753e0e8f8877dbe12be75d56d0e4e182989daa5adf127f36cec2a0f95882349e8e078b23312cb40168c3ea7bca51380af8deeb122691821c6f6ce1c989119ec9a42ada637a25d91b46c93b40e601077f0887c3c31d53cce96a1b7d3a01e82b2e09f704babddaf19bd78debd103d957904b646940c0d26e9d3f14e1019a51c62bc7abb48d2c5bf9c289811dda3c0fa134360dc982cca3aa458c3ead20a88e59ba450bf8d4da39b51abf00ad803090f8e1e43cae35b3525a0f7881c9fdfead14df5b0194494248f170202a47be9d6083ec0140c5594b9167faba6ee298ea7ecaa282b9a0ddce30bac61d7378c56e8646f4e9aca791f7a728a218c6c23c5df01cea9dbd20d5a26cadf62761fad2b967ebb4b461108312e3fb2dba4c6d30df434080a1e94f0db0b496fa54d6864a29954da2d3c2c9a309f857cd14245f91beb959db58b2ff01c521703d8a8af6cd582a711018342e76c2af383fef3ade26ba10861b8547fa5233bbd5fe27c7711c5a7277213eec77120cb55ab1b134a63b0f4423a39671699eb1e3cfe275e957a87e8955d9d8de11b1564b57d413cc0cd8aafef1559c4db0d386c88fdbe1e49a89f031bb7603b5e50e3f4a823a3b27ad04b1e67b7efb8896d158a92882aa547aa58a4bf7c00164f496e4a68ccc63c3f1ad43d63e72c2345cc2c4a1eeaa385ab57d770b16cd6e2db40cb5988a378c83fabb05b027d2cae858b1422c026222ffbafafe2f56b614de7855c1282814b2a92a0244f56ae3965a532666d747fb47deb261d41f05c9dc5bef6abe16277818d301857312db75259270aebb2e27d76254a839c73a99353e7439e46d85e0fbcd1713d019936ce65e26c3b6eeae8054173c81bf0bab932eb92fa2d974a2f2a4b0c8b0d99e9f10f528ba0fa84eb0b6b3859ba0708c474f1c828183903043f02f4f57b2e0ba0d52f9f4a3418be73f66ae9d4f0cf2d9a26e09ed5010ce3753a1f9e75f2eac622b5fc56d087092e930d669c81708b0de0976b6d354d967a3c73667a78b5605074077bf7bc5e220f2de79064d719e3dacf51a64809bb729667ef77ae8e57b6e0bd0b56bd956f29e367aa339483a042b5bfe921c1f691e0c13ac2b8ae3ecfda9a8030ea1b7a927baaeb2a8583f0a57b772d8e16c345ba3aec7dec1f25a3a67acd0aec198738d29bdab78ec44fb9198701bca17b511dd347845e3c040ae2490f629d42526e25f59ec511b8c085dc7f9dd38055821577ea9e69ad9cc4a90846d60f25c2c4518083d539e0b9d577b4702ea6edc31e4c7f26d19a0968ddae7d53d6f39e61297df818358b1b0718aba36250b0b3b2d6b3e231a043b1f6f45e97b75c7036fcdf351e7a2447a0d41d9b1686b892ed94c9eb1e42a7d5843f2979e7e4217f501bd1d284cf38b4b63a9bc40ff33d48e6d2a408d8d77487c4aa29cc24a5a392cae5aa6b2317f4de1f64ad95f836f7b9fb746b911ce6531d8b8a4de50e53eb611c77d9d94b64a76a54c2ec5df5e9277e59fd31016bc400c612b7f0c1c30a7ab9da15bb3a0812e7850a678fa4d1fb7eeb7f77c2fb62789ef4625a068c8e65c9e2033acd29d7a9e76945845f340592f9f25808a3a056ab51b1479203ea187ca4ed2a2f8ee7bbaa510bde2d5141952e6417ff81608910762fb79b583b62a8ccc85fd4a41677748911847d87de02f900ef4a9c31b411c1965e0dea2ac4ea1de164eae78217b8201da08a2cb6386827b3a8162a69e7712f4c126e77cb2029272420a183fde6558b19c693e1ef778334eeede5f441e3f9ebbed33df3b92f913f3dfedd1e1671ef3cf195e77d2e94fdbdf4d33eb9ab837f6c2ffa6a193e032388e2fc196ff8cb3c182514e72bf226cf569a61ccf988e50e27e1dfe3deba3c6513553a9c86d4f4ed608dd32daea21cc8dba6e54a0b805dc4f57aa94e7481161dfc88db3bf6d535576b8c5b059e96ef892cd11a89cc25fbc4bbb76a212bfd339d04df2c7a2342241e32d2553ddbcc15f38f94f4d17b41f2d4a2f596cff7fd52f4e80ffc6e031909985cab51e6465fa7f57b2fcd84004ff6334abb0e70c08192c14c09638d8ceea0da065f5b70c5aab0a069bab5e54069978ea3bf874d27f05f41aefdc2ced9efbb68f50585f3284c42d49955ca0e64a14a667b5db3d0fcbf9ef4d60ae28b471ebfdb12214aee440b65d3f390eeb28ff4ca5421dd3546de728d2cb519650a3a98e0a2fa90779b3e37d919aa4074eaad39e3ea7fc0fb9926546b0db4771ab1e8cb5a69dd5f95961d7a7f4c58509e206e2bddcdc5d41597d8d76f416e7e39af2fb5ec81dce959c8b322170e54f341d7b06266513ebfa9e78fec7cfedd18333700a5fe46286222bee4185b28872b5e857755438fe2329967f5cc8dd8fd0a4dcee7377bfbe6897ba13787a224ef66fb7be5c6146c10fba0b3414ceb365a4512d1becd79cddc322453f420b6975345fbbb96308ff6855811a202c894c81d0da8e014cf505238f5ca657a7831f56f1315c24f3a78cbdf24bd214b64aeeba162b49fb27a18beef8de13158dac297f5c5557fbdfc308072712e341909f582b5587bd634a7adea72c16761fd17dab4df5d309073220a10ee0dffee665f60013dcae1f7e8948e6f034654dd889dd7a0fca15c0ef3ccc54627b09d884f4d0bbe8a572ebd36df1a1abf5bbc92c66cd52c3541bdf35ab33558b0d6547306b645a0f0500db1cf7c9f7f", 0x2000, &(0x7f00000056c0)={&(0x7f0000000780)={0x50, 0x0, 0x1d, {0x7, 0x2d, 0x2, 0x24010009, 0x5, 0xe, 0x8000, 0x2f1, 0x0, 0x0, 0x10, 0x7}}, &(0x7f00000002c0)={0x18, 0x0, 0x0, {0x6}}, &(0x7f0000000340)={0x18, 0xffffffffffffffda, 0x7, {0x8926}}, &(0x7f0000000700)={0x18, 0x0, 0x8, {0x400}}, &(0x7f0000000800)={0x18, 0x0, 0x7, {0x3}}, &(0x7f0000000840)={0x28, 0x0, 0xca5, {{0x4, 0x2, 0x1}}}, &(0x7f0000000880)={0x60, 0x0, 0x4, {{0x74d1, 0x5, 0x10000, 0x0, 0x1, 0xffffd692, 0x2, 0x2}}}, &(0x7f0000000900)={0x18, 0x0, 0x124966d4, {0x4}}, &(0x7f0000000940)={0x17, 0x0, 0x13a, {'$\x8a-[{$\x00'}}, &(0x7f0000000980)={0x20, 0x0, 0x3, {0x0, 0x18}}, &(0x7f0000002bc0)={0x78, 0x0, 0x40, {0x8, 0x5, 0x0, {0x2, 0x1, 0x7, 0x2, 0x3ff, 0x7, 0x5, 0x0, 0x200, 0x4000, 0x3, 0x0, 0x0, 0x7, 0x2}}}, &(0x7f0000002cc0)={0x90, 0x0, 0x9, {0x5, 0x1, 0x9, 0x2, 0x9, 0x10000, {0x1, 0x9, 0x8, 0x9, 0x8000, 0x4, 0x5, 0x1c, 0x100, 0x4000, 0x5, 0x0, 0x0, 0x2, 0x5}}}, &(0x7f0000002d80)={0xa8, 0x0, 0x8, [{0x1, 0x3, 0x2, 0x9, '].'}, {0x0, 0x10, 0x0, 0x8}, {0x5, 0x5, 0x4, 0x6, 'tcp\x00'}, {0x6, 0xf48, 0x0, 0x2c}, {0x1, 0xffffffffffffffff, 0xa, 0x1, ']@\'}[&{/!\xa3'}]}, &(0x7f0000004fc0)={0x1f0, 0x0, 0xbea6, [{{0x3, 0x0, 0x4, 0xfffffffffffffffd, 0x3, 0x2, {0x5, 0x0, 0x8, 0x2, 0x1000, 0x4, 0x0, 0x1ff, 0x9, 0xc000, 0x0, 0x0, 0xffffffffffffffff, 0x8000, 0x8}}, {0x3, 0xff, 0x6, 0x5, '(#Q:[@'}}, {{0x2, 0x2, 0x0, 0x7b, 0x5, 0x0, {0x5, 0x7dcd, 0x5, 0x9, 0x1, 0x2, 0x4, 0x390, 0x1, 0x2000, 0x5, 0x0, 0x0, 0x4, 0x4}}, {0x5, 0x3, 0x7, 0x9, 'TCPMSS\x00'}}, {{0x6, 0x9, 0xcf76, 0x1, 0x8, 0xda9, {0x6, 0x7fffffffffffffff, 0xf8e, 0x4, 0xd, 0xa, 0x6, 0x10001, 0x4, 0x2000, 0x2, r2, 0x0, 0xd, 0x2}}, {0x1, 0x1, 0x8, 0xfffffffe, 'bridge0\x00'}}]}, &(0x7f0000005340)={0xa0, 0xfffffffffffffffe, 0x9ab, {{0x1, 0x0, 0xfffffffffffffffe, 0x6, 0x2e, 0x5, {0x3, 0x3ff, 0x10, 0x8, 0x6dd, 0x7, 0x2, 0x10000, 0x1, 0x4000, 0x401, r3, r4, 0x1, 0x80}}}}, &(0x7f0000005400)={0x20, 0x0, 0x9, {0x4, 0x0, 0x9b, 0x8001}}, &(0x7f0000005580)={0x130, 0x7ffffffffffffffa, 0x6f6, {0x5, 0x81, 0x0, '\x00', {0x2, 0xfff, 0x892, 0x662, r5, r6, 0xc000, '\x00', 0xed, 0x0, 0x5, 0xed7, {0x3, 0x7}, {0x7, 0x6}, {0x5, 0x5}, {0xff, 0xa}, 0x0, 0x1, 0x2, 0x400}}}})
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@newlink={0x44, 0x10, 0x503, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, 0x23311, 0x8831}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_MACSEC_ENCODING_SA={0x5, 0x6, 0x1}, @IFLA_MACSEC_ENCODING_SA={0x5, 0x6, 0x20}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x48890}, 0x0)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
timer_create(0x3, 0x0, &(0x7f0000000300))
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r8, 0x29, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x3c1, 0x3, 0x2f0, 0x128, 0x111, 0x4b4, 0x128, 0xd4feffff, 0x220, 0x20a, 0x278, 0x220, 0x278, 0x3, 0x0, {[{{@ipv6={@private2, @loopback, [], [], 'bond_slave_1\x00', 'team_slave_0\x00', {}, {}, 0x6}, 0x0, 0x100, 0x128, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@inet=@tcp={{0x30}, {[], [], 0x0, 0x0, 0x2, 0x5}}]}, @common=@inet=@TCPMSS={0x28}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@inet=@SYNPROXY={0x28, 'SYNPROXY\x00', 0x0, {0x2}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x350)
setrlimit(0xf, &(0x7f0000000180)={0x2, 0x4})
timer_settime(0x0, 0x0, &(0x7f0000000080), 0x0)
unshare(0x40000000)
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000300)={'bridge0\x00', <r10=>0x0})
sendmsg$nl_route(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="3800000054000100040000000000000807000000", @ANYRES32=r10, @ANYBLOB="20000100", @ANYRES32], 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x40080)
setitimer(0x1, &(0x7f0000000000)={{0x0, 0x2710}, {0x0, 0xea60}}, 0x0)

1m9.048011525s ago: executing program 0 (id=315):
syz_usb_connect$cdc_ecm(0x2, 0x0, 0x0, 0x0)

1m8.944678081s ago: executing program 0 (id=317):
syz_mount_image$erofs(&(0x7f0000000040), &(0x7f0000000400)='./file1\x00', 0x8, &(0x7f0000002500)=ANY=[], 0x4, 0x1df, &(0x7f0000000440)="$eJzslUGL00AUx/+TxKQVP4EXDxbsxTRJUbwU6kUvHgTF4kGw2LRUUyttDrYg4sWrd28e/BhCvfohpAqiIHpRr84ymUkyu6S7pEs3h30/2Jf/zJt98+YNfQOCIE4tX7/8W/O/ne81AOfQgKPmf5j5GkNb/7n2+8XHWzd6bx68/+Ss3fr+aE7p/S0Aq+smYjXmnHPd31DfuzBSfUb398DgKv0QBu4pHYLhvtKPNT0V6113OI5C99E0GgjhCeMLEwjTPpjfr1cMAy0/pvnni+WTfhSFsx2K4sqtfmb51YCOlp9+Xy5ktl5eP/gw4CvdBsMdpa/BSWsjS6Kd/7yVxzcPPb+NYx77G4B8ZrjLytpiq63+HWAncvc7FiYSkd5o5flsI26+BjaugbXJxc2Se3EHOGqN+JVUUIQPXXl/Waov5bhcnO4Gl10yjqp81j/5O4ZLWn+SreRt8li04smz1nyxvDye9EfhKHwaBO2rnuV5V4JW0oikLWqApoxfT/rT2Tx+/ib95xI1tJmN5/04nvnSZuNA2qKOayT9z0Dzonx3RDe1tSTE5B8A6aZM/RnJV6imWdi+CYIgKuYCGFSX5FYq1GuSOTgPblecJ0EQBEEQBEEQBEEQ27MXAAD//xdKZA0=")
quotactl$Q_QUOTAON(0xffffffff80000201, &(0x7f0000000180)=@loop={'/dev/loop', 0x0}, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x13, r0, 0x0)
ioctl$F2FS_IOC_WRITE_CHECKPOINT(r0, 0xf507, 0x0)
syz_usb_connect(0x3, 0x64, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000cb8be7406d04230848390102030109025200010000000009044000000e0100000a2406"], 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000060000000f00000008"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe5}, 0x94)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
read$FUSE(r0, &(0x7f0000000640)={0x2020}, 0x2020)

1m8.802791699s ago: executing program 35 (id=317):
syz_mount_image$erofs(&(0x7f0000000040), &(0x7f0000000400)='./file1\x00', 0x8, &(0x7f0000002500)=ANY=[], 0x4, 0x1df, &(0x7f0000000440)="$eJzslUGL00AUx/+TxKQVP4EXDxbsxTRJUbwU6kUvHgTF4kGw2LRUUyttDrYg4sWrd28e/BhCvfohpAqiIHpRr84ymUkyu6S7pEs3h30/2Jf/zJt98+YNfQOCIE4tX7/8W/O/ne81AOfQgKPmf5j5GkNb/7n2+8XHWzd6bx68/+Ss3fr+aE7p/S0Aq+smYjXmnHPd31DfuzBSfUb398DgKv0QBu4pHYLhvtKPNT0V6113OI5C99E0GgjhCeMLEwjTPpjfr1cMAy0/pvnni+WTfhSFsx2K4sqtfmb51YCOlp9+Xy5ktl5eP/gw4CvdBsMdpa/BSWsjS6Kd/7yVxzcPPb+NYx77G4B8ZrjLytpiq63+HWAncvc7FiYSkd5o5flsI26+BjaugbXJxc2Se3EHOGqN+JVUUIQPXXl/Waov5bhcnO4Gl10yjqp81j/5O4ZLWn+SreRt8li04smz1nyxvDye9EfhKHwaBO2rnuV5V4JW0oikLWqApoxfT/rT2Tx+/ib95xI1tJmN5/04nvnSZuNA2qKOayT9z0Dzonx3RDe1tSTE5B8A6aZM/RnJV6imWdi+CYIgKuYCGFSX5FYq1GuSOTgPblecJ0EQBEEQBEEQBEEQ27MXAAD//xdKZA0=")
quotactl$Q_QUOTAON(0xffffffff80000201, &(0x7f0000000180)=@loop={'/dev/loop', 0x0}, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x13, r0, 0x0)
ioctl$F2FS_IOC_WRITE_CHECKPOINT(r0, 0xf507, 0x0)
syz_usb_connect(0x3, 0x64, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000cb8be7406d04230848390102030109025200010000000009044000000e0100000a2406"], 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000060000000f00000008"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe5}, 0x94)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
read$FUSE(r0, &(0x7f0000000640)={0x2020}, 0x2020)

1m4.547727685s ago: executing program 7 (id=330):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x10, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000711022000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x94) (async)
bpf$ENABLE_STATS(0x20, 0x0, 0x0) (async)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) (async)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x1810754, &(0x7f00000001c0)={[{@jqfmt_vfsold}, {@errors_continue}, {@delalloc}, {@prjquota}, {@usrquota}, {@resuid={'resuid', 0x3d, 0xee00}}, {@usrjquota, 0x5}, {@min_batch_time={'min_batch_time', 0x3d, 0xfffffffc}}, {@nodiscard}, {@test_dummy_encryption}]}, 0xff, 0x46e, &(0x7f0000000e40)="$eJzs281vFOUfAPDvzG7L249fKyIKgjSisfGlpQWVgxeNJh40MdEDHmtbCLJQQ2sihGg1Bo+GxLvxaOJf4MmTUU8mXvVuSIgSE9CYsGZmZ9ruslsK3bKE/XySaZ9n59mZ57vzPDPPzLMbQN8ayf4kEf+LiF8jYqiRbS4w0vh37cr56b+vnJ9Ool5/84/BvNzVK+eny6Ll+7YVmdE0Iv00KXbSbP7suZNTtdrsmSI/vnDqvfH5s+eeOXFq6vjs8dnTk0eOHD408fxzk892Jc4svqt7Ppzbu/vVty++Pn304js/fpPVd9e+xvqVcXTLSBb4n/Vc67rHu72zHrteX44zqfa6NqxVJSKywzWQ9/+hqMTywRuKVz7paeWADZWdsze1ebn4v1gH7mFJ9LoGQG+UF/zs/rdc7uDwo+cuv9i4AcrivlYsjTXVSIsyAxu4/5GIOLr4z5fZEi3PIZaOz+AGVgAA6DvfZeOfp9uN/9LYtaLc/4u5oeGIuC8idkTE/RGxMyIeiMjLPhgRD93i/lunhm4cf6aXbiuwNcrGfy8Uc1vN479y9BfDlSK3PY9/IDl2ojZ7sPhMRmNgU5afaLfxchMv//J5p/2vHP9lS7b/cixYbORSteUB3czUwlS3BqWXP47YU20Xf7I0E5BExO6I2LPmrS5G8fHkTjz59d5OJW8e/yq6MM9U/yriicbxX4yW+EvJ6vOT45ujNntwvGwVN/rp5wtvdNp/2/ivb19/YGuUHf+tze1/aV0l/zv0V7JyvnY+bvmG5MJvn3W8p6zeZvsfTN7K53TLmnwwtbBwZiJiMHktovX1yeX3lvmyfBb/6IH2/X9H8Z4s/ocjImvE+yLikYjYHxH/FvfQj0bEgVXi/+Glx97ttG5d7T9iyxrLdZTFP9P2/LfU/oebj/+tJyonv//29uPPjv/hPDVavJKf/26ic3U2FyWWWzMAAADc69L8u/FJOraUTtOxscZ3+HfG1rQ2N7/w1LG590/PNL5DPxwDafmka2jF89CJZLHYYiM/WTwrLtcfKp4bf1HZkufHpudqMz2OHfrdtub+v7/s/5nfK72uHbDh/F4L+ldr/097VA/gznP9h/6l/0P/0v+hf7Xr/x+15M0FwL3J9R/6l/4P/Uv/h/6l/0NfWs/v+jcqUV3l1/sSd0si0ruiGhItiUgaF/RN6+zdvT4zAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMd/AQAA///gq/is") (async)
r2 = syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00')
read$FUSE(r2, &(0x7f0000003800)={0x2020}, 0x2020) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0xe, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000000000007110bf000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)

1m4.46235415s ago: executing program 7 (id=332):
syz_io_uring_setup(0xeb0, &(0x7f0000000100)={0x0, 0x0, 0x80, 0x1, 0xfffffffc}, 0x0, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8001, 0x3, 0xf, 0x3, 0x80, 0x2, 0x8, 0x7f, 0x2000000a, 0x20000000, 0x9, 0x5f, 0x9, 0x5, 0xffff2d37, 0x1002, 0x6, 0x3, 0xfffffffc, 0x7, 0x4, 0x0, 0x7, 0x3c1b, 0x2, 0x24, 0xd, 0x1, 0x0, 0xffffffff, 0x8e660, 0x4, 0x7, 0x3, 0x5, 0x4c74, 0x80000000, 0x242, 0x6, 0xc, 0x0, 0x8071, 0x7, 0x940, 0xffffffff, 0x7, 0x5, 0x3e, 0x8f, 0x1, 0x6, 0x0, 0x5, 0x4, 0x8, 0xa8000000, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x5, 0x8000012d, 0x8004, 0x5, 0xfffffff3, 0x129432e2, 0xc8, 0xf9, 0xe, 0x2bf, 0x1, 0x9, 0xfffffffc, 0x4, 0x10001, 0x0, 0x5, 0x2e, 0xe, 0x4, 0x78, 0xea4, 0xffc, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x7cb, 0x5f31, 0x1000d, 0x4e0, 0x2, 0x4, 0xb, 0x3, 0x9, 0x4, 0xd, 0xe1, 0x47, 0x8000, 0x1, 0xfe000000, 0xfffe, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x3, 0x3, 0xbc45, 0x3, 0xfffffff8, 0x3], [0x5, 0x408, 0x4, 0xa, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x7, 0x5, 0x8, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x2, 0x8, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0xc, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x3, 0x10800003, 0x200, 0x83, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x2000005, 0x6, 0xac8, 0xbf, 0x4002, 0xffffffff, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x0, 0x9, 0x1c, 0x120000, 0x3, 0x1, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0x9, 0x5, 0x938, 0x6, 0x6, 0x12, 0xb9, 0xce7, 0x1ff, 0x800002, 0xfffffffb, 0x3, 0x3, 0x101, 0x10000, 0x9, 0x7ffd, 0xffff, 0xa620, 0x8000001, 0x78b, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0x4, 0xc8, 0x1, 0xfffff000, 0x5, 0x9, 0x7e, 0x100, 0x9602, 0x7, 0x3, 0x8, 0x6, 0x226, 0x5, 0x5, 0x8, 0x101, 0xa1f, 0xf44, 0x7, 0x1, 0x6c1b, 0x100, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0x1ff, 0xfffffffb]}, 0x45c)
r0 = timerfd_create(0x8, 0x0)
timerfd_settime(r0, 0x3, &(0x7f0000000040)={{0x77359400}, {0x0, 0x989680}}, 0x0)
r1 = timerfd_create(0x8, 0x0)
clock_gettime(0x4, &(0x7f0000000140)={<r2=>0x0, <r3=>0x0})
timerfd_settime(r1, 0x0, &(0x7f0000000180)={{}, {r2, r3+10000000}}, 0x0)
timerfd_gettime(r0, 0x0)
timer_create(0x0, &(0x7f0000000000)={0x0, 0xd, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000080)=<r4=>0x0)
timer_delete(r4)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)

1m4.409443353s ago: executing program 7 (id=333):
futex(&(0x7f000000cffc)=0x1, 0x6, 0x4, 0x0, 0x0, 0x1)
futex(&(0x7f0000000000)=0x2, 0x5, 0x2, 0x0, &(0x7f0000000040)=0x88000, 0x3000005)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r3 = dup3(r2, r1, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0)
r5 = mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$TIOCSBRK(r3, 0x5427)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000440)="97713b46fbaa2b1044f2d408ffca802db4d770eb9874f493e0ef367e4bde497c403b450c72ff2417d079bb892435a1e107fa5c0ecd207d9e6f2a209bf148e6bc56955cb53347d1499097488fcad724a1"})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xc, 0x0, &(0x7f0000000180)=[@free_buffer={0x40086303, r5}], 0x0, 0x0, 0x0})
read$FUSE(r0, &(0x7f00000034c0)={0x2020}, 0x3ba)

1m4.319926348s ago: executing program 8 (id=335):
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'wg0\x00', <r1=>0x0})
unshare(0x64000600)
r2 = gettid()
syz_clone(0x42164000, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c00000010000304f9ffbffffedbdf2500007400", @ANYRES32=r1, @ANYBLOB="049c01000750050008001300", @ANYRES32=r2], 0x3c}, 0x1, 0x0, 0x0, 0x4802}, 0x42850)
socket$inet_tcp(0x2, 0x1, 0x0)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
dup(r4)
pipe(&(0x7f0000000400)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000280)={0x4000}, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="200000001600010a00000000000000000c0000000c0000800800", @ANYRES32=r5], 0x20}, 0x1, 0x800e0000}, 0x40816)

1m3.863068974s ago: executing program 8 (id=336):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x200800, &(0x7f0000000100)=ANY=[@ANYBLOB="757466382c756d61736b3d30303030303030303030303030303030303030303030352c6b6565705f6c6173745f646f74732c6572726f72733d636f6e74696e75652c696f636861727365743d6d616363656e746575726f2c6572726f72733d636f6e74696e75652c696f636861727365743d63703835352c6572726f72733d72656d6f756e742d726f2c6572726f72733d636f6e74696e75652c616c6c6f775f7574696d653d30303030303030303030303030303030303030303230312c006650c3e8dc968e3e6b90aa881ce4827eb933d4f0b3572c327dfd4500236f62e2bedb596d689249ca07c0c222397561040d8e476c4bfe8921293378f3aee34e068ac501aa2fc1cde00df9847780d226182d92814de1002e4709301cadd92a082bb385cc330729948c9802a2a33d3a598601677f930f38b98bd2391530c4fe505f4c4bb5c8599cba4c1a162931a8c1e77319150953d7fd87f562aedf6e7bc949471d8ee30b515860e789e5d4e9f3d8806bbbd95529daef35de382d853f82a3dc6137fcec3450c043ff39025003b730f522186ee305038d457a600ad3a5f3cf88ba32fa967a163ef96c6906ed5125b8c4e12c2bc683805f329043a293de8d0b"], 0x9, 0x1524, &(0x7f0000002280)="$eJzs3AuYTlXbOPD7XmvtMSbpaZLDsNa6N09yWCZJckiSQ5IkSZJTQtIkryQkhpyShiQkhyE5DCE5TEwa5/P5kJAkTZKE5JSs/yX8vb31fu/7fm/f67u+uX/XtS/rfva+1773cz+HvbeZ+a7zkBqNalZtQETwb8GL/yQDQCwADACA6wAgAICy8WXjL6zPKTH539sJ+3M9kna1K2BXE/c/e+P+Z2/c/+yN+5+9cf+zN+5/9sb9z964/4xlZ5umFbiel+y78P3/7Iy///8PySo15qs1pW7sAhDzz6Zw/7M37v//WcE/sxH3P3vj/mdXsVe7APa/AL//s4Mcf3cN9z974/4zlp1d7fvPV3uBSPZ+Dq72648xxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGWPZw2l+hAODy+GrXxRhjjDHGGGOMsT+Pz3G1K2CMMcYYY4wxxtj/PAQBEhQEEAM5IBZyQhwIALgWcsN1EIHrIR5ugDxwI+SFfJAfCkACFIRCoMGABYIQCkMRiMJNUBRuhmJQHEpASXBQChLhFigNt0IZuA3Kwu1QDu6A8lABKkIluBMqw11QBe6GqnAPVIPqUANqwr1QC+6D2nA/1IEHoC48CPXgIagPD0MDeAQawqPQCB6DxvA4NIGm0AyaQ4v/Vv5L0B1ehh7QE5KhF/SGV6AP9IV+0B8GwKswEF6DQfA6pMBgGAJvwFB4E4bBWzAcRsBIeBtGwTswGsbAWBgHqTAeJsC7MBHeg0kwGabAVEiDaTAd3ocZMBNmwQcwGz6EOTAX5sF8SIePYAEshAz4GBbBJ5AJi2EJLIVlsBxWwEpYBathDayFdbAeNsBG2ASbYQtshW2wHXbAp7ATPoNdsBv2wOewF774F/NP/U1+FwQEFChQocIYjMFYjMU4jMNcmAtzY26MYATjMR7zYB7Mi3kxP+bHBEzAQlgIDRokJCyMhTGKUSyKRbEYFsMSWAIdOkzERCyNt2IZLINlsSyWw3JYHitgBayElbAyVsYqWAWrYlWshtWwBtbAe/Fe7IW1sTbWwTpYF+tevj2FDbABNsSG2AgbYWNsjE2wCTbDZtgCW2BLbImtsBW2wTbYFttiO2yHSZiE7bE9dsAO2BE7YifshJ2xM3bBrtg166UcgC/jy9gTq4le2Bt7Yx9MydEP+2N/fBUH4mv4Gr6OKTgYh+Ab+Aa+icPwJA7HETgSR2Jl8Q6OxjFIYhymYipOwAk4ESfiJJyMk3EqpuE0nI7TcQbOxJn4Ac7GD/FDnItzcT6mYzouwIWYgRm4CE9hJi7GJbgUl+FyXIYrcRWuxDW4FtfgelyPG3EjbsbNuBW34nbcjp+iAsDPcDfuxhTci3txH+7D/bgfD+ABzMIsPIgH8RAewsN4GI/gETyKx/A4HsMTeAJP4ik8jafxLJ7Fc/hCwjcNPy2+OgXEBUooESNiRKyIFXEiTuQSuURukVtERETEi3iRR+QReUVekV/kFwkiQRQShYQRRpAIYwBAREVUFBVFRTFRTJQQJYQTTiSKRFFalBZlRBlRVtwuyok7RHlRQbR2lUQlUVm0cVXE3aKqqCqqieqihqgpaopaopaoLWqLOqKOqCvqinriIVFf9MJ++Ii40JlGYjA2FkOwiWgq5KVPsJZiGLYSrUUb8ZQYgcOxnWjpksSzor0YjR3EX8QYfF50EuOws3hRdBFdRTfxkuguWrkeoqeYhL1EbzEV+4i+op/oL2ZgdfEBzs5ZQ7wuUsRgMUS8Iebjm2KYeEsMFyPESPG2GCXeEaPFGDFWjBOpYryYIN4VE8V7YpKYLKaIqSJNTBPTxftihpgpZokPxGzxoZgj5op5Yr5IFx+JBWKhyBAfi0XiE5EpFoslYqlYJpaLFWKlWCVWizVirVgn1osNYqPYJDaLLWKr2Ca2ix3iU7FTfCZ2id1ij/hc7BVfiH3iS7FffCUOiK9FlvhGHBTfikPiO3FYfC+OiB/EUXFMHBc/ihPiJ3FSnBKnxRlxVvwszolfxHnhBUiUQkqpZCBjZA4ZK3PKOHmNzCWDS8/u9TJe3iDzyBtlXplP5pcFZIIsKAtJLY20kmQoC8siMipvkkXlzbKYLC5LyJLSyVIyUd4iS8tbZRl5mywrb5fl5B2yvKwgK8pK8k5ZWd4lIXJxH9VkdVlD1pT3ymS4T9aW98s68gFZVz4o68mHZH35sGwgH5EN5aOykXxMNpaPyyayqWwmm8sW8gnZUj4pW8nWso18SraVT8t28hmZJJ+V7aW/9BJ5XnaSL8jO8kXZRXaV3eQv8rz0sofsKaEXyN7yFdlH9pX9ZH85QL4qB8rX5CD5ukyRg+UQ+YYcKt+Uw+RbcrgcIUfKt+Uo+Y4cLcfIsXKcTJXj5QT5rpwo35OT5GQ5RU6VaXKa7HdppllS/sP8d/8gf9Cve98oN8nNcovcKrfJ7XKH/FTulDvlLrlL7pF75F65V+6T++R+uV8ekAdklsySB+VBeUgekoflYXlEHpFH5TF5Rv4oT8if5El5Sp6SZ+RZeVaeu/QcgEIllFRKBSpG5VCxKqeKU9eoXOpalVtdpyLqehWvblB51I0qr8qn8qsCKkEVVIWUVkZZRSpUhVURFVU34aUXjCqhSiqnSqlEdcu/kq+KqptVMVX8N/mX60v+O/W1UC1US9VStVKtVBvVRrVVbVU71U4lqSTVXrVXHVQH1VF1VJ1UJ9VZdVZdVBfVTXVT3VV31UP1UMkqWfVWr6g+qq/qp/qrAepVNVANVIPUIJWiUtQQNUQNVUPVMDVMDVfD1Ug1Uo1So9RoNVqNVWNVqkpVE9QENVFNVJPUJDVFTVFpKk1NV9PVDDVDzVKz1Gw1W81Rc9Q8NU+lq3S1QC1QGSpDLVKLVKZarBarpWqpWq6Wq5VqpVqtVqu1aq1ar9arTLVJbVJb1Ba1TW1TO9QOtVPtVLvULrVH7VF71V61T+1T+9V+dUAdUFkqSx1UB9UhdUgdVofVEXVEHVVH1XF1XJ1QJ9RJdVKdVqfVWXVWnVPn1Hl1/sJpXyACEahABTFBTBAbxAZxQVyQK8gV5A5yB5EgEsQH8UGe4MYgb5AvyB8UCBKCgkGhQAcmsIG41PRocFNQNLg5KBYUD0oEJQMXlAoSg1uC0sGtQZngtqBscHtQLrgjKB9UCCoGlYI7g8rBXUGV4O6ganBPUC2oHtQIagb3BrWC+4Lawf1BneCBoG7wYFAveCioHzwcNAgeCRoGjwaNgseCxsHjQZOgadAsaB60+FPn9/5kviddD91TJ+teurd+RffRfXU/3V8P0K/qgfo1PUi/rlP0YD1Ev6GH6jf1MP2WHq5H6JH6bT1Kv6NH6zF6rB6nU/V4PUG/qyfq9/QkPVlP0VN1mp6mp+v39Qw9U8/SH+jZ+kM9R8/V8/R8na4/0gv0Qp2hP9aL9Cc6Uy/WS/RSvUwv1yv0Sr1Kr9Zr9Fq9Tq/XG/RGvUlv1lv0Vr1Nb9c79Kd6p/5M79K79R79ud6rv9D79Jd6v/5KH9Bf6yz9jT6ov9WH9Hf6sP5eH9E/6KP6mD6uf9Qn9E/6pD6lT+sz+qz+WZ/Tv+jz2l84ub/w9W6UUSbGxJhYE2viTJzJZXKZ3Ca3iZiIiTfxJo/JY/KavCa/yW8STIIpZAqZC8iQKWwKm6iJmqKmqClmipkSpoRxxplEk2hKm9KmjCljypqyppwpZ8qb8qaiqWjuNHeau8xd5m5zt7nH3GOqm+qmpqlpaplaprapbeqYOqauqWvqmXqmvqlvGpgGpqFpaBqZRqaxaWyamCammWlmWpgWpqVpaVqZVqaNaWPamramnWlnkkySaW/amw6mg+loOppOppPpbDqbLqaL6Wa6me6mu+lhephkk2x6m96mj+lj+pl+ZoAZYAaagWaQGWRSTIoZYoaYoWaoGWaGmeFmhBl54UTVvGNGmzFmrBlnUk2qmWAmmIlmoplkJpkpZopJM2lmupluZpgZZpaZZWab2WaOmWPmmXkm3aSbBWaByTAZZpFZZDJNpllilphlZplZYVaYVWaVWWPWmHWwzmwwG8wms8lsMVvMNrPN7DA7zE6z0+wyu8wes8fsNXvNPrPP7Df7zQFzwGSZLHPQHDSHzCFz2Bw2R8wRc9QcNcfNcXPCnDAnzUlz2pw2Z02+S9+X3sTanDbOXmNz2Wttbnud/ds4vy1gE2xBW8hqm9fm+01srLXFbHFbwpa0zpayifaW38XlbQVb0Vayd9rK9i5b5XdxLXufrW3vt3XsA7amvfc3cV37oK1nH7P1EQFsU9vQNreN7GO2sX3cNrFNbTPb3La1T9t29hmbZJ+17e1zv4sX2IV2lV1t19i1dpfdbU/bM/aQ/c6etT/bHranHWBftQPta3aQfd2m2MG/i0fat+0o+44dbcfYsXbc7+IpdqpNs9PsdPu+nWFn/i5Otx/Z2TbDzrFz7Tw7/9f4Qk0Z9mO7yH5iM20AS+xSu8wutyvsyv9f61K73m6wG+1O+5ndYrfabXa73XH5RNjutnvs53av/cIetN/a/fYre8Aetln2m1/jC8d32H5vj9gf7FF7zB63P9oT9id1OfvCsf9of7HnrbdASECSFAUUQzkolnJSHF1Duehayk3XUYSup3i6gfLQjZSX8lF+KkAJVJAKkSZDlohCKkxFKEo30eXySlBJclSKEukWKk23Uhm6jcrS7VSO7qDyVIEqUiW6kyrTXVSF7qaqdA9Vo+pUg2rSvVSL7qPadD/VoQeoLj1I9eghqk8PUwN6hBrSo9SIHqPG9Dg1oabUjJpTC3qCWtKT1IpaUxt6itrS09SOnqEkepba03PUgf5CHel56kQvUGd6kbpQV+pGL1F3epl6UE9Kpl7Um16hPtSX+lF/GkCv0kB6jQbR65RCg2kIvUFD6U0aRm/RcBpBI+ltGkXv0GgaQ2NpHKXSeJpA79JEeo8m0WSaQlMpjabRdHqfZtBMmkUf0Gz6kObQXJpH8ymdPqIFtJAy6GNaRJ9QJi2mJbSUltFyWkEraRWtpjW0ltbRetpAG2kTbaYttJW20XbaQZ/STvqMdtFu2kOf0176gvbRl7SfvqID9DVl0Td0kL6lQ/QdHabvfU/6gY7SMTpOP9IJ+olO0ik6TWfoLP1M5+gXOk+eIMRQhDJUYRDGhDnC2DBnGBdeE+YKrw1zh9eFkfD6MD68IcwT3hjmDfOF+cMCYUJYMCwU6tCENqQwDAuHRcJoeFNYNLw5LBYWD0uEJUMXlgoTw1vC0uGtYZnwtrBseHtYLrwjLB9WCB97oFJ4Z1g5vCusEt4dVg3vCauF1cMaYc3w3rBWeF9YO7w/rBM+EJYJHwzrhQ+F9cOHwwbhI2HD8NGwUfhY2Dh8PGwSNg2bhc3DFuETYcvwybBV2DpsEz4Vtg2fDtuFz4RJ4bNh+/C5X9c/uPDvr08Oe4W9w1fCV0Lv75fzovOj6dGPoguiC6MZ0Y+ji6KfRDOji6NLokujy6LLoyuiK6Oroquja6Jro+ui66Mbohuj3tfMAQ6dcNIpF7gYl8PFupwuzl3jcrlrXW53nYu46128u8HlcTe6vC6fy+8KuARX0BVy2hlnHbnQFXZFXNTd5Iq6m10xV9yVcCWdc6VcomvuWrgWrqV70rVyrV0b95R7yj3tnnbPuGfcs669e851cH9xHd3zrpN7wb3gXnRdXFfXzb3kurvxuS++J5Ndb9fb9XF9XD/Xzw1wA9xAN9ANcoNciktxQ9wQN9QNdcPcMDfcDXcj3Ug3yo1yo91oN9aNdaku1U1wE9xEN9FNcpPcFDfFpbk0N91NdzPcDFd55sW9zHFz3Dw3z6W7dLfAXThnzHCL3CKX6TLdErfELXPL3Aq3wq1yq9wat8atc+vcBrfBbXKb3Ba3xW1z29wOt8PtdDvdLn/dxUndXrfP7XP73X53wH3tstw37qD71h1y37nD7nt3xP3gjrpj7rj70Z1wP7mT7pQ77c64s+5nd8794s4771Ij4yMTIu9GJkbei0yKTI5MiUyNpEWmRaZH3o/MiMyMzIp8EJkd+TAyJzI3Mi8yP5Ie+SiyILIwkhH5OLIo8kkkM7I4siSyNLIssjzifcEtoS/si/iov8kX9Tf7Yr64L+FLeudL+UR/iy/tb/Vl/G2+rL/dl/N3+PK+gq/oH/dNfFPfzDf3LfwTvqV/0rfyrX0b/5Rv65/27fwzPsk/69v753wH/xff0T/vO/kXfGf/ou/iu/pu/iXf3b/se/iePtn38r39K76P7+v7+f5+gH/VD/Sv+UH+dZ/iB/sh/g0/1L/ph/m3/HA/wo+MeduPunyJDON8qh/vJ/h3/UT/np/kJ/spfqpP89P8dP++n+Fn+ln+Az/bf+jn+Ll+np/v0/1HfoFf6DP8x36R/8Rn+sWXbyr7FX6lX+VX+zV+rV/n1/sNfqPf5Df7LX6r3+a3+x3+U7/Tf+Z3+d1+j//c7/Vf+H3+S7/ff+UP+K99lv/GH/Tf+kP+O3/Yf++P+B/8UX/MH/c/+hP+J3/Sn/Kn/Rl/1v/sz/lf/Hn+nTXGGGOMsX/K+CtD8ds1F2/n9/qDHPFXG/cGgGu3Fsj66/UXzijX5b047isS2kYA4NmenR+5vFSrlpycfGnbTAlBkbkAl/8n6IIYuBIvhjbwNCRBayj9h/X3FV3P0j+YP3o7QNxf5cTClfjK/F8CYPIfzP/EUyMXlAtPx/8X888FKFbkSk5OuBIvhja/3l9pDWX+Tv35Wv6D+nN+lQrQ6q9ycsGV+Er9ifAkPAdJv9mSMcYYY4wxxhi7qK+o2PHy9efln/j8o+vzBHUlJwdcif/R9TljjDHGGGOMMcauvue7dnvmiaSk1h3/9UGV/1bWPz1oDP9TM/PgDwfeA1x+RAHAvzkhwIWB/E8exeb/yL5SLr11/nbVsjM+gP8drfwzBlf5g4kxxhhjjDH2p7ty0v/bx9XVKogxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGMuG/hN/TuxqHyNjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDF2tf2/AAAA//9IVQM5")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r3 = socket$netlink(0x10, 0x3, 0x0)
writev(r3, 0x0, 0x0)
bpf$MAP_CREATE(0x100000000000000, 0x0, 0x48)
writev(r3, &(0x7f00000000c0)=[{&(0x7f0000000040)="4dff000013001118680907070000000f0000ff3f04000000170a001700000000040014001000030001302564aa58b9a64411f6bbf44dc48f57", 0xff4d}], 0x1)
r4 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
prctl$PR_SET_DUMPABLE(0x4, 0x2)
getdents64(r4, &(0x7f0000000180)=""/82, 0x52)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setresuid(0xee01, 0xee00, 0x0)
setsockopt$bt_hci_HCI_FILTER(r5, 0x0, 0x2, &(0x7f0000000440)={0xfffa}, 0x10)

1m3.370489362s ago: executing program 7 (id=338):
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x8000d0, &(0x7f0000000040), 0x1, 0x586, &(0x7f0000000600)="$eJzs3U9sHFcZAPBvdx0ncd2mCY3UlIMDqUj/KLbblZwaDoQDHCjqpUioUjlYycYOXsfGdkVtLu6NE0UCBKiiasQBCSRiiQNwqChIHJAIEgIhLNRKIA78aQHhHigBjGZ31t54Z51Ftndbz+8nbfbNm7G/93bzvd19b9YTQG6dTv4pRAxGxI2IOFbfvPWA0/W775RXp66XV6cKsbHx5N8KteOulVenGoc2fu6OiFiJiHsj4seXIy4eao27sLQ8PVGtVubT7ZHFmbmRhaXlc1dmJiYrk5Wr5fJj42Nj4+fHRv+P3hR23PuJuddP/GbqicmXhv791PmZb/y1EBdq/Y5t/dhLWS3qK0Rc2I9gPVBK+hMRAx0ef7Ly/Mv73CQ69KUTayPJc3dPRNxfy/9jUao9mxEffPHpfxyLD9xs97M31l78UzfbCgDsnY3E4Z13AwdTMZLP/oXicETUy8Xi8HD9M/w9MVCszi4sPnx59pmrl+pzBHfHoeLlK9XKaDpXcHccKiTbj9TKW9uPbtsuR8TxiPhc6Whte/jibPVSV0c6oGEw4rXvfvpi/x3b8v+PpXr+AwdXkv+/+sn3f5iU3yz1ujVANyX5/603Zx4P+Q+5c/v8P9L1NgHd4fUf8kv+Q3615v/O584CB4fXf8gv+Q/5Jf8hv+Q/5Jf8h/xqzn/pD/l0fOiVtUJErLz/aO2W6E/3ZfzZHuAA2bjTt/whr7z3h/zq2yoe7WU7gO7zGR+43dn/bb8NPLf3bQG6o9jrBgA9c/aU9T/IK/P/kF99vW4A0DPe4wPm/yF/zP9Dfg22uf7XnU3X7hqNiLsi4melQ4cb1/oC3rkGI1574cb3no4o/rmQvv9PxoKJ11/9UfNx/YV/1pYI+iPiMy88+ZVnJxYX5x9J6v++Wb/41bT+0V71BuhEI08beQzk18LS8vREtVqZV1DYVoh4WzRDYR8LjXHgWnl1qnHr1tjz/EMRb3yofhJCEvd6eqvv7UvnJo/U1igH1gu3nKtQ2IO1y8+fi1h5LiLuzep/Ib3eeX3lY2C91BL/Xel9cjuVzp8kx5zsMH7prt3Fv68p/lBT/Hd3GH/t4x0euE+Of7u38V/67eayV1/W49+3y6/EnrjN/se/uatfv2t/+H1v498/1Nv4X56NeCUZf0az8q+YpOXmymfz+PPFL9TnSvp3Gf+zZ7fGv+st419xc/wrtRn/TncY56dPVT6ZVV/6ecQbz0Xclxm/Ee9ILdbAerEl/pmm8eeBHeL/5WO/nM6qv/BqxMa1iLORHb851sjizNzIwtLyuSszE5OVycrVcvmx8bGx8fNjoyO1OeqRxkx1qydunvxwVv2Zr9f7P9AmfqP/7R7/jR363Gz5a58afE9G/S9O1eM/cCb7+T+Rxq8//n0t8d+b3if/T/6TnsubHPNWRBxO6x+MiB+8fPyhrHZ99GY9/qU2/S/eEr+1/w932P/43X+fyap+9iOd/gIAYC+1nxrodcsAAIC91o2Vxl73Ecg2sN4fzcvAhZWmdYWVrXWFpP6tdH2htBLxr3SNIal/MF0lS8qZCw3A287J5ff9utdtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMi7haXl6YlqtTK/0OuWAN32vwAAAP//mSj9Tw==")
syz_emit_ethernet(0x5a, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000025000086dd6000000000242b00fe8000000040000000000000000000aafe8000000000000000000000000000aa3c000000000000002b00"/74, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780000"], 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000a80)='./file1\x00', 0x41, &(0x7f00000008c0)={[{@bsdgroups}, {@nodiscard}, {@noblock_validity}, {@grpjquota}, {@sb={'sb', 0x3d, 0x50cf}}, {@orlov}, {@norecovery}, {@barrier}, {@data_journal}]}, 0x66, 0x50a, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZr06Y3ueqDXvB6tZW0aHeTxrbBh1pB9Kmg1vcak00I2WRDdtM2oWiKH0AQUcEnffFF8AMIUvDFRxEK+qyoKKKtPvigncvuTtI03U227TabZn8/mMw5Z2b2f86GmZ0zc5gJYGC9FxHXI+JJmqYXImI0K89lU2y1psZ6jx/dm21MSaTpzX8mkWRl25+VZPPT2WYnI+JrX474ZvJ83NrG5tJMpVJey/Kl+vJqqbaxeXFxeWahvFBemZqavDJ9dfry9ERP2nkmIq598a8/+O7PvnTtV5+586dbfz//rUa1RrLlu9vxgvL7LWw1vdD8LnZvsPaSwY6ifLOFmeF2aww9V3L/NdcJAID2Guf4H4yIT0bEhRiNof1PZwEAAIA3UPr5kfhfEpG2d6JDOQAAAPAGyTXHwCa5YjYWYCRyuWKxNYb3w3EqV6nW6p+er66vzLXGyo5FITe/WClPZGOFx6KQNPKTzfTT/KU9+amIeDsivj863MwXZ6uVuX5f/AAAAIABcXpP//8/o63+PwAAAHDMjPW7AgAAAMBrp/8PAAAAx5/+PwAAABxrX7lxozGl2++/nru9sb5UvX1xrlxbKi6vzxZnq2urxYVqdaH5zL7lgz6vUq2ufjZW1u+W6uVavVTb2Ly1XF1fqd9afOYV2AAAAMAhevvjD/6QRMTW54abU8OJ7jbtcjXgqMrvpJJs3ma3/uNbrflfDqlSwKEY6ncFgL7J97sCQN8U+l0BoO+SA5Z3HLzz22z+id7WBwAA6L3xj3a+/5/bd8ut/RcDR56dGAaX+/8wuJr3/7sdyetkAY6VgjMAGHivfP//QGn6QhUCAAB6bqQ5JblidnlvJHK5YjHiTPO1AIVkfrFSnoiItyLi96OFDzTyk80tkwP7DAAAAAAAAAAAAAAAAAAAAAAAAABAS5omkQIAAADHWkTub8mvW8/yHx89N7L3+sCJ5L+jkb0i9M6Pb/7w7ky9vjbZKP/XTnn9R1n5pX5cwQAAAICB8EIv8N/up2/34wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACglx4/uje7PR1m3H98ISLG2sXPx8nm/GQUIuLUv5PI79ouiYihHsQfbvz5SLv4SaNaOyHbxR/uQfyt+/vGj7HsW2gX/3QP4sMge9A4/lxvt//l4r3mvP3+l494Jv+yOh//Yuf4N9Rh/z/TZYx3Hv6i1DH+/Yh38u2PP9vxkw7xz3YZ/xtf39zstCz9ScR429+f5JlYpfryaqm2sXlxcXlmobxQXpmamrwyfXX68vREaX6xUs7+to3xvY/98sl+7T/VIf7YAe0/12X7///w7qMPtZKFdvHPn20T/zc/zdZ4Pn4u++37VJZuLB/fTm+10ru9+/Pfvbtf++c6tP+g///5Ltt/4avf+XOXqwIAh6C2sbk0U6mU145totFLPwLVkDiCiW/39APTNE0b+9QrfE4SR+FraSb6fWQCAAB67elJf79rAgAAAAAAAAAAAAAAAAAAAIPrMB4ntjfm1k4q6cUjtAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeuL9AAAA//+GAdlV")
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCSIFBR(r0, 0x890c, &(0x7f0000000300)=@generic={0x0, 0x2})
r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r1, 0x8004587d, &(0x7f0000000080)={@desc={0x1, 0x0, @desc2}})
sendmsg$IPSET_CMD_DEL(r1, &(0x7f0000000c80)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000c40)={&(0x7f0000000bc0)={0x78, 0xa, 0x6, 0x101, 0x0, 0x0, {0x0, 0x0, 0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x44, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP2_TO={0x18, 0x16, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010101}}}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_IP2_TO={0x18, 0x16, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}}}, @IPSET_ATTR_MARK={0x8}]}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x78}, 0x1, 0x0, 0x0, 0x841}, 0x800)
stat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000180))

1m3.119530067s ago: executing program 7 (id=341):
r0 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r0, 0x8, 0x0, 0x0, 0x30, &(0x7f00000001c0), 0x10}, 0x71)

1m2.945821297s ago: executing program 7 (id=345):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f00005cc000/0x400000)=nil)
setresgid(0x0, 0xffffffffffffffff, 0x0)
r3 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$inet_mreq(r3, 0x0, 0x24, &(0x7f0000000000)={@initdev={0xac, 0x1e, 0x1, 0x0}, @multicast1}, 0x8)
syz_kvm_add_vcpu$x86(r2, &(0x7f00000000c0)={0x0, 0x0})
mmap(&(0x7f00009ab000/0x3000)=nil, 0x3000, 0x1000001, 0x20010, r0, 0xffffc000)

1m2.943582377s ago: executing program 8 (id=346):
futex(&(0x7f000000cffc)=0x1, 0x6, 0x4, 0x0, 0x0, 0x1)
futex(&(0x7f0000000000)=0x2, 0x5, 0x2, 0x0, &(0x7f0000000040)=0x88000, 0x3000005)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r3 = dup3(r2, r1, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$TIOCSBRK(r3, 0x5427)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000440)="97713b46fbaa2b1044f2d408ffca802db4d770eb9874f493e0ef367e4bde497c403b450c72ff2417d079bb892435a1e107fa5c0ecd207d9e6f2a209bf148e6bc56955cb53347d1499097488fcad724a1"})
read$FUSE(r0, &(0x7f00000034c0)={0x2020}, 0x3ba)

1m2.884899631s ago: executing program 36 (id=345):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f00005cc000/0x400000)=nil)
setresgid(0x0, 0xffffffffffffffff, 0x0)
r3 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$inet_mreq(r3, 0x0, 0x24, &(0x7f0000000000)={@initdev={0xac, 0x1e, 0x1, 0x0}, @multicast1}, 0x8)
syz_kvm_add_vcpu$x86(r2, &(0x7f00000000c0)={0x0, 0x0})
mmap(&(0x7f00009ab000/0x3000)=nil, 0x3000, 0x1000001, 0x20010, r0, 0xffffc000)

1m2.0282843s ago: executing program 8 (id=352):
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x8000d0, &(0x7f0000000040), 0x1, 0x586, &(0x7f0000000600)="$eJzs3U9sHFcZAPBvdx0ncd2mCY3UlIMDqUj/KLbblZwaDoQDHCjqpUioUjlYycYOXsfGdkVtLu6NE0UCBKiiasQBCSRiiQNwqChIHJAIEgIhLNRKIA78aQHhHigBjGZ31t54Z51Ftndbz+8nbfbNm7G/93bzvd19b9YTQG6dTv4pRAxGxI2IOFbfvPWA0/W775RXp66XV6cKsbHx5N8KteOulVenGoc2fu6OiFiJiHsj4seXIy4eao27sLQ8PVGtVubT7ZHFmbmRhaXlc1dmJiYrk5Wr5fJj42Nj4+fHRv+P3hR23PuJuddP/GbqicmXhv791PmZb/y1EBdq/Y5t/dhLWS3qK0Rc2I9gPVBK+hMRAx0ef7Ly/Mv73CQ69KUTayPJc3dPRNxfy/9jUao9mxEffPHpfxyLD9xs97M31l78UzfbCgDsnY3E4Z13AwdTMZLP/oXicETUy8Xi8HD9M/w9MVCszi4sPnx59pmrl+pzBHfHoeLlK9XKaDpXcHccKiTbj9TKW9uPbtsuR8TxiPhc6Whte/jibPVSV0c6oGEw4rXvfvpi/x3b8v+PpXr+AwdXkv+/+sn3f5iU3yz1ujVANyX5/603Zx4P+Q+5c/v8P9L1NgHd4fUf8kv+Q3615v/O584CB4fXf8gv+Q/5Jf8hv+Q/5Jf8h/xqzn/pD/l0fOiVtUJErLz/aO2W6E/3ZfzZHuAA2bjTt/whr7z3h/zq2yoe7WU7gO7zGR+43dn/bb8NPLf3bQG6o9jrBgA9c/aU9T/IK/P/kF99vW4A0DPe4wPm/yF/zP9Dfg22uf7XnU3X7hqNiLsi4melQ4cb1/oC3rkGI1574cb3no4o/rmQvv9PxoKJ11/9UfNx/YV/1pYI+iPiMy88+ZVnJxYX5x9J6v++Wb/41bT+0V71BuhEI08beQzk18LS8vREtVqZV1DYVoh4WzRDYR8LjXHgWnl1qnHr1tjz/EMRb3yofhJCEvd6eqvv7UvnJo/U1igH1gu3nKtQ2IO1y8+fi1h5LiLuzep/Ib3eeX3lY2C91BL/Xel9cjuVzp8kx5zsMH7prt3Fv68p/lBT/Hd3GH/t4x0euE+Of7u38V/67eayV1/W49+3y6/EnrjN/se/uatfv2t/+H1v498/1Nv4X56NeCUZf0az8q+YpOXmymfz+PPFL9TnSvp3Gf+zZ7fGv+st419xc/wrtRn/TncY56dPVT6ZVV/6ecQbz0Xclxm/Ee9ILdbAerEl/pmm8eeBHeL/5WO/nM6qv/BqxMa1iLORHb851sjizNzIwtLyuSszE5OVycrVcvmx8bGx8fNjoyO1OeqRxkx1qydunvxwVv2Zr9f7P9AmfqP/7R7/jR363Gz5a58afE9G/S9O1eM/cCb7+T+Rxq8//n0t8d+b3if/T/6TnsubHPNWRBxO6x+MiB+8fPyhrHZ99GY9/qU2/S/eEr+1/w932P/43X+fyap+9iOd/gIAYC+1nxrodcsAAIC91o2Vxl73Ecg2sN4fzcvAhZWmdYWVrXWFpP6tdH2htBLxr3SNIal/MF0lS8qZCw3A287J5ff9utdtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMi7haXl6YlqtTK/0OuWAN32vwAAAP//mSj9Tw==")
syz_emit_ethernet(0x5a, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000025000086dd6000000000242b00fe8000000040000000000000000000aafe8000000000000000000000000000aa3c000000000000002b00"/74, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780000"], 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000a80)='./file1\x00', 0x41, &(0x7f00000008c0)={[{@bsdgroups}, {@nodiscard}, {@noblock_validity}, {@grpjquota}, {@sb={'sb', 0x3d, 0x50cf}}, {@orlov}, {@norecovery}, {@barrier}, {@data_journal}]}, 0x66, 0x50a, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZr06Y3ueqDXvB6tZW0aHeTxrbBh1pB9Kmg1vcak00I2WRDdtM2oWiKH0AQUcEnffFF8AMIUvDFRxEK+qyoKKKtPvigncvuTtI03U227TabZn8/mMw5Z2b2f86GmZ0zc5gJYGC9FxHXI+JJmqYXImI0K89lU2y1psZ6jx/dm21MSaTpzX8mkWRl25+VZPPT2WYnI+JrX474ZvJ83NrG5tJMpVJey/Kl+vJqqbaxeXFxeWahvFBemZqavDJ9dfry9ERP2nkmIq598a8/+O7PvnTtV5+586dbfz//rUa1RrLlu9vxgvL7LWw1vdD8LnZvsPaSwY6ifLOFmeF2aww9V3L/NdcJAID2Guf4H4yIT0bEhRiNof1PZwEAAIA3UPr5kfhfEpG2d6JDOQAAAPAGyTXHwCa5YjYWYCRyuWKxNYb3w3EqV6nW6p+er66vzLXGyo5FITe/WClPZGOFx6KQNPKTzfTT/KU9+amIeDsivj863MwXZ6uVuX5f/AAAAIABcXpP//8/o63+PwAAAHDMjPW7AgAAAMBrp/8PAAAAx5/+PwAAABxrX7lxozGl2++/nru9sb5UvX1xrlxbKi6vzxZnq2urxYVqdaH5zL7lgz6vUq2ufjZW1u+W6uVavVTb2Ly1XF1fqd9afOYV2AAAAMAhevvjD/6QRMTW54abU8OJ7jbtcjXgqMrvpJJs3ma3/uNbrflfDqlSwKEY6ncFgL7J97sCQN8U+l0BoO+SA5Z3HLzz22z+id7WBwAA6L3xj3a+/5/bd8ut/RcDR56dGAaX+/8wuJr3/7sdyetkAY6VgjMAGHivfP//QGn6QhUCAAB6bqQ5JblidnlvJHK5YjHiTPO1AIVkfrFSnoiItyLi96OFDzTyk80tkwP7DAAAAAAAAAAAAAAAAAAAAAAAAABAS5omkQIAAADHWkTub8mvW8/yHx89N7L3+sCJ5L+jkb0i9M6Pb/7w7ky9vjbZKP/XTnn9R1n5pX5cwQAAAICB8EIv8N/up2/34wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACglx4/uje7PR1m3H98ISLG2sXPx8nm/GQUIuLUv5PI79ouiYihHsQfbvz5SLv4SaNaOyHbxR/uQfyt+/vGj7HsW2gX/3QP4sMge9A4/lxvt//l4r3mvP3+l494Jv+yOh//Yuf4N9Rh/z/TZYx3Hv6i1DH+/Yh38u2PP9vxkw7xz3YZ/xtf39zstCz9ScR429+f5JlYpfryaqm2sXlxcXlmobxQXpmamrwyfXX68vREaX6xUs7+to3xvY/98sl+7T/VIf7YAe0/12X7///w7qMPtZKFdvHPn20T/zc/zdZ4Pn4u++37VJZuLB/fTm+10ru9+/Pfvbtf++c6tP+g///5Ltt/4avf+XOXqwIAh6C2sbk0U6mU145totFLPwLVkDiCiW/39APTNE0b+9QrfE4SR+FraSb6fWQCAAB67elJf79rAgAAAAAAAAAAAAAAAAAAAIPrMB4ntjfm1k4q6cUjtAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeuL9AAAA//+GAdlV")
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCSIFBR(r0, 0x890c, &(0x7f0000000300)=@generic={0x0, 0x2})
r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r1, 0x8004587d, &(0x7f0000000080)={@desc={0x1, 0x0, @desc2}})
sendmsg$IPSET_CMD_DEL(r1, &(0x7f0000000c80)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000c40)={&(0x7f0000000bc0)={0x78, 0xa, 0x6, 0x101, 0x0, 0x0, {0x0, 0x0, 0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x44, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP2_TO={0x18, 0x16, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010101}}}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_IP2_TO={0x18, 0x16, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}}}, @IPSET_ATTR_MARK={0x8}]}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x78}, 0x1, 0x0, 0x0, 0x841}, 0x800)
stat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000180))

1m1.901530278s ago: executing program 8 (id=357):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000180)=ANY=[@ANYBLOB="020300030b00000000010000000000000100090000000000030006006c0000000200000000100000000000000000000002000100000000000002fb0b00000000030005000000000002"], 0x58}, 0x1, 0x7}, 0x0)

1m1.796026823s ago: executing program 8 (id=359):
r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01)
io_setup(0x1, &(0x7f0000000380)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f0000000000)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x2}, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x7, 0xf, 0xffffffffffffffff, 0x0, 0x0, 0x10000, 0x0, 0x2}])
syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
write$char_usb(r0, &(0x7f0000000040)="e2", 0x2778)
syz_read_part_table(0x1065, &(0x7f0000000000)="$eJzszz1OxDAQBeDn/JFUSJyAc1BR0nMX2qThHnS0XIYSDsEFguQk22230m7xfYU99lhPnnBVQ5Lf760udX36+zqaZenLMmR4qJ05yc9apRn3J+PjezOd0rqjaO+3/XVq+7LffSRpkjzX0+dbTZrP/mzNXZIt+6W71LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcIv+AwAA//9QRxYk")
syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) (async)
io_setup(0x1, &(0x7f0000000380)) (async)
io_submit(r1, 0x2, &(0x7f0000000000)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x2}, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x7, 0xf, 0xffffffffffffffff, 0x0, 0x0, 0x10000, 0x0, 0x2}]) (async)
syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') (async)
write$char_usb(r0, &(0x7f0000000040)="e2", 0x2778) (async)
syz_read_part_table(0x1065, &(0x7f0000000000)="$eJzszz1OxDAQBeDn/JFUSJyAc1BR0nMX2qThHnS0XIYSDsEFguQk22230m7xfYU99lhPnnBVQ5Lf760udX36+zqaZenLMmR4qJ05yc9apRn3J+PjezOd0rqjaO+3/XVq+7LffSRpkjzX0+dbTZrP/mzNXZIt+6W71LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcIv+AwAA//9QRxYk") (async)

1m1.692801089s ago: executing program 37 (id=359):
r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01)
io_setup(0x1, &(0x7f0000000380)=<r1=>0x0)
io_submit(r1, 0x2, &(0x7f0000000000)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x2}, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x7, 0xf, 0xffffffffffffffff, 0x0, 0x0, 0x10000, 0x0, 0x2}])
syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
write$char_usb(r0, &(0x7f0000000040)="e2", 0x2778)
syz_read_part_table(0x1065, &(0x7f0000000000)="$eJzszz1OxDAQBeDn/JFUSJyAc1BR0nMX2qThHnS0XIYSDsEFguQk22230m7xfYU99lhPnnBVQ5Lf760udX36+zqaZenLMmR4qJ05yc9apRn3J+PjezOd0rqjaO+3/XVq+7LffSRpkjzX0+dbTZrP/mzNXZIt+6W71LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcIv+AwAA//9QRxYk")
syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) (async)
io_setup(0x1, &(0x7f0000000380)) (async)
io_submit(r1, 0x2, &(0x7f0000000000)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x2}, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x7, 0xf, 0xffffffffffffffff, 0x0, 0x0, 0x10000, 0x0, 0x2}]) (async)
syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') (async)
write$char_usb(r0, &(0x7f0000000040)="e2", 0x2778) (async)
syz_read_part_table(0x1065, &(0x7f0000000000)="$eJzszz1OxDAQBeDn/JFUSJyAc1BR0nMX2qThHnS0XIYSDsEFguQk22230m7xfYU99lhPnnBVQ5Lf760udX36+zqaZenLMmR4qJ05yc9apRn3J+PjezOd0rqjaO+3/XVq+7LffSRpkjzX0+dbTZrP/mzNXZIt+6W71LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcIv+AwAA//9QRxYk") (async)

7.751645816s ago: executing program 9 (id=629):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r0, 0x4004743d, 0xf0ff1f00000000)
ioctl$TUNSETIFINDEX(0xffffffffffffffff, 0x400454da, &(0x7f00000000c0))
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='ns\x00')
open_tree(r1, &(0x7f0000000640)='\x00', 0x89901)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'batadv_slave_0\x00', <r2=>0x0})
setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f0000000240)={r2, 0x1, 0x6}, 0x10)
pipe(&(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'bridge0\x00', <r6=>0x0})
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="3800000054000100040000000000000807000000", @ANYRES32=r6, @ANYBLOB="200001"], 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x40080)
r7 = socket$nl_route(0x10, 0x3, 0x0)
write$binfmt_misc(r4, &(0x7f0000000000), 0xfffffecc)
splice(r3, 0x0, r7, 0x0, 0x4ffe6, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, '\x00', r2, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRESHEX=0x0], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r9, 0x1, 0x32, &(0x7f0000000180)=r8, 0x0)
sendmsg$inet(r10, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000000)
r11 = socket$tipc(0x1e, 0x5, 0x0)
r12 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r12, 0x8916, &(0x7f0000000040)={'batadv_slave_1\x00', {0x2, 0x480, @broadcast}})
r13 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r13, 0x0, 0x60, &(0x7f00000001c0)={'filter\x00', 0x5, 0x4, 0x3f0, 0x110, 0x0, 0x220, 0x220, 0x308, 0x308, 0x4, 0x0, {[{{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @private, @empty}}}, {{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @local, @private}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x440)
setuid(0xee01)
clock_adjtime(0x0, &(0x7f0000000100)={0xffff, 0x2000000000000000, 0x5, 0x1, 0x7, 0x8, 0x7, 0x1, 0x7ff, 0x7fffffffffffffff, 0x0, 0x378, 0x2, 0x9, 0x0, 0x40, 0x4, 0xfffffffffffffffb, 0x5, 0x1, 0x8, 0x4, 0x9, 0x6, 0x4, 0xfffffffffffffff7})
ioctl$sock_inet_SIOCSIFADDR(r12, 0x891c, &(0x7f0000000540)={'batadv_slave_1\x00', {0x2, 0x0, @private=0xfffffffe}})
gettid()
connect$tipc(r11, &(0x7f0000000040)=@name={0x1e, 0x2, 0x3, {{0x0, 0x1}, 0x4}}, 0x10)

6.759638224s ago: executing program 9 (id=632):
futex(&(0x7f000000cffc)=0x1, 0x6, 0x4, 0x0, 0x0, 0x1)
futex(&(0x7f0000000000)=0x2, 0x5, 0x2, 0x0, &(0x7f0000000040)=0x88000, 0x3000005)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(0xffffffffffffffff, r1, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0)
r4 = mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000440)="97713b46fbaa2b1044f2d408ffca802db4d770eb9874f493e0ef367e4bde497c403b450c72ff2417d079bb892435a1e107fa5c0ecd207d9e6f2a209bf148e6bc56955cb53347d1499097488fcad724a1"})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0xc, 0x0, &(0x7f0000000180)=[@free_buffer={0x40086303, r4}], 0x0, 0x0, 0x0})
read$FUSE(r0, &(0x7f00000034c0)={0x2020}, 0x3ba)

5.790731241s ago: executing program 9 (id=635):
syz_mount_image$ext4(&(0x7f0000000bc0)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x8000, &(0x7f00000000c0), 0x2, 0xbd1, &(0x7f0000001340)="$eJzs3M1rHOcZAPBnRquVbKtduZRS91KVUmwoXUsuMrUp1C4uvfRQaK8Fq/LKCK0/kFRcyTqskn8gX+dALoEkJiGH+OxLQnLNJbGvCTkETFCsBEJIFGY/pI2lleR4V6PIvx+8mvedd7TP8+ywO/PC7gbwxBrJ/qQRxyLiYhJRau5PI6JY7w1G1BrHra4sTX65sjSZxNravz5LIomIBytLk63HSprbI83BYES8/9ckfvb05rhzC4szE9VqZbY5Pjl/5frJuYXFP0xfmbhcuVy5Onb6T+Onxk+PnhnvWq1ffXTu9he/+fsnta9f/ebW58+/nMS5GGrOtdfRLSMxsv6ctCtExES3g+Wkr1lPe51JYYd/SnucFAAAHaVt93C/iFL0xcbNWyne/iDX5AAAAICuWOuLWAMAAAAOuMT6HwAAAA641ucAHqwsTbZavp9I2Fv3z0fEcKP+1WZrzBSiVt8ORn9EHH6QRPvXWpPGvz22kYj4+N6ZN7IWPfoe8nZqyxHxy63Of1Kvf7j+Le7N9acRMdqF+CMPjX9M9Z/rQvy86wfgyXTnfONCtvn6l67f/8QW17/CFteuHyLv61/r/m910/3fRv19He7//rnLGDdfefFGp7ms/j/f/tvrrZbFz7aPVdQjuL8c8avCVvUn6/UnHeq/uMsYpW9vVDrN5V3/2ksRx2Pr+luS7X+f6OTUdLUy2vi7ZYzl98Zf6xQ/7/qz83+4Q/2t33/qdP6v7zLGfy5ceHPTznsb3e3rTz8tJv+u94rNPf+fmJ+fHYsoJv/YvP/U9rm0jmk9Rlb/id9u//rfqv7sPaHWfB6ytcByc5uNn3oo5l9u3XyrUz6t9V+e5/9Sh/PfXv+7hc3n/5ldxvjdO8+d6DTXvv7NWha/tRYGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgJY0IoYiScvr/TQtlyOORMTP43BavTY3//upa/+7eimbixiO/nRquloZjYhSY5xk47F6f2N86qHxHyPiaES8UDpUH5cnr1Uv5V08AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA645ExFAkaTki0ohYLaVpuZx3VgAAAEDXDeedAAAAANBz1v8AAABw8Fn/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0GNHf33nbhIRtbOH6i1TbM7155oZ0Gtp3gkAuenLOwEgN4W8EwBy84hrfLcLcAAlO8wPdpwZ6HouAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOxfx4/duZtERO3soXrLFJtz/blmBvRa2tZPcswD2Ht9200W9i4PYO95icOTyxof2GntP7hxTO37MwM9ywkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/Weo3pK0HBHF5r5yOeInETEc/cnUdLUyGhE/jYgPS/0D2Xgs55wBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADovrmFxZmJarUym3XSaHbW9/Sg09eM3MMQvekkjbxr+yWfg90ZeHanY/4bjxmiGPui0n3ayfNdCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAvMwtLM5MVKuV2bm8MwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyNrewODNRrVZme9jJu0YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLzXQAAAP//jAsGRw==")
syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000440)={[{@nodots}, {@nodots}, {@fat=@umask={'umask', 0x3d, 0x2}}, {@nodots}, {}, {@fat=@sys_immutable}, {@dots}, {@fat=@nfs_stale_rw}, {}, {@dots}]}, 0x1, 0x25f, &(0x7f0000000140)="$eJzs3cFqE0EYB/AvTZqsBbVn8bDgxZOobxCkghAQqrkbaL20Imwv0VMeQ/ANfByPPkZPvUXaXVy7LSIl6WS7vx+E/dj/DjuTQCaHmeyHx5+ODj6ffFz++hZZlscgYhFnEbuxFf0o9arj1kU9jGHUFgEAtM3+/mycug+sUO/qqaIYz7YjYnQlm/64pV4BAAAAAAAAAACwYjdZ//836/8BoH2s/7/7imI826l+v11m/T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQztly+XD5j1fq/gEAq2f+B4DuMf8DQPeY/wGge949qIo8zyJOF/PpfFoey9Ov30z2nucXdutWp/P5dLuqJ3svyjxv5jtV+5fX5sN4+qTMz7NXbyeNfBQH6xw4AAAAAAAAAAAAAAAAAAAAbJBn+R+N/f39Mj+/YBTX5FnE90v/D9DYvz+IR4PbHAkAAAAAAAAAAAAAAAAAAAC018mXr0ez4+PDorPFz35EsrtHr/wYUr8JjeJe3KBVtmmjaFHRj4jDUQxivfd6f///L079zQQAAAAAAAAAAAAAAAAAAN1Tb/pN3RMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASKd+/v/6itRjBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALrhdwAAAP//UhGHcQ==")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000240), 0x3af4701e)
timer_create(0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r2 = syz_usb_connect$uac1(0x0, 0xac, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029a0003010000000904000000010100000a24010000000201020c24020000000000000800000524050000082407000000009e0c240700000000a3e82f07070d240701060000fd80000000e80924030000000001"], 0x0)
syz_usb_control_io(r2, &(0x7f0000000140)={0x2c, 0x0, &(0x7f0000000640)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$uac1(r2, &(0x7f0000001840)={0x14, 0x0, &(0x7f0000000080)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0)
io_setup(0x202, &(0x7f0000000200)=<r3=>0x0)
io_submit(r3, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x4000, 0xa00}])

5.4658707s ago: executing program 4 (id=638):
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'wlan0\x00'})
getsockname$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000080))
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448e2, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x8001}, 0x4)
syz_emit_ethernet(0x2e, &(0x7f0000000000)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @random="e43f6642531e", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0xe000, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x1, 0x1, 0x10, 0x0, @void}}}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x1ffffc54, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x40}, 0x94)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0x0, 0x0, 0x0, 0x0, 0xd01, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

5.371695505s ago: executing program 4 (id=640):
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
socket(0x400000000010, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee7, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r4, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r5, {0x2, 0x0, @dev}, 0x2, 0x40000000}}, 0x2e)
socket(0xa, 0x2, 0x0)

4.528965775s ago: executing program 6 (id=643):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x7, 0x11, &(0x7f00000007c0)=@ringbuf={{0x18, 0x0, 0x0, 0x600}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4}}, {{0x6, 0x0, 0xb}, {0x65}}, [@map_fd={0x18, 0x3, 0x1, 0x0, r0}], {{0x7, 0x1, 0x3, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

4.528581585s ago: executing program 6 (id=644):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800718, &(0x7f0000000200)={[{@nodioread_nolock}, {@journal_dev={'journal_dev', 0x3d, 0x40000fe}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@nouid32}, {@resgid}, {@acl}, {@nodiscard}]}, 0x0, 0x46a, &(0x7f0000001040)="$eJzs281rHGUYAPBnJh9t7UdirR+tVaNFCIpJk1btwYuiIKIo6KEeY7ItodtGmii2FpuKeBKkoGfxKPoXeBNB1JPg1ZMnKRTtpa2nyMzOpJttNrFmk4nd3w8m8747b3aeJ/P17vtuAuhaQ9mPJGJHRPwWEQON6tIGQ43VtSvnJq9fOTeZxMLC638m0RMRV6+cmyyblr+3vagMpxHpR0mxk6Vmz5w9MVGv104X9dG5k2+Pzp45+8S7JyeO147XTo0fOXL40NjTT40/2ZE8s7yu7vtgZv/eF9+8+Mrk0Ytv/fRNFu+OYntzHp0ylCX+10Kuddujnd5ZxXY2lZPeCgPhlmTXcHa4+vLrfyB64sbBG4gXPqw0OGBdZc+mLe03zy8At7Ekqo4AqEb5oM8+/5bLBnU9NoXLzzY+AGV5XyuWxpbeSIs2fS2fbztpKCKOzv/9RbbEOo1DAAA0+2Ty85ez9fvXv34p63sMLG5J4558/Xv+c1cxhzIYEXdGxO6IuCsi9kTE3RF523sj4r41xnNz/ye9tMa3XFHW/3ummNta2v8re38x2FPUdub59yXHpuu1g8XfZDj6tmT1sRX28d3zv37abltz/y9bsv2XfcEijku9LQN0UxNzE3mntAMuX4jY17tc/sniTEASEXsjYt+tvfWusjD92Ff72zVaPf8VdGCeaeHLLL35LP/5aMm/lDTPT07fND85ujXqtYOj5Vlxs59/+fi1dvtfU/4dcLnWWDcd/9Ymg0nzfO1sZ/f/H8//tD95ozHPXHhvYm7u9FhEf5LfzqK/+fXxlnbjN9pn5//wgeWv/93F72T53x8R2Un8QEQ8GBEPFbE/HBGPRMSBFXL88bnV84+0ouN/IWJq2fvf4vnfcvxvvdBz4odv2+3/3x3/w3lpuHglv/+tYrlwsttFa4Br+dsBAADA/0Wafwc+SUcWy2k6MtL4Dv+euCOtz8zOPX5s5p1TU43vyg9GX1qOdA0U46H16XptLJkv3rExPjpejBWX46WHinHjz3q25fWRyZn6VMW5Q7fb3ub6z/zRU3V0wDrbtuyr4/0bHghQgdZ59HRp9fyr4WYAtyv/rw3da5XrP92oOICN5/kP3Wu56/98S91cANyePP+he7n+oUul31cdAVAhz3/oSmv5v/51LGzdHGFUU9isByUvRJSFdFPEo7BOharvTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ3xTwAAAP//ojPmdw==")

4.459247019s ago: executing program 4 (id=645):
mkdir(&(0x7f0000000040)='./file0\x00', 0x0) (async)
r0 = accept$inet(0xffffffffffffffff, 0x0, &(0x7f0000000000)) (async)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000340)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x4, 0x7ffc0002}]}) (async)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x101042, 0x45) (async)
link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./file0\x00')
getsockname(r0, &(0x7f0000000340)=@caif, &(0x7f0000000080)=0x80) (async)
mkdir(&(0x7f0000000180)='./file1\x00', 0x1e) (async)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0) (async)
r1 = socket(0x28, 0x801, 0x0)
connect$vsock_stream(r1, &(0x7f0000000880)={0x28, 0x0, 0x0, @local}, 0x10) (async)
shutdown(r1, 0x1)
sendmsg$inet(r1, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x15}, 0x44000)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000240), 0x0, &(0x7f0000000280)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) (async)
chdir(&(0x7f0000000140)='./bus\x00')
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0) (async, rerun: 32)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) (rerun: 32)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) (async)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f00000004c0)=@abs, 0x6e) (async)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) (async)
recvmmsg(r4, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYRES64, @ANYRESOCT=r3], 0x48) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xf, &(0x7f0000000640)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x100, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x94)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) (async, rerun: 64)
socket$nl_xfrm(0x10, 0x3, 0x6) (async, rerun: 64)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT_OLD(0xffffffffffffffff, 0x28, 0x6, 0x0, 0x0)

4.427239431s ago: executing program 6 (id=646):
futex(&(0x7f000000cffc)=0x1, 0x6, 0x4, 0x0, 0x0, 0x1)
futex(&(0x7f0000000000)=0x2, 0x5, 0x2, 0x0, &(0x7f0000000040)=0x88000, 0x3000005)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r3 = dup3(r2, r1, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0)
r5 = mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000440)="97713b46fbaa2b1044f2d408ffca802db4d770eb9874f493e0ef367e4bde497c403b450c72ff2417d079bb892435a1e107fa5c0ecd207d9e6f2a209bf148e6bc56955cb53347d1499097488fcad724a1"})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0xc, 0x0, &(0x7f0000000180)=[@free_buffer={0x40086303, r5}], 0x0, 0x0, 0x0})
read$FUSE(r0, &(0x7f00000034c0)={0x2020}, 0x3ba)

4.351579895s ago: executing program 4 (id=647):
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
syz_clone(0x20300000, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000200)={{0x2, 0x0, @empty}, {0x0, @dev}, 0x12, {0x2, 0x0, @remote}, 'lo\x00'})
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r0 = socket$netlink(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setreuid(0xee01, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000640)=@newlink={0x50, 0x10, 0x503, 0x0, 0x1, {0x0, 0x0, 0x0, 0x0, 0x14615, 0x104aa}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_MACSEC_SCI={0xc, 0x1, 0x5740}, @IFLA_MACSEC_ICV_LEN={0x5, 0x3, 0x8}]}}}, @IFLA_LINK={0x8}]}, 0x50}, 0x1, 0x0, 0x0, 0x4}, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="dbc15532000080000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f00000000c0)={0x50, 0x0, 0x0, {0x7, 0x2b, 0x1, 0x2800400c, 0x74, 0x9, 0x4, 0x5, 0x0, 0x0, 0x20, 0x32d8}}, 0x50)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000180)=0x14)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000280)={'ip6gre0\x00', &(0x7f0000000380)={'ip6tnl0\x00', 0x0, 0x29, 0x40, 0x3, 0x4, 0x60, @ipv4={'\x00', '\xff\xff', @broadcast}, @mcast2, 0x8, 0x7800, 0x8000, 0x8c6d}})
r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x56a, 0x331, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x80, 0x0, [{{0x9, 0x4, 0x0, 0x2, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x4f8}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0x4}}}}}]}}]}}, 0x0)
syz_usb_control_io(r4, 0x0, 0x0)
syz_usb_control_io$hid(r4, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0)

3.76086688s ago: executing program 2 (id=649):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee7, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$random(0xffffffffffffff9c, &(0x7f00000001c0), 0x60000, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x0, 0x0, &(0x7f00000000c0)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x42, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000180)={0x4, 0x9, 0x885, 0x84}, 0x10, 0x0, 0x0, 0x8, &(0x7f0000000340)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff], &(0x7f0000000380)=[{0x2, 0x1, 0x1, 0xa}, {0x4, 0x2, 0x4, 0x7}, {0x1, 0x2, 0xc, 0x5}, {0x5, 0x4, 0x5, 0x7}, {0x0, 0x1, 0x2, 0x9}, {0x5, 0x1, 0x4}, {0x3, 0x2, 0x6, 0x9}, {0x1, 0x2, 0x4, 0x3}], 0x10, 0x4}, 0x94)
r4 = openat$cgroup(0xffffffffffffffff, &(0x7f00000004c0)='syz1\x00', 0x200002, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000500)={r3, r4, 0x1, 0x0, @val=@netfilter={0x7, 0x1, 0x5, 0x1}}, 0x20)
socket$inet6(0xa, 0x1, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
getsockopt$nfc_llcp(0xffffffffffffffff, 0x88, 0x0, 0x0, 0xffffffffffffff88)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r5=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000a80)={'bridge0\x00', &(0x7f0000000a40)=@ethtool_rxfh_indir={0x39}})

3.512622835s ago: executing program 6 (id=650):
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'wlan0\x00'})
getsockname$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000080))
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448e2, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x8001}, 0x4)
syz_emit_ethernet(0x2e, &(0x7f0000000000)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @random="e43f6642531e", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0xe000, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x1, 0x1, 0x10, 0x0, @void}}}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x1ffffc54, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x40}, 0x94)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0x0, 0x0, &(0x7f0000000000), 0x0, 0xd01, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

3.451659828s ago: executing program 6 (id=651):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x200800, &(0x7f0000000100)=ANY=[@ANYBLOB="757466382c756d61736b3d30303030303030303030303030303030303030303030352c6b6565705f6c6173745f646f74732c6572726f72733d636f6e74696e75652c696f636861727365743d6d616363656e746575726f2c6572726f72733d636f6e74696e75652c696f636861727365743d63703835352c6572726f72733d72656d6f756e742d726f2c6572726f72733d636f6e74696e75652c616c6c6f775f7574696d653d30303030303030303030303030303030303030303230312c006650c3e8dc968e3e6b90aa881ce4827eb933d4f0b3572c327dfd4500236f62e2bedb596d689249ca07c0c222397561040d8e476c4bfe8921293378f3aee34e068ac501aa2fc1cde00df9847780d226182d92814de1002e4709301cadd92a082bb385cc330729948c9802a2a33d3a598601677f930f38b98bd2391530c4fe505f4c4bb5c8599cba4c1a162931a8c1e77319150953d7fd87f562aedf6e7bc949471d8ee30b515860e789e5d4e9f3d8806bbbd95529daef35de382d853f82a3dc6137fcec3450c043ff39025003b730f522186ee305038d457a600ad3a5f3cf88ba32fa967a163ef96c6906ed5125b8c4e12c2bc683805f329043a293de8d0b"], 0x9, 0x1524, &(0x7f0000002280)="$eJzs3AuYTlXbOPD7XmvtMSbpaZLDsNa6N09yWCZJckiSQ5IkSZJTQtIkryQkhpyShiQkhyE5DCE5TEwa5/P5kJAkTZKE5JSs/yX8vb31fu/7fm/f67u+uX/XtS/rfva+1773cz+HvbeZ+a7zkBqNalZtQETwb8GL/yQDQCwADACA6wAgAICy8WXjL6zPKTH539sJ+3M9kna1K2BXE/c/e+P+Z2/c/+yN+5+9cf+zN+5/9sb9z964/4xlZ5umFbiel+y78P3/7Iy///8PySo15qs1pW7sAhDzz6Zw/7M37v//WcE/sxH3P3vj/mdXsVe7APa/AL//s4Mcf3cN9z974/4zlp1d7fvPV3uBSPZ+Dq72648xxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGWPZw2l+hAODy+GrXxRhjjDHGGGOMsT+Pz3G1K2CMMcYYY4wxxtj/PAQBEhQEEAM5IBZyQhwIALgWcsN1EIHrIR5ugDxwI+SFfJAfCkACFIRCoMGABYIQCkMRiMJNUBRuhmJQHEpASXBQChLhFigNt0IZuA3Kwu1QDu6A8lABKkIluBMqw11QBe6GqnAPVIPqUANqwr1QC+6D2nA/1IEHoC48CPXgIagPD0MDeAQawqPQCB6DxvA4NIGm0AyaQ4v/Vv5L0B1ehh7QE5KhF/SGV6AP9IV+0B8GwKswEF6DQfA6pMBgGAJvwFB4E4bBWzAcRsBIeBtGwTswGsbAWBgHqTAeJsC7MBHeg0kwGabAVEiDaTAd3ocZMBNmwQcwGz6EOTAX5sF8SIePYAEshAz4GBbBJ5AJi2EJLIVlsBxWwEpYBathDayFdbAeNsBG2ASbYQtshW2wHXbAp7ATPoNdsBv2wOewF774F/NP/U1+FwQEFChQocIYjMFYjMU4jMNcmAtzY26MYATjMR7zYB7Mi3kxP+bHBEzAQlgIDRokJCyMhTGKUSyKRbEYFsMSWAIdOkzERCyNt2IZLINlsSyWw3JYHitgBayElbAyVsYqWAWrYlWshtWwBtbAe/Fe7IW1sTbWwTpYF+tevj2FDbABNsSG2AgbYWNsjE2wCTbDZtgCW2BLbImtsBW2wTbYFttiO2yHSZiE7bE9dsAO2BE7YifshJ2xM3bBrtg166UcgC/jy9gTq4le2Bt7Yx9MydEP+2N/fBUH4mv4Gr6OKTgYh+Ab+Aa+icPwJA7HETgSR2Jl8Q6OxjFIYhymYipOwAk4ESfiJJyMk3EqpuE0nI7TcQbOxJn4Ac7GD/FDnItzcT6mYzouwIWYgRm4CE9hJi7GJbgUl+FyXIYrcRWuxDW4FtfgelyPG3EjbsbNuBW34nbcjp+iAsDPcDfuxhTci3txH+7D/bgfD+ABzMIsPIgH8RAewsN4GI/gETyKx/A4HsMTeAJP4ik8jafxLJ7Fc/hCwjcNPy2+OgXEBUooESNiRKyIFXEiTuQSuURukVtERETEi3iRR+QReUVekV/kFwkiQRQShYQRRpAIYwBAREVUFBVFRTFRTJQQJYQTTiSKRFFalBZlRBlRVtwuyok7RHlRQbR2lUQlUVm0cVXE3aKqqCqqieqihqgpaopaopaoLWqLOqKOqCvqinriIVFf9MJ++Ii40JlGYjA2FkOwiWgq5KVPsJZiGLYSrUUb8ZQYgcOxnWjpksSzor0YjR3EX8QYfF50EuOws3hRdBFdRTfxkuguWrkeoqeYhL1EbzEV+4i+op/oL2ZgdfEBzs5ZQ7wuUsRgMUS8Iebjm2KYeEsMFyPESPG2GCXeEaPFGDFWjBOpYryYIN4VE8V7YpKYLKaIqSJNTBPTxftihpgpZokPxGzxoZgj5op5Yr5IFx+JBWKhyBAfi0XiE5EpFoslYqlYJpaLFWKlWCVWizVirVgn1osNYqPYJDaLLWKr2Ca2ix3iU7FTfCZ2id1ij/hc7BVfiH3iS7FffCUOiK9FlvhGHBTfikPiO3FYfC+OiB/EUXFMHBc/ihPiJ3FSnBKnxRlxVvwszolfxHnhBUiUQkqpZCBjZA4ZK3PKOHmNzCWDS8/u9TJe3iDzyBtlXplP5pcFZIIsKAtJLY20kmQoC8siMipvkkXlzbKYLC5LyJLSyVIyUd4iS8tbZRl5mywrb5fl5B2yvKwgK8pK8k5ZWd4lIXJxH9VkdVlD1pT3ymS4T9aW98s68gFZVz4o68mHZH35sGwgH5EN5aOykXxMNpaPyyayqWwmm8sW8gnZUj4pW8nWso18SraVT8t28hmZJJ+V7aW/9BJ5XnaSL8jO8kXZRXaV3eQv8rz0sofsKaEXyN7yFdlH9pX9ZH85QL4qB8rX5CD5ukyRg+UQ+YYcKt+Uw+RbcrgcIUfKt+Uo+Y4cLcfIsXKcTJXj5QT5rpwo35OT5GQ5RU6VaXKa7HdppllS/sP8d/8gf9Cve98oN8nNcovcKrfJ7XKH/FTulDvlLrlL7pF75F65V+6T++R+uV8ekAdklsySB+VBeUgekoflYXlEHpFH5TF5Rv4oT8if5El5Sp6SZ+RZeVaeu/QcgEIllFRKBSpG5VCxKqeKU9eoXOpalVtdpyLqehWvblB51I0qr8qn8qsCKkEVVIWUVkZZRSpUhVURFVU34aUXjCqhSiqnSqlEdcu/kq+KqptVMVX8N/mX60v+O/W1UC1US9VStVKtVBvVRrVVbVU71U4lqSTVXrVXHVQH1VF1VJ1UJ9VZdVZdVBfVTXVT3VV31UP1UMkqWfVWr6g+qq/qp/qrAepVNVANVIPUIJWiUtQQNUQNVUPVMDVMDVfD1Ug1Uo1So9RoNVqNVWNVqkpVE9QENVFNVJPUJDVFTVFpKk1NV9PVDDVDzVKz1Gw1W81Rc9Q8NU+lq3S1QC1QGSpDLVKLVKZarBarpWqpWq6Wq5VqpVqtVqu1aq1ar9arTLVJbVJb1Ba1TW1TO9QOtVPtVLvULrVH7VF71V61T+1T+9V+dUAdUFkqSx1UB9UhdUgdVofVEXVEHVVH1XF1XJ1QJ9RJdVKdVqfVWXVWnVPn1Hl1/sJpXyACEahABTFBTBAbxAZxQVyQK8gV5A5yB5EgEsQH8UGe4MYgb5AvyB8UCBKCgkGhQAcmsIG41PRocFNQNLg5KBYUD0oEJQMXlAoSg1uC0sGtQZngtqBscHtQLrgjKB9UCCoGlYI7g8rBXUGV4O6ganBPUC2oHtQIagb3BrWC+4Lawf1BneCBoG7wYFAveCioHzwcNAgeCRoGjwaNgseCxsHjQZOgadAsaB60+FPn9/5kviddD91TJ+teurd+RffRfXU/3V8P0K/qgfo1PUi/rlP0YD1Ev6GH6jf1MP2WHq5H6JH6bT1Kv6NH6zF6rB6nU/V4PUG/qyfq9/QkPVlP0VN1mp6mp+v39Qw9U8/SH+jZ+kM9R8/V8/R8na4/0gv0Qp2hP9aL9Cc6Uy/WS/RSvUwv1yv0Sr1Kr9Zr9Fq9Tq/XG/RGvUlv1lv0Vr1Nb9c79Kd6p/5M79K79R79ud6rv9D79Jd6v/5KH9Bf6yz9jT6ov9WH9Hf6sP5eH9E/6KP6mD6uf9Qn9E/6pD6lT+sz+qz+WZ/Tv+jz2l84ub/w9W6UUSbGxJhYE2viTJzJZXKZ3Ca3iZiIiTfxJo/JY/KavCa/yW8STIIpZAqZC8iQKWwKm6iJmqKmqClmipkSpoRxxplEk2hKm9KmjCljypqyppwpZ8qb8qaiqWjuNHeau8xd5m5zt7nH3GOqm+qmpqlpaplaprapbeqYOqauqWvqmXqmvqlvGpgGpqFpaBqZRqaxaWyamCammWlmWpgWpqVpaVqZVqaNaWPamramnWlnkkySaW/amw6mg+loOppOppPpbDqbLqaL6Wa6me6mu+lhephkk2x6m96mj+lj+pl+ZoAZYAaagWaQGWRSTIoZYoaYoWaoGWaGmeFmhBl54UTVvGNGmzFmrBlnUk2qmWAmmIlmoplkJpkpZopJM2lmupluZpgZZpaZZWab2WaOmWPmmXkm3aSbBWaByTAZZpFZZDJNpllilphlZplZYVaYVWaVWWPWmHWwzmwwG8wms8lsMVvMNrPN7DA7zE6z0+wyu8wes8fsNXvNPrPP7Df7zQFzwGSZLHPQHDSHzCFz2Bw2R8wRc9QcNcfNcXPCnDAnzUlz2pw2Z02+S9+X3sTanDbOXmNz2Wttbnud/ds4vy1gE2xBW8hqm9fm+01srLXFbHFbwpa0zpayifaW38XlbQVb0Vayd9rK9i5b5XdxLXufrW3vt3XsA7amvfc3cV37oK1nH7P1EQFsU9vQNreN7GO2sX3cNrFNbTPb3La1T9t29hmbZJ+17e1zv4sX2IV2lV1t19i1dpfdbU/bM/aQ/c6etT/bHranHWBftQPta3aQfd2m2MG/i0fat+0o+44dbcfYsXbc7+IpdqpNs9PsdPu+nWFn/i5Otx/Z2TbDzrFz7Tw7/9f4Qk0Z9mO7yH5iM20AS+xSu8wutyvsyv9f61K73m6wG+1O+5ndYrfabXa73XH5RNjutnvs53av/cIetN/a/fYre8Aetln2m1/jC8d32H5vj9gf7FF7zB63P9oT9id1OfvCsf9of7HnrbdASECSFAUUQzkolnJSHF1Duehayk3XUYSup3i6gfLQjZSX8lF+KkAJVJAKkSZDlohCKkxFKEo30eXySlBJclSKEukWKk23Uhm6jcrS7VSO7qDyVIEqUiW6kyrTXVSF7qaqdA9Vo+pUg2rSvVSL7qPadD/VoQeoLj1I9eghqk8PUwN6hBrSo9SIHqPG9Dg1oabUjJpTC3qCWtKT1IpaUxt6itrS09SOnqEkepba03PUgf5CHel56kQvUGd6kbpQV+pGL1F3epl6UE9Kpl7Um16hPtSX+lF/GkCv0kB6jQbR65RCg2kIvUFD6U0aRm/RcBpBI+ltGkXv0GgaQ2NpHKXSeJpA79JEeo8m0WSaQlMpjabRdHqfZtBMmkUf0Gz6kObQXJpH8ymdPqIFtJAy6GNaRJ9QJi2mJbSUltFyWkEraRWtpjW0ltbRetpAG2kTbaYttJW20XbaQZ/STvqMdtFu2kOf0176gvbRl7SfvqID9DVl0Td0kL6lQ/QdHabvfU/6gY7SMTpOP9IJ+olO0ik6TWfoLP1M5+gXOk+eIMRQhDJUYRDGhDnC2DBnGBdeE+YKrw1zh9eFkfD6MD68IcwT3hjmDfOF+cMCYUJYMCwU6tCENqQwDAuHRcJoeFNYNLw5LBYWD0uEJUMXlgoTw1vC0uGtYZnwtrBseHtYLrwjLB9WCB97oFJ4Z1g5vCusEt4dVg3vCauF1cMaYc3w3rBWeF9YO7w/rBM+EJYJHwzrhQ+F9cOHwwbhI2HD8NGwUfhY2Dh8PGwSNg2bhc3DFuETYcvwybBV2DpsEz4Vtg2fDtuFz4RJ4bNh+/C5X9c/uPDvr08Oe4W9w1fCV0Lv75fzovOj6dGPoguiC6MZ0Y+ji6KfRDOji6NLokujy6LLoyuiK6Oroquja6Jro+ui66Mbohuj3tfMAQ6dcNIpF7gYl8PFupwuzl3jcrlrXW53nYu46128u8HlcTe6vC6fy+8KuARX0BVy2hlnHbnQFXZFXNTd5Iq6m10xV9yVcCWdc6VcomvuWrgWrqV70rVyrV0b95R7yj3tnnbPuGfcs669e851cH9xHd3zrpN7wb3gXnRdXFfXzb3kurvxuS++J5Ndb9fb9XF9XD/Xzw1wA9xAN9ANcoNciktxQ9wQN9QNdcPcMDfcDXcj3Ug3yo1yo91oN9aNdaku1U1wE9xEN9FNcpPcFDfFpbk0N91NdzPcDFd55sW9zHFz3Dw3z6W7dLfAXThnzHCL3CKX6TLdErfELXPL3Aq3wq1yq9wat8atc+vcBrfBbXKb3Ba3xW1z29wOt8PtdDvdLn/dxUndXrfP7XP73X53wH3tstw37qD71h1y37nD7nt3xP3gjrpj7rj70Z1wP7mT7pQ77c64s+5nd8794s4771Ij4yMTIu9GJkbei0yKTI5MiUyNpEWmRaZH3o/MiMyMzIp8EJkd+TAyJzI3Mi8yP5Ie+SiyILIwkhH5OLIo8kkkM7I4siSyNLIssjzifcEtoS/si/iov8kX9Tf7Yr64L+FLeudL+UR/iy/tb/Vl/G2+rL/dl/N3+PK+gq/oH/dNfFPfzDf3LfwTvqV/0rfyrX0b/5Rv65/27fwzPsk/69v753wH/xff0T/vO/kXfGf/ou/iu/pu/iXf3b/se/iePtn38r39K76P7+v7+f5+gH/VD/Sv+UH+dZ/iB/sh/g0/1L/ph/m3/HA/wo+MeduPunyJDON8qh/vJ/h3/UT/np/kJ/spfqpP89P8dP++n+Fn+ln+Az/bf+jn+Ll+np/v0/1HfoFf6DP8x36R/8Rn+sWXbyr7FX6lX+VX+zV+rV/n1/sNfqPf5Df7LX6r3+a3+x3+U7/Tf+Z3+d1+j//c7/Vf+H3+S7/ff+UP+K99lv/GH/Tf+kP+O3/Yf++P+B/8UX/MH/c/+hP+J3/Sn/Kn/Rl/1v/sz/lf/Hn+nTXGGGOMsX/K+CtD8ds1F2/n9/qDHPFXG/cGgGu3Fsj66/UXzijX5b047isS2kYA4NmenR+5vFSrlpycfGnbTAlBkbkAl/8n6IIYuBIvhjbwNCRBayj9h/X3FV3P0j+YP3o7QNxf5cTClfjK/F8CYPIfzP/EUyMXlAtPx/8X888FKFbkSk5OuBIvhja/3l9pDWX+Tv35Wv6D+nN+lQrQ6q9ycsGV+Er9ifAkPAdJv9mSMcYYY4wxxhi7qK+o2PHy9efln/j8o+vzBHUlJwdcif/R9TljjDHGGGOMMcauvue7dnvmiaSk1h3/9UGV/1bWPz1oDP9TM/PgDwfeA1x+RAHAvzkhwIWB/E8exeb/yL5SLr11/nbVsjM+gP8drfwzBlf5g4kxxhhjjDH2p7ty0v/bx9XVKogxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGMuG/hN/TuxqHyNjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDF2tf2/AAAA//9IVQM5")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r4 = socket$netlink(0x10, 0x3, 0x0)
writev(r4, 0x0, 0x0)
bpf$MAP_CREATE(0x100000000000000, 0x0, 0x48)
writev(r4, &(0x7f00000000c0)=[{&(0x7f0000000040)="4dff000013001118680907070000000f0000ff3f04000000170a001700000000040014001000030001302564aa58b9a64411f6bbf44dc48f57", 0xff4d}], 0x1)
r5 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
prctl$PR_SET_DUMPABLE(0x4, 0x2)
getdents64(r5, &(0x7f0000000180)=""/82, 0x52)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setresuid(0xee01, 0xee00, 0x0)
setsockopt$bt_hci_HCI_FILTER(r6, 0x0, 0x2, &(0x7f0000000440)={0xfffa}, 0x10)
r7 = syz_open_procfs(0x0, &(0x7f0000000080)='net/rfcomm\x00')
ioctl$sock_inet6_tcp_SIOCINQ(r7, 0x541b, &(0x7f0000000300))
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/custom0\x00', 0x2, 0x0)
mount$overlay(0x0, &(0x7f0000000340)='./file0\x00', &(0x7f0000000380), 0x18d0490, &(0x7f00000003c0)={[{@uuid_off}, {@metacopy_on}, {@redirect_dir_follow}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'net/rfcomm\x00'}}]})
dup3(r8, r0, 0x0)

3.014676074s ago: executing program 9 (id=652):
r0 = syz_usb_connect(0x0, 0x36, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f00000029c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="200302"], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000140)={0x44, &(0x7f0000000440)=ANY=[@ANYBLOB='7'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)

2.832794655s ago: executing program 2 (id=653):
r0 = getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
getgroups(0x2, &(0x7f0000000180)=[0xee01, <r2=>0xffffffffffffffff])
setgroups(0x40000000000002e6, &(0x7f0000000140)=[0x0])
keyctl$chown(0x4, r1, 0xee01, r2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r3 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000280)={@mcast1, 0x800, 0x0, 0x1, 0x1}, 0x20)
setsockopt$inet6_int(r3, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4)
sendmsg$inet6(r3, &(0x7f00000000c0)={&(0x7f00000001c0)={0xa, 0x4e23, 0x80000, @private1={0xfc, 0x1, '\x00', 0x1}}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="120000000000000029000000", @ANYRES16=r3], 0x18}, 0x40c0)

2.817941635s ago: executing program 2 (id=654):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007500000018110000", @ANYRES32, @ANYBLOB="000f000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006100000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00 \x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)

2.763393349s ago: executing program 2 (id=655):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x2})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000580)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0xfcffffff, 0x0, 0x0, 0x20, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000500)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x2, 0x8002c}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff}, @fda={0x66646185, 0x9, 0x1, 0x48}}, &(0x7f0000000240)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0})

2.762994229s ago: executing program 2 (id=656):
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000300), 0x80002, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x1000002, 0x8c012, r0, 0x343e2000)
mremap(&(0x7f00001e6000/0x3000)=nil, 0x3000, 0x3000, 0x0, &(0x7f00000b1000/0x3000)=nil)
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000140)='./file1\x00', 0x2810000, &(0x7f0000000000)={[{@shortname_winnt}, {@fat=@flush}, {@iocharset={'iocharset', 0x3d, 'iso8859-4'}}, {@shortname_win95}, {@fat=@check_strict}, {@uni_xlate}, {@fat=@tz_utc}, {@uni_xlateno}, {@uni_xlate}, {@rodir}, {@fat=@flush}, {@utf8no}]}, 0x1, 0x34a, &(0x7f0000001740)="$eJzs3T9oJGUUAPA3mU12EziTQji0Wu0EOS4RC60SjhMOU+jJ4r/Ghcv5J7sKWVyIRfbSKJaKjaCV3RVaXi0WInYWtp4gp2LjdQd3OLI7k/2T3Zg7cffU+/2K8PK+7833zWTITkLy9pX12L4wHxevX78WlUoSpfUz63EjiZWYizRylwIA+D+5kWXxe5aLSI6Z/eFSzOfRwiw2BwBMRe/1/9UTg0T5bu4GAJiF0Z//j/TMxOxbU9sWADBFY6//D48MH/o1f6n/NwEAwH/Xcy++9PTGZsT5arUS0XyvXWvX4snB+MbFeD0asRWnYzluReQPCvnTQvfjU+c2z56udv28ErVuRbsW0ey0a/mTwkbaqy/HaizHSlGf9evTbv1qr74aEZc6vfWjmbRr87FUrP/DUmzFWizH/WP1Eec2z65ViwPUmgf1nYj9qBycRHf/p2I5vpvrfXIhurX5sbqZvdVq9Uy2OVLfvlzuzQMAAAAAAAAAAAAAAAAAAAAAgGk4tRhF95zqSr//TdbstN89X0yojo/3+vvkw0V/oP28P1BWPujO8356uD/QaH+edq0Uc3f1zAEAAAAAAAAAAAAAAAAAAODfo7W7EPVGY2untfvO9iBYaHSGMm9+8/lXi3F4zhvpIBOl/HAjc4pcDFWl0S/P+uVZOjKnCNKIYnIS9ctX+jsenlPun8VYeTcojw0lxZ7qjcaJh376ZFLVH4NMGv2hysQlkmL9oaHmfXlq0n7+Okhau2vHzLmaZdlR5Xsfj1dFJaI09oX7J4Kvr732wGOtk4+3ktJ2/cui6cMjjy4/f/Wjz37drjeiuDSNxsJO61b2t9dKh+6fpLjOyYQ7YXKwP8js77R26+n3v73w4AffHpqcTr5/suHM20ev9cXhzEIedLd5O2c6P+Hmnxy8fLN/9975xTz56Xr9yt6PvxxczOOqhr5JaNQBAAAAAAAAAAAAAAAAAAAzMfS/4nfgiWentyMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmL3B+/8PBftjmdsJbnZifKi8tdM6cvHFmZ4qAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD3sD8DAAD//xI6c08=")
connect$unix(r0, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)

2.727593151s ago: executing program 2 (id=657):
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)}, 0x805)
recvmsg(0xffffffffffffffff, &(0x7f0000000d00)={&(0x7f0000000440)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast}, 0x80, &(0x7f0000000c40)=[{&(0x7f0000000880)=""/208, 0xd0}], 0x1}, 0x10100)
syz_open_dev$usbfs(0x0, 0x205, 0x2581)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
syz_clone(0xe040500, &(0x7f0000000e00)="48c042562507b33919e985225ad85e4a3e2188667aaff63dbca47c24390c567b210bd5d1ac242260d5c41d79f3b253741b7a581d9b78a01de7301bf997150bc559f112de633399c9a8a974593b5b4e4abbc65d5165dd663d99b50b461f47bbf6e80b11234513831b0daba05825fec9f34045f002e03ba7bbd58c3707374b3197b5ffbe353ef0d92750736cbb6f62dc4614ccc32b1b645f7c61dd2c1f54", 0x9d, &(0x7f0000000100), &(0x7f00000004c0), &(0x7f0000000ec0)="3a43e9ab81be13ffa6530bdd6059477f2d4d8d56639c3b6d02513ab403eb6b780f5f5f3dd0f559452389add1a8c6bb9d03bcb4d72f5c0cdea5107c08980404145d6269141847a0d6c8d515de7ab66f55b3c4a1333db837814f343d33c271f73b462eecfb1bd84fc0992be51fb8395ebf25bd5c87dca7c3237f24a22ed90bddef60d0fbb3e0824eed86d6")
r2 = userfaultfd(0x80001)
syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000001000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f0000000180)={[{@errors_remount}]}, 0xfe, 0x269, &(0x7f0000000200)="$eJzs3b1rJGUcB/Df7EvWmBCiNja+gIhoIMRCEGy0UQhIEBFBhYiIlSRCTNqslY2FvUoqmyB2RkuxCTb3B+TuUuSaa8IVF+7grthjZnaPzWZDXvZljsznA7szz87ztrDfZyeQmQ2gtGYj4t2IqEbEXETUIyLprvBy/phtF7cmd5cjWq2P7yRZvbyc67SbiohmRLwdUesc29j5/ODe3gev/bRef/X3nc8mx/X+uh0e7H949NvSj38tvrlRab823d52v49hSvq8Vksinh3FYE+IpFb0DDifP6+nuX8uIl7J8l+PSjuyP69N/FePN37t327iaLzzBEah1aqn34HNFlA6lewcOKnMR0S+X6nMz+fn8DeqSXy7uvb93Der6ytfF71SAUOQNPO/e/ff/6fx91RP/m9X8/yfy1sjnikwEmn+P/lo+2a6f1QtejbAWLyQb9L8z325+XrIP5SO/EN5yT+Ul/zDFXDJ7Mo/lJf8Q3nJP1xh9c5Os+/hwfN/v/0fhJefIjBuM9mz738or578F3I9LlCM7vwDAOXSahR8ATJQmKLXHwAAAAAAAAAAAAAAAAAA4KStyd3lzmNcY/7/S8ThexFROz5+IztazX6POOKp7Pnpu0la7bEkbzaQL14asIMB/THkq6+XGherP3NruONf1LUXR9PvD8eLp97bbnMloplWXqjVTn7+k/bn70yn9v/MGQ3rX51vgGFJesrvfDre8Xs93C52/MW9iH/T9Weh3/pXieezbf/1Z7r7FsuX9N2DATsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgbB4FAAD//1eqcO0=")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x8000000000002)
sched_setscheduler(r3, 0x2, &(0x7f0000000240)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000f70000000000000000000000d54131dd7b3aaa62eeccf5c6057559da9ea4b5a40b86534b63aa97d313fc42a5fcaf1826a6937ea99431db78435d1dc90abd7ea6d28dc5"], 0x48)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001400)=ANY=[@ANYBLOB="fc010000190001000000000000000000fc0200000000000000000000000000000000000000000000000000000000000000000003000000000a0000005e000000b6d3a8b946db7c219e5a35917c982c0cb71e3fbc4dc0def3378dd9ef7bd4ea2bcc0c3aab0ba01a6ac9f8b3c35fe143b301dbcdd07212af69c1c82985246267c51bbcf4c077657b0662d4f48a0a959f7fd301ad92b13e479539318c1131e259d9fb601601dafad8b086b356ca404b2e3b232cee7561e26b66a701bd33df46041239037c91f249ffa8db2e25857dc995cb7be3357a5d3d24618ee578eeb53753be9f45722e439719a13598b24254cd818072c5c11cf21518166e2bdf34702b8360efd77f6f1be92563a224254ab3d1141af06347744e652c22a497", @ANYRES32=r6, @ANYRES8=r2, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004401050000000000000000000000000000000000000000003200000000000000ac14141d000000000000000000000000000000000000ff00000000000000000001000000fc020000000000000000000000000000000000003200000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000003c00000002000000000000000000000000000000000000000000000001030000000000000000000000000000ff010000000000000000000000000001000000003c00000002000000fe800000000000000000000000000010000000000000000000000000030000000000000000000000000000000000000000000000000000002b00000002000000ac141400000000000000000000000000ffffffff00"/436], 0x1fc}, 0x1, 0x0, 0x0, 0x4048081}, 0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000000)={&(0x7f000067d000/0x2000)=nil, &(0x7f000053d000/0x1000)=nil, 0x2000})
ioctl$UFFDIO_COPY(r2, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2})
sendmsg$unix(0xffffffffffffffff, &(0x7f0000002580)={0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000000500)="11e51b099f44d41b1bf6c5bffc13d9a2d5a53be6467d54f86dadf59e680a90ebe1b07fba3a3463addb11bc4f1684195f96ca3ab09ab61b96df1b7ed8d13dfb09d2ceedac11a15dfcba4f2bb6897d314bcc081784ca651655df2a4a79b4dd3ff4811531262e51ca97fc9a8cfe4d474b2812e395aa0de2b7a3d9aef9ff0b57c397741572d3dbae4a294090c3210fd6c4848d3dd54106c84559ef2099618323d7b044dc0369d749511536b3cfc83df258197e9535d552ba02dd1dfc630e638ce959305b7fac357f9788f314f17f6294e4c5ae830ebc9fd0dbc63d5c9327ab6be066d70adbbda64c333f97c79164e891793e838dba6295fc418fbf4471033a3a338b4e7cc6e4ee54152ca202937a082e04b520cee40fda69ead3b6114dd5d761f8fa9e3041a9aa3a3a13fd9c987e76870a129e42620e1dca851b7842d564e4022df79ad66b7789c0a49891de83196742d3d2c149758351b72108e32698984f1770997a7e21143b44e1f5dc40cc39ec11d3a72612296ffea5f8bf8df91bd3b1ff2213818b31cfa14cb113ba13a1e4a16c1b01b111669f9c7857f978021cec97ea778ce6adb6e374b219a8ba49751d5531aebaa9119273e1e96c530a15559c6220f268627124bd16120fa069cb61c9ddd2e7ac36fdd67137c370b10cd07d12845016036d8a64be0606f026486e56f73326d1c16e3a6f6a1512cc3102c007e6496c01817e3b802175b917bda44da730720e2629a19f3357c5966ae984e08c767191806bdb6601edec19f01c2aacd15d9bbe7c621770c5d4a1f9b0e263420802896090e664c659cfaebb2a368de535a3e875e2a9878e692a463b77b7a664666f836364e5b7dd5214c825d23cffa8e595ab28ba453fb66568928f3d4ea3d2df35447dfdb557a6cd63a46152d4d04a483258cb5eb9debc3bcb86bce2912e39eb72229c76edd09ebe7840f9741149a4b9a66ac9364395fe3280498a08f8d205c229fa94252fcfdb38c0c5ac8068ed9613a2e4ae49054cf81b32a0ceb5e84f62cb6d21a06a5bc2a9d1b11f82ecb042d0f28ce848d4a34042cc6b874c5fdf46e2d0da1b0ad7159e72a346b3672703e5d28845d8a1858017b411d2dc779634b9085c0bbc5b685785214c69d75d1f5dfd755fee0b55572feeea22a1bec8df2d78bed37cc87c24536df32d6c21d53947aaf4a6f093029e14731e28eeccf04aea7affe96fdd1c0130264e73577e5b681aba39df6f9e871985b49bed2d7eb2f8894e4c7dbdf7a4225876815f0fa2cda33aeb3c5155bc4e8f9cf7bab5ea2d2a7ccb16a6ae2d3585c2f8904933c58b2a55746fb25253b4f56f373745220f2f62015837e23c08bedb62b1c2b7126dc52a80e4399f3faf3bcd3c4b41f84a3666bd6b0e610969c5a107c2cb907ec7bc7e51e170fcf0476cd93da11c6c29486d2a777b65b35ebc8a7760d5bb51f626411da0f41a29bbff250bc9c4812730e685301fba32183a6feb66cb0ae7f13b7228e5ec18ff001bd239dea3089f545b92832d470f2c2e7a88e33f2159c4ba52a829a7aeee289cceb606a39a3e928edc5d437eed073c08b2daf05d95841d4ff4409da7e3adef37222f5c7e0445a3cf5aa538eee945edfa46b050001ff3f4ecb589da476fce23351faa197b73063ac83c55010953af067cf43fdab64d34f462508a63a658600ab14b4a97a3172f4a87f9747a0103e2fbd8d622d6b619db27158a5aea34019e00011d77e8317820a1672720a4fd037924b619d4832d388294f20f5cef98b8913c59aa3cc19100c0a087cc4a4e7961e210aae76369094f2a71bb2ba189669e88c5096c052753aea36bba83776fcb2599c71fece4faba30f8945c5ff1ab31b087a8c82cdd539ab0d057df0d6d12f69bd56762cb88f3d949ffca48260db20519f751fc2107712c14c59a0786be2f75078e350a6ca9d2117bafdc05312210aaa5f1ed0e90f8b392e2169bd261c71d143e1867f7942eecb7e65bcac41cc47d960d4742635a35bca6574fe1df0f5647a2269c47e2089b72969fc7732df6a876d6429b5afb23e5d3dd5461a8138a3e5753f142db099bbb27b4a4475599fa51f3d6691e9c35b845c05dd09e8fc202b7d89d2d8aed4d7fdb6e8c53d19722c736c371a03d6560086e91d1bdd47a4ea7f98a191584a8e308d8714754f850eabb91d579cfd552c2fc3a185e788762b6dd3ad0eb68f6c0a74675c302b65f6522ccf13d9a4c09d2665e9c20c7f67c3a8da79657699dbfe9b132f27e5a5d7b61d5a7caec63d70cd158a93761317b656bf490933729817fabafb9ab7fd101d016902dc7dbcf6a21b7f10a91b49bd6fcd70cebb6522f65d70a277d7c5e7e9dc908d74489ac092c3d1882cace0c8fc085b026579ff1c4a53976bdeb3d74dd001c09348738fdf6914e3815980f3f0dd432554f8a392664dd7ea30cd61342696172b19c5328e53b01e07afe38f7392bfa4717af3f333fdc1b5619e3e50946e051c48a444cdcfe486b51c00cf79856e1938e9ad378c83f1721a7ba59a0e225de06b136cad90aa0e27a1f35f42d9f7b89769f80495e3592d95bcaae28e4d3f1313a9f9cec11c76fd28969f8de1e2ea63c2358c78c4371ee401371c0eb3be1c9584a8a6e49e9972f10fbda1894edf4847e1bfe022e1ff5444d46e8b6b9bb1240b15ced20969519fad6b2468917b5e0ff2d746c8a9a089c9300693241a4d6044be5936b5937fd96e803b70da03605d1160e4ff4a91545577f48de94a0e30abea8558f8bcdd63309a50abcf63697c45d6988a39a2390f2b7ae0584c659a4bf6a21babdb03786729be4cb55ca8d340489a5247ffd441263713c245368d80f2c24af2086c40c3373bcca4c245db97318a1af9e3032a49a9a947e25e4b333c9a86a2ef6a807bb907bee9e81b27ba2dd3e73bf", 0x80c}], 0x1, 0x0, 0x0, 0x4850}, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000540)=ANY=[@ANYBLOB="120100008010bd40820529009dbb0000000109022400011b00001009040000022a3e740009058bff7f0000100109050b362f"], 0x0)

2.496284544s ago: executing program 6 (id=658):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
keyctl$link(0x8, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f00000007c0)={0x0, r2}, 0x8)
r3 = fsopen(&(0x7f0000000000)='proc\x00', 0x0)
syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f0000000280)='./file0\x00', 0x4, &(0x7f00000195c0)=ANY=[@ANYBLOB='discard,uid=', @ANYRESHEX, @ANYBLOB=',nodots,check=strict,uid=', @ANYRESHEX=0x0, @ANYBLOB='\n '], 0x1, 0x22d, &(0x7f0000019300)="$eJzs3b2KE1EYBuDP3exu2MatxWLAxiqodzDICuKAEJlCKwdWm10RZpvRKpfhNXhJXsZW6UbMhPwZbTQes/M8EOaFl8B3mpwU5yRv73+4vPh4/b799iWGwywGEZOYRpzFQRxG5878eTDLx7FqEgDAvhmPqzz1DOxWXefVUUSc/NSUX5MMBAAAAAAAAAAAwB9z/h8A+sf5/9uvrvPqdP79bZ3z/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEA607a92/7mlXo+AODvs/8DQP/Y/wGgf+z/ANA/r16/eZEXxfk4y4YRN5OmbMru2fXPnhfnj7KZs+W7bpqmPFz0j7s+W++P4nTeP9naH8fDB13/o3v6stjoT+Ji98sHAAAAAAAAAAAAAAAAAACA/8IoW9h6v380+lXfpZXfB9i4vz+Ie4N/tgwAAAAAAAAAAAAAAAAAAADYa9efPl9WV1fvakEQhEVI/ckEAAAAAAAAAAAAAAAAAAD9s7z0m3oSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEhn+f//uwup1wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD0w/cAAAD//wu+k9A=")
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x0)
fchdir(r4)
r5 = inotify_init1(0x800)
inotify_add_watch(r5, &(0x7f0000000240)='.\x00', 0x60000526)
openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0x0, 0x1aa)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYRESDEC], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x6d, '\x00', 0x0, 0x2}, 0x94)
r6 = syz_usb_connect(0x0, 0x5a, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000060f94d100d05020027230102030109024840020000000009047d04031d5abf0009050400005539000009050b00000000000009050200000005000009047d01013481af0009a00e00230000690009047dbe"], 0x0)
syz_usb_control_io$uac1(r6, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r6, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r6, 0x0, 0x0)
syz_usb_control_io(r6, 0x0, &(0x7f0000000940)={0x84, &(0x7f0000000540)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000900)=ANY=[@ANYBLOB="1c0000005e000102000000000000000000000000682ce665"], 0x1c}, 0x1, 0x0, 0x0, 0x4008001}, 0x0)
r7 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0)

1.89184213s ago: executing program 9 (id=659):
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x248, 0x9b99}, 0x37, [0xfffffff8, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x7, 0x4, 0x25cd, 0x1, 0xb1, 0xa, 0xa2b9, 0x6, 0x7, 0xe4, 0x6, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x1, 0x8, 0xd, 0x4, 0x12a3, 0x6, 0x1, 0x2, 0x6, 0x7, 0x81, 0x8a, 0x79, 0x8002, 0x10000, 0x0, 0x91, 0x4, 0x4, 0x16, 0x8, 0x5, 0x401, 0xfffffff5, 0x405, 0xa7, 0xc1, 0x9, 0xf9a2, 0x80000001, 0xff, 0x6, 0x2, 0x2, 0x2, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x9, 0x4], [0x9, 0x23, 0x6, 0x9, 0x4, 0xc66, 0xa8a9, 0x20000073, 0x8e, 0x8, 0x7, 0x5, 0x2, 0x809, 0x4, 0xa7, 0x1000, 0x0, 0x200b398, 0x400080, 0x1, 0x4, 0x1c, 0x7, 0x1, 0x4, 0x3, 0xb, 0xffffff7f, 0x400, 0x6, 0x4c2336d3, 0x4, 0x0, 0xfffffff4, 0x401, 0x46, 0xf1, 0x4, 0x1, 0x4, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x1, 0x1cb, 0x1, 0x80000004, 0x6, 0x438, 0x2, 0x9, 0x95, 0x7fffffff, 0x4, 0xfffffff9, 0x1, 0x1000, 0xfffff801, 0x5], [0x7, 0x2, 0xffff, 0xc, 0x2, 0x2e6bf783, 0x80000005, 0x5, 0x5, 0x491, 0x9, 0x200006, 0x8, 0x400, 0x2, 0x400, 0x41, 0xa, 0xee4b, 0x2000004, 0x1, 0x8000003, 0x5, 0x9, 0x3, 0x3, 0x9, 0x3, 0xc7, 0xffe, 0x100007, 0x2, 0x400, 0x3e55, 0x1, 0xd3, 0x8, 0x3437, 0x3, 0xd, 0x7, 0x601, 0x101, 0xdd80, 0x60a0, 0x7f, 0x9d2e, 0x10000, 0x1, 0x2, 0x2, 0x6, 0x20008000, 0x3, 0x3, 0xd500, 0x8, 0x77, 0x9, 0x2, 0x10000, 0xfffffffd, 0x8, 0x1], [0xa772, 0x6, 0x5, 0x1afa, 0xbfa, 0x8, 0x5, 0x7f, 0x55, 0x40, 0xff, 0x1005, 0x1, 0x7, 0x1e, 0x209, 0x81, 0x3, 0x9d86, 0xf5c, 0xfffffff7, 0x8, 0x140f2, 0x5396, 0x3, 0x6, 0x80008001, 0x7777, 0x1, 0x3, 0x100, 0xd8ce, 0x7fffffff, 0x100009, 0xc, 0x32c, 0x3, 0x1ff, 0x2010803, 0xffffffff, 0x10000, 0x0, 0x8004, 0x8, 0x3, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x6, 0xfffffff9, 0x5, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x6, 0x8, 0x14000, 0x1, 0x9]}, 0x45c)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x601, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
mount$9p_fd(0x0, 0x0, 0x0, 0x2804000, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0xfffffffffffffffe, 0x40000000000180, 0x2, 0x6, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0x7, 0x4, 0x5, 0x4, 0x8], 0x25000, 0x304})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = dup(r4)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x50, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

1.114278505s ago: executing program 4 (id=661):
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'wlan0\x00'})
getsockname$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000080))
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448e2, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x8001}, 0x4)
syz_emit_ethernet(0x2e, &(0x7f0000000000)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @random="e43f6642531e", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0xe000, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x1, 0x1, 0x10, 0x0, @void}}}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x1ffffc54, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x40}, 0x94)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0x0, 0x0, &(0x7f0000000000), 0x0, 0xd01, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

663.779032ms ago: executing program 4 (id=662):
syz_mount_image$ext4(&(0x7f0000000bc0)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x8000, &(0x7f00000000c0), 0x2, 0xbd1, &(0x7f0000001340)="$eJzs3M1rHOcZAPBnRquVbKtduZRS91KVUmwoXUsuMrUp1C4uvfRQaK8Fq/LKCK0/kFRcyTqskn8gX+dALoEkJiGH+OxLQnLNJbGvCTkETFCsBEJIFGY/pI2lleR4V6PIvx+8mvedd7TP8+ywO/PC7gbwxBrJ/qQRxyLiYhJRau5PI6JY7w1G1BrHra4sTX65sjSZxNravz5LIomIBytLk63HSprbI83BYES8/9ckfvb05rhzC4szE9VqZbY5Pjl/5frJuYXFP0xfmbhcuVy5Onb6T+Onxk+PnhnvWq1ffXTu9he/+fsnta9f/ebW58+/nMS5GGrOtdfRLSMxsv6ctCtExES3g+Wkr1lPe51JYYd/SnucFAAAHaVt93C/iFL0xcbNWyne/iDX5AAAAICuWOuLWAMAAAAOuMT6HwAAAA641ucAHqwsTbZavp9I2Fv3z0fEcKP+1WZrzBSiVt8ORn9EHH6QRPvXWpPGvz22kYj4+N6ZN7IWPfoe8nZqyxHxy63Of1Kvf7j+Le7N9acRMdqF+CMPjX9M9Z/rQvy86wfgyXTnfONCtvn6l67f/8QW17/CFteuHyLv61/r/m910/3fRv19He7//rnLGDdfefFGp7ms/j/f/tvrrZbFz7aPVdQjuL8c8avCVvUn6/UnHeq/uMsYpW9vVDrN5V3/2ksRx2Pr+luS7X+f6OTUdLUy2vi7ZYzl98Zf6xQ/7/qz83+4Q/2t33/qdP6v7zLGfy5ceHPTznsb3e3rTz8tJv+u94rNPf+fmJ+fHYsoJv/YvP/U9rm0jmk9Rlb/id9u//rfqv7sPaHWfB6ytcByc5uNn3oo5l9u3XyrUz6t9V+e5/9Sh/PfXv+7hc3n/5ldxvjdO8+d6DTXvv7NWha/tRYGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgJY0IoYiScvr/TQtlyOORMTP43BavTY3//upa/+7eimbixiO/nRquloZjYhSY5xk47F6f2N86qHxHyPiaES8UDpUH5cnr1Uv5V08AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA645ExFAkaTki0ohYLaVpuZx3VgAAAEDXDeedAAAAANBz1v8AAABw8Fn/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0GNHf33nbhIRtbOH6i1TbM7155oZ0Gtp3gkAuenLOwEgN4W8EwBy84hrfLcLcAAlO8wPdpwZ6HouAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOxfx4/duZtERO3soXrLFJtz/blmBvRa2tZPcswD2Ht9200W9i4PYO95icOTyxof2GntP7hxTO37MwM9ywkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/Weo3pK0HBHF5r5yOeInETEc/cnUdLUyGhE/jYgPS/0D2Xgs55wBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADovrmFxZmJarUym3XSaHbW9/Sg09eM3MMQvekkjbxr+yWfg90ZeHanY/4bjxmiGPui0n3ayfNdCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAvMwtLM5MVKuV2bm8MwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyNrewODNRrVZme9jJu0YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLzXQAAAP//jAsGRw==")
syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000440)={[{@nodots}, {@nodots}, {@fat=@umask={'umask', 0x3d, 0x2}}, {@nodots}, {}, {@fat=@sys_immutable}, {@dots}, {@fat=@nfs_stale_rw}, {}, {@dots}]}, 0x1, 0x25f, &(0x7f0000000140)="$eJzs3cFqE0EYB/AvTZqsBbVn8bDgxZOobxCkghAQqrkbaL20Imwv0VMeQ/ANfByPPkZPvUXaXVy7LSIl6WS7vx+E/dj/DjuTQCaHmeyHx5+ODj6ffFz++hZZlscgYhFnEbuxFf0o9arj1kU9jGHUFgEAtM3+/mycug+sUO/qqaIYz7YjYnQlm/64pV4BAAAAAAAAAACwYjdZ//836/8BoH2s/7/7imI826l+v11m/T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQztly+XD5j1fq/gEAq2f+B4DuMf8DQPeY/wGge949qIo8zyJOF/PpfFoey9Ov30z2nucXdutWp/P5dLuqJ3svyjxv5jtV+5fX5sN4+qTMz7NXbyeNfBQH6xw4AAAAAAAAAAAAAAAAAAAAbJBn+R+N/f39Mj+/YBTX5FnE90v/D9DYvz+IR4PbHAkAAAAAAAAAAAAAAAAAAAC018mXr0ez4+PDorPFz35EsrtHr/wYUr8JjeJe3KBVtmmjaFHRj4jDUQxivfd6f///L079zQQAAAAAAAAAAAAAAAAAAN1Tb/pN3RMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASKd+/v/6itRjBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALrhdwAAAP//UhGHcQ==")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000240), 0x3af4701e)
timer_create(0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r2 = syz_usb_connect$uac1(0x0, 0xac, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029a0003010000000904000000010100000a24010000000201020c24020000000000000800000524050000082407000000009e0c240700000000a3e82f07070d240701060000fd80000000e80924030000000001"], 0x0)
syz_usb_control_io(r2, &(0x7f0000000140)={0x2c, 0x0, &(0x7f0000000640)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$uac1(r2, &(0x7f0000001840)={0x14, 0x0, &(0x7f0000000080)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0)
io_setup(0x202, &(0x7f0000000200)=<r3=>0x0)
io_submit(r3, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x4000, 0xa00}])

540.211199ms ago: executing program 5 (id=663):
r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x8, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000010000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100070000009500000000000000bf98000000000000b7020000000000008500000062000000b7000000000000009500000000000000"], &(0x7f0000000200)='syzkaller\x00', 0x2, 0xf7, &(0x7f0000001e40)=""/4107}, 0x4c)

295.515333ms ago: executing program 9 (id=664):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee7, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$random(0xffffffffffffff9c, &(0x7f00000001c0), 0x60000, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x0, 0x0, &(0x7f00000000c0)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x42, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000180)={0x4, 0x9, 0x885, 0x84}, 0x10, 0x0, 0x0, 0x8, &(0x7f0000000340)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff], &(0x7f0000000380)=[{0x2, 0x1, 0x1, 0xa}, {0x4, 0x2, 0x4, 0x7}, {0x1, 0x2, 0xc, 0x5}, {0x5, 0x4, 0x5, 0x7}, {0x0, 0x1, 0x2, 0x9}, {0x5, 0x1, 0x4}, {0x3, 0x2, 0x6, 0x9}, {0x1, 0x2, 0x4, 0x3}], 0x10, 0x4}, 0x94)
r4 = openat$cgroup(0xffffffffffffffff, &(0x7f00000004c0)='syz1\x00', 0x200002, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000500)={r3, r4, 0x1, 0x0, @val=@netfilter={0x7, 0x1, 0x5, 0x1}}, 0x20)
socket$inet6(0xa, 0x1, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
getsockopt$nfc_llcp(0xffffffffffffffff, 0x88, 0x0, 0x0, 0xffffffffffffff88)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r5=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000a80)={'bridge0\x00', &(0x7f0000000a40)=@ethtool_rxfh_indir={0x39}})

295.044993ms ago: executing program 5 (id=665):
r0 = getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
getgroups(0x2, &(0x7f0000000180)=[0xee01, 0xffffffffffffffff])
setgroups(0x40000000000002e6, &(0x7f0000000140)=[0x0])
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000280)={@mcast1, 0x800, 0x0, 0x1, 0x1}, 0x20)
setsockopt$inet6_int(r1, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4)
sendmsg$inet6(r1, &(0x7f00000000c0)={&(0x7f00000001c0)={0xa, 0x4e23, 0x80000, @private1={0xfc, 0x1, '\x00', 0x1}}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="120000000000000029000000", @ANYRES16=r1], 0x18}, 0x40c0)

241.382536ms ago: executing program 5 (id=666):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x70bd2d, 0x0, {{@in6=@loopback, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x30, 0xa, 0x30, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xc, 0x0, 0x0, 0x3, 0xffffffffffffffff}, {0x0, 0xa00, 0x407ffffffffffe, 0x800000000000002}, 0x1, 0x0, 0x1}}, 0xb8}}, 0x0)

145.627042ms ago: executing program 5 (id=667):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = dup(r2)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc00000019000100000000000000000020010000010000000000000040000000ac1414aa00000000000000000000000000000005000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000a900000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000000000000000000000000000000000000000000000000a000000000000000000000080400000000000000000080000000000000000000000000000000044000500ac1414aa000000000000000000000000000000003c00000000000000ffffffff00000000000000"], 0xfc}}, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
write$tun(r1, &(0x7f00000003c0)={@val={0x20, 0x6005}, @void, @eth={@multicast, @random, @void, {@ipv6={0x86dd, @generic={0xa, 0x6, '\x00', 0x0, 0x32, 0xc9a9f100f65dc87a, @empty, @mcast2}}}}}, 0x3a)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$SMC_PNETID_GET(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
getsockname$packet(r6, &(0x7f0000000180)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="b801e7a43df80000c959576834e1cbd87709899eff0f000000000000fb", @ANYRES32=r7, @ANYBLOB="89040400001000001800128008000100736974000c00028008000100", @ANYRES32=r7, @ANYBLOB="e89433d712bb45f0e26fed3775f3643a1ba47d1f9ee7cdbdf7d33c975cc20747ab7f14b0efa408e965761c773122bc8ae8f7e5c3f113dbb42d0d781bc3387ffd9367bcc339dfa8c8b5c0cd48"], 0x38}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=@framed={{0x18, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, [@call={0x85, 0x0, 0x0, 0x7d}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r9, 0x1, 0x32, &(0x7f0000000180)=r8, 0x4)
sendmsg$inet(r10, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000000)
sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0xe403, r7}, [@IFLA_LINKINFO={0x10, 0x12, 0x0, 0x1, @sit={{0x8}, {0x4}}}]}, 0x30}, 0x1, 0x0, 0x0, 0x10}, 0x200080d0)
setsockopt$MRT6_DONE(r6, 0x29, 0xc9, 0x0, 0x0)
socket(0x6, 0xa, 0x6)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0x4, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000eaea7110be000000000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route(r0, &(0x7f0000001f80)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000001ec0)=ANY=[@ANYBLOB="3059942c290000001d00010035bd70702729d447", @ANYRES32=0x0, @ANYBLOB="0200100014000100fe8000000000000000000000000000bb"], 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x4008000)

97.437795ms ago: executing program 5 (id=668):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x100, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000001080)={0x1, 0x3, 0x6000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$KVM_CREATE_DEVICE(r1, 0xc018aec0, &(0x7f00000000c0)={0x1})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r2 = socket$inet6(0xa, 0x1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f00000004c0)={'ip6tnl0\x00', &(0x7f0000000740)={'syztnl1\x00', 0x0, 0x29, 0x0, 0x4, 0x0, 0x4b, @ipv4={'\x00', '\xff\xff', @multicast2}, @local, 0x10, 0x7, 0x40000004, 0x4}})

0s ago: executing program 5 (id=669):
r0 = syz_usb_connect(0x0, 0x36, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f00000029c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="200302"], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000140)={0x44, &(0x7f0000000440)=ANY=[@ANYBLOB='7'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)

kernel console output (not intermixed with test programs):

e=1
[   63.417926][   T28] audit: type=1400 audit(1769189710.601:476): avc:  denied  { write } for  pid=85 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   63.439788][  T287] EXT4-fs (loop0): unmounting filesystem.
[   63.477289][ T1118] loop0: detected capacity change from 0 to 256
[   63.500456][ T1113] loop3: detected capacity change from 0 to 2048
[   63.507653][ T1118] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   63.525383][  T346] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[   63.542319][  T336] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   63.557261][ T1113] netlink: 7 bytes leftover after parsing attributes in process `syz.3.237'.
[   63.566590][ T1118] fuse: Unknown parameter '0x0000000000000004'
[   63.637944][ T1127] loop3: detected capacity change from 0 to 256
[   63.688597][ T1132] loop3: detected capacity change from 0 to 512
[   63.695954][  T346] usb 3-1: device descriptor read/64, error -71
[   63.733438][ T1132] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[   63.744136][ T1132] ext4 filesystem being mounted at /55/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   63.804963][  T288] EXT4-fs (loop3): unmounting filesystem.
[   63.851811][ T1140] loop5: detected capacity change from 0 to 256
[   63.891019][ T1138] loop3: detected capacity change from 0 to 4096
[   63.894737][ T1140] netlink: 'syz.5.247': attribute type 9 has an invalid length.
[   63.914251][ T1140] netlink: 'syz.5.247': attribute type 6 has an invalid length.
[   63.916843][ T1138] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[   63.975298][  T346] usb 3-1: device descriptor read/64, error -71
[   64.106605][ T1152] .1!€ÿ: renamed from bond_slave_0
[   64.129442][ T1156] loop0: detected capacity change from 0 to 256
[   64.143149][ T1157] loop5: detected capacity change from 0 to 256
[   64.160335][ T1156] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   64.175837][ T1157] FAT-fs (loop5): Directory bread(block 64) failed
[   64.190131][ T1157] FAT-fs (loop5): Directory bread(block 65) failed
[   64.198962][ T1157] FAT-fs (loop5): Directory bread(block 66) failed
[   64.210861][ T1157] FAT-fs (loop5): Directory bread(block 67) failed
[   64.217803][ T1157] FAT-fs (loop5): Directory bread(block 68) failed
[   64.224360][ T1157] FAT-fs (loop5): Directory bread(block 69) failed
[   64.231353][ T1157] FAT-fs (loop5): Directory bread(block 70) failed
[   64.238182][ T1157] FAT-fs (loop5): Directory bread(block 71) failed
[   64.244887][ T1157] FAT-fs (loop5): Directory bread(block 72) failed
[   64.252150][ T1157] FAT-fs (loop5): Directory bread(block 73) failed
[   64.255487][  T346] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[   64.267258][ T1156] fuse: Unknown parameter '0x0000000000000004'
[   64.307527][ T1159] loop1: detected capacity change from 0 to 2048
[   64.335353][  T342] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[   64.341307][ T1165] netlink: 40 bytes leftover after parsing attributes in process `syz.5.249'.
[   64.355789][  T336] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   64.435289][  T346] usb 3-1: device descriptor read/64, error -71
[   64.489539][ T1172] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=1172 comm=syz.0.257
[   64.525341][  T342] usb 4-1: Using ep0 maxpacket: 16
[   64.532160][  T342] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[   64.541101][  T342] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   64.551350][  T342] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[   64.561864][  T342] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   64.571175][  T342] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   64.579251][  T342] usb 4-1: Product: syz
[   64.583563][  T342] usb 4-1: Manufacturer: syz
[   64.588256][  T342] usb 4-1: SerialNumber: syz
[   64.705236][  T346] usb 3-1: device descriptor read/64, error -71
[   64.825295][  T346] usb usb3-port1: attempt power cycle
[   64.920614][ T1175] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=1175 comm=syz.1.258
[   65.013851][  T342] usb 4-1: 0:2 : does not exist
[   65.255284][  T346] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[   65.286807][  T346] usb 3-1: device descriptor read/8, error -71
[   65.678057][ T1192] loop0: detected capacity change from 0 to 4096
[   65.692772][ T1138] fs-verity: sha512 using implementation "sha512-avx2"
[   65.699972][ T1138] fs-verity (loop3, inode 15): Unsupported log_blocksize: 13
[   65.707748][ T1192] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[   65.716869][  T346] usb 3-1: device descriptor read/8, error -71
[   65.723980][ T1192] fs-verity (loop0, inode 15): Unsupported log_blocksize: 14
[   65.733971][  T342] usb 4-1: USB disconnect, device number 6
[   65.753019][  T287] EXT4-fs (loop0): unmounting filesystem.
[   65.768286][ T1195] loop0: detected capacity change from 0 to 256
[   65.777099][ T1195] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   65.790609][ T1195] fuse: Unknown parameter 'fd0x0000000000000004'
[   65.815486][ T1197] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=1197 comm=syz.0.265
[   65.881405][ T1197] xt_hashlimit: max too large, truncated to 1048576
[   65.945836][  T336] udevd[336]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[   65.979487][ T1200] loop0: detected capacity change from 0 to 2048
[   65.995279][  T346] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[   66.018404][ T1204] loop0: detected capacity change from 0 to 512
[   66.028154][  T346] usb 3-1: device descriptor read/8, error -71
[   66.050038][ T1204] EXT4-fs (loop0): revision level too high, forcing read-only mode
[   66.059245][ T1204] EXT4-fs (loop0): orphan cleanup on readonly fs
[   66.066005][ T1204] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -13
[   66.081115][ T1204] EXT4-fs error (device loop0): ext4_orphan_get:1400: inode #13: comm syz.0.267: iget: bad i_size value: 12154757448730
[   66.096189][ T1204] EXT4-fs error (device loop0): ext4_orphan_get:1405: comm syz.0.267: couldn't read orphan inode 13 (err -117)
[   66.110278][ T1204] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[   66.135357][ T1146] Bluetooth: hci0: Opcode 0x080f failed: -110
[   66.146873][  T287] EXT4-fs (loop0): unmounting filesystem.
[   67.386573][  T346] usb 3-1: device descriptor read/8, error -71
[   67.461683][   T28] kauditd_printk_skb: 12 callbacks suppressed
[   67.461700][   T28] audit: type=1400 audit(1769189714.751:489): avc:  denied  { name_bind } for  pid=1209 comm="syz.0.269" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[   67.515312][  T346] usb usb3-port1: unable to enumerate USB device
[   67.544403][  T288] EXT4-fs (loop3): unmounting filesystem.
[   67.579602][ T1222] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=1222 comm=syz.5.273
[   67.611349][ T1224] loop1: detected capacity change from 0 to 256
[   67.631714][ T1224] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   67.650966][ T1222] loop5: detected capacity change from 0 to 256
[   67.661771][ T1224] fuse: Unknown parameter 'fd0x0000000000000004'
[   67.677806][ T1222] exfat: Deprecated parameter 'utf8'
[   67.698968][ T1222] exfat: Deprecated parameter 'namecase'
[   67.706400][ T1222] exfat: Deprecated parameter 'namecase'
[   67.712978][ T1222] exfat: Deprecated parameter 'utf8'
[   67.748029][ T1222] exFAT-fs (loop5): failed to load upcase table (idx : 0x00012153, chksum : 0x5270ca8d, utbl_chksum : 0xe619d30d)
[   67.834993][ T1233] binder: BINDER_SET_CONTEXT_MGR already set
[   67.848120][ T1233] binder: 1228:1233 ioctl 4018620d 200000000040 returned -16
[   67.857206][ T1232] binder: 1228:1232 ioctl 5427 0 returned -22
[   67.905464][ T1231] loop1: detected capacity change from 0 to 2048
[   67.955888][ T1240] capability: warning: `syz.1.279' uses 32-bit capabilities (legacy support in use)
[   68.007548][ T1242] FAULT_INJECTION: forcing a failure.
[   68.007548][ T1242] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   68.021098][ T1242] CPU: 1 PID: 1242 Comm: syz.1.280 Tainted: G        W          syzkaller #0
[   68.029947][ T1242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   68.040135][ T1242] Call Trace:
[   68.043452][ T1242]  <TASK>
[   68.046503][ T1242]  __dump_stack+0x21/0x24
[   68.050867][ T1242]  dump_stack_lvl+0x110/0x170
[   68.055576][ T1242]  ? __cfi_dump_stack_lvl+0x8/0x8
[   68.060724][ T1242]  dump_stack+0x15/0x24
[   68.064996][ T1242]  should_fail_ex+0x3d4/0x520
[   68.070410][ T1242]  should_fail_alloc_page+0x61/0x90
[   68.075838][ T1242]  prepare_alloc_pages+0x148/0x600
[   68.081234][ T1242]  ? __alloc_pages_bulk+0x9c0/0x9c0
[   68.086495][ T1242]  __alloc_pages+0x13a/0x480
[   68.091666][ T1242]  ? __cfi___alloc_pages+0x10/0x10
[   68.097037][ T1242]  __folio_alloc+0x12/0x40
[   68.101623][ T1242]  wp_page_copy+0x27d/0x15a0
[   68.107064][ T1242]  ? fault_dirty_shared_page+0x310/0x310
[   68.113281][ T1242]  ? vmx_vcpu_pi_put+0x18e/0x830
[   68.118613][ T1242]  ? vm_normal_page+0x1eb/0x200
[   68.123889][ T1242]  do_wp_page+0x9f2/0xfc0
[   68.129364][ T1242]  handle_mm_fault+0x1124/0x26c0
[   68.136105][ T1242]  ? __cfi_handle_mm_fault+0x10/0x10
[   68.141824][ T1242]  __get_user_pages+0x34b/0xdb0
[   68.147422][ T1242]  ? populate_vma_page_range+0x120/0x120
[   68.153286][ T1242]  get_user_pages_unlocked+0x239/0x6e0
[   68.158929][ T1242]  ? __cfi_get_user_pages_unlocked+0x10/0x10
[   68.165230][ T1242]  hva_to_pfn+0x232/0xa50
[   68.169691][ T1242]  ? __cfi_hva_to_pfn+0x10/0x10
[   68.174665][ T1242]  ? vmx_get_mt_mask+0xaf/0x110
[   68.179620][ T1242]  ? tdp_mmu_set_spte_atomic+0x200/0x580
[   68.185386][ T1242]  ? tdp_iter_restart+0x1c0/0x350
[   68.190587][ T1242]  __gfn_to_pfn_memslot+0x2e3/0x370
[   68.195827][ T1242]  kvm_faultin_pfn+0x3e3/0xbd0
[   68.200900][ T1242]  ? stack_trace_save+0xa6/0xf0
[   68.205947][ T1242]  ? __mmu_unsync_walk+0x4a0/0x4a0
[   68.211659][ T1242]  ? __kvm_mmu_topup_memory_cache+0x2cd/0x500
[   68.217873][ T1242]  direct_page_fault+0x136e/0x1cc0
[   68.223135][ T1242]  ? kvm_tdp_page_fault+0x1f0/0x1f0
[   68.228921][ T1242]  ? arch_stack_walk+0xfc/0x150
[   68.233841][ T1242]  kvm_tdp_page_fault+0x1bc/0x1f0
[   68.239012][ T1242]  kvm_mmu_page_fault+0x2ce/0x8c0
[   68.244192][ T1242]  ? __cfi_kvm_mmu_page_fault+0x10/0x10
[   68.249800][ T1242]  ? kasan_set_track+0x60/0x70
[   68.254687][ T1242]  ? clear_bhb_loop+0x30/0x80
[   68.259406][ T1242]  ? clear_bhb_loop+0x30/0x80
[   68.264220][ T1242]  ? clear_bhb_loop+0x30/0x80
[   68.269025][ T1242]  ? __kasan_check_write+0x14/0x20
[   68.274283][ T1242]  handle_ept_violation+0x21d/0x4f0
[   68.279539][ T1242]  ? vmx_vcpu_run+0x1289/0x2440
[   68.284530][ T1242]  ? __cfi_handle_ept_violation+0x10/0x10
[   68.290574][ T1242]  vmx_handle_exit+0xc92/0x1b30
[   68.296296][ T1242]  ? __cfi_vmx_vcpu_run+0x10/0x10
[   68.301618][ T1242]  ? vmx_handle_exit_irqoff+0x25a/0x6a0
[   68.307905][ T1242]  vcpu_enter_guest+0x30b4/0x6f80
[   68.313034][ T1242]  ? __kasan_check_read+0x11/0x20
[   68.318551][ T1242]  ? vmx_read_guest_seg_ar+0x164/0x380
[   68.324213][ T1242]  ? pvclock_gtod_update_fn+0x280/0x280
[   68.329995][ T1242]  ? emulator_get_segment+0x2d7/0x620
[   68.336489][ T1242]  ? __kasan_check_read+0x11/0x20
[   68.342791][ T1242]  ? __cfi_emulator_get_segment+0x10/0x10
[   68.349123][ T1242]  ? vmx_get_segment_base+0x8e/0xd0
[   68.355669][ T1242]  ? linearize+0x472/0x900
[   68.360476][ T1242]  ? read_prepare+0x89/0x200
[   68.365282][ T1242]  ? emulator_read_write+0xa7/0x590
[   68.370954][ T1242]  ? push+0x690/0x690
[   68.374957][ T1242]  ? enable_step+0x390/0x750
[   68.380055][ T1242]  ? segmented_read+0x2d6/0x400
[   68.385669][ T1242]  ? memcpy+0x56/0x70
[   68.390035][ T1242]  ? segmented_read+0x2d6/0x400
[   68.394969][ T1242]  ? __kasan_check_write+0x14/0x20
[   68.400129][ T1242]  ? emulator_write_gpr+0xa8/0xd0
[   68.405195][ T1242]  ? __cfi_emulator_write_gpr+0x10/0x10
[   68.410883][ T1242]  ? x86_emulate_insn+0x45f/0x3740
[   68.416051][ T1242]  ? __kasan_check_write+0x14/0x20
[   68.421210][ T1242]  ? vmx_set_rflags+0x2aa/0x480
[   68.426390][ T1242]  ? x86_emulate_instruction+0x13e7/0x1af0
[   68.432447][ T1242]  ? complete_emulated_mmio+0x4f7/0x780
[   68.438055][ T1242]  kvm_arch_vcpu_ioctl_run+0xec4/0x1fa0
[   68.443675][ T1242]  kvm_vcpu_ioctl+0x8f2/0xc00
[   68.448610][ T1242]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[   68.453940][ T1242]  ? selinux_file_ioctl+0x3a0/0x4d0
[   68.459304][ T1242]  ? __cfi_selinux_file_ioctl+0x10/0x10
[   68.465245][ T1242]  ? mutex_unlock+0x8f/0x230
[   68.470008][ T1242]  ? __cfi_mutex_unlock+0x10/0x10
[   68.475167][ T1242]  ? __fget_files+0x2d5/0x330
[   68.480320][ T1242]  ? security_file_ioctl+0x95/0xc0
[   68.485472][ T1242]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[   68.490815][ T1242]  __se_sys_ioctl+0x12f/0x1b0
[   68.495517][ T1242]  __x64_sys_ioctl+0x7b/0x90
[   68.500148][ T1242]  x64_sys_call+0x58b/0x9a0
[   68.504758][ T1242]  do_syscall_64+0x4c/0xa0
[   68.509192][ T1242]  ? clear_bhb_loop+0x30/0x80
[   68.514066][ T1242]  ? clear_bhb_loop+0x30/0x80
[   68.518775][ T1242]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   68.524888][ T1242] RIP: 0033:0x7fb438b9acb9
[   68.529340][ T1242] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   68.549679][ T1242] RSP: 002b:00007fb439a5a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   68.558218][ T1242] RAX: ffffffffffffffda RBX: 00007fb438e15fa0 RCX: 00007fb438b9acb9
[   68.566225][ T1242] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[   68.574403][ T1242] RBP: 00007fb439a5a090 R08: 0000000000000000 R09: 0000000000000000
[   68.583113][ T1242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   68.591366][ T1242] R13: 00007fb438e16038 R14: 00007fb438e15fa0 R15: 00007ffd4b9b4bd8
[   68.599644][ T1242]  </TASK>
[   70.403042][ T1252] binder: 1249:1252 ioctl 5427 0 returned -22
[   71.473004][ T1260] loop0: detected capacity change from 0 to 256
[   71.551222][ T1264] binder: BINDER_SET_CONTEXT_MGR already set
[   71.558860][ T1260] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   71.575286][ T1264] binder: 1255:1264 ioctl 4018620d 200000000040 returned -16
[   71.694709][ T1266] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   71.702516][ T1266] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   72.283840][ T1267] netlink: 12 bytes leftover after parsing attributes in process `syz.1.288'.
[   72.318320][  T466] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[   72.330497][ T1269] binder: 1255:1269 ioctl 5427 0 returned -22
[   72.354527][  T466] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   72.563271][ T1260] fuse: Unknown parameter 'fd0x0000000000000004'
[   72.586535][  T466] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[   72.595006][  T466] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   72.603842][  T466] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   72.613225][  T466] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   72.629156][ T1276] loop5: detected capacity change from 0 to 2048
[   72.636453][  T466] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   72.644714][  T466] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   72.679134][ T1276] EXT4-fs (loop5): can't mount with data=, fs mounted w/o journal
[   72.692209][ T1280] loop0: detected capacity change from 0 to 16
[   72.699981][ T1280] erofs: (device loop0): mounted with root inode @ nid 36.
[   72.720678][   T28] audit: type=1400 audit(1769189720.011:490): avc:  denied  { write } for  pid=1275 comm="syz.5.290" name="ip_tables_matches" dev="proc" ino=4026532990 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[   72.747254][ T1283] binder: 1281:1283 ioctl 5427 0 returned -22
[   73.495606][  T346] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[   73.675281][  T346] usb 1-1: device descriptor read/64, error -71
[   75.446088][ T1307] loop1: detected capacity change from 0 to 256
[   75.453657][ T1307] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   75.483421][ T1309] loop3: detected capacity change from 0 to 256
[   75.501779][  T285] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 0, start 0000ff00)
[   75.514533][  T285] FAT-fs (loop1): Filesystem has been set read-only
[   75.515117][   T28] audit: type=1400 audit(1769189722.801:491): avc:  denied  { mounton } for  pid=1308 comm="syz.3.302" path="/64/file0/file1" dev="loop3" ino=1048642 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=file permissive=1
[   75.526077][  T285] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 0, start 0000ff00)
[   75.561981][  T335] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[   75.569947][  T346] usb 1-1: device descriptor read/64, error -71
[   75.599039][   T28] audit: type=1400 audit(1769189722.891:492): avc:  denied  { remount } for  pid=1304 comm="syz.2.300" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[   75.755274][  T335] usb 6-1: Using ep0 maxpacket: 32
[   75.766670][  T335] usb 6-1: config 0 has an invalid interface number: 188 but max is 0
[   75.774987][  T335] usb 6-1: config 0 has no interface number 0
[   75.825253][  T335] usb 6-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[   75.847211][  T335] usb 6-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[   75.868786][  T335] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   75.900372][  T335] usb 6-1: Product: syz
[   75.904611][  T335] usb 6-1: Manufacturer: syz
[   75.928574][  T335] usb 6-1: SerialNumber: syz
[   75.948637][   T28] audit: type=1400 audit(1769189723.241:493): avc:  denied  { mounton } for  pid=1320 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[   76.032079][ T1321] netlink: 12 bytes leftover after parsing attributes in process `syz.0.309'.
[   76.291007][  T335] usb 6-1: config 0 descriptor??
[   76.297023][ T1302] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[   76.418817][ T1320] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.426048][ T1320] bridge0: port 1(bridge_slave_0) entered disabled state
[   76.433839][ T1320] device bridge_slave_0 entered promiscuous mode
[   76.441732][ T1323] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.449386][ T1323] bridge0: port 1(bridge_slave_0) entered disabled state
[   76.457584][ T1323] device bridge_slave_0 entered promiscuous mode
[   76.468133][ T1320] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.475307][ T1320] bridge0: port 2(bridge_slave_1) entered disabled state
[   76.482965][ T1320] device bridge_slave_1 entered promiscuous mode
[   76.490108][ T1323] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.497484][ T1323] bridge0: port 2(bridge_slave_1) entered disabled state
[   76.505789][ T1323] device bridge_slave_1 entered promiscuous mode
[   76.513964][ T1302] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[   76.597978][  T466] device bridge_slave_1 left promiscuous mode
[   76.604278][  T466] bridge0: port 2(bridge_slave_1) entered disabled state
[   76.612076][  T466] device bridge_slave_0 left promiscuous mode
[   76.618406][  T466] bridge0: port 1(bridge_slave_0) entered disabled state
[   76.627373][  T466] device veth1_macvtap left promiscuous mode
[   76.633837][  T466] device veth0_vlan left promiscuous mode
[   76.845292][   T28] audit: type=1400 audit(1769189724.111:494): avc:  denied  { bind } for  pid=1336 comm="syz.0.312" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   76.867580][ T1333] netlink: 27 bytes leftover after parsing attributes in process `syz.2.310'.
[   76.932495][  T335] asix 6-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[   76.943151][  T335] asix: probe of 6-1:0.188 failed with error -61
[   76.967368][ T1350] overlayfs: missing 'lowerdir'
[   76.985292][ T1350] xt_TCPMSS: Only works on TCP SYN packets
[   77.040523][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   77.051097][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   77.059636][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   77.067385][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   77.106762][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   77.116136][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   77.124518][  T339] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.131870][  T339] bridge0: port 1(bridge_slave_0) entered forwarding state
[   77.140528][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   77.149411][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   77.157936][  T339] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.165197][  T339] bridge0: port 1(bridge_slave_0) entered forwarding state
[   77.172837][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   77.181631][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   77.190400][  T339] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.197518][  T339] bridge0: port 2(bridge_slave_1) entered forwarding state
[   77.205205][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   77.213806][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   77.222385][  T339] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.229504][  T339] bridge0: port 2(bridge_slave_1) entered forwarding state
[   77.237358][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   77.245580][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   77.253428][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   77.263486][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   77.272049][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   77.309563][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   77.318943][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   77.327697][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   77.335504][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   77.343127][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   77.352486][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   77.360932][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   77.370477][ T1320] device veth0_vlan entered promiscuous mode
[   77.383365][ T1323] device veth0_vlan entered promiscuous mode
[   77.390276][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   77.398934][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   77.407161][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   77.414782][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   77.429801][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   77.453115][ T1320] device veth1_macvtap entered promiscuous mode
[   77.468182][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   77.482713][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   77.492171][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   77.502414][ T1323] device veth1_macvtap entered promiscuous mode
[   77.512563][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   77.521251][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   77.540325][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   77.548950][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   77.559154][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   77.567850][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   77.586959][   T28] audit: type=1400 audit(1769189724.881:495): avc:  denied  { mounton } for  pid=1320 comm="syz-executor" path="/root/syzkaller.jNkNMB/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[   77.645039][   T28] audit: type=1400 audit(1769189724.931:496): avc:  denied  { read } for  pid=1361 comm="syz.6.306" name="usbmon0" dev="devtmpfs" ino=159 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   77.652690][ T1362] overlayfs: missing 'workdir'
[   77.691003][   T28] audit: type=1400 audit(1769189724.931:497): avc:  denied  { open } for  pid=1361 comm="syz.6.306" path="/dev/usbmon0" dev="devtmpfs" ino=159 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   77.730635][ T1360] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.738070][ T1360] bridge0: port 1(bridge_slave_0) entered disabled state
[   77.746525][ T1360] device bridge_slave_0 entered promiscuous mode
[   77.753974][   T28] audit: type=1400 audit(1769189725.041:498): avc:  denied  { ioctl } for  pid=1361 comm="syz.6.306" path="/dev/usbmon0" dev="devtmpfs" ino=159 ioctlcmd=0x9206 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   77.754932][ T1360] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.788553][ T1360] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.791892][ T1368] binder: 1363:1368 ioctl 5427 0 returned -22
[   77.798928][ T1360] device bridge_slave_1 entered promiscuous mode
[   77.810512][ T1369] x_tables: duplicate underflow at hook 1
[   77.823415][ T1368] binder: 1363:1368 ioctl c0306201 200000000240 returned -11
[   77.840900][ T1371] syz.2.319 uses obsolete (PF_INET,SOCK_PACKET)
[   77.849308][   T28] audit: type=1400 audit(1769189725.141:499): avc:  denied  { read } for  pid=1301 comm="syz.5.299" name="loop-control" dev="devtmpfs" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[   77.873944][   T28] audit: type=1400 audit(1769189725.141:500): avc:  denied  { open } for  pid=1301 comm="syz.5.299" path="/dev/loop-control" dev="devtmpfs" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[   78.003901][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   78.011903][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   78.021410][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   78.030719][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   78.039625][  T339] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.046831][  T339] bridge0: port 1(bridge_slave_0) entered forwarding state
[   78.054698][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   78.076502][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   78.085148][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   78.093779][  T339] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.101023][  T339] bridge0: port 2(bridge_slave_1) entered forwarding state
[   78.126173][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   78.134687][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   78.143578][  T466] device bridge_slave_1 left promiscuous mode
[   78.150208][  T466] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.159514][  T466] device bridge_slave_0 left promiscuous mode
[   78.166363][  T466] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.225870][   T39] usb 3-1: new full-speed USB device number 9 using dummy_hcd
[   78.243556][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   78.257872][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   78.267532][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   78.275696][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   78.293472][ T1360] device veth0_vlan entered promiscuous mode
[   78.314841][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   78.328362][ T1360] device veth1_macvtap entered promiscuous mode
[   78.351673][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   78.361024][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   78.381726][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   78.390779][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   78.407771][   T39] usb 3-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30
[   78.429836][   T28] audit: type=1400 audit(1769189725.721:501): avc:  denied  { mount } for  pid=1360 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[   78.498205][   T39] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[   78.518694][   T39] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255
[   78.597169][   T39] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   78.618499][   T39] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[   78.634782][   T39] usb 3-1: SerialNumber: syz
[   79.456547][   T39] cdc_acm 3-1:1.0: ttyACM0: USB ACM device
[   80.261660][   T39] usb 3-1: USB disconnect, device number 9
[   81.392189][ T1114] usb 6-1: USB disconnect, device number 9
[   81.535969][ T1391] netlink: 27 bytes leftover after parsing attributes in process `syz.7.323'.
[   81.624303][ T1412] binder: BINDER_SET_CONTEXT_MGR already set
[   81.637499][ T1412] binder: 1407:1412 ioctl 4018620d 200000000040 returned -16
[   81.653224][ T1412] binder: 1407:1412 ioctl 5427 0 returned -22
[   81.684452][   T28] audit: type=1400 audit(1769189728.971:502): avc:  denied  { wake_alarm } for  pid=1417 comm="syz.7.332" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   81.777537][ T1426] binder: 1419:1426 ioctl 5427 0 returned -22
[   81.777899][  T466] device bridge_slave_1 left promiscuous mode
[   81.790002][  T466] bridge0: port 2(bridge_slave_1) entered disabled state
[   81.790377][ T1426] binder: 1419:1426 ioctl c0306201 200000000240 returned -11
[   81.798040][ T1114] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[   81.814643][  T466] device bridge_slave_0 left promiscuous mode
[   81.821572][  T466] bridge0: port 1(bridge_slave_0) entered disabled state
[   81.835356][  T466] device veth1_macvtap left promiscuous mode
[   81.841683][  T466] device veth0_vlan left promiscuous mode
[   81.885358][   T60] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[   81.971196][ T1427] netlink: 20 bytes leftover after parsing attributes in process `syz.8.335'.
[   81.996722][ T1114] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   82.009046][ T1114] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   82.018514][ T1114] usb 6-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[   82.026576][ T1114] usb 6-1: Product: syz
[   82.030868][ T1114] usb 6-1: SerialNumber: syz
[   82.075253][   T60] usb 7-1: Using ep0 maxpacket: 32
[   82.082469][   T60] usb 7-1: config index 0 descriptor too short (expected 29220, got 36)
[   82.091178][   T60] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[   82.100129][   T60] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81
[   82.109241][   T60] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[   82.119191][   T60] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[   82.129006][   T60] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[   82.142120][   T60] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[   82.151369][   T60] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   82.160518][   T60] usb 7-1: config 0 descriptor??
[   82.237903][ T1396] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   82.252487][ T1396] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   82.268861][ T1431] loop8: detected capacity change from 0 to 256
[   82.275667][ T1431] exfat: Deprecated parameter 'utf8'
[   82.283767][ T1431] exFAT-fs (loop8): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[   82.371418][   T60] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 2 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[   82.384962][   T60] usb 7-1: USB disconnect, device number 2
[   82.393896][   T60] usblp0: removed
[   82.742009][ T1437] netlink: 45349 bytes leftover after parsing attributes in process `syz.8.336'.
[   82.768481][ T1434] netlink: 7 bytes leftover after parsing attributes in process `syz.2.337'.
[   82.779286][ T1440] loop7: detected capacity change from 0 to 512
[   82.803440][ T1440] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback.
[   82.813382][ T1440] ext4 filesystem being mounted at /5/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   82.851344][ T1447] FAULT_INJECTION: forcing a failure.
[   82.851344][ T1447] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   82.871591][ T1440] EXT4-fs (loop7): shut down requested (1)
[   82.878732][ T1447] CPU: 0 PID: 1447 Comm: syz.2.340 Tainted: G        W          syzkaller #0
[   82.887724][ T1447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   82.898346][ T1447] Call Trace:
[   82.901804][ T1447]  <TASK>
[   82.904799][ T1447]  __dump_stack+0x21/0x24
[   82.906459][ T1440] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop7 ino=12
[   82.909170][ T1447]  dump_stack_lvl+0x110/0x170
[   82.909202][ T1447]  ? __cfi_dump_stack_lvl+0x8/0x8
[   82.918655][ T1440] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop7 ino=12
[   82.922696][ T1447]  dump_stack+0x15/0x24
[   82.941043][ T1447]  should_fail_ex+0x3d4/0x520
[   82.945808][ T1447]  should_fail+0xb/0x10
[   82.950036][ T1447]  should_fail_usercopy+0x1a/0x20
[   82.955126][ T1447]  _copy_from_user+0x1e/0xc0
[   82.959761][ T1447]  __se_sys_memfd_create+0x131/0x3b0
[   82.965090][ T1447]  __x64_sys_memfd_create+0x5b/0x70
[   82.970329][ T1447]  x64_sys_call+0x235/0x9a0
[   82.974873][ T1447]  do_syscall_64+0x4c/0xa0
[   82.979414][ T1447]  ? clear_bhb_loop+0x30/0x80
[   82.984137][ T1447]  ? clear_bhb_loop+0x30/0x80
[   82.988860][ T1447]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   82.994813][ T1447] RIP: 0033:0x7f7cc199acb9
[   82.999273][ T1447] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   83.015802][   T60] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[   83.018938][ T1447] RSP: 002b:00007f7cc03f6e08 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[   83.018966][ T1447] RAX: ffffffffffffffda RBX: 00000000000001ed RCX: 00007f7cc199acb9
[   83.043039][ T1447] RDX: 00007f7cc03f6ee0 RSI: 0000000000000000 RDI: 00007f7cc1a0730b
[   83.051042][ T1447] RBP: 0000200000002080 R08: 00000000ffffffff R09: 0000000000000000
[   83.059047][ T1447] R10: 0000000000000001 R11: 0000000000000202 R12: 0000200000000000
[   83.067059][ T1447] R13: 00007f7cc03f6ee0 R14: 00007f7cc03f6ea0 R15: 00002000000003c0
[   83.075068][ T1447]  </TASK>
[   83.160038][ T1445] EXT4-fs (loop7): unmounting filesystem.
[   83.248304][ T1461] binder: 1455:1461 ioctl 5427 0 returned -22
[   83.255053][ T1461] binder: 1455:1461 ioctl c0306201 200000000240 returned -11
[   83.285541][   T60] usb 7-1: Using ep0 maxpacket: 32
[   83.291732][ T1396] netlink: 816 bytes leftover after parsing attributes in process `syz.5.325'.
[   83.302062][   T60] usb 7-1: config index 0 descriptor too short (expected 29220, got 36)
[   83.311119][   T60] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[   83.320591][   T60] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81
[   83.330167][   T60] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[   83.340317][   T60] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[   83.351430][ T1463] binder: BINDER_SET_CONTEXT_MGR already set
[   83.357451][ T1463] binder: 1460:1463 ioctl 4018620d 200000000040 returned -16
[   83.365278][ T1114] cdc_ncm 6-1:1.0: failed to get mac address
[   83.371493][   T60] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[   83.384757][ T1114] cdc_ncm 6-1:1.0: bind() failure
[   83.391723][ T1463] binder: 1460:1463 ioctl 5427 0 returned -22
[   83.392040][   T60] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[   83.392232][ T1114] cdc_ncm: probe of 6-1:1.1 failed with error -71
[   83.414007][   T60] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   83.414558][ T1463] binder: 1460:1463 ioctl c0306201 200000000240 returned -11
[   83.425884][   T60] usb 7-1: config 0 descriptor??
[   83.435431][ T1114] cdc_mbim: probe of 6-1:1.1 failed with error -71
[   83.450916][ T1114] usb 6-1: USB disconnect, device number 10
[   83.519138][ T1464] bridge0: port 1(bridge_slave_0) entered blocking state
[   83.526850][ T1464] bridge0: port 1(bridge_slave_0) entered disabled state
[   83.534898][ T1464] device bridge_slave_0 entered promiscuous mode
[   83.542298][ T1464] bridge0: port 2(bridge_slave_1) entered blocking state
[   83.549696][ T1464] bridge0: port 2(bridge_slave_1) entered disabled state
[   83.557859][ T1464] device bridge_slave_1 entered promiscuous mode
[   83.635914][ T1464] bridge0: port 2(bridge_slave_1) entered blocking state
[   83.643077][ T1464] bridge0: port 2(bridge_slave_1) entered forwarding state
[   83.650435][ T1464] bridge0: port 1(bridge_slave_0) entered blocking state
[   83.653459][   T60] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 3 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[   83.657554][ T1464] bridge0: port 1(bridge_slave_0) entered forwarding state
[   83.691128][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   83.699257][  T334] bridge0: port 1(bridge_slave_0) entered disabled state
[   83.706891][  T334] bridge0: port 2(bridge_slave_1) entered disabled state
[   83.722087][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   83.730786][  T334] bridge0: port 1(bridge_slave_0) entered blocking state
[   83.737884][  T334] bridge0: port 1(bridge_slave_0) entered forwarding state
[   83.745261][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   83.753716][  T334] bridge0: port 2(bridge_slave_1) entered blocking state
[   83.760849][  T334] bridge0: port 2(bridge_slave_1) entered forwarding state
[   83.778926][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   83.787047][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   83.803385][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   83.815906][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   83.824571][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   83.832624][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   83.844740][ T1464] device veth0_vlan entered promiscuous mode
[   83.857606][  T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   83.867989][ T1464] device veth1_macvtap entered promiscuous mode
[   83.874893][   T28] audit: type=1400 audit(1769189731.113:503): avc:  denied  { read write } for  pid=1410 comm="syz.6.331" name="lp0" dev="devtmpfs" ino=894 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1
[   83.880354][   T39] usb 7-1: USB disconnect, device number 3
[   83.916697][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   83.926104][   T28] audit: type=1400 audit(1769189731.113:504): avc:  denied  { open } for  pid=1410 comm="syz.6.331" path="/dev/usb/lp0" dev="devtmpfs" ino=894 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1
[   83.926177][   T39] usblp0: removed
[   83.958101][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   84.031482][ T1480] binder: 1474:1480 ioctl 5427 0 returned -22
[   84.038850][ T1480] binder: 1474:1480 ioctl c0306201 200000000240 returned -11
[   84.113417][ T1484] loop8: detected capacity change from 0 to 512
[   84.133197][ T1484] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[   84.142831][ T1484] ext4 filesystem being mounted at /6/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   84.188088][ T1484] EXT4-fs (loop8): shut down requested (1)
[   84.194879][ T1484] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop8 ino=12
[   84.203871][ T1484] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop8 ino=12
[   84.249120][  T466] device bridge_slave_1 left promiscuous mode
[   84.260038][  T466] bridge0: port 2(bridge_slave_1) entered disabled state
[   84.270432][ T1500] loop9: detected capacity change from 0 to 512
[   84.277416][ T1493] EXT4-fs (loop8): unmounting filesystem.
[   84.280951][  T466] device bridge_slave_0 left promiscuous mode
[   84.291129][ T1500] EXT4-fs (loop9): feature flags set on rev 0 fs, running e2fsck is recommended
[   84.301411][  T466] bridge0: port 1(bridge_slave_0) entered disabled state
[   84.305101][ T1500] EXT4-fs (loop9): mounting ext2 file system using the ext4 subsystem
[   84.322720][  T466] device veth1_macvtap left promiscuous mode
[   84.331697][  T466] device veth0_vlan left promiscuous mode
[   84.362160][ T1500] EXT4-fs (loop9): warning: mounting unchecked fs, running e2fsck is recommended
[   84.395687][ T1500] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006]
[   84.422123][ T1500] System zones: 0-2, 18-18, 34-35
[   84.433744][ T1500] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: none.
[   85.035091][ T1516] binder: 1514:1516 ioctl 5427 0 returned -22
[   85.049762][ T1516] binder: 1514:1516 ioctl c0306201 200000000240 returned -11
[   85.211546][ T1464] EXT4-fs (loop9): unmounting filesystem.
[   85.327929][ T1513] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.335263][ T1513] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.361164][ T1513] device bridge_slave_0 entered promiscuous mode
[   85.374284][ T1513] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.387156][ T1513] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.404793][ T1513] device bridge_slave_1 entered promiscuous mode
[   85.501867][ T1513] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.509220][ T1513] bridge0: port 2(bridge_slave_1) entered forwarding state
[   85.516955][ T1513] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.524055][ T1513] bridge0: port 1(bridge_slave_0) entered forwarding state
[   85.689872][ T1537] netlink: 12 bytes leftover after parsing attributes in process `syz.9.366'.
[   85.865956][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   85.879430][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.888439][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.910088][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   85.920216][   T43] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.927344][   T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[   85.936286][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   85.945138][   T43] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.952262][   T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[   85.970411][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   85.993680][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   86.012102][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   86.037499][ T1513] device veth0_vlan entered promiscuous mode
[   86.046379][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   86.065387][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   86.080832][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   86.107274][ T1513] device veth1_macvtap entered promiscuous mode
[   86.124320][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   86.149018][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   86.164333][  T339] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   86.448301][ T1547] /dev/loop2: Can't open blockdev
[   86.505575][  T466] device bridge_slave_1 left promiscuous mode
[   86.513050][  T466] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.529661][  T466] device bridge_slave_0 left promiscuous mode
[   86.543713][  T466] bridge0: port 1(bridge_slave_0) entered disabled state
[   86.561897][  T466] device veth1_macvtap left promiscuous mode
[   86.575171][  T466] device veth0_vlan left promiscuous mode
[   86.802137][ T1543] loop6: detected capacity change from 0 to 131072
[   86.832798][ T1543] F2FS-fs (loop6): invalid crc value
[   86.866465][ T1543] F2FS-fs (loop6): Found nat_bits in checkpoint
[   86.917318][ T1543] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e4
[   86.918256][ T1565] xt_hashlimit: max too large, truncated to 1048576
[   86.940482][   T28] audit: type=1400 audit(1769189733.974:505): avc:  denied  { rename } for  pid=1542 comm="syz.6.368" name="file1" dev="loop6" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   86.987824][   T28] audit: type=1400 audit(1769189734.030:506): avc:  denied  { create } for  pid=1542 comm="syz.6.368" name="blkio.bfq.time" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   87.049894][   T28] audit: type=1400 audit(1769189734.030:507): avc:  denied  { read append open } for  pid=1542 comm="syz.6.368" path="/10/file1/blkio.bfq.time" dev="loop6" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   87.353407][ T1568] loop5: detected capacity change from 0 to 40427
[   87.376070][ T1568] F2FS-fs (loop5): Invalid log_blocksize (64), supports only 12
[   87.385388][ T1568] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[   87.419536][ T1568] F2FS-fs (loop5): invalid crc value
[   87.517582][ T1568] F2FS-fs (loop5): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109)
[   87.547281][ T1568] F2FS-fs (loop5): Start checkpoint disabled!
[   87.554245][ T1568] F2FS-fs (loop5): f2fs_disable_checkpoint() finish, err:0
[   87.584545][ T1114] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[   87.621842][ T1593] netlink: 45349 bytes leftover after parsing attributes in process `syz.2.383'.
[   87.660869][ T1568] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[   87.704054][ T1568] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[   87.776975][ T1114] usb 10-1: Using ep0 maxpacket: 16
[   87.795936][ T1114] usb 10-1: unable to get BOS descriptor or descriptor too short
[   87.913840][   T28] audit: type=1400 audit(1769189734.891:508): avc:  denied  { write } for  pid=1567 comm="syz.5.376" name="bus" dev="loop5" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   87.924293][ T1114] usb 10-1: config index 0 descriptor too short (expected 59463, got 71)
[   87.948691][  T334] kworker/u4:3: attempt to access beyond end of device
[   87.948691][  T334] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   87.970691][ T1114] usb 10-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config
[   87.993087][ T1114] usb 10-1: New USB device found, idVendor=0586, idProduct=401a, bcdDevice=1f.39
[   88.012277][ T1114] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   88.021605][ T1114] usb 10-1: Product: syz
[   88.032737][ T1114] usb 10-1: Manufacturer: syz
[   88.041010][ T1114] usb 10-1: SerialNumber: syz
[   88.168435][ T1601] netlink: 'syz.5.386': attribute type 4 has an invalid length.
[   88.176405][ T1601] netlink: 3657 bytes leftover after parsing attributes in process `syz.5.386'.
[   88.205631][ T1603] loop5: detected capacity change from 0 to 512
[   88.265066][ T1114] rtl8150 10-1:7.0: couldn't find required endpoints
[   88.273133][ T1114] rtl8150: probe of 10-1:7.0 failed with error -5
[   88.282419][ T1114] usb 10-1: USB disconnect, device number 2
[   88.345719][ T1615] netlink: 'syz.2.391': attribute type 16 has an invalid length.
[   88.354125][ T1615] netlink: 'syz.2.391': attribute type 17 has an invalid length.
[   88.377181][ T1615] bridge0: port 2(bridge_slave_1) entered disabled state
[   88.384474][ T1615] bridge0: port 1(bridge_slave_0) entered disabled state
[   88.782256][ T1043] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[   88.830294][ T1623] loop4: detected capacity change from 0 to 256
[   88.846193][ T1623] exfat: Deprecated parameter 'utf8'
[   88.853424][ T1625] netlink: 4 bytes leftover after parsing attributes in process `syz.9.395'.
[   88.866798][ T1623] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[   89.083907][ T1043] usb 7-1: config index 0 descriptor too short (expected 39, got 27)
[   89.126160][ T1628] netlink: 45349 bytes leftover after parsing attributes in process `syz.4.394'.
[   89.170570][ T1043] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[   89.422662][ T1043] usb 7-1: config 0 interface 0 has no altsetting 0
[   89.439237][ T1043] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[   89.448804][ T1043] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[   89.459695][ T1043] usb 7-1: Product: syz
[   89.464062][ T1043] usb 7-1: Manufacturer: syz
[   89.469247][ T1043] usb 7-1: SerialNumber: syz
[   89.481476][ T1043] usb 7-1: config 0 descriptor??
[   89.492829][ T1043] hub 7-1:0.0: bad descriptor, ignoring hub
[   89.518868][ T1043] hub: probe of 7-1:0.0 failed with error -5
[   89.527148][ T1043] usb 7-1: selecting invalid altsetting 0
[   89.574970][ T1637] netlink: 36 bytes leftover after parsing attributes in process `syz.9.398'.
[   89.591964][ T1637] bridge0: port 2(bridge_slave_1) entered disabled state
[   89.599302][ T1637] bridge0: port 1(bridge_slave_0) entered disabled state
[   89.615248][ T1633] loop5: detected capacity change from 0 to 2048
[   89.693890][ T1633] netlink: 7 bytes leftover after parsing attributes in process `syz.5.397'.
[   89.819772][ T1646] loop4: detected capacity change from 0 to 16
[   89.830869][ T1043] usb 7-1: USB disconnect, device number 4
[   89.833911][ T1646] erofs: Unknown parameter 'erofs'
[   89.854709][   T28] audit: type=1400 audit(1769189736.705:509): avc:  denied  { map } for  pid=1645 comm="syz.4.402" path="/5/file2" dev="tmpfs" ino=45 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   89.935665][ T1648] netlink: 45349 bytes leftover after parsing attributes in process `syz.2.401'.
[   89.945269][ T1648] 0ªX¹¦Dö»: renamed from gretap0
[   90.716020][ T1660] xt_CONNSECMARK: invalid mode: 66
[   90.910285][   T19] usb 3-1: new full-speed USB device number 10 using dummy_hcd
[   91.114586][   T19] usb 3-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30
[   91.135610][   T19] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 255
[   91.178195][   T19] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   91.197859][   T19] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[   91.215999][   T19] usb 3-1: SerialNumber: syz
[   91.229977][   T19] cdc_acm 3-1:1.0: Control and data interfaces are not separated!
[   91.262048][   T19] cdc_acm 3-1:1.0: This needs exactly 3 endpoints
[   91.274438][   T19] cdc_acm: probe of 3-1:1.0 failed with error -22
[   91.450368][   T19] usb 3-1: USB disconnect, device number 10
[   91.618944][ T1676] loop6: detected capacity change from 0 to 512
[   91.744154][ T1676] EXT4-fs warning (device loop6): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[   91.766795][ T1676] EXT4-fs warning (device loop6): dx_probe:881: Enable large directory feature to access it
[   91.782952][ T1676] EXT4-fs warning (device loop6): dx_probe:966: inode #2: comm syz.6.411: Corrupt directory, running e2fsck is recommended
[   91.807713][ T1676] EXT4-fs (loop6): Cannot turn on journaled quota: type 1: error -117
[   91.819659][ T1676] EXT4-fs error (device loop6): ext4_xattr_ibody_find:2196: inode #15: comm syz.6.411: corrupted in-inode xattr
[   91.837366][ T1676] EXT4-fs error (device loop6): ext4_orphan_get:1405: comm syz.6.411: couldn't read orphan inode 15 (err -117)
[   91.853524][ T1676] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[   91.881903][ T1676] EXT4-fs warning (device loop6): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[   91.893575][ T1676] EXT4-fs warning (device loop6): dx_probe:881: Enable large directory feature to access it
[   91.903882][ T1676] EXT4-fs warning (device loop6): dx_probe:966: inode #2: comm syz.6.411: Corrupt directory, running e2fsck is recommended
[   91.917365][ T1676] EXT4-fs error (device loop6): ext4_readdir:263: inode #2: block 3: comm syz.6.411: path /14/file0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4294967295, rec_len=17, size=1024 fake=0
[   91.938702][ T1676] EXT4-fs error (device loop6): ext4_readdir:263: inode #2: block 8: comm syz.6.411: path /14/file0: bad entry in directory: inode out of bounds - offset=0, inode=16810477, rec_len=1024, size=1024 fake=0
[   92.033733][ T1320] EXT4-fs (loop6): unmounting filesystem.
[   92.061436][ T1684] xt_hashlimit: size too large, truncated to 1048576
[   92.114049][ T1687] FAULT_INJECTION: forcing a failure.
[   92.114049][ T1687] name failslab, interval 1, probability 0, space 0, times 0
[   92.159227][ T1687] CPU: 0 PID: 1687 Comm: syz.6.413 Tainted: G        W          syzkaller #0
[   92.168062][ T1687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   92.178242][ T1687] Call Trace:
[   92.181558][ T1687]  <TASK>
[   92.184530][ T1687]  __dump_stack+0x21/0x24
[   92.188907][ T1687]  dump_stack_lvl+0x110/0x170
[   92.193707][ T1687]  ? __cfi_dump_stack_lvl+0x8/0x8
[   92.198778][ T1687]  ? kernel_text_address+0xa0/0xd0
[   92.203933][ T1687]  dump_stack+0x15/0x24
[   92.208225][ T1687]  should_fail_ex+0x3d4/0x520
[   92.213034][ T1687]  __should_failslab+0xac/0xf0
[   92.217848][ T1687]  should_failslab+0x9/0x20
[   92.222474][ T1687]  kmem_cache_alloc_node+0x42/0x340
[   92.227717][ T1687]  ? __alloc_skb+0xea/0x4b0
[   92.232343][ T1687]  __alloc_skb+0xea/0x4b0
[   92.236702][ T1687]  __ip6_append_data+0x2912/0x3a50
[   92.241874][ T1687]  ? __cfi_raw6_getfrag+0x10/0x10
[   92.246954][ T1687]  ? ip6_setup_cork+0x10a0/0x10a0
[   92.252126][ T1687]  ? __kasan_check_read+0x11/0x20
[   92.257282][ T1687]  ? ip6_setup_cork+0xb1d/0x10a0
[   92.262380][ T1687]  ip6_append_data+0x1e8/0x400
[   92.267353][ T1687]  ? __cfi_raw6_getfrag+0x10/0x10
[   92.272434][ T1687]  rawv6_sendmsg+0x11f3/0x16d0
[   92.277254][ T1687]  ? __cfi_avc_has_perm+0x10/0x10
[   92.282497][ T1687]  ? __cfi_rawv6_sendmsg+0x10/0x10
[   92.287761][ T1687]  ? selinux_socket_sendmsg+0x22f/0x340
[   92.293455][ T1687]  ? inet_send_prepare+0x60/0x4d0
[   92.298535][ T1687]  inet_sendmsg+0xb6/0xd0
[   92.302945][ T1687]  sock_write_iter+0x2ee/0x3f0
[   92.307779][ T1687]  ? __cfi_sock_write_iter+0x10/0x10
[   92.313153][ T1687]  ? fsnotify_perm+0x67/0x5b0
[   92.317890][ T1687]  ? security_file_permission+0x8a/0xb0
[   92.323532][ T1687]  do_iter_write+0x665/0xb40
[   92.328174][ T1687]  ? _copy_from_user+0x8f/0xc0
[   92.333067][ T1687]  ? vfs_iter_write+0xa0/0xa0
[   92.337773][ T1687]  ? import_iovec+0x7c/0xb0
[   92.342320][ T1687]  vfs_writev+0x339/0x5f0
[   92.346682][ T1687]  ? do_writev+0x2c0/0x2c0
[   92.351128][ T1687]  ? vfs_write+0xa2c/0xce0
[   92.355635][ T1687]  ? __fdget_pos+0x1f2/0x380
[   92.360347][ T1687]  ? do_writev+0x76/0x2c0
[   92.364713][ T1687]  do_writev+0x14e/0x2c0
[   92.369069][ T1687]  ? do_readv+0x450/0x450
[   92.373450][ T1687]  ? debug_smp_processor_id+0x17/0x20
[   92.378855][ T1687]  __x64_sys_writev+0x7d/0x90
[   92.383569][ T1687]  x64_sys_call+0xad/0x9a0
[   92.388017][ T1687]  do_syscall_64+0x4c/0xa0
[   92.392481][ T1687]  ? clear_bhb_loop+0x30/0x80
[   92.397194][ T1687]  ? clear_bhb_loop+0x30/0x80
[   92.401907][ T1687]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   92.407886][ T1687] RIP: 0033:0x7f696af9acb9
[   92.412344][ T1687] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   92.432075][ T1687] RSP: 002b:00007f696be22028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   92.440537][ T1687] RAX: ffffffffffffffda RBX: 00007f696b216090 RCX: 00007f696af9acb9
[   92.448560][ T1687] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 0000000000000003
[   92.456646][ T1687] RBP: 00007f696be22090 R08: 0000000000000000 R09: 0000000000000000
[   92.464769][ T1687] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   92.472762][ T1687] R13: 00007f696b216128 R14: 00007f696b216090 R15: 00007ffdde10b408
[   92.480768][ T1687]  </TASK>
[   92.487281][ T1692] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=1692 comm=syz.5.415
[   92.500268][ T1692] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=1692 comm=syz.5.415
[  104.329540][   T28] audit: type=1400 audit(1769189750.236:510): avc:  denied  { mount } for  pid=1713 comm="syz.4.423" name="/" dev="configfs" ino=12949 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[  104.376062][ T1714] loop4: detected capacity change from 0 to 512
[  104.419966][   T28] audit: type=1400 audit(1769189750.236:511): avc:  denied  { search } for  pid=1713 comm="syz.4.423" name="/" dev="configfs" ino=12949 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  104.459770][ T1715] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  104.525441][   T28] audit: type=1400 audit(1769189750.236:512): avc:  denied  { read } for  pid=1713 comm="syz.4.423" name="/" dev="configfs" ino=12949 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  104.532216][ T1725] loop6: detected capacity change from 0 to 2048
[  104.559719][ T1726] netlink: 28 bytes leftover after parsing attributes in process `syz.9.422'.
[  104.638289][   T28] audit: type=1400 audit(1769189750.236:513): avc:  denied  { open } for  pid=1713 comm="syz.4.423" path="/" dev="configfs" ino=12949 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  104.769961][ T1725] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  104.798194][   T28] audit: type=1400 audit(1769189750.320:514): avc:  denied  { write } for  pid=1713 comm="syz.4.423" name="/" dev="configfs" ino=12949 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  104.889568][ T1320] EXT4-fs (loop6): unmounting filesystem.
[  105.004370][ T1706] loop5: detected capacity change from 0 to 40427
[  105.050225][   T10] Bluetooth: hci0: Frame reassembly failed (-84)
[  105.061934][ T1706] F2FS-fs (loop5): invalid crc value
[  105.131834][ T1706] F2FS-fs (loop5): Found nat_bits in checkpoint
[  105.141625][ T1746] loop6: detected capacity change from 0 to 512
[  105.149718][ T1747] loop9: detected capacity change from 0 to 256
[  105.255099][ T1748] bridge0: port 3(vlan2) entered blocking state
[  105.261529][ T1748] bridge0: port 3(vlan2) entered disabled state
[  105.301511][ T1747] FAT-fs (loop9): Directory bread(block 64) failed
[  105.319242][ T1706] F2FS-fs (loop5): Start checkpoint disabled!
[  105.385931][ T1747] FAT-fs (loop9): Directory bread(block 65) failed
[  105.406924][ T1746] EXT4-fs error (device loop6): ext4_free_branches:1030: inode #11: comm syz.6.431: invalid indirect mapped block 256 (level 2)
[  105.439341][ T1706] F2FS-fs (loop5): f2fs_disable_checkpoint() finish, err:0
[  105.489789][ T1747] FAT-fs (loop9): Directory bread(block 66) failed
[  105.529681][ T1746] EXT4-fs (loop6): 2 truncates cleaned up
[  105.534803][ T1747] FAT-fs (loop9): Directory bread(block 67) failed
[  105.535596][ T1746] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  105.543121][ T1747] FAT-fs (loop9): Directory bread(block 68) failed
[  105.558003][ T1747] FAT-fs (loop9): Directory bread(block 69) failed
[  105.561407][ T1706] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  105.592279][ T1747] FAT-fs (loop9): Directory bread(block 70) failed
[  105.602430][ T1747] FAT-fs (loop9): Directory bread(block 71) failed
[  105.609224][ T1747] FAT-fs (loop9): Directory bread(block 72) failed
[  105.615919][ T1747] FAT-fs (loop9): Directory bread(block 73) failed
[  105.754438][   T28] audit: type=1326 audit(1769189751.573:515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1741 comm="syz.9.430" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7faaad99acb9 code=0x0
[  105.833174][ T1758] IPv6: NLM_F_REPLACE set, but no existing node found!
[  106.130653][ T1760] netlink: 40 bytes leftover after parsing attributes in process `syz.9.430'.
[  106.181329][ T1706] loop5: detected capacity change from 0 to 4096
[  106.200815][ T1706] EXT4-fs (loop5): Test dummy encryption mode enabled
[  106.212389][ T1320] EXT4-fs (loop6): unmounting filesystem.
[  106.218582][   T28] audit: type=1400 audit(1769189752.013:516): avc:  denied  { create } for  pid=1753 comm="syz.2.432" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  106.273376][ T1706] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c01c, mo2=0003]
[  106.284183][ T1706] System zones: 0-5
[  106.294702][ T1706] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  106.352614][ T1706] EXT4-fs (loop5): unmounting filesystem.
[  106.379363][ T1768] loop6: detected capacity change from 0 to 256
[  106.399731][ T1768] exfat: Deprecated parameter 'utf8'
[  106.472388][ T1771] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  106.713164][ T1768] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[  106.868862][ T1772] binder: 1769:1772 ioctl 5427 0 returned -22
[  107.499904][ T1150] Bluetooth: hci0: command 0x1003 tx timeout
[  107.620102][   T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  107.626965][ T1742] Bluetooth: hci0: Opcode 0x080f failed: -22
[  107.785399][ T1780] netlink: 45349 bytes leftover after parsing attributes in process `syz.6.434'.
[  108.049699][ T1781] netlink: 12 bytes leftover after parsing attributes in process `syz.5.436'.
[  108.806477][   T28] audit: type=1400 audit(1769189754.425:517): avc:  denied  { setattr } for  pid=1776 comm="syz.4.437" name="net" dev="proc" ino=24201 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  108.830611][ T1788] binder: BINDER_SET_CONTEXT_MGR already set
[  108.843853][ T1788] binder: 1783:1788 ioctl 4018620d 200000000040 returned -16
[  108.875618][ T1788] binder: 1783:1788 ioctl 5427 0 returned -22
[  108.887940][ T1788] binder: 1783:1788 ioctl c0306201 200000000240 returned -11
[  108.910575][ T1794] netlink: 45349 bytes leftover after parsing attributes in process `syz.2.439'.
[  109.006645][   T28] audit: type=1400 audit(1769189754.612:518): avc:  denied  { getopt } for  pid=1791 comm="syz.5.440" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  109.241875][ T1800] loop5: detected capacity change from 0 to 512
[  109.250921][ T1800] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  109.260111][ T1800] EXT4-fs (loop5): mounting ext2 file system using the ext4 subsystem
[  109.276883][ T1797] kvm: vcpu 0: requested 148514 ns lapic timer period limited to 200000 ns
[  109.285627][ T1797] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (200000 ns). Using initial count to start timer.
[  109.309282][ T1800] EXT4-fs (loop5): warning: mounting unchecked fs, running e2fsck is recommended
[  109.318988][ T1800] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006]
[  109.327341][ T1800] System zones: 0-2, 18-18, 34-35
[  109.333213][ T1800] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  109.443724][ T1805] loop4: detected capacity change from 0 to 256
[  109.450403][ T1805] exfat: Deprecated parameter 'utf8'
[  109.458993][ T1805] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[  110.266460][  T428] EXT4-fs (loop5): unmounting filesystem.
[  110.316279][ T1810] netlink: 45349 bytes leftover after parsing attributes in process `syz.4.444'.
[  110.572739][ T1812] xt_hashlimit: size too large, truncated to 1048576
[  110.620933][ T1114] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  110.712214][ T1819] loop5: detected capacity change from 0 to 256
[  110.745076][   T28] audit: type=1400 audit(1769189756.239:519): avc:  denied  { write } for  pid=1818 comm="syz.5.449" name="ptp0" dev="devtmpfs" ino=264 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  110.804724][ T1823] loop4: detected capacity change from 0 to 1024
[  110.820657][ T1830] loop5: detected capacity change from 0 to 512
[  110.831589][ T1823] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  110.863215][ T1830] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  110.875554][ T1114] usb 10-1: Using ep0 maxpacket: 32
[  110.881956][ T1114] usb 10-1: config 0 has an invalid interface number: 188 but max is 0
[  110.909545][ T1833] loop6: detected capacity change from 0 to 4096
[  110.946655][ T1833] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  110.960187][ T1823] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  110.971023][ T1114] usb 10-1: config 0 has no interface number 0
[  110.987251][ T1823] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters
[  111.011336][ T1114] usb 10-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  111.041177][ T1114] usb 10-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  111.050963][   T28] audit: type=1400 audit(1769189756.529:520): avc:  denied  { setopt } for  pid=1829 comm="syz.5.453" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  111.079313][   T28] audit: type=1400 audit(1769189756.548:521): avc:  denied  { bind } for  pid=1829 comm="syz.5.453" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  111.116793][ T1114] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  111.244007][ T1114] usb 10-1: Product: syz
[  111.329448][ T1513] EXT4-fs (loop4): unmounting filesystem.
[  111.337215][ T1114] usb 10-1: Manufacturer: syz
[  111.398285][ T1114] usb 10-1: SerialNumber: syz
[  111.449258][ T1114] usb 10-1: config 0 descriptor??
[  111.459797][ T1808] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[  111.690501][ T1808] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[  111.747522][  T428] EXT4-fs (loop5): unmounting filesystem.
[  111.753483][ T1043] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  111.837529][ T1856] binder_alloc: 1853: binder_alloc_buf, no vma
[  111.944949][ T1043] usb 7-1: Using ep0 maxpacket: 16
[  111.951522][ T1043] usb 7-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  111.961149][ T1043] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  111.971666][ T1043] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  111.982437][ T1043] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  111.991784][ T1043] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  112.000116][ T1043] usb 7-1: Product: syz
[  112.004466][ T1043] usb 7-1: Manufacturer: syz
[  112.009578][ T1043] usb 7-1: SerialNumber: syz
[  112.133096][ T1114] asix 10-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[  112.143532][ T1114] asix: probe of 10-1:0.188 failed with error -61
[  112.350507][ T1114] usb 10-1: USB disconnect, device number 3
[  112.479798][ T1043] usb 7-1: 0:2 : does not exist
[  112.489724][ T1861] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3482940618 (6965881236 ns) > initial count (504378442 ns). Using initial count to start timer.
[  112.508094][ T1861] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3427436378 (27419491024 ns) > initial count (14888765632 ns). Using initial count to start timer.
[  112.743101][ T1873] loop5: detected capacity change from 0 to 1024
[  112.751437][ T1873] EXT4-fs: Ignoring removed nobh option
[  112.757102][ T1873] EXT4-fs: Ignoring removed bh option
[  112.781420][ T1873] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  112.996120][ T1878] loop9: detected capacity change from 0 to 2048
[  113.015275][ T1878] netlink: 7 bytes leftover after parsing attributes in process `syz.9.465'.
[  113.042222][ T1883] FAULT_INJECTION: forcing a failure.
[  113.042222][ T1883] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  113.055610][ T1883] CPU: 0 PID: 1883 Comm: syz.9.466 Tainted: G        W          syzkaller #0
[  113.064422][ T1883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  113.075204][ T1883] Call Trace:
[  113.078515][ T1883]  <TASK>
[  113.081468][ T1883]  __dump_stack+0x21/0x24
[  113.085931][ T1883]  dump_stack_lvl+0x110/0x170
[  113.090647][ T1883]  ? __cfi_dump_stack_lvl+0x8/0x8
[  113.095723][ T1883]  ? vfs_write+0x603/0xce0
[  113.100178][ T1883]  ? ksys_write+0x149/0x250
[  113.104722][ T1883]  dump_stack+0x15/0x24
[  113.109012][ T1883]  should_fail_ex+0x3d4/0x520
[  113.113733][ T1883]  should_fail_alloc_page+0x61/0x90
[  113.118977][ T1883]  prepare_alloc_pages+0x148/0x600
[  113.124134][ T1883]  ? __alloc_pages_bulk+0x9c0/0x9c0
[  113.129378][ T1883]  __alloc_pages+0x13a/0x480
[  113.134027][ T1883]  ? alloc_skb_with_frags+0xa8/0x620
[  113.139367][ T1883]  ? __cfi___alloc_pages+0x10/0x10
[  113.144711][ T1883]  ? __alloc_skb+0x2df/0x4b0
[  113.149344][ T1883]  alloc_skb_with_frags+0x20c/0x620
[  113.154621][ T1883]  sock_alloc_send_pskb+0x87f/0x9a0
[  113.159877][ T1883]  ? __cfi_sock_alloc_send_pskb+0x10/0x10
[  113.160364][ T1043] usb 7-1: USB disconnect, device number 5
[  113.165658][ T1883]  ? stack_trace_save+0xa6/0xf0
[  113.165694][ T1883]  ? iov_iter_advance+0x98/0x1b0
[  113.165720][ T1883]  tun_get_user+0xa51/0x3440
[  113.165744][ T1883]  ? _parse_integer+0x2a/0x40
[  113.190703][ T1883]  ? tun_do_read+0x1cf0/0x1cf0
[  113.195512][ T1883]  ? __kasan_check_write+0x14/0x20
[  113.200670][ T1883]  ? ref_tracker_alloc+0x31d/0x4a0
[  113.205917][ T1883]  ? __cfi_ref_tracker_alloc+0x10/0x10
[  113.211606][ T1883]  ? avc_policy_seqno+0x1b/0x70
[  113.216508][ T1883]  ? selinux_file_permission+0x2a5/0x510
[  113.222285][ T1883]  tun_chr_write_iter+0x1fb/0x300
[  113.227383][ T1883]  vfs_write+0x603/0xce0
[  113.231682][ T1883]  ? __cfi_vfs_write+0x10/0x10
[  113.236508][ T1883]  ? __fget_files+0x2d5/0x330
[  113.241231][ T1883]  ? __fdget_pos+0x1f2/0x380
[  113.245950][ T1883]  ? ksys_write+0x71/0x250
[  113.250429][ T1883]  ksys_write+0x149/0x250
[  113.254843][ T1883]  ? __cfi_ksys_write+0x10/0x10
[  113.259826][ T1883]  ? debug_smp_processor_id+0x17/0x20
[  113.265414][ T1883]  __x64_sys_write+0x7b/0x90
[  113.270061][ T1883]  x64_sys_call+0x27b/0x9a0
[  113.274711][ T1883]  do_syscall_64+0x4c/0xa0
[  113.279192][ T1883]  ? clear_bhb_loop+0x30/0x80
[  113.283919][ T1883]  ? clear_bhb_loop+0x30/0x80
[  113.288695][ T1883]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  113.294638][ T1883] RIP: 0033:0x7faaad99acb9
[  113.299069][ T1883] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  113.318703][ T1883] RSP: 002b:00007faaae875028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  113.327237][ T1883] RAX: ffffffffffffffda RBX: 00007faaadc15fa0 RCX: 00007faaad99acb9
[  113.335315][ T1883] RDX: 000000000000fdef RSI: 0000200000000300 RDI: 0000000000000005
[  113.343305][ T1883] RBP: 00007faaae875090 R08: 0000000000000000 R09: 0000000000000000
[  113.351314][ T1883] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  113.359825][ T1883] R13: 00007faaadc16038 R14: 00007faaadc15fa0 R15: 00007ffe0e5cb388
[  113.367818][ T1883]  </TASK>
[  113.461717][ T1885] xt_hashlimit: size too large, truncated to 1048576
[  113.503392][ T1887] loop4: detected capacity change from 0 to 512
[  113.511415][ T1887] EXT4-fs: Ignoring removed nobh option
[  113.583602][ T1887] EXT4-fs (loop4): 1 orphan inode deleted
[  113.590232][ T1887] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  113.673156][  T428] EXT4-fs (loop5): unmounting filesystem.
[  113.734419][ T1320] EXT4-fs (loop6): unmounting filesystem.
[  113.820925][   T28] audit: type=1400 audit(1769189759.120:522): avc:  denied  { sqpoll } for  pid=1905 comm="syz.2.474" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  113.843145][ T1909] binder: BINDER_SET_CONTEXT_MGR already set
[  113.849270][ T1909] binder: 1902:1909 ioctl 4018620d 200000000040 returned -16
[  113.912705][  T342] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  114.000320][ T1915] xt_bpf: check failed: parse error
[  114.169369][ T1043] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  114.198930][    T6] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[  114.309466][  T342] usb 5-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  114.318715][  T342] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  114.327513][  T342] usb 5-1: config 0 descriptor??
[  114.361806][ T1043] usb 3-1: Using ep0 maxpacket: 16
[  114.368489][ T1043] usb 3-1: config index 0 descriptor too short (expected 16456, got 72)
[  114.377154][ T1043] usb 3-1: config 0 has an invalid interface number: 125 but max is 1
[  114.385438][ T1043] usb 3-1: config 0 has an invalid interface number: 125 but max is 1
[  114.393698][ T1043] usb 3-1: config 0 has an invalid interface number: 125 but max is 1
[  114.401996][ T1043] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2
[  114.404648][    T6] usb 10-1: Using ep0 maxpacket: 16
[  114.411083][ T1043] usb 3-1: config 0 has no interface number 0
[  114.419282][    T6] usb 10-1: config 2 has an invalid interface number: 4 but max is 0
[  114.422373][ T1043] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64
[  114.430955][    T6] usb 10-1: config 2 has no interface number 0
[  114.442400][ T1043] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0
[  114.448764][    T6] usb 10-1: config 2 interface 4 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  114.458618][ T1043] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[  114.468500][    T6] usb 10-1: config 2 interface 4 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  114.478369][ T1043] usb 3-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  114.494249][    T6] usb 10-1: New USB device found, idVendor=0499, idProduct=1018, bcdDevice=b2.da
[  114.503860][ T1043] usb 3-1: config 0 interface 125 has no altsetting 0
[  114.514285][    T6] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  114.520061][ T1043] usb 3-1: config 0 interface 125 has no altsetting 2
[  114.528463][    T6] usb 10-1: Product: syz
[  114.538028][ T1043] usb 3-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[  114.539999][    T6] usb 10-1: Manufacturer: syz
[  114.548905][ T1043] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  114.554441][    T6] usb 10-1: SerialNumber: syz
[  114.561888][ T1043] usb 3-1: Product: syz
[  114.570290][ T1043] usb 3-1: Manufacturer: syz
[  114.575002][ T1043] usb 3-1: SerialNumber: syz
[  114.587598][ T1043] usb 3-1: config 0 descriptor??
[  114.598404][    T6] snd-usb-audio: probe of 10-1:2.4 failed with error -2
[  114.612000][ T1718] udevd[1718]: error opening ATTR{/sys/devices/platform/dummy_hcd.9/usb10/10-1/10-1:2.4/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  114.773455][ T1917] loop6: detected capacity change from 0 to 2048
[  114.787227][ T1917] netlink: 7 bytes leftover after parsing attributes in process `syz.6.477'.
[  114.837343][   T28] audit: type=1400 audit(1769189760.064:523): avc:  denied  { block_suspend } for  pid=1910 comm="syz.2.476" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  114.845722][ T1923] loop6: detected capacity change from 0 to 1024
[  114.875636][ T1923] EXT4-fs error (device loop6): ext4_map_blocks:745: inode #3: block 1: comm syz.6.478: lblock 1 mapped to illegal pblock 1 (length 1)
[  114.890609][ T1923] Quota error (device loop6): write_blk: dquota write failed
[  114.900622][ T1923] Quota error (device loop6): qtree_write_dquot: Error -117 occurred while creating quota
[  114.910830][ T1923] EXT4-fs error (device loop6): ext4_acquire_dquot:6796: comm syz.6.478: Failed to acquire dquot type 0
[  114.922459][ T1923] EXT4-fs error (device loop6): ext4_free_blocks:6205: comm syz.6.478: Freeing blocks not in datazone - block = 0, count = 4096
[  114.936229][ T1923] EXT4-fs error (device loop6): ext4_read_inode_bitmap:140: comm syz.6.478: Invalid inode bitmap blk 0 in block_group 0
[  114.939520][   T43] EXT4-fs error (device loop6): ext4_map_blocks:635: inode #3: block 1: comm kworker/u4:2: lblock 1 mapped to illegal pblock 1 (length 1)
[  114.953385][ T1923] EXT4-fs error (device loop6) in ext4_free_inode:362: Corrupt filesystem
[  114.965477][   T43] Quota error (device loop6): remove_tree: Can't read quota data block 1
[  114.972377][ T1923] EXT4-fs (loop6): 1 orphan inode deleted
[  114.981029][   T43] EXT4-fs error (device loop6): ext4_release_dquot:6832: comm kworker/u4:2: Failed to release dquot type 0
[  114.986221][ T1923] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  115.011690][ T1923] xt_bpf: check failed: parse error
[  115.019933][   T28] audit: type=1400 audit(1769189760.242:524): avc:  denied  { lock } for  pid=1920 comm="syz.6.478" path="socket:[25107]" dev="sockfs" ino=25107 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[  115.765869][  T342] usb 5-1: Cannot set autoneg
[  115.771243][  T342] MOSCHIP usb-ethernet driver: probe of 5-1:0.0 failed with error -71
[  115.782712][  T342] usb 5-1: USB disconnect, device number 3
[  115.806026][ T1320] EXT4-fs (loop6): unmounting filesystem.
[  115.811949][   T43] EXT4-fs error (device loop6): ext4_map_blocks:635: inode #3: block 1: comm kworker/u4:2: lblock 1 mapped to illegal pblock 1 (length 1)
[  115.826347][   T43] Quota error (device loop6): remove_tree: Can't read quota data block 1
[  115.834956][   T43] EXT4-fs error (device loop6): ext4_release_dquot:6832: comm kworker/u4:2: Failed to release dquot type 0
[  115.859437][ T1934] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3482940618 (6965881236 ns) > initial count (504378442 ns). Using initial count to start timer.
[  115.888876][ T1934] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3427436378 (27419491024 ns) > initial count (14888765632 ns). Using initial count to start timer.
[  115.942769][ T1938] x_tables: duplicate underflow at hook 1
[  115.981110][ T1942] xt_hashlimit: size too large, truncated to 1048576
[  116.107040][ T1513] EXT4-fs (loop4): unmounting filesystem.
[  116.172492][ T1953] binder_alloc: 1949: binder_alloc_buf, no vma
[  116.439977][ T1956] loop6: detected capacity change from 0 to 2048
[  116.477031][ T1956] netlink: 7 bytes leftover after parsing attributes in process `syz.6.489'.
[  117.046186][    T6] usb 10-1: USB disconnect, device number 4
[  117.084286][ T1966] loop9: detected capacity change from 0 to 512
[  117.120839][ T1966] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode
[  117.175923][ T1966] EXT4-fs warning (device loop9): ext4_expand_extra_isize_ea:2819: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  117.207162][ T1971] loop5: detected capacity change from 0 to 256
[  117.227041][ T1966] EXT4-fs (loop9): 1 truncate cleaned up
[  117.246280][ T1971] exfat: Deprecated parameter 'utf8'
[  117.334706][ T1966] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: none.
[  117.376645][ T1971] exfat: Deprecated parameter 'utf8'
[  117.383649][ T1971] exfat: Deprecated parameter 'utf8'
[  117.395542][ T1971] exFAT-fs (loop5): failed to load upcase table (idx : 0x00011f3f, chksum : 0x96b62a4c, utbl_chksum : 0xe619d30d)
[  117.493658][ T1972] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  118.018796][   T28] kauditd_printk_skb: 71 callbacks suppressed
[  118.018813][   T28] audit: type=1400 audit(1769189763.038:596): avc:  denied  { remove_name } for  pid=1970 comm="syz.5.494" name="file0" dev="loop5" ino=1048683 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  118.056098][ T1976] exFAT-fs (loop5): error, exfat_zeroed_cluster: out of range(sect:224 len:8)
[  118.065089][ T1976] exFAT-fs (loop5): Filesystem has been set read-only
[  118.091344][ T1464] EXT4-fs (loop9): unmounting filesystem.
[  118.127461][ T1702] usb 3-1: USB disconnect, device number 11
[  118.146163][   T28] audit: type=1400 audit(1769189763.038:597): avc:  denied  { rename } for  pid=1970 comm="syz.5.494" name="file0" dev="loop5" ino=1048683 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  118.149303][ T1981] netlink: 'syz.2.497': attribute type 11 has an invalid length.
[  118.310082][ T1985] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3482940618 (6965881236 ns) > initial count (504378442 ns). Using initial count to start timer.
[  118.349627][ T1985] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3427436378 (27419491024 ns) > initial count (14888765632 ns). Using initial count to start timer.
[  118.688463][ T2000] binder_alloc: 1998: binder_alloc_buf, no vma
[  118.695116][ T2000] binder: 1998:2000 ioctl c0306201 200000000240 returned -11
[  119.188525][ T2014] FAULT_INJECTION: forcing a failure.
[  119.188525][ T2014] name failslab, interval 1, probability 0, space 0, times 0
[  119.201986][ T2014] CPU: 1 PID: 2014 Comm: syz.2.508 Tainted: G        W          syzkaller #0
[  119.210838][ T2014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  119.221454][ T2014] Call Trace:
[  119.224768][ T2014]  <TASK>
[  119.227730][ T2014]  __dump_stack+0x21/0x24
[  119.232173][ T2014]  dump_stack_lvl+0x110/0x170
[  119.236894][ T2014]  ? __cfi_dump_stack_lvl+0x8/0x8
[  119.241958][ T2014]  ? 0xffffffffa000094c
[  119.246150][ T2014]  dump_stack+0x15/0x24
[  119.250398][ T2014]  should_fail_ex+0x3d4/0x520
[  119.255130][ T2014]  __should_failslab+0xac/0xf0
[  119.259936][ T2014]  ? kvmalloc_node+0x28a/0x460
[  119.264742][ T2014]  should_failslab+0x9/0x20
[  119.269074][ T2017] loop9: detected capacity change from 0 to 512
[  119.269368][ T2014]  __kmem_cache_alloc_node+0x3d/0x2c0
[  119.281032][ T2014]  ? calc_wheel_index+0xc8/0x8d0
[  119.286014][ T2014]  ? kvmalloc_node+0x28a/0x460
[  119.290820][ T2014]  __kmalloc_node+0xa1/0x1e0
[  119.295471][ T2014]  kvmalloc_node+0x28a/0x460
[  119.300099][ T2014]  ? __cfi_kvmalloc_node+0x10/0x10
[  119.305699][ T2014]  ? enqueue_timer+0x130/0x480
[  119.310515][ T2014]  ? _raw_spin_unlock_irqrestore+0x5a/0x80
[  119.316372][ T2014]  __kvm_mmu_topup_memory_cache+0x35e/0x500
[  119.322306][ T2014]  ? __kasan_check_write+0x14/0x20
[  119.327441][ T2014]  ? mutex_unlock+0x8f/0x230
[  119.332057][ T2014]  kvm_mmu_topup_memory_cache+0x20/0x30
[  119.337629][ T2014]  kvm_mmu_load+0x9c/0x25a0
[  119.342243][ T2014]  ? kvm_hv_setup_tsc_page+0x5f0/0xa80
[  119.347728][ T2014]  ? queue_delayed_work_on+0x10d/0x160
[  119.353226][ T2014]  ? kvm_apic_has_interrupt+0x78f/0x7a0
[  119.358802][ T2014]  vcpu_enter_guest+0x4c9b/0x6f80
[  119.363862][ T2014]  ? __cfi_avc_has_perm+0x10/0x10
[  119.368919][ T2014]  ? pvclock_gtod_update_fn+0x280/0x280
[  119.374497][ T2014]  ? 0xffffffffa000094c
[  119.378700][ T2014]  ? is_bpf_text_address+0x177/0x190
[  119.384013][ T2014]  ? kernel_text_address+0xa0/0xd0
[  119.389151][ T2014]  ? __kernel_text_address+0xd/0x30
[  119.394373][ T2014]  ? unwind_get_return_address+0x4d/0x90
[  119.400035][ T2014]  ? __cfi_stack_trace_consume_entry+0x10/0x10
[  119.406227][ T2014]  ? arch_stack_walk+0xfc/0x150
[  119.411110][ T2014]  ? vmx_vcpu_pi_load+0x144/0x880
[  119.416171][ T2014]  ? __stack_depot_save+0x36/0x480
[  119.421299][ T2014]  ? __cfi_vmx_vcpu_pi_load+0x10/0x10
[  119.426687][ T2014]  ? _parse_integer_limit+0x18a/0x1d0
[  119.432084][ T2014]  ? __asan_set_shadow_00+0xe/0x10
[  119.437221][ T2014]  ? do_vfs_ioctl+0x1b6c/0x1cd0
[  119.442180][ T2014]  ? __this_cpu_preempt_check+0x13/0x20
[  119.447849][ T2014]  ? xfd_validate_state+0x70/0x150
[  119.453072][ T2014]  ? fpu_swap_kvm_fpstate+0x81/0x5d0
[  119.458379][ T2014]  ? __local_bh_enable_ip+0x58/0x80
[  119.463688][ T2014]  ? fpu_swap_kvm_fpstate+0x4ef/0x5d0
[  119.469079][ T2014]  ? fpu_swap_kvm_fpstate+0x81/0x5d0
[  119.474386][ T2014]  kvm_arch_vcpu_ioctl_run+0xec4/0x1fa0
[  119.479994][ T2014]  kvm_vcpu_ioctl+0x8f2/0xc00
[  119.484715][ T2014]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  119.489956][ T2014]  ? selinux_file_ioctl+0x3a0/0x4d0
[  119.495188][ T2014]  ? __cfi_selinux_file_ioctl+0x10/0x10
[  119.500753][ T2014]  ? mutex_unlock+0x8f/0x230
[  119.505371][ T2014]  ? __cfi_mutex_unlock+0x10/0x10
[  119.510438][ T2014]  ? __fget_files+0x2d5/0x330
[  119.515165][ T2014]  ? security_file_ioctl+0x95/0xc0
[  119.520386][ T2014]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  119.525730][ T2014]  __se_sys_ioctl+0x12f/0x1b0
[  119.530498][ T2014]  __x64_sys_ioctl+0x7b/0x90
[  119.535128][ T2014]  x64_sys_call+0x58b/0x9a0
[  119.539669][ T2014]  do_syscall_64+0x4c/0xa0
[  119.544200][ T2014]  ? clear_bhb_loop+0x30/0x80
[  119.548910][ T2014]  ? clear_bhb_loop+0x30/0x80
[  119.553651][ T2014]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  119.559573][ T2014] RIP: 0033:0x7f7cc199acb9
[  119.564360][ T2014] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  119.584069][ T2014] RSP: 002b:00007f7cc03f7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  119.592506][ T2014] RAX: ffffffffffffffda RBX: 00007f7cc1c15fa0 RCX: 00007f7cc199acb9
[  119.600498][ T2014] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  119.608530][ T2014] RBP: 00007f7cc03f7090 R08: 0000000000000000 R09: 0000000000000000
[  119.616555][ T2014] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  119.624660][ T2014] R13: 00007f7cc1c16038 R14: 00007f7cc1c15fa0 R15: 00007fffd86aaea8
[  119.632667][ T2014]  </TASK>
[  119.875408][   T28] audit: type=1400 audit(1769189764.777:598): avc:  denied  { write } for  pid=2028 comm="syz.4.514" path="socket:[25561]" dev="sockfs" ino=25561 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  119.975991][    T6] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  120.101295][ T2039] loop4: detected capacity change from 0 to 2048
[  120.147950][ T1715] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  120.168596][    T6] usb 6-1: Using ep0 maxpacket: 32
[  120.175324][    T6] usb 6-1: config 0 has an invalid interface number: 188 but max is 0
[  120.195369][ T2039] netlink: 7 bytes leftover after parsing attributes in process `syz.4.517'.
[  120.210272][    T6] usb 6-1: config 0 has no interface number 0
[  120.224925][    T6] usb 6-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  120.244267][    T6] usb 6-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  120.272940][    T6] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  120.283204][    T6] usb 6-1: Product: syz
[  120.287629][    T6] usb 6-1: Manufacturer: syz
[  120.295018][    T6] usb 6-1: SerialNumber: syz
[  120.305889][    T6] usb 6-1: config 0 descriptor??
[  120.313550][ T2024] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  120.540242][ T2024] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  120.621040][ T2054] binder_alloc: 2052: binder_alloc_buf, no vma
[  120.630942][ T2054] binder: 2052:2054 ioctl c0306201 200000000240 returned -11
[  120.766516][ T2056] loop6: detected capacity change from 0 to 40427
[  120.770916][    T6] asix 6-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[  120.783485][ T2056] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12
[  120.791667][    T6] asix: probe of 6-1:0.188 failed with error -61
[  120.806410][ T2056] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  120.828030][ T2056] F2FS-fs (loop6): invalid crc value
[  120.846440][ T2056] F2FS-fs (loop6): Found nat_bits in checkpoint
[  120.878864][ T2056] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  120.886226][ T2056] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  120.961384][ T2065] loop9: detected capacity change from 0 to 1024
[  120.969783][ T2065] EXT4-fs: Ignoring removed nobh option
[  120.976190][ T2065] EXT4-fs: Ignoring removed bh option
[  120.987925][ T1702] usb 6-1: USB disconnect, device number 11
[  121.017846][ T2065] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: writeback.
[  121.423035][ T2070] loop6: detected capacity change from 0 to 131072
[  121.566913][ T2082] loop6: detected capacity change from 0 to 4096
[  121.647598][   T60] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  122.446944][ T1464] EXT4-fs (loop9): unmounting filesystem.
[  122.454233][ T2082] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  122.649475][   T60] usb 3-1: Using ep0 maxpacket: 16
[  122.656666][   T60] usb 3-1: config 0 has no interfaces?
[  122.663519][   T60] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  122.785075][   T60] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  122.820126][   T60] usb 3-1: config 0 descriptor??
[  122.980970][ T1043] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  123.044359][   T60] usb 3-1: USB disconnect, device number 12
[  123.109306][ T1114] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  123.184179][ T1043] usb 6-1: Using ep0 maxpacket: 16
[  123.190594][ T1043] usb 6-1: config 0 interface 0 has no altsetting 0
[  123.202100][ T2098] loop4: detected capacity change from 0 to 4096
[  123.208847][ T1043] usb 6-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  123.218593][ T1043] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  123.228228][ T1043] usb 6-1: config 0 descriptor??
[  123.234826][ T2098] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  123.301820][ T1114] usb 7-1: Using ep0 maxpacket: 16
[  123.308461][ T1114] usb 7-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  123.331632][ T1114] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  123.343253][ T1114] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  123.354261][ T1114] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  123.368175][ T1114] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  123.376334][ T1114] usb 7-1: Product: syz
[  123.380724][ T1114] usb 7-1: Manufacturer: syz
[  123.385470][ T1114] usb 7-1: SerialNumber: syz
[  123.697480][    T6] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  123.795515][   T28] audit: type=1400 audit(1769189768.443:599): avc:  denied  { write } for  pid=2104 comm="syz.9.535" name="usbmon4" dev="devtmpfs" ino=171 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  123.832438][ T1114] usb 7-1: 0:2 : does not exist
[  123.900601][    T6] usb 5-1: Using ep0 maxpacket: 16
[  123.907643][    T6] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  123.916678][    T6] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  123.927016][    T6] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  123.946972][    T6] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  123.961641][    T6] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  123.970005][    T6] usb 5-1: Product: syz
[  123.974351][    T6] usb 5-1: Manufacturer: syz
[  123.979550][    T6] usb 5-1: SerialNumber: syz
[  124.272139][ T1114] usb 7-1: 1:0: cannot get min/max values for control 4 (id 1)
[  124.286371][ T1114] usb 7-1: USB disconnect, device number 6
[  124.500168][    T6] usb 5-1: 0:2 : does not exist
[  124.566862][   T28] audit: type=1326 audit(1769189769.163:600): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2110 comm="syz.2.536" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7cc199acb9 code=0x0
[  124.795006][ T1043] usbhid 6-1:0.0: can't add hid device: -71
[  124.801854][ T1043] usbhid: probe of 6-1:0.0 failed with error -71
[  124.811999][ T1043] usb 6-1: USB disconnect, device number 12
[  124.923962][ T1320] EXT4-fs (loop6): unmounting filesystem.
[  125.004353][ T2119] binder_alloc: 2117: binder_alloc_buf, no vma
[  125.011100][ T2119] binder: 2117:2119 ioctl c0306201 200000000240 returned -11
[  125.153420][    T6] usb 5-1: USB disconnect, device number 4
[  125.160440][ T1710] udevd[1710]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  125.387851][ T1715] udevd[1715]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card1/controlC1/../uevent} for writing: No such file or directory
[  125.482389][ T2121] device syzkaller0 entered promiscuous mode
[  125.943561][ T1513] EXT4-fs (loop4): unmounting filesystem.
[  126.552679][  T345] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  126.612747][ T2127] kvm [2126]: vcpu2, guest rIP: 0x9133 Unhandled WRMSR(0x11e) = 0xbe702111
[  126.658633][ T2147] binder: 2145:2147 ioctl c0306201 200000000240 returned -11
[  126.745207][  T345] usb 7-1: Using ep0 maxpacket: 16
[  126.751637][  T345] usb 7-1: config 0 interface 0 has no altsetting 0
[  126.764227][  T345] usb 7-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  126.832488][   T60] usb 10-1: new high-speed USB device number 5 using dummy_hcd
[  126.840312][  T345] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  126.849754][  T345] usb 7-1: config 0 descriptor??
[  127.044666][   T60] usb 10-1: Using ep0 maxpacket: 32
[  127.065125][   T60] usb 10-1: config 0 has an invalid interface number: 188 but max is 0
[  127.196359][   T60] usb 10-1: config 0 has no interface number 0
[  127.202716][   T60] usb 10-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  127.214622][   T60] usb 10-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  127.224058][   T60] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  127.232436][   T60] usb 10-1: Product: syz
[  127.236789][   T60] usb 10-1: Manufacturer: syz
[  127.241801][   T60] usb 10-1: SerialNumber: syz
[  127.251895][   T60] usb 10-1: config 0 descriptor??
[  127.257373][ T2143] raw-gadget.1 gadget.9: fail, usb_ep_enable returned -22
[  127.482455][ T2143] raw-gadget.1 gadget.9: fail, usb_ep_enable returned -22
[  127.563995][ T2159] binder: BINDER_SET_CONTEXT_MGR already set
[  127.570158][ T2159] binder: 2157:2159 ioctl 4018620d 200000000040 returned -16
[  127.579319][    T6] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  127.704370][   T60] asix 10-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[  127.714721][   T60] asix: probe of 10-1:0.188 failed with error -61
[  127.782482][    T6] usb 3-1: Using ep0 maxpacket: 32
[  127.789027][    T6] usb 3-1: config 0 has an invalid interface number: 188 but max is 0
[  127.797507][    T6] usb 3-1: config 0 has no interface number 0
[  127.803707][    T6] usb 3-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  127.815596][    T6] usb 3-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  127.824738][    T6] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  127.832846][    T6] usb 3-1: Product: syz
[  127.837169][    T6] usb 3-1: Manufacturer: syz
[  127.841864][    T6] usb 3-1: SerialNumber: syz
[  127.847445][    T6] usb 3-1: config 0 descriptor??
[  127.852968][ T2156] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  127.920935][ T1702] usb 10-1: USB disconnect, device number 5
[  128.077017][ T2156] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  128.299653][    T6] asix 3-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[  128.310017][    T6] asix: probe of 3-1:0.188 failed with error -61
[  128.416639][ T2166] loop4: detected capacity change from 0 to 256
[  128.423411][ T2166] exfat: Deprecated parameter 'utf8'
[  128.433312][ T2166] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[  128.559589][    T6] usb 3-1: USB disconnect, device number 13
[  128.666929][ T2171] netlink: 45349 bytes leftover after parsing attributes in process `syz.4.554'.
[  128.733084][ T2169] loop9: detected capacity change from 0 to 2048
[  128.840778][ T2169] netlink: 7 bytes leftover after parsing attributes in process `syz.9.555'.
[  128.930666][ T2175] loop9: detected capacity change from 0 to 1024
[  128.954948][ T2175] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: none.
[  128.969841][ T2175] ext4 filesystem being mounted at /36/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  128.982308][ T2175] EXT4-fs error (device loop9): ext4_map_blocks:745: inode #15: comm syz.9.557: lblock 0 mapped to illegal pblock 0 (length 1)
[  128.995892][ T2175] EXT4-fs (loop9): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117
[  129.008456][ T2175] EXT4-fs (loop9): This should not happen!! Data will be lost
[  129.008456][ T2175] 
[  129.138082][ T1464] EXT4-fs (loop9): unmounting filesystem.
[  129.203423][  T345] usbhid 7-1:0.0: can't add hid device: -71
[  129.212916][  T345] usbhid: probe of 7-1:0.0 failed with error -71
[  129.225969][  T345] usb 7-1: USB disconnect, device number 7
[  129.281527][ T2193] binder: BINDER_SET_CONTEXT_MGR already set
[  129.287571][ T2193] binder: 2187:2193 ioctl 4018620d 200000000040 returned -16
[  129.322855][ T2193] binder: 2187:2193 ioctl c0306201 200000000240 returned -11
[  129.542706][ T2201] binder: BINDER_SET_CONTEXT_MGR already set
[  129.704050][ T2201] binder: 2199:2201 ioctl 4018620d 200000000040 returned -16
[  130.252403][ T2213] loop5: detected capacity change from 0 to 4096
[  130.296400][ T2213] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  130.427130][   T28] audit: type=1400 audit(1769189774.643:601): avc:  denied  { setopt } for  pid=2208 comm="syz.2.566" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  130.669834][  T345] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  130.919846][  T345] usb 6-1: Using ep0 maxpacket: 16
[  130.926597][  T345] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  130.935422][  T345] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  130.945795][  T345] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  130.956755][  T345] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  130.965919][  T345] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  130.974091][  T345] usb 6-1: Product: syz
[  130.978313][  T345] usb 6-1: Manufacturer: syz
[  130.983108][  T345] usb 6-1: SerialNumber: syz
[  131.476578][  T345] usb 6-1: 0:2 : does not exist
[  131.709444][  T345] usb 6-1: 1:0: cannot get min/max values for control 4 (id 1)
[  131.836183][   T28] audit: type=1400 audit(1769189775.970:602): avc:  denied  { shutdown } for  pid=2229 comm="syz.2.573" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  131.879430][  T345] usb 6-1: USB disconnect, device number 13
[  131.894025][ T2235] loop9: detected capacity change from 0 to 256
[  131.928979][ T2235] exfat: Deprecated parameter 'utf8'
[  131.945861][ T2235] exFAT-fs (loop9): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[  131.973332][ T2239] binder: 2236:2239 ioctl 5427 0 returned -22
[  132.083697][ T2232] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (148514 ns). Using initial count to start timer.
[  132.168217][ T2247] netlink: 45349 bytes leftover after parsing attributes in process `syz.9.575'.
[  132.267376][ T1715] udevd[1715]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  132.422288][  T428] EXT4-fs (loop5): unmounting filesystem.
[  132.445715][ T2252] loop5: detected capacity change from 0 to 256
[  132.455569][ T2252] exfat: Deprecated parameter 'utf8'
[  132.465305][ T2252] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[  132.665751][ T2259] binder: BINDER_SET_CONTEXT_MGR already set
[  132.671994][ T2259] binder: 2255:2259 ioctl 4018620d 200000000040 returned -16
[  132.698082][ T2260] netlink: 45349 bytes leftover after parsing attributes in process `syz.5.578'.
[  133.493104][  T345] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  133.548433][ T2275] FAULT_INJECTION: forcing a failure.
[  133.548433][ T2275] name failslab, interval 1, probability 0, space 0, times 0
[  133.561286][ T2275] CPU: 0 PID: 2275 Comm: syz.6.584 Tainted: G        W          syzkaller #0
[  133.570067][ T2275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  133.580303][ T2275] Call Trace:
[  133.583591][ T2275]  <TASK>
[  133.586550][ T2275]  __dump_stack+0x21/0x24
[  133.590895][ T2275]  dump_stack_lvl+0x110/0x170
[  133.595575][ T2275]  ? __cfi_dump_stack_lvl+0x8/0x8
[  133.600607][ T2275]  ? 0xffffffffa0004440
[  133.604763][ T2275]  dump_stack+0x15/0x24
[  133.608941][ T2275]  should_fail_ex+0x3d4/0x520
[  133.613625][ T2275]  __should_failslab+0xac/0xf0
[  133.618482][ T2275]  ? kvmalloc_node+0x28a/0x460
[  133.623252][ T2275]  should_failslab+0x9/0x20
[  133.627779][ T2275]  __kmem_cache_alloc_node+0x3d/0x2c0
[  133.633159][ T2275]  ? calc_wheel_index+0xc8/0x8d0
[  133.638119][ T2275]  ? kvmalloc_node+0x28a/0x460
[  133.642925][ T2275]  __kmalloc_node+0xa1/0x1e0
[  133.647547][ T2275]  kvmalloc_node+0x28a/0x460
[  133.652173][ T2275]  ? __cfi_kvmalloc_node+0x10/0x10
[  133.653523][ T2281] netlink: 12 bytes leftover after parsing attributes in process `syz.5.583'.
[  133.657314][ T2275]  ? enqueue_timer+0x130/0x480
[  133.670957][ T2275]  ? _raw_spin_unlock_irqrestore+0x5a/0x80
[  133.676819][ T2275]  __kvm_mmu_topup_memory_cache+0x35e/0x500
[  133.682756][ T2275]  ? __kasan_check_write+0x14/0x20
[  133.687914][ T2275]  ? mutex_unlock+0x8f/0x230
[  133.692542][ T2275]  kvm_mmu_topup_memory_cache+0x20/0x30
[  133.698172][ T2275]  kvm_mmu_load+0x9c/0x25a0
[  133.702718][ T2275]  ? kvm_hv_setup_tsc_page+0x5f0/0xa80
[  133.708191][ T2275]  ? queue_delayed_work_on+0x10d/0x160
[  133.713781][ T2275]  ? kvm_apic_has_interrupt+0x78f/0x7a0
[  133.719433][ T2275]  vcpu_enter_guest+0x4c9b/0x6f80
[  133.724488][ T2275]  ? __cfi_avc_has_perm+0x10/0x10
[  133.729647][ T2275]  ? pvclock_gtod_update_fn+0x280/0x280
[  133.735269][ T2275]  ? 0xffffffffa0004440
[  133.739426][ T2275]  ? is_bpf_text_address+0x177/0x190
[  133.744724][ T2275]  ? kernel_text_address+0xa0/0xd0
[  133.749889][ T2275]  ? __kernel_text_address+0xd/0x30
[  133.755128][ T2275]  ? unwind_get_return_address+0x4d/0x90
[  133.760768][ T2275]  ? __cfi_stack_trace_consume_entry+0x10/0x10
[  133.766936][ T2275]  ? arch_stack_walk+0xfc/0x150
[  133.771814][ T2275]  ? vmx_vcpu_pi_load+0x144/0x880
[  133.776957][ T2275]  ? __stack_depot_save+0x36/0x480
[  133.782081][ T2275]  ? __cfi_vmx_vcpu_pi_load+0x10/0x10
[  133.782197][  T345] usb 3-1: Using ep0 maxpacket: 16
[  133.787503][ T2275]  ? _parse_integer_limit+0x18a/0x1d0
[  133.787538][ T2275]  ? __asan_set_shadow_00+0xe/0x10
[  133.794932][  T345] usb 3-1: config 0 interface 0 has no altsetting 0
[  133.798152][ T2275]  ? do_vfs_ioctl+0x1b6c/0x1cd0
[  133.798184][ T2275]  ? __this_cpu_preempt_check+0x13/0x20
[  133.807166][  T345] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  133.809925][ T2275]  ? xfd_validate_state+0x70/0x150
[  133.816118][  T345] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  133.820610][ T2275]  ? fpu_swap_kvm_fpstate+0x81/0x5d0
[  133.848182][ T2275]  ? __local_bh_enable_ip+0x58/0x80
[  133.853408][ T2275]  ? fpu_swap_kvm_fpstate+0x4ef/0x5d0
[  133.858973][ T2275]  ? fpu_swap_kvm_fpstate+0x81/0x5d0
[  133.864277][ T2275]  kvm_arch_vcpu_ioctl_run+0xec4/0x1fa0
[  133.869850][ T2275]  kvm_vcpu_ioctl+0x8f2/0xc00
[  133.874560][ T2275]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  133.879782][ T2275]  ? selinux_file_ioctl+0x3a0/0x4d0
[  133.885004][ T2275]  ? __cfi_selinux_file_ioctl+0x10/0x10
[  133.890657][ T2275]  ? mutex_unlock+0x8f/0x230
[  133.895277][ T2275]  ? __cfi_mutex_unlock+0x10/0x10
[  133.900328][ T2275]  ? __fget_files+0x2d5/0x330
[  133.905023][ T2275]  ? security_file_ioctl+0x95/0xc0
[  133.910152][ T2275]  ? __cfi_kvm_vcpu_ioctl+0x10/0x10
[  133.915373][ T2275]  __se_sys_ioctl+0x12f/0x1b0
[  133.920065][ T2275]  __x64_sys_ioctl+0x7b/0x90
[  133.924673][ T2275]  x64_sys_call+0x58b/0x9a0
[  133.929194][ T2275]  do_syscall_64+0x4c/0xa0
[  133.933666][ T2275]  ? clear_bhb_loop+0x30/0x80
[  133.938369][ T2275]  ? clear_bhb_loop+0x30/0x80
[  133.943076][ T2275]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  133.949081][ T2275] RIP: 0033:0x7f696af9acb9
[  133.953592][ T2275] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  133.973212][ T2275] RSP: 002b:00007f696be43028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  133.981653][ T2275] RAX: ffffffffffffffda RBX: 00007f696b215fa0 RCX: 00007f696af9acb9
[  133.989646][ T2275] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 000000000000000a
[  133.997631][ T2275] RBP: 00007f696be43090 R08: 0000000000000000 R09: 0000000000000000
[  134.005634][ T2275] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  134.013624][ T2275] R13: 00007f696b216038 R14: 00007f696b215fa0 R15: 00007ffdde10b408
[  134.021617][ T2275]  </TASK>
[  134.025355][  T345] usb 3-1: config 0 descriptor??
[  134.160155][ T2290] loop6: detected capacity change from 0 to 128
[  134.171253][ T2290] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  134.180074][ T2290] ext4 filesystem being mounted at /55/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  134.224989][   T28] audit: type=1400 audit(1769189778.196:603): avc:  denied  { mount } for  pid=2285 comm="syz.9.587" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  134.339024][ T1320] EXT4-fs (loop6): unmounting filesystem.
[  134.426976][ T2295] kvm: vcpu 0: requested 148514 ns lapic timer period limited to 200000 ns
[  134.436831][ T2295] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (200000 ns). Using initial count to start timer.
[  134.445783][ T2304] loop4: detected capacity change from 0 to 256
[  134.463016][ T2305] binder: 2299:2305 ioctl 5427 0 returned -22
[  134.473082][ T2304] exfat: Deprecated parameter 'utf8'
[  134.483297][  T345] hid (null): unknown global tag 0xe
[  134.494011][ T2304] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[  134.819028][ T2312] netlink: 45349 bytes leftover after parsing attributes in process `syz.4.593'.
[  135.010810][ T2309] loop5: detected capacity change from 0 to 40427
[  135.025469][ T2309] F2FS-fs (loop5): invalid crc value
[  135.039627][ T2309] F2FS-fs (loop5): Found nat_bits in checkpoint
[  135.083876][ T2309] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  135.116612][   T28] audit: type=1400 audit(1769189779.028:604): avc:  denied  { ioctl } for  pid=2308 comm="syz.5.595" path="/106/file2/file1" dev="loop5" ino=10 ioctlcmd=0x5839 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  135.141600][   T28] audit: type=1400 audit(1769189779.056:605): avc:  denied  { watch } for  pid=2308 comm="syz.5.595" path="/106/file2/file1" dev="loop5" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  135.408506][ T2322] loop6: detected capacity change from 0 to 2048
[  135.420538][ T2322] netlink: 7 bytes leftover after parsing attributes in process `syz.6.596'.
[  135.493414][  T428] syz-executor: attempt to access beyond end of device
[  135.493414][  T428] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  135.626896][ T2344] binder: BINDER_SET_CONTEXT_MGR already set
[  135.639612][ T2344] binder: 2336:2344 ioctl 4018620d 200000000040 returned -16
[  135.650626][ T2344] binder: 2336:2344 ioctl c0306201 200000000240 returned -11
[  135.744556][ T2348] loop5: detected capacity change from 0 to 1024
[  135.761679][ T2348] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  135.770474][ T2348] ext4 filesystem being mounted at /107/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  135.784188][ T2349] netlink: 12 bytes leftover after parsing attributes in process `syz.6.606'.
[  136.201232][  T345] usb 3-1: USB disconnect, device number 14
[  136.266969][ T2355] binder: 2353:2355 ioctl 5427 0 returned -22
[  136.436366][ T2360] loop9: detected capacity change from 0 to 256
[  136.453346][ T2360] exfat: Deprecated parameter 'utf8'
[  136.471529][ T2360] exFAT-fs (loop9): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[  136.689789][ T2363] netlink: 45349 bytes leftover after parsing attributes in process `syz.9.609'.
[  136.998763][ T2365] loop6: detected capacity change from 0 to 2048
[  137.010364][ T2365] netlink: 7 bytes leftover after parsing attributes in process `syz.6.610'.
[  137.110302][ T2348] EXT4-fs error (device loop5): ext4_map_blocks:745: inode #15: comm syz.5.602: lblock 0 mapped to illegal pblock 0 (length 6)
[  137.134149][ T2348] EXT4-fs error (device loop5): ext4_ext_remove_space:2930: inode #15: comm syz.5.602: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0)
[  137.157257][ T2348] EXT4-fs error (device loop5): ext4_ext_remove_space:2930: inode #15: comm syz.5.602: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0)
[  137.202165][   T28] audit: type=1400 audit(1769189780.973:606): avc:  denied  { read write } for  pid=2378 comm="syz.2.616" name="vhost-vsock" dev="devtmpfs" ino=268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  137.204504][ T2348] EXT4-fs error (device loop5) in ext4_setattr:5674: Corrupt filesystem
[  137.266310][   T28] audit: type=1400 audit(1769189780.973:607): avc:  denied  { open } for  pid=2378 comm="syz.2.616" path="/dev/vhost-vsock" dev="devtmpfs" ino=268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  137.314400][   T28] audit: type=1400 audit(1769189781.020:608): avc:  denied  { ioctl } for  pid=2378 comm="syz.2.616" path="/dev/vhost-vsock" dev="devtmpfs" ino=268 ioctlcmd=0xaf00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  137.340823][ T2352] EXT4-fs error (device loop5): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 112: padding at end of block bitmap is not set
[  137.365135][ T2388] binder: BINDER_SET_CONTEXT_MGR already set
[  137.371284][ T2388] binder: 2383:2388 ioctl 4018620d 200000000040 returned -16
[  137.417918][ T2395] binder: BINDER_SET_CONTEXT_MGR already set
[  137.424064][ T2395] binder: 2386:2395 ioctl 4018620d 200000000040 returned -16
[  137.432608][ T2395] binder: 2386:2395 ioctl c0306201 200000000240 returned -11
[  137.643498][ T1703] EXT4-fs error (device loop5): ext4_map_blocks:745: inode #15: comm kworker/u4:7: lblock 0 mapped to illegal pblock 0 (length 1)
[  137.750137][ T1703] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117
[  137.763054][ T1703] EXT4-fs (loop5): This should not happen!! Data will be lost
[  137.763054][ T1703] 
[  137.779060][  T428] EXT4-fs (loop5): unmounting filesystem.
[  137.888222][ T1114] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  137.920654][ T2401] loop5: detected capacity change from 0 to 2048
[  137.974515][ T1715] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  137.985093][ T2401] netlink: 7 bytes leftover after parsing attributes in process `syz.5.622'.
[  138.080725][ T1114] usb 3-1: Using ep0 maxpacket: 16
[  138.087120][ T1114] usb 3-1: config 0 interface 0 has no altsetting 0
[  138.092333][ T2408] binder: 2406:2408 ioctl 5427 0 returned -22
[  138.094447][ T1114] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  138.103163][ T2408] binder: 2406:2408 ioctl c0306201 200000000240 returned -11
[  138.109839][ T1114] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  138.126134][ T1114] usb 3-1: config 0 descriptor??
[  138.238176][ T2414] loop6: detected capacity change from 0 to 512
[  138.253395][ T2414] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  138.285975][ T2414] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  138.295827][ T2414] ext4 filesystem being mounted at /72/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  138.399492][ T2423] loop4: detected capacity change from 0 to 512
[  138.608324][ T2423] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  138.824054][ T2429] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=2429 comm=syz.9.629
[  138.842613][ T2423] EXT4-fs (loop4): orphan cleanup on readonly fs
[  138.858859][ T2423] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.628: bg 0: block 248: padding at end of block bitmap is not set
[  138.876245][ T2423] Quota error (device loop4): write_blk: dquota write failed
[  138.883911][ T2423] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  138.893971][ T2423] EXT4-fs error (device loop4): ext4_acquire_dquot:6796: comm syz.4.628: Failed to acquire dquot type 1
[  138.908013][ T2423] EXT4-fs (loop4): 1 truncate cleaned up
[  138.915596][ T2423] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  139.291967][ T1320] EXT4-fs (loop6): unmounting filesystem.
[  139.485139][ T2439] binder: BINDER_SET_CONTEXT_MGR already set
[  139.491295][ T2439] binder: 2434:2439 ioctl 4018620d 200000000040 returned -16
[  139.519929][ T2439] binder: 2434:2439 ioctl c0306201 200000000240 returned -11
[  139.670646][ T1513] EXT4-fs (loop4): unmounting filesystem.
[  139.856976][ T2443] loop6: detected capacity change from 0 to 512
[  139.863979][ T2443] FAT-fs (loop6): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  139.895708][ T2445] loop4: detected capacity change from 0 to 2048
[  140.387030][ T2449] loop9: detected capacity change from 0 to 4096
[  140.432361][ T2449] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: writeback.
[  140.539620][ T1718] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  140.566419][ T2445] netlink: 7 bytes leftover after parsing attributes in process `syz.4.634'.
[  140.644028][  T346] usb 3-1: USB disconnect, device number 15
[  140.657055][ T2454] binder: BINDER_SET_CONTEXT_MGR already set
[  140.663081][ T2454] binder: 2452:2454 ioctl 4018620d 200000000040 returned -16
[  141.148690][   T39] usb 10-1: new high-speed USB device number 6 using dummy_hcd
[  141.341155][   T39] usb 10-1: Using ep0 maxpacket: 16
[  141.348065][   T39] usb 10-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  141.357379][   T39] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  141.368986][   T39] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 3
[  141.381373][   T39] usb 10-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  141.392133][   T39] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  141.400782][   T39] usb 10-1: Product: syz
[  141.450992][   T39] usb 10-1: Manufacturer: syz
[  141.457307][   T39] usb 10-1: SerialNumber: syz
[  141.502317][ T2469] loop6: detected capacity change from 0 to 256
[  141.518394][ T2470] binder: 2466:2470 ioctl 5427 0 returned -22
[  141.534966][ T2470] binder: 2466:2470 ioctl c0306201 200000000240 returned -11
[  141.583691][ T2474] loop6: detected capacity change from 0 to 512
[  141.600149][ T2474] EXT4-fs (loop6): 1 orphan inode deleted
[  141.674867][ T2474] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  141.694574][ T1320] EXT4-fs (loop6): unmounting filesystem.
[  141.854020][ T2487] binder: 2481:2487 ioctl c0306201 200000000240 returned -11
[  141.887349][  T334] Bluetooth: hci0: Frame reassembly failed (-84)
[  141.929532][   T39] usb 10-1: 0:2 : does not exist
[  141.957065][ T2490] loop5: detected capacity change from 0 to 256
[  142.161608][   T39] usb 10-1: 1:0: cannot get min/max values for control 4 (id 1)
[  142.175702][ T2490] FAT-fs (loop5): Directory bread(block 64) failed
[  142.182372][ T2490] FAT-fs (loop5): Directory bread(block 65) failed
[  142.189077][ T2490] FAT-fs (loop5): Directory bread(block 66) failed
[  142.195699][ T2490] FAT-fs (loop5): Directory bread(block 67) failed
[  142.202493][ T2490] FAT-fs (loop5): Directory bread(block 68) failed
[  142.209450][   T39] usb 10-1: USB disconnect, device number 6
[  142.210663][ T2490] FAT-fs (loop5): Directory bread(block 69) failed
[  142.222537][ T2490] FAT-fs (loop5): Directory bread(block 70) failed
[  142.235454][ T2490] FAT-fs (loop5): Directory bread(block 71) failed
[  142.242342][ T2490] FAT-fs (loop5): Directory bread(block 72) failed
[  142.248944][ T2490] FAT-fs (loop5): Directory bread(block 73) failed
[  142.266199][   T28] audit: type=1326 audit(1769190041.716:609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2488 comm="syz.5.648" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f295819acb9 code=0x0
[  142.271465][   T60] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  142.374215][ T2494] netlink: 40 bytes leftover after parsing attributes in process `syz.5.648'.
[  142.495611][   T60] usb 5-1: Using ep0 maxpacket: 16
[  142.501937][   T60] usb 5-1: config 0 interface 0 has no altsetting 0
[  142.508623][   T60] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  142.517731][   T60] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  142.526883][   T60] usb 5-1: config 0 descriptor??
[  142.653974][ T2500] loop6: detected capacity change from 0 to 256
[  142.674209][ T2500] exfat: Deprecated parameter 'utf8'
[  142.689927][ T2500] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[  142.906311][ T2502] netlink: 45349 bytes leftover after parsing attributes in process `syz.6.651'.
[  143.128447][ T1464] EXT4-fs (loop9): unmounting filesystem.
[  143.348283][   T28] audit: type=1400 audit(1769190042.726:610): avc:  denied  { map } for  pid=2511 comm="syz.2.656" path="/dev/zero" dev="devtmpfs" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:zero_device_t tclass=chr_file permissive=1
[  143.711912][ T2517] netlink: 324 bytes leftover after parsing attributes in process `syz.2.657'.
[  143.752393][ T2521] loop6: detected capacity change from 0 to 512
[  143.802616][   T28] audit: type=1400 audit(1769190043.147:611): avc:  denied  { watch } for  pid=2518 comm="syz.6.658" path="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=dir permissive=1
[  144.025749][   T60] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  144.089032][ T1150] Bluetooth: hci0: command 0x1003 tx timeout
[  144.089049][   T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  144.106860][ T2489] Bluetooth: hci0: Opcode 0x080f failed: -22
[  144.121180][  T346] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  144.244721][   T60] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  144.260821][   T60] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 38191, setting to 1024
[  144.273848][   T60] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024
[  144.290635][   T60] usb 3-1: New USB device found, idVendor=0582, idProduct=0029, bcdDevice=bb.9d
[  144.335086][  T346] usb 7-1: Using ep0 maxpacket: 16
[  144.343244][  T346] usb 7-1: config index 0 descriptor too short (expected 16456, got 72)
[  144.393434][  T346] usb 7-1: config 0 has an invalid interface number: 125 but max is 1
[  144.404263][   T60] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  144.497752][ T2517] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  144.528641][  T346] usb 7-1: config 0 has an invalid interface number: 125 but max is 1
[  144.616794][  T346] usb 7-1: config 0 has an invalid interface number: 125 but max is 1
[  144.683065][  T346] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2
[  144.778571][  T346] usb 7-1: config 0 has no interface number 0
[  144.847278][  T346] usb 7-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64
[  144.901062][ T2530] loop5: detected capacity change from 0 to 2048
[  144.923530][  T346] usb 7-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0
[  145.004673][ T1043] usb 5-1: USB disconnect, device number 5
[  145.142946][  T346] usb 7-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[  145.228694][ T2531] netlink: 7 bytes leftover after parsing attributes in process `syz.5.660'.
[  145.322698][  T346] usb 7-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  145.443289][  T346] usb 7-1: config 0 interface 125 has no altsetting 0
[  145.461074][  T346] usb 7-1: config 0 interface 125 has no altsetting 2
[  145.498197][  T346] usb 7-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[  145.640738][  T346] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  145.648899][  T346] usb 7-1: Product: syz
[  145.665176][  T346] usb 7-1: Manufacturer: syz
[  145.669919][  T346] usb 7-1: SerialNumber: syz
[  145.735911][  T346] usb 7-1: config 0 descriptor??
[  145.811469][ T2536] loop4: detected capacity change from 0 to 4096
[  145.850566][ T2536] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  145.953871][   T28] audit: type=1400 audit(1769190045.166:612): avc:  denied  { create } for  pid=2547 comm="syz.5.667" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  146.270884][  T346] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  146.313630][    C1] ==================================================================
[  146.321785][    C1] BUG: KASAN: use-after-free in __run_timers+0x340/0x9f0
[  146.328830][    C1] Write of size 8 at addr ffff88810f884a00 by task swapper/1/0
[  146.336370][    C1] 
[  146.338727][    C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G        W          syzkaller #0
[  146.347248][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  146.357301][    C1] Call Trace:
[  146.360581][    C1]  <IRQ>
[  146.363424][    C1]  __dump_stack+0x21/0x24
[  146.367851][    C1]  dump_stack_lvl+0x110/0x170
[  146.372552][    C1]  ? __cfi_dump_stack_lvl+0x8/0x8
[  146.377597][    C1]  ? update_rq_clock+0x536/0x5c0
[  146.382543][    C1]  ? __run_timers+0x340/0x9f0
[  146.387238][    C1]  print_address_description+0x71/0x200
[  146.392803][    C1]  print_report+0x4a/0x60
[  146.397236][    C1]  kasan_report+0x122/0x150
[  146.401754][    C1]  ? __run_timers+0x340/0x9f0
[  146.406466][    C1]  __asan_report_store8_noabort+0x17/0x20
[  146.412282][    C1]  __run_timers+0x340/0x9f0
[  146.416800][    C1]  ? sched_clock+0x9/0x10
[  146.421140][    C1]  ? sched_clock_cpu+0x6e/0x260
[  146.425999][    C1]  ? calc_index+0x200/0x200
[  146.430516][    C1]  ? kvm_sched_clock_read+0x18/0x40
[  146.435724][    C1]  run_timer_softirq+0x6a/0xf0
[  146.440499][    C1]  handle_softirqs+0x1d7/0x600
[  146.445271][    C1]  ? irqtime_account_irq+0xc4/0x240
[  146.450484][    C1]  __irq_exit_rcu+0x52/0xf0
[  146.455012][    C1]  irq_exit_rcu+0x9/0x10
[  146.459256][    C1]  sysvec_apic_timer_interrupt+0xa9/0xc0
[  146.464895][    C1]  </IRQ>
[  146.467853][    C1]  <TASK>
[  146.470797][    C1]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[  146.476789][    C1] RIP: 0010:default_idle+0xf/0x20
[  146.481844][    C1] Code: 67 1c b7 fc e9 3d ff ff ff 00 00 90 90 90 90 90 90 90 90 90 90 90 b8 0c 67 40 a5 55 48 89 e5 66 90 0f 00 2d 53 d8 46 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 90 90 90 90 90
[  146.501543][    C1] RSP: 0018:ffffc90000147dd8 EFLAGS: 00000257
[  146.507786][    C1] RAX: ffff8881f7100000 RBX: ffff888100332880 RCX: 4d6b9f4f8735cc00
[  146.515845][    C1] RDX: 0000000000000001 RSI: ffffffff85aa6980 RDI: ffffffff85aa6940
[  146.523819][    C1] RBP: ffffc90000147dd8 R08: ffff8881f71348b3 R09: 1ffff1103ee26916
[  146.527705][  T346] usb 5-1: Using ep0 maxpacket: 16
[  146.531797][    C1] R10: 0000000000000000 R11: ffffffff84ff5aa0 R12: 0000000000000000
[  146.531815][    C1] R13: 0000000000000000 R14: ffff888100332880 R15: dffffc0000000000
[  146.540015][  T346] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  146.544946][    C1]  ? __cfi_default_idle+0x10/0x10
[  146.553216][  T346] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  146.561682][    C1]  arch_cpu_idle+0x1c/0x20
[  146.561706][    C1]  default_idle_call+0x71/0x1d0
[  146.566847][  T346] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  146.576799][    C1]  do_idle+0x1a7/0x560
[  146.576827][    C1]  ? sysvec_apic_timer_interrupt+0x64/0xc0
[  146.583997][  T346] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  146.586118][    C1]  ? idle_inject_timer_fn+0x60/0x60
[  146.595230][  T346] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  146.599168][    C1]  ? schedule_idle+0x5b/0x90
[  146.605214][  T346] usb 5-1: Product: syz
[  146.614050][    C1]  cpu_startup_entry+0x43/0x60
[  146.614080][    C1]  start_secondary+0x119/0x120
[  146.619409][  T346] usb 5-1: Manufacturer: syz
[  146.627262][    C1]  secondary_startup_64_no_verify+0xce/0xdb
[  146.627294][    C1]  </TASK>
[  146.632042][  T346] usb 5-1: SerialNumber: syz
[  146.636043][    C1] 
[  146.636048][    C1] Allocated by task 2489:
[  146.636058][    C1]  kasan_set_track+0x4b/0x70
[  146.636082][    C1]  kasan_save_alloc_info+0x25/0x30
[  146.636109][    C1]  __kasan_kmalloc+0x95/0xb0
[  146.684625][    C1]  __kmalloc+0xb1/0x1e0
[  146.688796][    C1]  hci_alloc_dev_priv+0x27/0x1bd0
[  146.693834][    C1]  hci_uart_tty_ioctl+0x3d6/0xa20
[  146.698859][    C1]  tty_ioctl+0x8ef/0xc60
[  146.703102][    C1]  __se_sys_ioctl+0x12f/0x1b0
[  146.707782][    C1]  __x64_sys_ioctl+0x7b/0x90
[  146.712367][    C1]  x64_sys_call+0x58b/0x9a0
[  146.716872][    C1]  do_syscall_64+0x4c/0xa0
[  146.721289][    C1]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  146.727192][    C1] 
[  146.729511][    C1] Freed by task 2489:
[  146.733503][    C1]  kasan_set_track+0x4b/0x70
[  146.738104][    C1]  kasan_save_free_info+0x31/0x50
[  146.743140][    C1]  ____kasan_slab_free+0x132/0x180
[  146.748259][    C1]  __kasan_slab_free+0x11/0x20
[  146.753021][    C1]  slab_free_freelist_hook+0xc2/0x190
[  146.758399][    C1]  __kmem_cache_free+0xb7/0x1b0
[  146.763254][    C1]  kfree+0x6f/0xf0
[  146.766997][    C1]  hci_release_dev+0x12a3/0x13b0
[  146.771954][    C1]  bt_host_release+0x82/0x90
[  146.776548][    C1]  device_release+0xa4/0x1d0
[  146.781144][    C1]  kobject_put+0x19d/0x280
[  146.785568][    C1]  put_device+0x1f/0x30
[  146.789758][    C1]  hci_dev_cmd+0x279/0x740
[  146.794182][    C1]  hci_sock_ioctl+0x41e/0x7f0
[  146.798867][    C1]  sock_do_ioctl+0x114/0x330
[  146.803498][    C1]  sock_ioctl+0x4ca/0x720
[  146.807841][    C1]  __se_sys_ioctl+0x12f/0x1b0
[  146.812524][    C1]  __x64_sys_ioctl+0x7b/0x90
[  146.817109][    C1]  x64_sys_call+0x58b/0x9a0
[  146.821622][    C1]  do_syscall_64+0x4c/0xa0
[  146.826074][    C1]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  146.832027][    C1] 
[  146.834378][    C1] Last potentially related work creation:
[  146.840085][    C1]  kasan_save_stack+0x3a/0x60
[  146.844794][    C1]  __kasan_record_aux_stack+0xb6/0xc0
[  146.850177][    C1]  kasan_record_aux_stack_noalloc+0xb/0x10
[  146.856048][    C1]  insert_work+0x51/0x300
[  146.860376][    C1]  __queue_work+0x9b1/0xd30
[  146.864883][    C1]  queue_work_on+0xde/0x150
[  146.869392][    C1]  __hci_cmd_sync_sk+0xa7f/0xd30
[  146.874336][    C1]  hci_cmd_sync_status+0x53/0x120
[  146.879383][    C1]  hci_dev_cmd+0x648/0x740
[  146.883809][    C1]  hci_sock_ioctl+0x41e/0x7f0
[  146.888502][    C1]  sock_do_ioctl+0x114/0x330
[  146.893100][    C1]  sock_ioctl+0x4ca/0x720
[  146.897461][    C1]  __se_sys_ioctl+0x12f/0x1b0
[  146.902141][    C1]  __x64_sys_ioctl+0x7b/0x90
[  146.906732][    C1]  x64_sys_call+0x58b/0x9a0
[  146.911239][    C1]  do_syscall_64+0x4c/0xa0
[  146.915667][    C1]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  146.921692][    C1] 
[  146.924102][    C1] Second to last potentially related work creation:
[  146.930680][    C1]  kasan_save_stack+0x3a/0x60
[  146.935396][    C1]  __kasan_record_aux_stack+0xb6/0xc0
[  146.940776][    C1]  kasan_record_aux_stack_noalloc+0xb/0x10
[  146.946591][    C1]  insert_work+0x51/0x300
[  146.950923][    C1]  __queue_work+0x9b1/0xd30
[  146.955434][    C1]  queue_work_on+0xde/0x150
[  146.959961][    C1]  hci_cmd_timeout+0x191/0x200
[  146.964766][    C1]  process_one_work+0x71f/0xc40
[  146.969612][    C1]  worker_thread+0xa29/0x11e0
[  146.974289][    C1]  kthread+0x281/0x320
[  146.978357][    C1]  ret_from_fork+0x1f/0x30
[  146.982799][    C1] 
[  146.985121][    C1] The buggy address belongs to the object at ffff88810f884000
[  146.985121][    C1]  which belongs to the cache kmalloc-8k of size 8192
[  146.999181][    C1] The buggy address is located 2560 bytes inside of
[  146.999181][    C1]  8192-byte region [ffff88810f884000, ffff88810f886000)
[  147.012736][    C1] 
[  147.015064][    C1] The buggy address belongs to the physical page:
[  147.021561][    C1] page:ffffea00043e2000 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88810f880000 pfn:0x10f880
[  147.033103][    C1] head:ffffea00043e2000 order:3 compound_mapcount:0 compound_pincount:0
[  147.041441][    C1] flags: 0x4000000000010200(slab|head|zone=1)
[  147.047561][    C1] raw: 4000000000010200 ffffea000448f200 dead000000000002 ffff888100043500
[  147.056278][    C1] raw: ffff88810f880000 0000000080020001 00000001ffffffff 0000000000000000
[  147.064948][    C1] page dumped because: kasan: bad access detected
[  147.071375][    C1] page_owner tracks the page as allocated
[  147.077096][    C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 285, tgid 285 (syz-executor), ts 25142723797, free_ts 25129726105
[  147.098382][    C1]  post_alloc_hook+0x1f5/0x210
[  147.103172][    C1]  prep_new_page+0x1c/0x110
[  147.107771][    C1]  get_page_from_freelist+0x2d12/0x2d80
[  147.113370][    C1]  __alloc_pages+0x1d9/0x480
[  147.117979][    C1]  alloc_slab_page+0x6e/0xf0
[  147.122583][    C1]  new_slab+0x98/0x3d0
[  147.126661][    C1]  ___slab_alloc+0x6bd/0xb20
[  147.131261][    C1]  __slab_alloc+0x5e/0xa0
[  147.135601][    C1]  __kmem_cache_alloc_node+0x203/0x2c0
[  147.141075][    C1]  __kmalloc_node+0xa1/0x1e0
[  147.145706][    C1]  kvmalloc_node+0x28a/0x460
[  147.150340][    C1]  wg_packet_queue_init+0x95/0x320
[  147.155462][    C1]  wg_newlink+0x40b/0x7a0
[  147.159815][    C1]  rtnl_newlink+0x1537/0x20b0
[  147.164499][    C1]  rtnetlink_rcv_msg+0xb3b/0xe00
[  147.169449][    C1]  netlink_rcv_skb+0x20f/0x460
[  147.174233][    C1] page last free stack trace:
[  147.178901][    C1]  free_unref_page_prepare+0x742/0x750
[  147.184372][    C1]  free_unref_page+0x95/0x540
[  147.189066][    C1]  __free_pages+0x67/0x100
[  147.193497][    C1]  __free_slab+0xca/0x1a0
[  147.197831][    C1]  __unfreeze_partials+0x160/0x190
[  147.202953][    C1]  put_cpu_partial+0xa9/0x100
[  147.207637][    C1]  __slab_free+0x1c4/0x280
[  147.212063][    C1]  ___cache_free+0xbf/0xd0
[  147.216483][    C1]  qlist_free_all+0xc6/0x140
[  147.221069][    C1]  kasan_quarantine_reduce+0x14a/0x170
[  147.226528][    C1]  __kasan_slab_alloc+0x24/0x80
[  147.231381][    C1]  slab_post_alloc_hook+0x4f/0x2d0
[  147.236492][    C1]  __kmem_cache_alloc_node+0x192/0x2c0
[  147.241968][    C1]  kmalloc_trace+0x29/0xb0
[  147.246383][    C1]  ref_tracker_alloc+0x169/0x4a0
[  147.251414][    C1]  netdev_queue_update_kobjects+0x185/0x470
[  147.257314][    C1] 
[  147.259633][    C1] Memory state around the buggy address:
[  147.265255][    C1]  ffff88810f884900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  147.273423][    C1]  ffff88810f884980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  147.281525][    C1] >ffff88810f884a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  147.289597][    C1]                    ^
[  147.293671][    C1]  ffff88810f884a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  147.301763][    C1]  ffff88810f884b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  147.309832][    C1] ==================================================================
[  147.317888][    C1] Disabling lock debugging due to kernel taint
[  147.324395][    C1] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
[  147.336158][    C1] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[  147.344604][    C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G    B   W          syzkaller #0
[  147.353149][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  147.363248][    C1] RIP: 0010:__queue_work+0x575/0xd30
[  147.368588][    C1] Code: 39 2b 0f 84 b9 00 00 00 e8 a8 44 29 00 4c 89 ff e8 a0 80 b7 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 ec 70 6e 00 49 8b 7d 00 e8 33 7c
[  147.388243][    C1] RSP: 0018:ffffc900001b0c70 EFLAGS: 00010046
[  147.394427][    C1] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff888100332880
[  147.402428][    C1] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[  147.410612][    C1] RBP: ffffc900001b0d08 R08: 0000000000000007 R09: fffffffffffffffb
[  147.418618][    C1] R10: dffffc0000000000 R11: ffffed1021f10939 R12: dffffc0000000000
[  147.426617][    C1] R13: 0000000000000000 R14: ffff88810f8849c8 R15: 0000000000000008
[  147.434701][    C1] FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[  147.443671][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  147.450298][    C1] CR2: 00007faaad9e8400 CR3: 000000012e36d000 CR4: 00000000003506a0
[  147.458401][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  147.466409][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  147.474415][    C1] Call Trace:
[  147.477718][    C1]  <IRQ>
[  147.480617][    C1]  delayed_work_timer_fn+0x61/0x80
[  147.485770][    C1]  ? __cfi_delayed_work_timer_fn+0x10/0x10
[  147.491620][    C1]  call_timer_fn+0x46/0x2a0
[  147.496287][    C1]  ? __cfi_delayed_work_timer_fn+0x10/0x10
[  147.502306][    C1]  __run_timers+0x689/0x9f0
[  147.506867][    C1]  ? calc_index+0x200/0x200
[  147.511437][    C1]  ? kvm_sched_clock_read+0x18/0x40
[  147.516693][    C1]  run_timer_softirq+0x6a/0xf0
[  147.521498][    C1]  handle_softirqs+0x1d7/0x600
[  147.526433][    C1]  ? irqtime_account_irq+0xc4/0x240
[  147.531685][    C1]  __irq_exit_rcu+0x52/0xf0
[  147.536224][    C1]  irq_exit_rcu+0x9/0x10
[  147.540495][    C1]  sysvec_apic_timer_interrupt+0xa9/0xc0
[  147.546171][    C1]  </IRQ>
[  147.549148][    C1]  <TASK>
[  147.552108][    C1]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[  147.558141][    C1] RIP: 0010:default_idle+0xf/0x20
[  147.563196][    C1] Code: 67 1c b7 fc e9 3d ff ff ff 00 00 90 90 90 90 90 90 90 90 90 90 90 b8 0c 67 40 a5 55 48 89 e5 66 90 0f 00 2d 53 d8 46 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 90 90 90 90 90
[  147.582837][    C1] RSP: 0018:ffffc90000147dd8 EFLAGS: 00000257
[  147.588951][    C1] RAX: ffff8881f7100000 RBX: ffff888100332880 RCX: 4d6b9f4f8735cc00
[  147.596951][    C1] RDX: 0000000000000001 RSI: ffffffff85aa6980 RDI: ffffffff85aa6940
[  147.604946][    C1] RBP: ffffc90000147dd8 R08: ffff8881f71348b3 R09: 1ffff1103ee26916
[  147.612972][    C1] R10: 0000000000000000 R11: ffffffff84ff5aa0 R12: 0000000000000000
[  147.620964][    C1] R13: 0000000000000000 R14: ffff888100332880 R15: dffffc0000000000
[  147.628980][    C1]  ? __cfi_default_idle+0x10/0x10
[  147.634042][    C1]  arch_cpu_idle+0x1c/0x20
[  147.638513][    C1]  default_idle_call+0x71/0x1d0
[  147.643400][    C1]  do_idle+0x1a7/0x560
[  147.647514][    C1]  ? sysvec_apic_timer_interrupt+0x64/0xc0
[  147.653381][    C1]  ? idle_inject_timer_fn+0x60/0x60
[  147.658664][    C1]  ? schedule_idle+0x5b/0x90
[  147.663311][    C1]  cpu_startup_entry+0x43/0x60
[  147.668129][    C1]  start_secondary+0x119/0x120
[  147.672924][    C1]  secondary_startup_64_no_verify+0xce/0xdb
[  147.678854][    C1]  </TASK>
[  147.681915][    C1] Modules linked in:
[  147.685924][    C1] ---[ end trace 0000000000000000 ]---
[  147.691403][    C1] RIP: 0010:__queue_work+0x575/0xd30
[  147.696712][    C1] Code: 39 2b 0f 84 b9 00 00 00 e8 a8 44 29 00 4c 89 ff e8 a0 80 b7 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 ec 70 6e 00 49 8b 7d 00 e8 33 7c
[  147.716342][    C1] RSP: 0018:ffffc900001b0c70 EFLAGS: 00010046
[  147.722442][    C1] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff888100332880
[  147.730438][    C1] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[  147.738464][    C1] RBP: ffffc900001b0d08 R08: 0000000000000007 R09: fffffffffffffffb
[  147.746556][    C1] R10: dffffc0000000000 R11: ffffed1021f10939 R12: dffffc0000000000
[  147.754650][    C1] R13: 0000000000000000 R14: ffff88810f8849c8 R15: 0000000000000008
[  147.762654][    C1] FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[  147.771620][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  147.778230][    C1] CR2: 00007faaad9e8400 CR3: 000000012e36d000 CR4: 00000000003506a0
[  147.784335][  T346] usb 5-1: 0:2 : does not exist
[  147.786221][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  147.786239][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  147.807413][    C1] Kernel panic - not syncing: Fatal exception in interrupt
[  147.815109][    C1] Kernel Offset: disabled
[  147.819451][    C1] Rebooting in 86400 seconds..