last executing test programs:

14.068614181s ago: executing program 2 (id=815):
r0 = socket$kcm(0x11, 0x3, 0x0)
r1 = socket$unix(0x1, 0x5, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r3)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={0x0}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000580)=@xdp={0x2c, 0x0, r5, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee162fd4b8bf4a31accb", 0xfdef}], 0x1}, 0x0)

13.987957994s ago: executing program 4 (id=817):
r0 = syz_usb_connect(0x2, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000000)={0x1c, &(0x7f00000001c0)=ANY=[], 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000340)={0x0, 0x18}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

13.527277519s ago: executing program 2 (id=819):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x200000, &(0x7f0000001240)={[{@dioread_nolock}, {@norecovery}, {@min_batch_time={'min_batch_time', 0x3d, 0x1}}, {@nojournal_checksum}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@nodelalloc}, {@errors_remount}, {@acl}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x343}}, {@jqfmt_vfsold}, {@barrier_val={'barrier', 0x3d, 0x7}}, {@nombcache}], [{@fowner_eq}, {@hash}, {@permit_directio}, {@subj_type={'subj_type', 0x3d, '/)/-:$//('}}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}]}, 0xfd, 0x573, &(0x7f0000000cc0)="$eJzs3V9rW+UfAPDvSZP9636/djCGeiGDXTgZS9fWPxOEzUvR4UDvZ2izMpouo0nHWgduF+7GGxmCiAPxBXjv5fAN+CoGOhgyil6IUDnpSZe1Sf8tNbH5fOBsz5Nzkud58pzvyfOck/QEMLBOpv/kIl6OiK+SiJGWdfnIVp5c3W756e2pdEliZeXj35O4sO61kuz/4SzzUkT8/EXEmdzGcmuLS7OlSqU8n+XH6nM3xmqLS2evzZVmyjPl6xOTk+ffnJx45+23utbW1y//+e1HD98//+Wp5W9+fHzsfhIX42i2Lm1XF4q405o5Wfo7SxXi4roNx7tQWD9Jel0BdmUoi/NCpMeAkRjKoh7Y/z6PiBVgQCXiHwZUcxzQnNt3aR78n/HkvdUJ0Mb251fPjcShxtzoyHLy3Mwone+OdqH8tIyffntwP11i8/MQh7fIA+zInbsRcS6f33j8S7Lj3+6da5w83tz6Mgbt8wd66WE6/knuRGyI/9za+CfajH+G28Tubmwd/7nHXSimo3T8927b8e/aoWt0KMv9rzHmKyRXr1XK5yLi/xFxOgoH0/xm13POLz9a6bSudfyXLmn5zbFgVo/H+YPPP2e6VC+9SJtbPbkb8Urb8W+y1v9Jm/5P34/L2yzjRPnBq53Wbd3+vbXyQ8Rrbfv/2RWtZPPrk2ON/WGsuVds9Me9E790Kr/X7U/7/8jm7R9NWq/X1nZexveH/ip3Wrfb/f9A8kkjfSB77FapXp8fjziQfJgfXv/4xLPnNvPN7dP2nz7VPv432//Tyden22z/veP3Om7aD/0/vaP+33ni0Qeffdep/O31/xuN1Onske0c/7ZbwRd57wAAAAAAAKDf5CLiaCS54lo6lysWV7/fcTyO5CrVWv3M1erC9elo/FZ2NAq55pXukZbvQ4xn34dt5ifW5Scj4lhEfD10uJEvTlUr071uPAAAAAAAAAAAAAAAAAAAAPSJ4Q6//0/9OtTr2gF7rnFjg4O9rgXQC1ve8r8bd3oC+tKW8Q/sWzuPf2cGYL/w+Q+DS/zD4BL/MLi2G/+FkT2uCPCv8/kPg0v8AwAAAAAAAAAAAAAAAAAAAAAAAAAAQFddvnQpXVaWn96eSvPTNxcXZqs3z06Xa7PFuYWp4lR1/kZxplqdqZSLU9W5rV6vUq3eGJ+IhVtj9XKtPlZbXLoyV124Xr9yba40U75SLvhjwwAAAAAAAAAAAAAAAAAAALBBbXFptlSplOclOiYuRF9UYy8buGpXT8/3Syskupro8YEJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFr8EwAA//8DDjNQ")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, 0x0)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
close(r2)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000020c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000002100)={<r3=>0xffffffffffffffff}, 0x13f, 0x9}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0xfffb, 0xffffffd7, @empty, 0xa098}, {0xa, 0x4ea6, 0x9, @dev={0xfe, 0x80, '\x00', 0x3f}, 0x8}, r3, 0x9ef4}}, 0x48)
writev(r1, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2)

13.526738499s ago: executing program 3 (id=820):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000001900)=ANY=[], 0x0, 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r4, 0x2285, 0x0)
r5 = fcntl$dupfd(r4, 0x0, r4)
write$sndseq(r5, &(0x7f0000000180)=[{0x0, 0x47, 0xd, 0x0, @tick, {0x40, 0xff}, {0x10, 0x9}, @note={0xa, 0x8, 0xb0, 0x9, 0x3}}, {0x0, 0x0, 0x0, 0x0, @tick=0x46f, {0x8}, {0x80, 0x1}, @connect={{0x40, 0x7}, {0x80, 0xf6}}}], 0x38)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
listen(r6, 0x2)
close_range(r3, 0xffffffffffffffff, 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000040)={0x13, 0x65, 0xffff, 0xff, 0x6, '9P2000'}, 0x13)
r7 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r7, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000000314770026bd7000fbdbdf2509000200f3797a3200000000080041007369770014003300776c616e3100"/56], 0x38}, 0x1, 0x0, 0x0, 0x48049}, 0x800)

12.884833142s ago: executing program 0 (id=822):
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0xa00008, &(0x7f0000000140)={[{@min_batch_time={'min_batch_time', 0x3d, 0x2d}}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@noblock_validity}]}, 0x1, 0x7ad, &(0x7f00000007c0)="$eJzs3c9rG1ceAPDvyD/jZNdeWNjNngwLu4YQeZ31JruwsFn2sBQaCLTnJEZWTGrZCpYcYmNIQin00kNLD4XmknPTprdc++PaXvo39FAS0tYJTemhuIw0SmRbcpzEklL8+cBY782M9N533sybZ82gCWDfGk//5CIORwykydFsfhLZjOiPOFlf7+H6WiGdktjYeOW7pLbOg/W1QjS9J3Uwy/wxIj57I+JIbnu5lZXV+ZlSqbiU5SerCxcnKyurRy8szMwV54qLx6emp4+d+MeJ43sX6w9frh66+/b///rRyZ9e/8Ottz5P4mQcypY1x7FXxmM82yYD6Sbc5H97XViPJb2uAM8kPTT76kd5HI7R6NuhJf/T1ZoBAJ1yJSI2AIB9JnH+B4B9pvE9wIP1tUJjivr1nKs9/WKiS+79NyKG6/E3rm/Wl/TXr9l9NVy7DjryIKldI2lIImJsD8ofj4jrt8/cTKfo0HVIgFauXouIc2PjW/v/tIfbes/C0/rbLtYZ35LX/0H3fJKOf/65ffwXkcuO/+Ha363jn6EWx+6zePLxn7uzKTuwB4U2Scd//266t+1hU/yZsb4s95vamG8gOX+hVEz7tt9GxEQMDKX5qR3KmLj/8/12y5rHf9+/89oHafnp6+M1cnf6hza/Z3amOvM8MTe7dy3iT/2t4k8etX/SZvx7epdlvPSvN99vtyyNP423MW2Pv7M2bkT8pWX7P74PKtnx/sTJ2u4w2dgpWvj46/dG2pXf3P7Xb6clrRUa/wt0Q9r+IzvHP5Y0369Zefoyvrgx+mm7ZZvjP3MzLX9z/K33/8Hk1Vp6MJt3eaZaXZqKGExe3j7/2OP3NvKN9dP4J/7c+vjfaf9Pu6FzWXrjCTc/9t/99sNnj7+z0vhn0/ZPsiCe2P5Pn7j1cL6vXfm7a//pWmoim7O9/+vf9rm7reBzbTwAAAAAAAAAAAAAAAAAAAAAAAAA2KVcRByKJJd/lM7l8vn6M7x/HyO5UrlSPXK+vLw4G7VnZY/FQK7xU5ejTb+HOpX9Hn4jf2xL/u8R8buIeHfoQC2fL5RLs70OHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyB9s8/z/1zVCvawcAdMxwrysAAHSd8z8A7D9tzv+DrWcf6GhdAIDuqJ3/k/5eVwMA6CLf/wPA/uP8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQIedPnUqnTZ+XF8rpPnZSyvL8+VLR2eLlfn8wnIhXygvXczPlctzpWK+UF5o+0FX6y+lcvnidCwuX56sFivVycrK6tmF8vJi9eyFhZm54tniQNciAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDdq6yszs+USsUliZ0TV16IalzLmq3XW0PihUgMRUSnimjuJQ70pnMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+BX4JQAA//9qsh/Y")
bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x15)
socket$netlink(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000140), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet6_icmp(0xa, 0x2, 0x3a)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)

12.674957169s ago: executing program 1 (id=823):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
openat$comedi(0xffffffffffffff9c, 0x0, 0x2001, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(0xffffffffffffffff, 0x541b, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000006c0))
getpid()
open_by_handle_at(0xffffffffffffff9c, 0x0, 0x0)
syz_mount_image$hfs(&(0x7f0000000140), &(0x7f0000000100)='./file1\x00', 0x401, &(0x7f0000000540)=ANY=[@ANYBLOB='quiet,umask=00000000000000000100503,iocharset=cp857,session=0x0000000000000401,file_umask=00000000000000000002001,file_umask=00000000000000000000120,quiet,uid=', @ANYRESHEX=0x0, @ANYBLOB='W['], 0x7, 0x31d, &(0x7f0000000e00)="$eJzs3U1LFVEcBvDnzH3x3hSb1BBaWkIrUVsUbZKQNn2BFiGZXkEcDMqghOjWOqJdELRs1zrqK9Qm+gK1chGtaiMumjjnzJk3zxmvo91RfH5wX2bmvP3nzNw558p1QEQn1vX57+8ubcmHaACoAbgKeABaQB3AWYy3Hq5vrG4EneWigmoqh3wI6JxiV5ql9Y4tq8ynckR8uVTHUHodgJ2F0lGSSxiG4Y89U/3uS1uoOkKf+7t4wEB0dqrtrb637P/o6rhOllQPi21s4xGGq2wOERFVL7r+e9FVYigav3seMBmNw4/79T8zvtmurh1HQnz99/RyKOT+Oa02JfM9NYWTve+ZWaKtLOsxESa7uwl9ZGU6QOw1q1Rt8dorq0FnqqsKeI5rkVSyMfW8DBOI4mptU79MWOamBYpiLzaoYmjIGGYd7R/dd42ffuK1vbqFLz20SXwWX8WC8PEGy/H4rx4KuXPU/vFzPaXbP+0uUUXp61SZKJP5+xlVyTnTAx/fJ1G2Xfu1hZpsi40sReTH775p56umOxdGkP1aQUc3445O5Rq15pqNl3esucbyudorjaAztXQvKPwq5dBYZ3TipbglJvALHzCfGv97MvUk3Gdm5iwXKmV0ZBTGU1cpHf2YoU7gdg8JKeeGtaOLvcBdXMHwg8eba4tB0Llf/RtzqhyR9uhLRHShkGvkayoNWvJNA8ChVfo3DEPrpjr6EXJDhXr5bRLy5tqi6OrFg1WBblyg2TTnTgxgDkC0xlyry9T+NM41kBTYU/Y/srfVGvsBaVrVhwPSVJXZVMNAT2dKu0SlN5+sLQalPonomEk6HeO3q24MVUGOu4Se/6XmK9PqU0c++QWzkTC72NiVIFXijGMGNKKeT/U2g4uLdc7gBs2bPeZc5y8CF3I1ejA1PssX60ftzA3pj4b9/ylDzOMb7vD7fyIiIiIiIiIiIiIiIiIiIiIiIiKi42a/v0Yo83OCbI1bJ/AfbxARERERERERERERERERERERERERERERHUzq/r9ATd0xpln5/X9r1vv/Zpn7UhBRaf8CAAD//xDmYZk=")
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000280), 0x101000, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r1, 0x4601, &(0x7f0000000600)={0x1000, 0x0, 0x356, 0x1000, 0x3, 0x192b, 0x10, 0x2, {0x9, 0x5, 0x1}, {0x5, 0x6}, {0x6, 0x7, 0x1}, {0x200, 0x8}, 0x2, 0x10, 0x0, 0x6, 0x1, 0x566, 0x1, 0x5, 0x6, 0x0, 0x6, 0x0, 0x10, 0x0, 0x2, 0x11})
socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0xfe, "0062ba7d82000000160000000000f738096304"})
r3 = syz_open_pts(r2, 0x80)
r4 = dup3(r3, r2, 0x80000)
read(r4, &(0x7f0000000200)=""/227, 0xe3)
socket$caif_seqpacket(0x25, 0x5, 0x4)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000080)=[{0x24}, {0x6, 0x0, 0x0, 0x7ffffdbd}]})

9.576995937s ago: executing program 3 (id=824):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$fou(0x0, 0xffffffffffffffff)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0xa, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000001040)={0x4c, 0x0, &(0x7f0000000ec0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000c00)={0x44, 0x0, &(0x7f0000000a80)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000003480)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
read$FUSE(r4, &(0x7f0000007fc0)={0x2020}, 0x2020)

7.404757072s ago: executing program 0 (id=825):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socket$inet_udp(0x2, 0x2, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4001, 0x1, @dev={0xfe, 0x80, '\x00', 0x39}, 0x3e}, 0x1c)
r3 = syz_init_net_socket$ax25(0x3, 0x5, 0xca)
bind$ax25(r3, &(0x7f0000000280)={{0x3, @default, 0x5}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @bcast, @null]}, 0x48)
setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000100)={0x6, 0x810, 0x208, 0xe, 0x2, 0x3, 0x8, 0x9}, 0x20)
setsockopt$ax25_SO_BINDTODEVICE(r3, 0x101, 0x19, &(0x7f0000000240)=@bpq0, 0x10)
socket$can_bcm(0x1d, 0x2, 0x2)
unshare(0x22020400)
bind$bt_hci(0xffffffffffffffff, 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="09000000010001", 0x7)
socket$inet6_sctp(0xa, 0x801, 0x84)

7.404070772s ago: executing program 1 (id=826):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x4b, 0x89}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000003080)=@deltaction={0x6c, 0x31, 0x4, 0x70bd27, 0x25dfdbff, {}, [@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x13, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}, {0xc, 0x2, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}]}, @TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x16, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'sample\x00'}}]}, @TCA_ACT_TAB={0x20, 0x1, [{0x10, 0x16, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}, {0xc, 0x5, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7}}]}, @TCA_ACT_TAB={0x4}, @TCA_ACT_TAB={0x4}]}, 0x6c}, 0x1, 0x0, 0x0, 0x40408c0}, 0x20000084)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
r1 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x63)
write$P9_RLERRORu(r1, &(0x7f0000000100)=ANY=[], 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = syz_open_dev$sndpcmc(&(0x7f0000000ac0), 0x1, 0x8802)
ioctl$SNDRV_PCM_IOCTL_INFO(r3, 0x81204101, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={0x0, &(0x7f00000004c0)=[0x2], 0x0, 0x0, 0x1, 0x1}}, 0x40)
r4 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x63)
write$P9_RLERRORu(r4, &(0x7f0000000300)=ANY=[@ANYRESHEX], 0x10)
write$tcp_congestion(r4, &(0x7f00000005c0)='bbr\x00', 0x4)
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x10012, r4, 0x0)

7.310796166s ago: executing program 4 (id=827):
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x10010, 0xffffffffffffffff, 0xffffc000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, 0x0, 0x0)
r1 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r1, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10)
bind$tipc(r1, 0x0, 0x0)

7.261238858s ago: executing program 2 (id=828):
r0 = socket$kcm(0x11, 0x3, 0x0)
r1 = socket$unix(0x1, 0x5, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r3)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}}, 0x24}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdc01, {0x0, 0x0, 0x0, r5, {0x0, 0xd}, {0xffff, 0xb}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_CE_THRESHOLD={0x8, 0x7, 0xfffffff9}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000580)=@xdp={0x2c, 0x0, r6, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee162fd4b8bf4a31accb", 0xfdef}], 0x1}, 0x0)

5.776940339s ago: executing program 0 (id=829):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x0)
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000004080)=@newtfilter={0xe8c, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r5, {0x5, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0xe58, 0x2, [@TCA_MATCHALL_ACT={0xe54, 0x2, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{0x800, 0x2, 0x20000000, 0x10000, 0x40}, 0x8, 0x5}, [{0x7, 0x8, 0x2, 0x5, 0x2, 0x200}, {0xff, 0x7, 0x101, 0x8, 0x810, 0xffffffff}, {0x5, 0x8, 0xfff, 0x2, 0xffffffff, 0xb93}, {0x6, 0x4, 0x3, 0xfffffff3, 0x7, 0x6}, {0xd3d4, 0x2, 0x8, 0x6, 0x101, 0x10}, {0x9, 0x40, 0x6, 0x80000000, 0x6, 0x10001}, {0x4, 0x9, 0x100, 0xf9d8, 0x7, 0x2}, {0x5796, 0xffff, 0xd44b, 0x8, 0x1, 0x37a}, {0x6, 0x3, 0x1, 0x80000001, 0x3f, 0x10}, {0x4, 0x9e9b, 0x60, 0x7, 0x0, 0x1}, {0xffe00000, 0x1, 0x8000, 0x4, 0x3, 0x7}, {0x101, 0x9, 0x400, 0x3, 0x9, 0x3}, {0xce9, 0xfffffffb, 0x4, 0xae5e, 0x3ff, 0x2}, {0x3, 0x5, 0x6, 0x4, 0x197d, 0xfb56}, {0x2, 0xe42, 0xf3, 0x0, 0x6, 0x101}, {0x4, 0x5, 0x74d77b97, 0xfffffd8b, 0x0, 0x4}, {0x7fff, 0x5b, 0xb3a, 0x6, 0x2, 0xb5e}, {0x4c5be96a, 0x6, 0x2, 0x5, 0xd2a1, 0xbe47}, {0x6, 0x7, 0x9, 0x4, 0x3, 0x1}, {0x4, 0x8, 0x7, 0x4, 0x95, 0x3}, {0x6, 0x5, 0x2, 0x7fffffff, 0x8, 0xff}, {0x1, 0x71, 0x800000, 0xcf55, 0x3, 0x9}, {0x7933, 0x6e20, 0x6, 0x81, 0x2, 0x8}, {0xff, 0x8001, 0xff, 0x10001, 0x5, 0x5}, {0x6, 0x37, 0x0, 0x6, 0xed, 0x5}, {0xce, 0xae, 0x4, 0x2, 0x10000, 0x800}, {0x200, 0x5, 0x6, 0x5, 0x9, 0x9}, {0x8, 0xdd8, 0x8, 0x8, 0x5}, {0x9, 0x3, 0xa, 0x6, 0x9, 0x9}, {0x9, 0x4, 0x9d42, 0x4, 0x1, 0xfffffffb}, {0x8c, 0x6b8, 0x6, 0x2, 0x2, 0xfffffffe}, {0x3, 0x811, 0x9, 0x5, 0x4}, {0x3, 0x80000001, 0x400, 0x2, 0x0, 0x8001}, {0xfffffe01, 0x2, 0x8, 0x5, 0x8, 0x8}, {0x0, 0x22, 0x5, 0x3, 0x401, 0x5}, {0xa, 0x5, 0x101, 0x5, 0xfffffc01}, {0x4, 0x5, 0x0, 0x0, 0xdb, 0x3d04b554}, {0x5, 0x9, 0xfffffffa, 0x1, 0xfffffffc, 0x2}, {0x8, 0x7, 0x7, 0x99f, 0x9, 0x3}, {0x5, 0x252, 0x8000, 0xffff8001, 0xb, 0x900}, {0x4, 0x3, 0x3, 0x21, 0x7, 0x7}, {0xfffffffb, 0x8a1, 0x2, 0x7, 0x0, 0x4}, {0x0, 0x7fff, 0x2, 0xfffff399, 0x20000009, 0xe756}, {0xfff, 0xc, 0x4, 0x8, 0x2, 0xe}, {0x6, 0x4, 0x6, 0x1, 0x80, 0x980}, {0x23ae789, 0xc, 0x4, 0x7, 0x200, 0x4}, {0x5, 0xe, 0x2, 0x9, 0x0, 0xf3}, {0x0, 0x9, 0x2, 0x4, 0x3, 0x4}, {0x8, 0x4, 0x5, 0xfffffffd, 0x400, 0x7f}, {0x9, 0x80, 0x6e6b, 0x6, 0x203}, {0x371cf7fc, 0x7, 0x2, 0x1ff, 0xfffffffa, 0x6a97}, {0xd1, 0x6, 0x4, 0x7, 0x5a, 0x9}, {0x8, 0x7f, 0x7fffffff, 0x7f, 0x2, 0x8}, {0x7ff, 0x1, 0x3, 0x2, 0x9, 0x400}, {0x6, 0x1ff, 0x0, 0x9, 0x7, 0x4}, {0x4, 0x6, 0xfe, 0x100, 0xc6, 0x8}, {0x3, 0xfffffffd, 0xd, 0x6, 0xfffffffe, 0x1000}, {0x7, 0x2, 0x1, 0xd, 0xfffffffe, 0x3}, {0xfffffff9, 0x80000001, 0xe, 0x2, 0x200, 0x7}, {0x3, 0x0, 0xa820, 0x787e, 0x2, 0x2}, {0x8, 0x4, 0x5ae, 0x2, 0x8}, {0x5, 0x52, 0x8, 0x5, 0x10, 0x9}, {0x1, 0x7, 0x3, 0x280, 0x800, 0x6}, {0x10, 0x801, 0x0, 0x8, 0x3, 0xa}, {0xad, 0x8, 0x4, 0x5, 0x0, 0xfff}, {0x6, 0x6, 0x7fff, 0x0, 0xff, 0x7fffffff}, {0x8, 0x85e6, 0x3, 0x0, 0x10, 0xc}, {0x9, 0x78e3, 0x5, 0xbc27, 0x7, 0x9}, {0x6, 0x7, 0x2, 0xdb60, 0x3}, {0x80000001, 0x0, 0x3, 0x1, 0x81, 0xba}, {0x10001, 0xfff, 0x7, 0x0, 0x9, 0xc29}, {0x100, 0x2, 0x9, 0x7, 0x84e1, 0x3ff}, {0xdc, 0x8, 0xe, 0x7, 0x9}, {0x7, 0x5, 0x1, 0x80, 0x6, 0xff}, {0xd5e, 0x5, 0x0, 0x100, 0x0, 0x40000010}, {0x200, 0x2, 0x8000, 0x0, 0x6b, 0x4}, {0x0, 0x0, 0x9, 0x8, 0x100, 0x1000}, {0x4, 0x3ff, 0x0, 0x10000, 0x7, 0x7}, {0x6, 0x9, 0x1, 0x2001ff, 0x4, 0x1}, {0x4, 0xd38f, 0x6, 0x4, 0x170ddbc4, 0xe38}, {0x14a, 0x7, 0x0, 0x10001, 0x1, 0x2}, {0x9, 0x6, 0x1, 0x400, 0xffffffff, 0xfffffffc}, {0x7, 0x6, 0x3909, 0xffffffff, 0x1705, 0x7}, {0x3, 0x3b10fe2d, 0x4006, 0x5, 0x3, 0xffff7fff}, {0x9430, 0xb, 0x6, 0x2, 0x9, 0x5}, {0xa, 0xb1fb, 0x6, 0x6, 0xc5, 0x9}, {0x2a455dad, 0x5, 0x29, 0xfffffff9, 0x800, 0x7fff}, {0x3, 0x3, 0xee, 0x9, 0x6, 0x8}, {0x5ce, 0x3, 0x0, 0xb, 0x8, 0x99}, {0x2, 0x9, 0xf623, 0x7, 0xff, 0x8}, {0x101, 0x6, 0x80000000, 0x9, 0xfffff697, 0x8}, {0x9, 0x8, 0x7, 0x2, 0xa226, 0x9}, {0x8, 0x8, 0x3, 0xfffff246, 0xf, 0x2}, {0x3, 0xaf, 0x7ff, 0xe0, 0x0, 0x7cf}, {0x8, 0x7, 0x29af2cf0, 0x1, 0x7, 0x80000000}, {0x7fff, 0x9, 0x4b, 0xa4e}, {0xffffffff, 0x7, 0xb, 0x80000000, 0x0, 0x69}, {0x4, 0x7, 0x9, 0x4, 0x100, 0x5}, {0x6, 0x6, 0x2, 0x80000001, 0x6, 0x9}, {0x6, 0x401, 0x2, 0x2, 0x3, 0xb}, {0xd, 0x40, 0x3, 0xa, 0xffffffff, 0x1d1a}, {0xc0, 0x81, 0xb, 0x3, 0xea, 0x3}, {0xc, 0x2, 0x1, 0xa, 0x1, 0x2f4}, {0xf, 0x6, 0x9, 0x73e7, 0x1000, 0x4}, {0x6, 0x8000, 0x3ff, 0x8dcc, 0x4, 0x9}, {0x7, 0x12, 0x8, 0x8, 0x69, 0x9}, {0x7f, 0x7, 0x4, 0x0, 0x3, 0x2}, {0x6, 0x0, 0x7a, 0x5, 0x4, 0x1000}, {0xb06, 0xffffffff, 0x7ff, 0x400009, 0x0, 0x7bffffff}, {0x4, 0x7b, 0x3, 0x4, 0x0, 0xa7}, {0x81, 0x56c3, 0x1, 0xdda, 0x6, 0xb27d}, {0x4, 0x3, 0x401, 0xad, 0xcf5, 0xf8c}, {0x8, 0x1, 0x3, 0x40, 0x1, 0x4907}, {0x6, 0x4, 0x38, 0x4, 0x5, 0x6}, {0x7, 0x2, 0xf, 0x64, 0x1, 0x7}, {0x1, 0x2, 0x4010, 0xffffffad, 0x0, 0x751e}, {0xfff0, 0x2, 0x4, 0x3, 0x3, 0x5}, {0x5, 0x7, 0x8, 0x1, 0x5, 0xfff}, {0x4fb, 0x0, 0x0, 0x7ff, 0x4, 0x5}, {0xf455, 0x3, 0x7fff, 0x59ed, 0xb4e9, 0xe4}, {0x7, 0x2, 0xe, 0x0, 0x3da78e9c, 0x8000}, {0x2, 0x0, 0x400, 0x765, 0x7f, 0x7}, {0x5, 0x7, 0x5, 0x8, 0x8, 0x7}, {0x10, 0x3, 0x9, 0x5, 0x8, 0x2}, {0x6a, 0x200, 0x81, 0xffffffff, 0x4, 0x200}, {0x3, 0x8007, 0x3, 0x4a, 0x6, 0x1}, {0x0, 0x2, 0x7, 0x616, 0x5, 0x4}, {0x6, 0xb25b, 0x3, 0x0, 0x6, 0xb}], [{0x4, 0x1}, {0x5}, {0x4}, {}, {0x5, 0x1}, {}, {0x0, 0x1}, {0x5, 0x1}, {0x6}, {0x0, 0x1}, {0x2}, {0x4}, {0x5}, {0x4, 0x1}, {0x1, 0x1}, {0x1, 0x1}, {0x1}, {0x2}, {0x4}, {0x1}, {0x0, 0x1}, {0x5}, {0x5, 0x1}, {0x5}, {0x2, 0x1}, {0x0, 0x1}, {}, {0x5}, {0x4}, {0x3, 0x1}, {}, {0x4, 0x1}, {0x4, 0x1}, {}, {0x5}, {0x5, 0x1}, {0x0, 0x1}, {0x0, 0x1}, {0x5, 0x1}, {0x4, 0x1}, {}, {0x3, 0x1}, {0x1, 0x1}, {0x1}, {}, {0x5}, {0x3}, {0xd}, {0x0, 0x338f50ad6d91f11}, {0x1, 0x1}, {0x5, 0x1}, {0x0, 0x1}, {0x4}, {}, {0x4}, {0x3}, {0x1, 0x1}, {0x4}, {0x5}, {0x4, 0x1}, {0x5, 0x1}, {}, {0x1}, {0x3, 0x1}, {0x0, 0x1}, {0x1}, {0x0, 0x1}, {0x5, 0x1}, {0x4}, {0x4, 0x1}, {0x2, 0x1}, {0x1, 0x1}, {0x2, 0x1}, {0x3}, {0x1, 0x1}, {0x3, 0x1}, {0x1, 0x1}, {0x3, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {0x4}, {0x1}, {0x4}, {0x3}, {}, {0x5, 0x1}, {0x2, 0x1}, {}, {0x1, 0x1}, {0x3}, {0x3, 0x1}, {0x5, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x1}, {0x6, 0x1}, {0x5}, {0x3}, {0x1, 0x1}, {0x1, 0x1}, {0x3}, {0x3, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x3}, {0x5, 0x1}, {0x3}, {0x3}, {0x3}, {0x4}, {0x5, 0x1}, {0x3}, {0x0, 0x1}, {0x2, 0x1}, {0x3}, {0x5}, {0x5, 0x1}, {0x2, 0x1}, {0x3}, {0x3, 0x1}, {0x4}, {0x4}, {0x5}, {0x5, 0x1}, {0x2}, {0x2, 0x1}, {0x1, 0x1}, {0x4}]}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}}]}, 0xe8c}, 0x1, 0x0, 0x0, 0x10}, 0x0)

5.731181361s ago: executing program 4 (id=830):
r0 = socket$kcm(0x11, 0x3, 0x0)
r1 = socket$unix(0x1, 0x5, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r3)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}}, 0x24}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000580)=@xdp={0x2c, 0x0, r6, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee162fd4b8bf4a31accb", 0xfdef}], 0x1}, 0x0)

5.542595267s ago: executing program 3 (id=831):
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x10010, 0xffffffffffffffff, 0xffffc000)
sendmmsg(0xffffffffffffffff, &(0x7f0000000500)=[{{&(0x7f0000000380)=@l2tp6={0xa, 0x0, 0x7080000, @private2={0xfc, 0x2, '\x00', 0xfe}, 0x4, 0x1}, 0x80, 0x0, 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='(\x00\x00\x00\x00\x00\x00\x00)\x00'], 0x28}}], 0x1, 0x4000000)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f000000e0c0)=""/102400, 0x19000)
r1 = socket$kcm(0x29, 0x2, 0x0)
close(r1)

5.413809882s ago: executing program 1 (id=832):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x208205, &(0x7f0000000280)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x1000000}}, {@errors_remount}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x800000}}, {@lazytime}]}, 0x81, 0x63d, &(0x7f0000000600)="$eJzs3c9rHNcdAPDvzGplyVYruxRTm5YKerChWD9cU7c92b7UB0Nd6kMpPVi1JFd4ZQtLhto1RIYcHEgghFxD8CX/QO7B5OpbCCS55RxwQnDIwQneMLM78rI/pEXW7srezwdGevNmdt/77tPbebOjtxPA0JrKfqQRRyLichIx2bBtImobp+r7Pfn27pVsSaJa/cc3SST1vGL/Z/XfB7IfScRYRHxyLuIXpdZy127fuTZfqda8FjGzvrI6s3b7zonllfmri1cXr8+d/NOp07N/njs1tytxFnGdv/C3X7/1+n//uPRp5UQSZ+JS+f8L0RTHbpmKqXhWD7ExfyQiTmeJNq/Ly6YIIRlwPdiZUv3vsRwRh2MySrFvc9tkLL850MoBPVUtRVSBIZVs9v/yYCsC9FkxDijO7XtxHryXjZyNiKePIlriH6l9NhJj+bnR/idJfp5UyM53D+5C+VkZP949+l62RIfPIUZ2oZxONu5FxK/atX+S1+1g/ilOFn8aacPjsvRsRIzWX4t0h+VPNa33+++vOf6/j3SOv7EdsnjP1H9n+ee2L+p+u8xBxw/AcHp4tn4g38jWnh//s5FhMf6JNuOfiTbHrp0Y9PHv8dnaAbx1/FMc78fyz8jTpnFYNua52P4py80ZX75x/p1O5TeO/7IlK78YC/bD43sRR5viv58P5pLN9k/atH+2y+Uuy/jrZ1+f77Rt0PFXH0Qca3v+8/yKVpaaWV9ZLfKark/OLC1XFmdrP9uW8dGjf3/QqfxBx5+1f3SIf6v2z/JWuyzjw4sPVjptm9g2/vSr0eRSnhqt5/xvfn395lzEaHKhvktD/snNB7Z9eyr2KZ4ji//479r3/y3izxt6o8v4V/957Ukt1XqVtOv2b3lXyT2rdlmHTrL4F3bY/m93Wcb3/7r1m6as8SKxVfzjrU+VdPuaAwAAAAAAwDBK82uwSTq9mU7T6enaHN5fxv60cmNt/fdLN25dX4g4nv8/ZDktrnRP1taTbH2u/v+wxfrJpvU/RMShiHi3NJ6vT1+5UVkYdPAAAAAAAAAAAAAAAAAAAACwRxyoz/8v7lP9Xak2/78r64d7XDug53p5gzlgb9P/YXjl/b+bO7j+p/d1AfrL8R+Gl/4Pw0v/h+Gl/8Pwau7/3g9geOjvMLz0fxhe+j8AAAAAvJIO/fbhF0lEbPxlPF8yo/Vt5YHWDOi1xj4+1tUjpnpWF6C/uuvzLUq7XQ+g/zYv/Xcz/R94pXR1jv+0/uWAva8OMABJu8x8cFDduvM/bPtIAAAAAAAAAAAAAKAHjh0x/x+GVRofD7oKwIC8wER+3wEALzlf/Q/Dyzk+sN0s/o7fE2b+PwAAAAAAAAAAAAD0zUS+JOl0/RagE5Gm09MRP4uIg1FOlpYri7MR8fOI+LxU3petzw260gAAAAAAAAAAAAAAAAAAAPCKWbt959p8pbJ4szHxQ0tOjxPF3cW62blDnV8kUdwFtZ8hd5uIpP+FjkfEXoi9N4mRhpwkYiNr+T1RsZtrsSeqkebVGOCbEgAAAAAAAAAAAAAAAAAADKmGucftHX2/zzUCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP57fv//nSeSbZ5n0DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC+nnwIAAP///jAzVw==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
setsockopt(r3, 0x84, 0x82, &(0x7f00000004c0)="36b5a7067df289c36052d32e9266b51ad87c219955103b76ffdeac2fe3d71286eff7892630b006cf7a50adab8ef86d9a74d30d13a5a320fcad350416c64446d1", 0x40)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0)

4.704831626s ago: executing program 2 (id=833):
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x10010, 0xffffffffffffffff, 0xffffc000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f0000000500)=[{{&(0x7f0000000380)=@l2tp6={0xa, 0x0, 0x7080000, @private2={0xfc, 0x2, '\x00', 0xfe}, 0x4, 0x1}, 0x80, 0x0, 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='(\x00\x00\x00\x00\x00\x00\x00)\x00'], 0x28}}], 0x1, 0x4000000)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f000000e0c0)=""/102400, 0x19000)
socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r1, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
socket$tipc(0x1e, 0x5, 0x0)
close(0xffffffffffffffff)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000140)={0x42, 0x3}, 0x10)

4.634987918s ago: executing program 0 (id=834):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000001900)=ANY=[], 0x0, 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r4, 0x2285, 0x0)
r5 = fcntl$dupfd(r4, 0x0, r4)
write$sndseq(r5, &(0x7f0000000180)=[{0x0, 0x47, 0xd, 0x0, @tick, {0x40, 0xff}, {0x10, 0x9}, @note={0xa, 0x8, 0xb0, 0x9, 0x3}}, {0x0, 0x0, 0x0, 0x0, @tick=0x46f, {0x8}, {0x80, 0x1}, @connect={{0x40, 0x7}, {0x80, 0xf6}}}], 0x38)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
listen(r6, 0x2)
close_range(r3, 0xffffffffffffffff, 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000040)={0x13, 0x65, 0xffff, 0xff, 0x6, '9P2000'}, 0x13)
r7 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r7, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000000314770026bd7000fbdbdf2509000200f3797a3200000000080041007369770014003300776c616e3100"/56], 0x38}, 0x1, 0x0, 0x0, 0x48049}, 0x800)

4.407383037s ago: executing program 1 (id=835):
syz_mount_image$hfs(&(0x7f0000002c80), &(0x7f00000000c0)='./file0\x00', 0x4490, &(0x7f0000002cc0)=ANY=[], 0xfd, 0x2b2, &(0x7f0000000440)="$eJzs3U9rE08cx/HPbLbN/trS39pWBOmpWvAk/XMRL4L0GXjxJGoToRgqaAX1VD2LD8B7noIPwKMn8Sz01pMPoJ4i8yfNZrubNMGwbXy/oGFj5jv7ncxsZiYSVgD+Wfd3jtrbx/bPSDXVJN2VIkmJFEu6qmvJ6/2DvYNWszGoopqLsH9GPtKcKbO731R4MSvJ/WNqn8VaOFMQf13yU4er81VngaqZoutV7pOgHq5O+9ngr9UpcFh1AhUzJzrRGy1WnQcAoFrGz+9RmOcXJNlVYRRJ62Ha9/N/d5VwySfQk6oTmLCvQ17PzP9ul9Uxtn//dy/19nuus2PNhKD29vE4uczKj6xaXwLDdpUul+i/Z3ut5u3dF61GpA+6F8z0iq24x4Yful1HbeP2tPb4/dmq18Ja95z7y6N2clrbaNzGKpqxbdjK5p8pslx8xu0xzzic+Wa+m0cm1Wc1Ttd/ccfYbnI9leZ6yue/UV6ja+WsXKmSVl5xJ7kezhAMbGVNuTSyZkOdfR2YluQZ90Ut5aJ86zbLW+eilgujtoZEreSjeqO5PHLSzCfz0Kzpl75oJ7P+j+y7va7zXJm2jCsZRsbA9sSuZOqmmDB3HK4WlozGbRHG8FFPdUeLr96+e/6k1Wq+nNoDeyWOHGVH60VIfkIH3UFwUfKZ2gP7Jldy9u68M3495R8dfC0/PXqdPmIgg2Ba2HWX8fu/zH5lwy3W7EPav06vZ2M7wyrP1LhZsjdYco9z+R1cyd7AuK8e5ov/t0Jle67fHc8XcXuuG7ekm+c5o5eGPC+e0/eyPkKQ2dEPPeb7fwAAAAAAAAAAAAAAAAAAgMtmhB8GzA0uk5T+YKbqNgIAAAAAAAAAAAAAAAAAAAAAcNkV3P+3Pun7/+b13f/3gfwz7v8LTNyfAAAA///AXngC")
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040))
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
write$UHID_INPUT(r0, &(0x7f0000010140)={0x8, {"7f9654d636ab18b7938a2804505c72e9994ca22404fc203334cc21ed3d6a776fd12d13f9602b2980f983c31a5d1e431db778099ce3af3fb20e1ee1f4fdb77cbb36154982a93c19825d6fd273ab1eb5bcd47adad50de8a6791486e482e29ecc94284921f33b941cfc1000c9781d9a828c5ec7a2c77b4e624a5aa0e9e39782bad733eda81ba47e1c6116e4170e6587dd6210a57abe91f1f80c4e31139d8b73fe35ac1f99ea82dd6aa9c9aa67de88ae3e141020e1a876bbc449d2d843aa7e6d90b948b7e28770e6ac71010c63f17e90fd20806a9f8d9f418ee3af74aac64b04a27c4f5e3626ca2da546c79d24acadd11e8d272a22fc54078fd5e64475993668980a9f95aff964dee674356af492b8377a759d8ccf1accb9a18ef7ad16f438dde69cd020d71552b0810688c882a26a22b23f4b35471b08b379193db1cd7934a4049ff1b00d9795cda6e73951641d5e2365c24facd5afd09ed1d096d758b4fef66fe1aa22395d67b7e1db623d4a60a7dc93893d6c4a91df79535a855868c5dc0033d5c428cd25b85c5deb6e81068553bc84cead4d1eba8aa57e2b354a6899e44acbd3834491219b3e231cd55d82f161774a689efe197cc193ac0124c67738a0a1d5f16a6768c2c2ba7386c8c95ca08c55117f344f5a2bca0d09e79ea3fc49491f2c7adc513c2779c1bf62b1a8643d23e9e8b2ae41d4a59f1b82b82e092b36eb851b8456da871b4057aec325a9d4cccafde61f2abc85e3cabeabb856f6ffbfe23d69219ec8fae6beb54abe7870dbae823d49806a967a1c7f252999804f106745f20490bb3347b59321dc69765567abcbd89de04d89622170005df5871ed0fb72345a11da074060d7d4ee2e437f71a45723fb6b02de56067e54f54c52d10f7874a13cbfb3bd65ce54f9d6719ea210e0cf79e4e2157736ec07ac5915682ab81bced665c1e72fab8d8cfe509de0f21fe374b957b379fd5918061e21c2e96985cc1354b2de859b0f1a463ab04683b1253eda671c2353b5c208aca652f5419ffc4949a7fa909b95653f42d97390c400b4a1c308b11e73e9a06d3b164d3361e75584d70e6bc61d570a7e0c7da330f643194c1893fcd6489fac605eead61b53dff18caf526ecccc9bbd9146bc3c3bb67677695e6fddaab081786e9084014e60f5c03ae5a9087726b05e17402cd2fbb80d773b8a41470b1f901a8c2b2d57450181f4fc5bc53c7cb3dc032b84567492607cb08832eca9f79da9210d197863e5db5a74a9823dc0cc8bd9f3a9b6ff5a7d15d4747a9b26e088f4fad96d81cd1214226b1c4585d418d593220fcbb9ad949266cc48163e3498b46ebcdf7b2b5ecfe67539a61ed9e39b02d5b35ac0d0e7fa830034ca2da8a7ddf04bcf2cee939994369feb77023e0e3de04b21db7a640a92c17748245005cd75a7deba4ff0e4c104a9db2d9a98ec8edb3562050a3bac5f322290e3d8b6fb21770ac436d4cb12b97fc8f76d7bb9eeed85663eb0626f1ad1719ee4b07f7de2c1d1a31c27c6879f4fa3dbdfb2bfc0898beabafbeca9f13050e6b2f6c432e423cd5cb6b8fa56fe32c3e50104e44462c0a5c69de6a7ac5ae3d9f07ceed64dbffa42e4663838bfcde92f0fcb895f3b93c59b0e48c09890dfc36436db56b708f6e7cbbd2a6305f573cee099dbcd263cb96d9fb69cbc3cb06d8f5e3789698a17e71d22b4665ff5447fcc17a31bb136c8bb4b984573bcaf1cb650198c1266e6ddfd42d44f9de02cb9d915c5334c550fac3fcee56790aeb09d81e7690a32d8b0cc477b23f15257820de227be1ffaec2f63f3266b8f5dd78947dcee355fe59bfb100e5244425532bb1d115acd211b8c16b0ec0aae00fca5d4511a05c3ff027a1cac56210a10d81c01b90e156cc7b33de0fac825dc516d398166096013e068db935483c93ba95da39b5ae4087d84479a4c4809f28f93790dc279637bd6f3dc441d315cf6bd7b0e3d92070a45baf4445ce063fd12690eb002f5ca068a256bc54100c99a02a346beca39072163c4b297d117f1ed9fef42e3dbc11d36a0a0db52e84461c6fbb4aad62cd6c8dc9ae6a3390a5e8773ac599e67436220c8d541a9039762bffaa7f490e31dddbc362fb4ff686cda905f3b02a1db76d4d570d970434921ca8a4765af6d5c8b881e1f4ffa7e2d9ef5f5511b94f88474674ec790bb5186c73446a227bf1ffd19b605733abd1bd41e421aeaf2ed4617088c7ceef85451225056435993e89e4bccd2c2e4b39af99feef11fea645eeb5cf9f77b1e19a72d3efb613100969b84302789714bca65bcbc96762b4012a5700c62aed706433b9f142b7302442b6a9958b0e28e8b1cfa9eeb4ac0d71f497b23babf9f0221dcb658d9f4db5d45bee30d2ad7c97d6a562e014a7701c15325ec5d42ab732b37714a77a95c03fb15bbfba6fade32bf50f985a1df362ca7216cc152907dd931acb58a63920f581e82b590c0d6a0033009f8e50c3263d3f58596b63d507cadbc809a6690561f74d0772bf92d04e06c47a350724b106f5e83f7e71c4b2a983bf5ad7d8684e7b8b5dc1273d0fa5879b8e61bde33d602bc8ff0913b6d32dcac366d568dc7cf82bbfc405cbe418a2644c26592b32ca1a632fc95123efb784cfb6953a94ebeccd24fba389a0e56b043df07d9a2dd38a1196e5e55576b25f85cb96f6560802a4a58b7a6857e8454faa2c880bf32d464562b2bdc5f0df22b663f2c01fc944f1cfd1908f617f8295a5440bb79ae178ea46a95baeea48322105146ac3ed2de7d3796ddddcc848a8ecf4a00dd055733b4f59211f5a40deea44e74b3bc57953b26ed61e6fd67889edfe8d0902385e37666aacec072735630ecc441c3cc6b09bb2f63aa4e332c6df728dc74078a83ce20454dfd616d116270666ddc09c5fea2e8442bc43455d0257fac92f3780061178f9420bf8e463f29896c12383dbb9a81bc5c87376e647c8a7986cb514fb9696d9c0a8d303c5c4b5b7c5f601c01fa19323e02f675c371bc44fbc1ac5704d41a89a2a4ccec6ac8440c532f07da25aa2dce6a5d2ebe694eb4017d178b221213bfe2a01d9cfe689bd190776bca6c032f446eb8862587a7826e35f3f691763212eee6af2e49bbeb0a27e07c5714b74e373798c7bebce265f7ebef3a1ea64078cf1e8a9d433af32c53090c972ffedbadafb50b9a6e540abd84f8e938583ea725954be3b236c5d8aca7d486d21902a2902f25a7c02dbe83c39bd0b81513f9ef198c49d560e930ae224ff47f92e4851e1f7ab5bb406abcf6596569261e6b0c67bb3b854e9c6de60bfb60fcf29241ff237151310ecd19f8b2cfe764c1df1a2de9d840eca47aa169ba9a415901204ec31ccdfd76e908029ae34fb12dc286758c64fd6d42bc82b14e07e421f4b42b180cd6ef40cac8062928b4a420a4577f24295f54de9048ac9d34307bf93e463cea4967cf4880166f68ed1eb965db2e4fb9f5f0b1c695d621e427ccb9a3188073ee6fde729c6698346efa1c0ba643c1efd20858965511da750060d551c44c435a5f1603fae7357e0bc78e92aad3d88790ec2aa1a42d6fe7e0ffc57f3599e406db63be7dd32692df32ce33dee0a2becdb02d6e435e09de3d356497543db23f53da25643f9c585e275297800d8beed47f0e622f86fc25d2e87036fdceebfe7257cb6de0c02412d1c0758acfcd0862e99ad17a118f46f635a87477e8b825423d94ada35bf0b5444aa7d3de4bb7eec7ae5129fcc2cba651cc972f5500fc5161149d29f452962afb102a01ae76825cb4477460be0b85d75058595c27e9b7fae3492ec3925c671bee5f4ca534d5a294f783d6cc073c992139b61d21fd98297b04c0578dafd5f7ebcaf8d4d9185aea3d76e813421f4573b38c25093c015a65e44fb297f0f6ac2d02c4237b37a3bfca2406c5c95ae5812816bacad59ba7c6f72d7c644ff25b592ed1e89b276e05866c01a4ced7fc6dd9f190c20d420d7c8a1fe908833a24c5e5bd7a95a2a6fbf147fc4b29a179718166dd0fbae2fc6b8c8aac6194fa6baf0d3edc36b2316c56c441ba53e3e7aaaf0a1405566ff584f73a637b74dde9bcb4d41da2be6c9df5d533fbac54f5fb52a8a793757cfe19aa90048c6d07e3474136ae1be2455b0d0d02eb4b5961ba883209355c0dd2af4aad98e7b971e358a7d9b55fe17cd6095f257355d9b99e5ea52848f17b35a80792d9ed0fef6fe3eef9a324902409969823be20bbe0e8dba9c747cd1a14d3642d877b86271f3f0c322a142c4ff635b37d542c3265b5fe8589a732bb1a55010b930dd0196cd43ac3634c01b4a44c517197d03a3d89c67f5c09aab409e84c0af466bfbd0c96d240101a2542c66b4b4b8ef65b41b0079995c52cc9720d2c1d7c128c6f17a65cc798c1986cfbd8888460c54438edc4f91f3580391c8b57d9aee209a59a116c1c44775437e9c30e6d87e82ce84e28532b19441e32ab9aea22177bac9daad25a6c88395e9348d6780de630cddb266c411011175bdb6255a36535180818447d43ffba3758d311539fe9f6811fa470bf3767b4c2d4cdf37854c7ee28730bb1d39d5c0dfffcdbf353cca3e13079f3ae66b839c7dd36914022a0e75bca5b622f521420b73249ef47f03c1fb03ecf7557882afcaa7cf454a68ad237d4ce860bd6b1531c1cafe2cfb76bc4188271ef6bdfb304ee0e6932463a1909f03d6e8a27b5f137d6b342841d613863dfdf37d5ec3a98d667810fb6f82d67620bdefed8b3ff98420a6c7ee577c3ba68b95a20403608a7ba6526ec9e8662c6e15ab09b1a9019d4958af04cb2e4890ee6b1077fcaa5cc0817f388461b230fe631e75f18ab392a5ca5de4a024ca16dd05fcfdf92114e43a5c4a169d462ff0dba57deeaf5eaafd892f8ccbd72ac56471162e1416bca39859b4184ba0d1b3f7ec05db4ef4cf0142867fa9be328a0be8aa74c716aad9411008607980861f4f72e9bfa60195e2f939d3f6a44a6cec07dd376d1bccaa126686f313d5f7918ecd1215026982c82ed1922ef70e36e8ed59b2d5ceab3b4aad7e53049062dd5ba0e87f7005c3f4d2b788245cdc2f35ef2572bea5ea92dfad406ade6d5ad18be8eeb4c652e5277b244645c68c0c0f5a68d42e00d59b75941917b2cdf31fdf809f2078ca97fd5beba65b34e0621138ea0e94feb87166b2dac2232ebca575e5c0a4d565d9992f733bbfbe68a63d99ee93398604065d5517c33ed0e067bdb643e73102f16137afd7d4bf21e8065ea028c392a6dcefbe642dc3fb03a239d9c8b17023eacc8e19fea11c34a10644af1b786fc0f4504038c2ee59c1b353f3d7b9313df025b4b5874ca63ec164a3fe35bf390d266f53dcda6a8e190e63a56ffdf4f7c5c02aa22d376db06d4d2b96be5b331f897d1ecfd25c13a1c194c265dd95a5724a6435bc8138224d9db28b689b9cea5132cd19601dbc4a43e70c71e27e8fd0689d09484974e8a4605f8553735fffaf5654a087e323ca14e02b681b9bbe592bd6b719ae2e86bdf918b27c79d52dd334d1aa7ebc1bff76e97572faad092010a1022f7d33089049107a89c364ae7dd022d119e8f6ab795fd71d76a90e8202339401ff9e9918ea8c8e12f7b0ba10d9ebde5d1bc5988f2d07b34579d8c282628204f2978d8b0cf95dc41f3775a4053f833267c64b42336d7c850f2918ef0dd6d62e43fcc173254eb34748efd4754609ce25afd648ee5a8fc5c64346603f8258592d67b9613e8f7ac0def0958f13436581d729e0b3e062738eb06b2116abe837529690a614fc5d3f53b4d4602e5706000", 0x1000}}, 0x1006)

4.406586957s ago: executing program 4 (id=836):
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0xa00008, &(0x7f0000000140)={[{@min_batch_time={'min_batch_time', 0x3d, 0x2d}}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@noblock_validity}]}, 0x1, 0x7ad, &(0x7f00000007c0)="$eJzs3c9rG1ceAPDvyD/jZNdeWNjNngwLu4YQeZ31JruwsFn2sBQaCLTnJEZWTGrZCpYcYmNIQin00kNLD4XmknPTprdc++PaXvo39FAS0tYJTemhuIw0SmRbcpzEklL8+cBY782M9N533sybZ82gCWDfGk//5CIORwykydFsfhLZjOiPOFlf7+H6WiGdktjYeOW7pLbOg/W1QjS9J3Uwy/wxIj57I+JIbnu5lZXV+ZlSqbiU5SerCxcnKyurRy8szMwV54qLx6emp4+d+MeJ43sX6w9frh66+/b///rRyZ9e/8Ottz5P4mQcypY1x7FXxmM82yYD6Sbc5H97XViPJb2uAM8kPTT76kd5HI7R6NuhJf/T1ZoBAJ1yJSI2AIB9JnH+B4B9pvE9wIP1tUJjivr1nKs9/WKiS+79NyKG6/E3rm/Wl/TXr9l9NVy7DjryIKldI2lIImJsD8ofj4jrt8/cTKfo0HVIgFauXouIc2PjW/v/tIfbes/C0/rbLtYZ35LX/0H3fJKOf/65ffwXkcuO/+Ha363jn6EWx+6zePLxn7uzKTuwB4U2Scd//266t+1hU/yZsb4s95vamG8gOX+hVEz7tt9GxEQMDKX5qR3KmLj/8/12y5rHf9+/89oHafnp6+M1cnf6hza/Z3amOvM8MTe7dy3iT/2t4k8etX/SZvx7epdlvPSvN99vtyyNP423MW2Pv7M2bkT8pWX7P74PKtnx/sTJ2u4w2dgpWvj46/dG2pXf3P7Xb6clrRUa/wt0Q9r+IzvHP5Y0369Zefoyvrgx+mm7ZZvjP3MzLX9z/K33/8Hk1Vp6MJt3eaZaXZqKGExe3j7/2OP3NvKN9dP4J/7c+vjfaf9Pu6FzWXrjCTc/9t/99sNnj7+z0vhn0/ZPsiCe2P5Pn7j1cL6vXfm7a//pWmoim7O9/+vf9rm7reBzbTwAAAAAAAAAAAAAAAAAAAAAAAAA2KVcRByKJJd/lM7l8vn6M7x/HyO5UrlSPXK+vLw4G7VnZY/FQK7xU5ejTb+HOpX9Hn4jf2xL/u8R8buIeHfoQC2fL5RLs70OHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyB9s8/z/1zVCvawcAdMxwrysAAHSd8z8A7D9tzv+DrWcf6GhdAIDuqJ3/k/5eVwMA6CLf/wPA/uP8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQIedPnUqnTZ+XF8rpPnZSyvL8+VLR2eLlfn8wnIhXygvXczPlctzpWK+UF5o+0FX6y+lcvnidCwuX56sFivVycrK6tmF8vJi9eyFhZm54tniQNciAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDdq6yszs+USsUliZ0TV16IalzLmq3XW0PihUgMRUSnimjuJQ70pnMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+BX4JQAA//9qsh/Y")
bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x15)
socket$netlink(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000140), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet6_icmp(0xa, 0x2, 0x3a)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)

4.384678197s ago: executing program 3 (id=837):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x40, 0x0)
close(r2)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xe}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x5, 0x7, 0xb3}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000940)=@newqdisc={0x838, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xffffbddc, {0x0, 0x0, 0x0, r5, {0x10}, {}, {0xe, 0xfff2}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x80c, 0x2, [@TCA_TBF_PTAB={0x404, 0x3, [0x3a8, 0xa, 0x1, 0xfffffff0, 0x200, 0xa, 0x6, 0x1, 0x40, 0x1, 0x140, 0xfff, 0x4, 0x6, 0x7000, 0x8, 0x7569, 0x9, 0x779e8886, 0xc00, 0x1, 0x2, 0xff, 0x0, 0x3, 0xffffffde, 0x3ff, 0x3, 0x4, 0x9, 0x80000001, 0x1, 0x7, 0x4, 0xbd, 0x8, 0x9cc3, 0xce4b, 0xb, 0x1, 0x5, 0xf, 0x401, 0x8, 0x401, 0x1000, 0xf391, 0xadd, 0xb7, 0x97e, 0x8001, 0x401, 0x9, 0xa6d, 0xfff, 0x3, 0xfff, 0x0, 0x9f, 0xa1, 0x7fff, 0xfffffff4, 0x603b654e, 0x101, 0x10000, 0x2, 0x8, 0x5, 0x0, 0x5, 0x9, 0x9, 0x4, 0x3, 0x2, 0x1, 0x80000001, 0xec, 0x9, 0xe76, 0x3, 0x4, 0x400000, 0x9de1, 0xfff, 0xb41, 0x1ff, 0x3, 0x1000, 0x8, 0x7, 0x0, 0x4, 0x38, 0xb, 0x101, 0xdd0, 0x4aaa, 0x6, 0x5, 0x2, 0x4, 0x3, 0x5, 0x8b3, 0x3, 0x1, 0x5, 0x80000001, 0x5, 0x7, 0xb5, 0x7, 0xff, 0x3, 0x4, 0x7, 0x9, 0x8, 0x8, 0x0, 0xcc1a, 0x4, 0x0, 0x7, 0x10001, 0x80000001, 0x9, 0x200, 0x2, 0x7, 0x3, 0xd5e, 0x3ff, 0xc87b, 0x2f, 0x1, 0x1, 0xffffff83, 0x4d0, 0x0, 0x1000, 0x3, 0x0, 0x7f, 0x7, 0x1, 0x7ff, 0x1, 0xe6, 0x2, 0x4, 0xfff, 0x3, 0xfffffffd, 0x4, 0xfffffffe, 0xfffffff8, 0x3d, 0x10000, 0x0, 0x0, 0x8, 0x5, 0x100000, 0x7, 0x6, 0x2, 0x5, 0x4, 0x200, 0xffff, 0x3, 0x5, 0x5, 0xfffffff9, 0x6, 0x4, 0x2, 0xb291, 0xc, 0x0, 0x7ff, 0x1, 0x6, 0x6, 0x0, 0x2, 0x3ff, 0x9, 0x5, 0x9, 0x8, 0x4, 0xe, 0x0, 0x7, 0x1, 0x0, 0x2e04, 0xe0bf, 0x80000001, 0xfffffff9, 0x9, 0x3, 0x4, 0x8, 0xf, 0x6, 0x5, 0x8, 0x2, 0x8000, 0x3, 0xb8000000, 0x1649445e, 0x8, 0xffffffd4, 0x7ff, 0x6, 0x65d, 0xb, 0x3, 0x80000000, 0x4242, 0x8, 0x0, 0x9, 0x6, 0x8, 0xffff, 0xffffffff, 0x894, 0xd, 0x4e3c, 0x5, 0x0, 0xfffffff9, 0x8, 0x4, 0x1, 0x3, 0x1, 0x0, 0x9, 0x0, 0x8, 0x3, 0x10001, 0x3, 0x7, 0x7f, 0xa, 0x4, 0x7, 0xafd9]}, @TCA_TBF_RTAB={0x404, 0x2, [0x9, 0x7, 0xb, 0x7fff, 0x5, 0x4, 0x5, 0xfffffff8, 0x0, 0x36, 0x3410, 0xb, 0x6, 0x9, 0x7, 0x6, 0xfffffffb, 0x4, 0x400, 0x3b080, 0xf9bc, 0x7ff, 0xe2, 0x4, 0x10, 0x7, 0x6fb2, 0x9565, 0x4, 0x2, 0xfff, 0x9, 0x9, 0x0, 0x7, 0x7, 0x7, 0x4, 0x6, 0x6, 0x401, 0xb, 0x40, 0xffffffff, 0x8, 0xcc, 0x8, 0x853c, 0x0, 0x2, 0xd698, 0x1000, 0x304, 0x94ab, 0x7fffffff, 0x63d5, 0x9, 0x4, 0x5, 0x986, 0x7fffffff, 0x6, 0x9, 0x5, 0x10001, 0x81, 0x101, 0x9, 0x5, 0x2, 0x14, 0x4, 0x3, 0x1c000, 0x3, 0x6, 0xb2, 0x55, 0x400, 0x2, 0x401, 0x2, 0x1cb, 0x8001, 0xffff, 0x7, 0x6, 0x4, 0x8, 0x0, 0x10001, 0x40, 0x3, 0x8, 0x7ff, 0x4, 0x9, 0xfffffffc, 0xd, 0x40, 0x5, 0x3, 0x7fff, 0x4, 0x100005, 0x100, 0x8, 0x3ce, 0x2, 0x8, 0xffffffff, 0x4c, 0xffffffff, 0x0, 0xfff, 0xf, 0xd, 0x1000, 0x6, 0x3, 0xaee4, 0xffff30bd, 0x5, 0x4, 0x3, 0x3, 0x2, 0x1, 0x80000000, 0x5, 0x3ff, 0x3, 0x4, 0x6, 0xf71f, 0x4, 0x6, 0x3, 0xc, 0x62a, 0x8000, 0x2ff, 0x219, 0x43f, 0x1, 0x5, 0x3, 0x7, 0x8, 0xfffffffb, 0xa327, 0x10000, 0x7f, 0x7, 0x6, 0x6, 0x1000, 0x9, 0x9, 0x1, 0xb, 0x7, 0x6, 0x38b62e7e, 0xb3e, 0x2, 0x0, 0x120000, 0x4, 0x3ff, 0x6, 0x1000, 0x9, 0x6, 0x0, 0x7, 0x5, 0x8000, 0x100, 0x6, 0x12c3c0, 0x6, 0x7f, 0x200, 0x800, 0x5, 0xfffffff7, 0xef21, 0x4, 0x0, 0x2fb5, 0x56b0, 0x6, 0x6, 0xa175, 0x9, 0x0, 0x8, 0x2, 0x0, 0x3, 0x4, 0x1, 0xb, 0x1, 0x4, 0xb, 0x9, 0xa60, 0xa44, 0x7, 0x2, 0x7, 0x4665, 0x0, 0xbac3, 0x7, 0x0, 0x8001, 0xcd, 0x1, 0x9, 0xa, 0xad722e4, 0xa30, 0x1, 0x6, 0x8, 0x1, 0x8, 0x7, 0x3, 0x8, 0x3, 0x9e, 0x0, 0x954, 0x8001, 0xffff0001, 0x7ff, 0x8, 0xffffffc0, 0x8, 0x1000, 0x9, 0x8, 0x1, 0xb, 0x1, 0x80000001, 0x5, 0xffff7fff, 0x9, 0x6, 0xfffffff8, 0x10000]}]}}]}, 0x838}, 0x1, 0x0, 0x0, 0x4040098}, 0x4000)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmmsg(r0, &(0x7f00000023c0)=[{{&(0x7f0000000040)=@ll={0x11, 0x17, r6, 0x1, 0x4}, 0x80, 0x0}}], 0x1, 0x40000)

2.897564669s ago: executing program 0 (id=838):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x200000, &(0x7f0000001240)={[{@dioread_nolock}, {@norecovery}, {@min_batch_time={'min_batch_time', 0x3d, 0x1}}, {@nojournal_checksum}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@nodelalloc}, {@errors_remount}, {@acl}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x343}}, {@jqfmt_vfsold}, {@barrier_val={'barrier', 0x3d, 0x7}}, {@nombcache}], [{@fowner_eq}, {@hash}, {@permit_directio}, {@subj_type={'subj_type', 0x3d, '/)/-:$//('}}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}]}, 0xfd, 0x573, &(0x7f0000000cc0)="$eJzs3V9rW+UfAPDvSZP9636/djCGeiGDXTgZS9fWPxOEzUvR4UDvZ2izMpouo0nHWgduF+7GGxmCiAPxBXjv5fAN+CoGOhgyil6IUDnpSZe1Sf8tNbH5fOBsz5Nzkud58pzvyfOck/QEMLBOpv/kIl6OiK+SiJGWdfnIVp5c3W756e2pdEliZeXj35O4sO61kuz/4SzzUkT8/EXEmdzGcmuLS7OlSqU8n+XH6nM3xmqLS2evzZVmyjPl6xOTk+ffnJx45+23utbW1y//+e1HD98//+Wp5W9+fHzsfhIX42i2Lm1XF4q405o5Wfo7SxXi4roNx7tQWD9Jel0BdmUoi/NCpMeAkRjKoh7Y/z6PiBVgQCXiHwZUcxzQnNt3aR78n/HkvdUJ0Mb251fPjcShxtzoyHLy3Mwone+OdqH8tIyffntwP11i8/MQh7fIA+zInbsRcS6f33j8S7Lj3+6da5w83tz6Mgbt8wd66WE6/knuRGyI/9za+CfajH+G28Tubmwd/7nHXSimo3T8927b8e/aoWt0KMv9rzHmKyRXr1XK5yLi/xFxOgoH0/xm13POLz9a6bSudfyXLmn5zbFgVo/H+YPPP2e6VC+9SJtbPbkb8Urb8W+y1v9Jm/5P34/L2yzjRPnBq53Wbd3+vbXyQ8Rrbfv/2RWtZPPrk2ON/WGsuVds9Me9E790Kr/X7U/7/8jm7R9NWq/X1nZexveH/ip3Wrfb/f9A8kkjfSB77FapXp8fjziQfJgfXv/4xLPnNvPN7dP2nz7VPv432//Tyden22z/veP3Om7aD/0/vaP+33ni0Qeffdep/O31/xuN1Onske0c/7ZbwRd57wAAAAAAAKDf5CLiaCS54lo6lysWV7/fcTyO5CrVWv3M1erC9elo/FZ2NAq55pXukZbvQ4xn34dt5ifW5Scj4lhEfD10uJEvTlUr071uPAAAAAAAAAAAAAAAAAAAAPSJ4Q6//0/9OtTr2gF7rnFjg4O9rgXQC1ve8r8bd3oC+tKW8Q/sWzuPf2cGYL/w+Q+DS/zD4BL/MLi2G/+FkT2uCPCv8/kPg0v8AwAAAAAAAAAAAAAAAAAAAAAAAAAAQFddvnQpXVaWn96eSvPTNxcXZqs3z06Xa7PFuYWp4lR1/kZxplqdqZSLU9W5rV6vUq3eGJ+IhVtj9XKtPlZbXLoyV124Xr9yba40U75SLvhjwwAAAAAAAAAAAAAAAAAAALBBbXFptlSplOclOiYuRF9UYy8buGpXT8/3Syskupro8YEJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFr8EwAA//8DDjNQ")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, 0x0)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
close(r2)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000020c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000002100)={<r3=>0xffffffffffffffff}, 0x13f, 0x9}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0xfffb, 0xffffffd7, @empty, 0xa098}, {0xa, 0x4ea6, 0x9, @dev={0xfe, 0x80, '\x00', 0x3f}, 0x8}, r3, 0x9ef4}}, 0x48)
writev(r1, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2)

2.126915856s ago: executing program 2 (id=839):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socket$inet_udp(0x2, 0x2, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4001, 0x1, @dev={0xfe, 0x80, '\x00', 0x39}, 0x3e}, 0x1c)
r3 = syz_init_net_socket$ax25(0x3, 0x5, 0xca)
bind$ax25(r3, &(0x7f0000000280)={{0x3, @default, 0x5}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @bcast, @null]}, 0x48)
setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000100)={0x6, 0x810, 0x208, 0xe, 0x2, 0x3, 0x8, 0x9}, 0x20)
setsockopt$ax25_SO_BINDTODEVICE(r3, 0x101, 0x19, &(0x7f0000000240)=@bpq0, 0x10)
socket$can_bcm(0x1d, 0x2, 0x2)
unshare(0x22020400)
bind$bt_hci(0xffffffffffffffff, 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="09000000010001", 0x7)
socket$inet6_sctp(0xa, 0x801, 0x84)

2.027600859s ago: executing program 1 (id=840):
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x10010, 0xffffffffffffffff, 0xffffc000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, 0x0, 0x0)
r1 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r1, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10)
bind$tipc(r1, 0x0, 0x0)

906.608818ms ago: executing program 4 (id=841):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$fou(0x0, 0xffffffffffffffff)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0xa, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000001040)={0x4c, 0x0, &(0x7f0000000ec0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000c00)={0x44, 0x0, &(0x7f0000000a80)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000003480)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
read$FUSE(r4, &(0x7f0000007fc0)={0x2020}, 0x2020)

873.82153ms ago: executing program 0 (id=842):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x4b, 0x89}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000003080)=@deltaction={0x6c, 0x31, 0x4, 0x70bd27, 0x25dfdbff, {}, [@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x13, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}, {0xc, 0x2, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}]}, @TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x16, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'sample\x00'}}]}, @TCA_ACT_TAB={0x20, 0x1, [{0x10, 0x16, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}, {0xc, 0x5, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7}}]}, @TCA_ACT_TAB={0x4}, @TCA_ACT_TAB={0x4}]}, 0x6c}, 0x1, 0x0, 0x0, 0x40408c0}, 0x20000084)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
r1 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x63)
write$P9_RLERRORu(r1, &(0x7f0000000100)=ANY=[], 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = syz_open_dev$sndpcmc(&(0x7f0000000ac0), 0x1, 0x8802)
ioctl$SNDRV_PCM_IOCTL_INFO(r3, 0x81204101, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x1}}, 0x40)
r4 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x63)
write$P9_RLERRORu(r4, &(0x7f0000000300)=ANY=[@ANYRESHEX], 0x10)
write$tcp_congestion(r4, &(0x7f00000005c0)='bbr\x00', 0x4)
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x10012, r4, 0x0)

860.76072ms ago: executing program 1 (id=843):
r0 = socket$kcm(0x11, 0x3, 0x0)
r1 = socket$unix(0x1, 0x5, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r3)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}}, 0x24}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdc01, {0x0, 0x0, 0x0, r5, {0x0, 0xd}, {0xffff, 0xb}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_CE_THRESHOLD={0x8, 0x7, 0xfffffff9}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000580)=@xdp={0x2c, 0x0, r6, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee162fd4b8bf4a31accb", 0xfdef}], 0x1}, 0x0)

620.789529ms ago: executing program 3 (id=844):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x0)
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000004080)=@newtfilter={0xe8c, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r5, {0x5, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0xe58, 0x2, [@TCA_MATCHALL_ACT={0xe54, 0x2, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{0x800, 0x2, 0x20000000, 0x10000, 0x40}, 0x8, 0x5}, [{0x7, 0x8, 0x2, 0x5, 0x2, 0x200}, {0xff, 0x7, 0x101, 0x8, 0x810, 0xffffffff}, {0x5, 0x8, 0xfff, 0x2, 0xffffffff, 0xb93}, {0x6, 0x4, 0x3, 0xfffffff3, 0x7, 0x6}, {0xd3d4, 0x2, 0x8, 0x6, 0x101, 0x10}, {0x9, 0x40, 0x6, 0x80000000, 0x6, 0x10001}, {0x4, 0x9, 0x100, 0xf9d8, 0x7, 0x2}, {0x5796, 0xffff, 0xd44b, 0x8, 0x1, 0x37a}, {0x6, 0x3, 0x1, 0x80000001, 0x3f, 0x10}, {0x4, 0x9e9b, 0x60, 0x7, 0x0, 0x1}, {0xffe00000, 0x1, 0x8000, 0x4, 0x3, 0x7}, {0x101, 0x9, 0x400, 0x3, 0x9, 0x3}, {0xce9, 0xfffffffb, 0x4, 0xae5e, 0x3ff, 0x2}, {0x3, 0x5, 0x6, 0x4, 0x197d, 0xfb56}, {0x2, 0xe42, 0xf3, 0x0, 0x6, 0x101}, {0x4, 0x5, 0x74d77b97, 0xfffffd8b, 0x0, 0x4}, {0x7fff, 0x5b, 0xb3a, 0x6, 0x2, 0xb5e}, {0x4c5be96a, 0x6, 0x2, 0x5, 0xd2a1, 0xbe47}, {0x6, 0x7, 0x9, 0x4, 0x3, 0x1}, {0x4, 0x8, 0x7, 0x4, 0x95, 0x3}, {0x6, 0x5, 0x2, 0x7fffffff, 0x8, 0xff}, {0x1, 0x71, 0x800000, 0xcf55, 0x3, 0x9}, {0x7933, 0x6e20, 0x6, 0x81, 0x2, 0x8}, {0xff, 0x8001, 0xff, 0x10001, 0x5, 0x5}, {0x6, 0x37, 0x0, 0x6, 0xed, 0x5}, {0xce, 0xae, 0x4, 0x2, 0x10000, 0x800}, {0x200, 0x5, 0x6, 0x5, 0x9, 0x9}, {0x8, 0xdd8, 0x8, 0x8, 0x5}, {0x9, 0x3, 0xa, 0x6, 0x9, 0x9}, {0x9, 0x4, 0x9d42, 0x4, 0x1, 0xfffffffb}, {0x8c, 0x6b8, 0x6, 0x2, 0x2, 0xfffffffe}, {0x3, 0x811, 0x9, 0x5, 0x4}, {0x3, 0x80000001, 0x400, 0x2, 0x0, 0x8001}, {0xfffffe01, 0x2, 0x8, 0x5, 0x8, 0x8}, {0x0, 0x22, 0x5, 0x3, 0x401, 0x5}, {0xa, 0x5, 0x101, 0x5, 0xfffffc01}, {0x4, 0x5, 0x0, 0x0, 0xdb, 0x3d04b554}, {0x5, 0x9, 0xfffffffa, 0x1, 0xfffffffc, 0x2}, {0x8, 0x7, 0x7, 0x99f, 0x9, 0x3}, {0x5, 0x252, 0x8000, 0xffff8001, 0xb, 0x900}, {0x4, 0x3, 0x3, 0x21, 0x7, 0x7}, {0xfffffffb, 0x8a1, 0x2, 0x7, 0x0, 0x4}, {0x0, 0x7fff, 0x2, 0xfffff399, 0x20000009, 0xe756}, {0xfff, 0xc, 0x4, 0x8, 0x2, 0xe}, {0x6, 0x4, 0x6, 0x1, 0x80, 0x980}, {0x23ae789, 0xc, 0x4, 0x7, 0x200, 0x4}, {0x5, 0xe, 0x2, 0x9, 0x0, 0xf3}, {0x0, 0x9, 0x2, 0x4, 0x3, 0x4}, {0x8, 0x4, 0x5, 0xfffffffd, 0x400, 0x7f}, {0x9, 0x80, 0x6e6b, 0x6, 0x203}, {0x371cf7fc, 0x7, 0x2, 0x1ff, 0xfffffffa, 0x6a97}, {0xd1, 0x6, 0x4, 0x7, 0x5a, 0x9}, {0x8, 0x7f, 0x7fffffff, 0x7f, 0x2, 0x8}, {0x7ff, 0x1, 0x3, 0x2, 0x9, 0x400}, {0x6, 0x1ff, 0x0, 0x9, 0x7, 0x4}, {0x4, 0x6, 0xfe, 0x100, 0xc6, 0x8}, {0x3, 0xfffffffd, 0xd, 0x6, 0xfffffffe, 0x1000}, {0x7, 0x2, 0x1, 0xd, 0xfffffffe, 0x3}, {0xfffffff9, 0x80000001, 0xe, 0x2, 0x200, 0x7}, {0x3, 0x0, 0xa820, 0x787e, 0x2, 0x2}, {0x8, 0x4, 0x5ae, 0x2, 0x8}, {0x5, 0x52, 0x8, 0x5, 0x10, 0x9}, {0x1, 0x7, 0x3, 0x280, 0x800, 0x6}, {0x10, 0x801, 0x0, 0x8, 0x3, 0xa}, {0xad, 0x8, 0x4, 0x5, 0x0, 0xfff}, {0x6, 0x6, 0x7fff, 0x0, 0xff, 0x7fffffff}, {0x8, 0x85e6, 0x3, 0x0, 0x10, 0xc}, {0x9, 0x78e3, 0x5, 0xbc27, 0x7, 0x9}, {0x6, 0x7, 0x2, 0xdb60, 0x3}, {0x80000001, 0x0, 0x3, 0x1, 0x81, 0xba}, {0x10001, 0xfff, 0x7, 0x0, 0x9, 0xc29}, {0x100, 0x2, 0x9, 0x7, 0x84e1, 0x3ff}, {0xdc, 0x8, 0xe, 0x7, 0x9}, {0x7, 0x5, 0x1, 0x80, 0x6, 0xff}, {0xd5e, 0x5, 0x0, 0x100, 0x0, 0x40000010}, {0x200, 0x2, 0x8000, 0x0, 0x6b, 0x4}, {0x0, 0x0, 0x9, 0x8, 0x100, 0x1000}, {0x4, 0x3ff, 0x0, 0x10000, 0x7, 0x7}, {0x6, 0x9, 0x1, 0x2001ff, 0x4, 0x1}, {0x4, 0xd38f, 0x6, 0x4, 0x170ddbc4, 0xe38}, {0x14a, 0x7, 0x0, 0x10001, 0x1, 0x2}, {0x9, 0x6, 0x1, 0x400, 0xffffffff, 0xfffffffc}, {0x7, 0x6, 0x3909, 0xffffffff, 0x1705, 0x7}, {0x3, 0x3b10fe2d, 0x4006, 0x5, 0x3, 0xffff7fff}, {0x9430, 0xb, 0x6, 0x2, 0x9, 0x5}, {0xa, 0xb1fb, 0x6, 0x6, 0xc5, 0x9}, {0x2a455dad, 0x5, 0x29, 0xfffffff9, 0x800, 0x7fff}, {0x3, 0x3, 0xee, 0x9, 0x6, 0x8}, {0x5ce, 0x3, 0x0, 0xb, 0x8, 0x99}, {0x2, 0x9, 0xf623, 0x7, 0xff, 0x8}, {0x101, 0x6, 0x80000000, 0x9, 0xfffff697, 0x8}, {0x9, 0x8, 0x7, 0x2, 0xa226, 0x9}, {0x8, 0x8, 0x3, 0xfffff246, 0xf, 0x2}, {0x3, 0xaf, 0x7ff, 0xe0, 0x0, 0x7cf}, {0x8, 0x7, 0x29af2cf0, 0x1, 0x7, 0x80000000}, {0x7fff, 0x9, 0x4b, 0xa4e}, {0xffffffff, 0x7, 0xb, 0x80000000, 0x0, 0x69}, {0x4, 0x7, 0x9, 0x4, 0x100, 0x5}, {0x6, 0x6, 0x2, 0x80000001, 0x6, 0x9}, {0x6, 0x401, 0x2, 0x2, 0x3, 0xb}, {0xd, 0x40, 0x3, 0xa, 0xffffffff, 0x1d1a}, {0xc0, 0x81, 0xb, 0x3, 0xea, 0x3}, {0xc, 0x2, 0x1, 0xa, 0x1, 0x2f4}, {0xf, 0x6, 0x9, 0x73e7, 0x1000, 0x4}, {0x6, 0x8000, 0x3ff, 0x8dcc, 0x4, 0x9}, {0x7, 0x12, 0x8, 0x8, 0x69, 0x9}, {0x7f, 0x7, 0x4, 0x0, 0x3, 0x2}, {0x6, 0x0, 0x7a, 0x5, 0x4, 0x1000}, {0xb06, 0xffffffff, 0x7ff, 0x400009, 0x0, 0x7bffffff}, {0x4, 0x7b, 0x3, 0x4, 0x0, 0xa7}, {0x81, 0x56c3, 0x1, 0xdda, 0x6, 0xb27d}, {0x4, 0x3, 0x401, 0xad, 0xcf5, 0xf8c}, {0x8, 0x1, 0x3, 0x40, 0x1, 0x4907}, {0x6, 0x4, 0x38, 0x4, 0x5, 0x6}, {0x7, 0x2, 0xf, 0x64, 0x1, 0x7}, {0x1, 0x2, 0x4010, 0xffffffad, 0x0, 0x751e}, {0xfff0, 0x2, 0x4, 0x3, 0x3, 0x5}, {0x5, 0x7, 0x8, 0x1, 0x5, 0xfff}, {0x4fb, 0x0, 0x0, 0x7ff, 0x4, 0x5}, {0xf455, 0x3, 0x7fff, 0x59ed, 0xb4e9, 0xe4}, {0x7, 0x2, 0xe, 0x0, 0x3da78e9c, 0x8000}, {0x2, 0x0, 0x400, 0x765, 0x7f, 0x7}, {0x5, 0x7, 0x5, 0x8, 0x8, 0x7}, {0x10, 0x3, 0x9, 0x5, 0x8, 0x2}, {0x6a, 0x200, 0x81, 0xffffffff, 0x4, 0x200}, {0x3, 0x8007, 0x3, 0x4a, 0x6, 0x1}, {0x0, 0x2, 0x7, 0x616, 0x5, 0x4}, {0x6, 0xb25b, 0x3, 0x0, 0x6, 0xb}], [{0x4, 0x1}, {0x5}, {0x4}, {}, {0x5, 0x1}, {}, {0x0, 0x1}, {0x5, 0x1}, {0x6}, {0x0, 0x1}, {0x2}, {0x4}, {0x5}, {0x4, 0x1}, {0x1, 0x1}, {0x1, 0x1}, {0x1}, {0x2}, {0x4}, {0x1}, {0x0, 0x1}, {0x5}, {0x5, 0x1}, {0x5}, {0x2, 0x1}, {0x0, 0x1}, {}, {0x5}, {0x4}, {0x3, 0x1}, {}, {0x4, 0x1}, {0x4, 0x1}, {}, {0x5}, {0x5, 0x1}, {0x0, 0x1}, {0x0, 0x1}, {0x5, 0x1}, {0x4, 0x1}, {}, {0x3, 0x1}, {0x1, 0x1}, {0x1}, {}, {0x5}, {0x3}, {0xd}, {0x0, 0x338f50ad6d91f11}, {0x1, 0x1}, {0x5, 0x1}, {0x0, 0x1}, {0x4}, {}, {0x4}, {0x3}, {0x1, 0x1}, {0x4}, {0x5}, {0x4, 0x1}, {0x5, 0x1}, {}, {0x1}, {0x3, 0x1}, {0x0, 0x1}, {0x1}, {0x0, 0x1}, {0x5, 0x1}, {0x4}, {0x4, 0x1}, {0x2, 0x1}, {0x1, 0x1}, {0x2, 0x1}, {0x3}, {0x1, 0x1}, {0x3, 0x1}, {0x1, 0x1}, {0x3, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {0x4}, {0x1}, {0x4}, {0x3}, {}, {0x5, 0x1}, {0x2, 0x1}, {}, {0x1, 0x1}, {0x3}, {0x3, 0x1}, {0x5, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x1}, {0x6, 0x1}, {0x5}, {0x3}, {0x1, 0x1}, {0x1, 0x1}, {0x3}, {0x3, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x3}, {0x5, 0x1}, {0x3}, {0x3}, {0x3}, {0x4}, {0x5, 0x1}, {0x3}, {0x0, 0x1}, {0x2, 0x1}, {0x3}, {0x5}, {0x5, 0x1}, {0x2, 0x1}, {0x3}, {0x3, 0x1}, {0x4}, {0x4}, {0x5}, {0x5, 0x1}, {0x2}, {0x2, 0x1}, {0x1, 0x1}, {0x4}]}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}}]}, 0xe8c}, 0x1, 0x0, 0x0, 0x10}, 0x0)

365.829787ms ago: executing program 4 (id=845):
syz_mount_image$udf(&(0x7f00000000c0), &(0x7f0000000180)='./file7\x00', 0x2000002, &(0x7f00000003c0)=ANY=[@ANYBLOB='volume=00000000000000001062,gid=', @ANYRESDEC=0x0, @ANYBLOB=',noadinicb,rootdir=00000000000000000004,gid=forget,unhide,noadinicb,iocharset=cp861,longad,\x00'], 0x1, 0xc32, &(0x7f0000000e00)="$eJzs3U1sXNd9N+D/uRyKI/l9KyZ2FCeNi0lbpLJiufqKqViFO6pptgFkWQjF7AJwJI7UgSmSIKlGNtKC6aaLLgIURRdZEWiNAikaGE0RdMm0LpBsvCiy6opoYSMoumCLAFkFLO6dM9KQIm1GFCVKeh6b+s3ce86dc+4Z3ysLOvcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDxe6+dP3EyPexWAAAP0sXxr5445f4PAE+Uy/7/HwAAAAAAAAAAAAAA9rsURTwdKeYurqXJ6n1X/UJn8OatidGxrasdTFXNgap8+VM/eer0mS+9NHK2lxc6Mx9R/377bLwxfvl849XZG3Pz7YWF9lRjYqZzdXaqveMj7Lb+ZseqE9C48ebNqWvXFhqnXjy9Yfet4Q+HnjoyfG7k+ePP9cpOjI6Njd8pUu8vX7vnhnRtN8PjQBRxPFK88L2fplZEFLH7c1F/sGO/2cGqE8eqTkyMjlUdme60ZhbLnZd6J6KIaPRVavbO0dZjEbXBB9qH7TUjlsrmlw0+VnZvfK4137oy3W5cas0vdhY7szOXUre1ZX8aUcTZFLEcEatDdx9uMIqoRYrvHF5LVyJioHcevlhNDN6+HcUe9nEHynY2BiOWi0dgzPaxoSji9Ujxs/eOxtV8namuNV+IeL3MH0S8U+YrEan8YpyJ+GCL7xGPploU8efl+J9bS1PV9aB3XbnwtcZXZq7N9pXtXVd+yfvDXVeKh3R/OLgpH4x9fm2qRxGt6oq/lu79NzsAAAAAAAAAAAAAAAAA3G8Ho4jPRIrX/u2PqnnFUc1LP3xu5PeH/3//nPFnP+Y4ZdkXI2Kp2Nmc3AN5YuCldCmlhzyX+ElWjyL+OM//+9bDbgwAAAAAAAAAAAAAAAAAAMATrYifRIqX3z+alqN/TfHOzPXG5daV6e6qsL21f3trpq+vr683UjebOSdzLuVczrmSczVnFLl+zmbOyZxLOZdzruRczRkDuX7OZs7JnEs5l3Ou5FzNGbVcP2cz52TOpZzLOVdyruaMfbJ2LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA46SIIn4RKb79jbUUKSKaEZPRzZWhh906AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA0lIr4fqRo/EHz9rZaRKTq366j5S9nonmgzE9Gc6TMV6J5PmerylrzWw+h/ezOYCrix5FiqP7u7QHP4z/YfXf7axDvfPPOu8/WujnQ2zn84dBTRw6fGxn7tWe3e522asCxC52Zm7caE6NjY+N9m2v50z/Zt204f25xf7pORCy89fabrenp9vy9vyi/Aruo/gi9SLUnpadeVC+iti+a8XD6zhOgvP9/ECl++/1/793wu/f/evy/7rvbd/j4+Z/cuf+/vPlAO7z/1zbXy/f/8p6+1f3/6b5tL+ffjQzWIuqLN+YGj0TUF956+3jnRut6+3p75syJE18eGfny6RODByLq1zrT7b5X9+V0AQAAAAAAAAAAAAAAADw4qYjfjRStH6+lRkTcquZrDZ8bef74cwMxUM232jBv+43xy+cbr87emJtvLyy0pxoTM52rs1PtnX5cvZruNTE6tied+VgH97j9B+uvzs69Nd+5/oeLW+4/VD9/ZWFxvnV1691xMIqIZv+WY1WDJ0bHqkZPd1ozVdVLW06m/+UNpiL+I1JcPdNIn8/b8vz/zTP8N8z/X9p8oD2a//+Jvm3lZ6ZUxM8jxW/9xbPx+aqdh+Kuc5bL/U2kOHb2c7lcHCjL9drQfa5Ad2ZgWfZ/IsU//GJj2d58yKfvlD254xP7iCjH/3Ck+P6ffTd+PW/b+PyHrcf/0OYD7dH4P9O37dCG5xXsuuvk8T8eKV55+t34jbzto57/0Xv2xtFc+PbzOfZo/D/Vt204f+5v3p+uAwAAAAAAAAAAPNIGUxF/Gyl+OFZLL+VtO/n7f1ObD7RHf//r033bpu7PekUf+2LXJxUAAAAA9onBVMRPIsX1xXdvz6HeOP+7b/7n79yZ/zmaNu2t/pzvV6rnBtzPP//rN5w/d3L33QYAAAAAAAAAAAAAAAAAAIB9JaUiXsrrqU9W8/mntl1PfSVSvPZfL+Ry6UhZrrcO/HD1a/3i7Mzx89PTs1dbi60r0+3G+Fzrarus+0ykWPvrz+W6RbW+em+9+e4a73fWYp+PFGN/1yvbXYu9tzb5M72yS+2TZdlPRIr//PuNZXvrWH/qznFPlWX/KlJ8/Z+2LnvkTtnTZdnvRooffb3RK3uoLNt7Puqn75R98epssQejAgAAAAAAAAAAAAAAAAAAwJNmMBXxp5Hiv28s357Ln9f/H+x7W3nnm33r/W9yq1rnf7ha/3+71/ey/n/1XIGl7T4VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeTymKeDtSzF1cSytD5fuu+oXOzM1bE6NjW1c7mKqaA1X58qd+8tTpM196aeRsLz+6/v32mXhj/PL5xquzN+bm2wsL7anGxEzn6uxUe8dH2G39zY5VJ6Bx482bU9euLTROvXh6w+5bwx8OPXVk+NzI88ef65WdGB0bG+8rUxu850+/S9pm+4Eo4i8jxQvf+2n64VBEEbs/Fx/z3dlrB6tOHKs6MTE6VnVkutOaWSx3XuqdiCKi0Vep2TtHD2AsdqUZsVQ2v2zwsbJ743Ot+daV6XbjUmt+sbPYmZ25lLqtLfvTiCLOpojliFgduvtwg1HEm5HiO4fX0j8PRQz0zsMXL45/9cSp7dtR7GEfd6BsZ2MwYrn4qDHbosNsMBRF/GOk+Nl7R+NfhiJq0f2JL0S8XuYPIt6J7nin8otxJuIDp/WxUYsi/rcc/3Nr6b2h8nrQu65c+FrjKzPXZvvK9q4rj/z94UHa5/eTehTxo+qKv5b+1X/XAAAAAAAAAAAAAAAAAPtIEb8aKV5+/2iq5gffnlPcmbneuNy6Mt2d1teb+9ebM72+vr7eSN1s5pzMuZRzOedKztWcUeT6OZtl1tfXJ/P7pZzLOVdyruaMgVw/ZzPnZM6lnMs5V3Ku5oxarp+zmXMy51LO5ZwrOVdzxj6ZuwcAAAAAAAAAAAAAAAAAADxeiuqfFN/+xlpaH6rWlx7o7VuxHuhj7/8CAAD//0pa+Ck=")
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x4000000000001, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='devices.list\x00', 0x275a, 0x0)
syz_mount_image$ext4(&(0x7f0000000900)='ext3\x00', &(0x7f0000000180)='./file0\x00', 0x2008002, &(0x7f0000000800)={[{@data_err_ignore}, {@nodiscard}, {@quota}]}, 0x1, 0x580, &(0x7f0000001f80)="$eJzs3c+PG1cdAPDvzP7sJu0m0ANUQAIUQhXFzjptVHppufBDVaVCxYlDuuw6qyV2HGJv6S4rsf0bQAKJE4i/gAMSB6SeOHDjiMQBEOWAVCACJSAORjOe3bi7XuKsvXay/nykyfx4M/6+N96Z9/zszAtgYp2PiJ2ImI2INyNisdieFFO80pmy/e7e2V65d2d7JYl2+42/J3l6ti26jsmcKl5zPiK+9qWIbyYH4zY3t24s12rV28V6uVW/VW5ubl1ary+vVdeqNyuVq0tXL7945YXK0Mp6rv7z97+4/urXf/XLj7/3253nvptl63SR1l2OYeoUfWYvTmY6Il49jmBjMFXMZ49y8H9+9tXnhpsdHlIaER+KiE/l1/9iTOV/nQDASdZuL0Z7sXsdADjp0rwPLElLEZGmRSOg1OnDezoW0lqj2bp4vbFxc7XTV3YmZtLr67Xq5bNzv/92vvNMkq0v5Wl5er5e2bd+JSLORsQP5p7I10srjdrqeJo8ADDxTnXX/xHxr7k0LZX6OrTHt3oAwGNjftwZAABGTv0PAJNH/Q8Ak6eP+r/4sn/n2PMCAIyGz/8AMHnU/wAwedT/ADBRXn/ttWxq3yuef7361ubGjcZbl1arzRul+sZKaaVx+1ZprdFYy5/ZU3/Q69UajVtLz8fG2+VWtdkqNze3rtUbGzdb1/Lnel+rzoykVADA/3P23Lu/SyJi56Un8im6xnJQV8PJlg5xL+DxMjXIwRoI8Fgz2hdMrr6q8LyR8JtjzwswHj0f5j3fc/GDfvQQQfzOCB4pFz7af///kcZ4Bh5ZevZhch2t///loecDGL0j9///cbj5AEav3U72j/k/u5fU7fVRjkoMABynAX7C1/7esBohwFg9aDDvzlf3nz+Y8DDf/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAJczoivhVJWsrHAk+zf9NSKeLJiDgTM8n19Vr1ckQ8FeciYmYuW18ad6YBgAGlf02K8b8uLD57en/qbPLvuXweEd/58Rs/fHu51bq9lG3/x972ud3hwyr3jxtgXEEAoH9/7menvP6uFPOuD/J372yv7E7HmMcD3v/C3uCjK/fubOdTJ2U62u12O2I+b0ss/DOJ6eKY+Yh4JiKmhhB/552I+Eiv8id538iZYuTT7vhRxH5ypPHTD8RP87TOPDt9Hx5CXmDSvJvdf17pdf2lcT6f977+5/M71ODy+998xO69715X/Oki0lSP+Nk1f77fGM//+isHNrYXO2nvRDwz3St+shc/OST+s33G/8PHPvH9lw9Ja/8k4kL0jt8dq9yq3yo3N7curdeX16pr1ZuVytWlq5dfvPJCpZz3UZd3e6oP+ttLF586LG9Z+RcOid9550/tK//s3rGf6bP8P/3vm9/45P3Vuf3xP/fp3u//0/m89/nP6sTP9hl/eeEX84elZfFXDyn/g97/i33Gf+8vW6t97goAjEBzc+vGcq1WvT3QQvYpdBivc2Ahy2J/O+82FwcL+qfIF+6fliSSGHa5ssZYPzvPDP+sfnm7c5Ye/vDd89vXztN7bcVhZH6qs7BQvOSw/8YesJAOoRSD5znOFAt3R1X2Ed+IgJG7f9GPOycAAAAAAAAAAAAAAMBhRvE/qMZdRgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE6u/wUAAP//dQy6iw==")
mkdir(0x0, 0x0)
renameat2(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000200)='./bus\x00', 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000400)={0x65, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$uac2(0xffffffffffffffff, 0x0, 0x0)
write$binfmt_script(r1, &(0x7f0000000100), 0x208e24b)

238.630622ms ago: executing program 2 (id=846):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x208205, &(0x7f0000000280)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x1000000}}, {@errors_remount}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x800000}}, {@lazytime}]}, 0x81, 0x63d, &(0x7f0000000600)="$eJzs3c9rHNcdAPDvzGplyVYruxRTm5YKerChWD9cU7c92b7UB0Nd6kMpPVi1JFd4ZQtLhto1RIYcHEgghFxD8CX/QO7B5OpbCCS55RxwQnDIwQneMLM78rI/pEXW7srezwdGevNmdt/77tPbebOjtxPA0JrKfqQRRyLichIx2bBtImobp+r7Pfn27pVsSaJa/cc3SST1vGL/Z/XfB7IfScRYRHxyLuIXpdZy127fuTZfqda8FjGzvrI6s3b7zonllfmri1cXr8+d/NOp07N/njs1tytxFnGdv/C3X7/1+n//uPRp5UQSZ+JS+f8L0RTHbpmKqXhWD7ExfyQiTmeJNq/Ly6YIIRlwPdiZUv3vsRwRh2MySrFvc9tkLL850MoBPVUtRVSBIZVs9v/yYCsC9FkxDijO7XtxHryXjZyNiKePIlriH6l9NhJj+bnR/idJfp5UyM53D+5C+VkZP949+l62RIfPIUZ2oZxONu5FxK/atX+S1+1g/ilOFn8aacPjsvRsRIzWX4t0h+VPNa33+++vOf6/j3SOv7EdsnjP1H9n+ee2L+p+u8xBxw/AcHp4tn4g38jWnh//s5FhMf6JNuOfiTbHrp0Y9PHv8dnaAbx1/FMc78fyz8jTpnFYNua52P4py80ZX75x/p1O5TeO/7IlK78YC/bD43sRR5viv58P5pLN9k/atH+2y+Uuy/jrZ1+f77Rt0PFXH0Qca3v+8/yKVpaaWV9ZLfKark/OLC1XFmdrP9uW8dGjf3/QqfxBx5+1f3SIf6v2z/JWuyzjw4sPVjptm9g2/vSr0eRSnhqt5/xvfn395lzEaHKhvktD/snNB7Z9eyr2KZ4ji//479r3/y3izxt6o8v4V/957Ukt1XqVtOv2b3lXyT2rdlmHTrL4F3bY/m93Wcb3/7r1m6as8SKxVfzjrU+VdPuaAwAAAAAAwDBK82uwSTq9mU7T6enaHN5fxv60cmNt/fdLN25dX4g4nv8/ZDktrnRP1taTbH2u/v+wxfrJpvU/RMShiHi3NJ6vT1+5UVkYdPAAAAAAAAAAAAAAAAAAAACwRxyoz/8v7lP9Xak2/78r64d7XDug53p5gzlgb9P/YXjl/b+bO7j+p/d1AfrL8R+Gl/4Pw0v/h+Gl/8Pwau7/3g9geOjvMLz0fxhe+j8AAAAAvJIO/fbhF0lEbPxlPF8yo/Vt5YHWDOi1xj4+1tUjpnpWF6C/uuvzLUq7XQ+g/zYv/Xcz/R94pXR1jv+0/uWAva8OMABJu8x8cFDduvM/bPtIAAAAAAAAAAAAAKAHjh0x/x+GVRofD7oKwIC8wER+3wEALzlf/Q/Dyzk+sN0s/o7fE2b+PwAAAAAAAAAAAAD0zUS+JOl0/RagE5Gm09MRP4uIg1FOlpYri7MR8fOI+LxU3petzw260gAAAAAAAAAAAAAAAAAAAPCKWbt959p8pbJ4szHxQ0tOjxPF3cW62blDnV8kUdwFtZ8hd5uIpP+FjkfEXoi9N4mRhpwkYiNr+T1RsZtrsSeqkebVGOCbEgAAAAAAAAAAAAAAAAAADKmGucftHX2/zzUCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP57fv//nSeSbZ5n0DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC+nnwIAAP///jAzVw==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
setsockopt(r3, 0x84, 0x82, &(0x7f00000004c0)="36b5a7067df289c36052d32e9266b51ad87c219955103b76ffdeac2fe3d71286eff7892630b006cf7a50adab8ef86d9a74d30d13a5a320fcad350416c64446d1", 0x40)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0)

0s ago: executing program 3 (id=847):
r0 = socket$kcm(0x11, 0x3, 0x0)
r1 = socket$unix(0x1, 0x5, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r3)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}}, 0x24}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000580)=@xdp={0x2c, 0x0, r6, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee162fd4b8bf4a31accb", 0xfdef}], 0x1}, 0x0)

kernel console output (not intermixed with test programs):

a leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   83.839922][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   83.899176][ T4276] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   83.916507][ T4276] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.927806][ T4276] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   83.939474][ T4276] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.952303][ T4276] batman_adv: batadv0: Interface activated: batadv_slave_1
[   83.984788][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   84.007641][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   84.070936][ T4276] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   84.087310][ T4276] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   84.099080][ T4276] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   84.118690][ T4276] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   84.135604][   T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.145634][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   84.157451][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   84.169297][   T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.220423][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   84.229685][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   84.238609][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   84.280431][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   84.292535][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   84.309306][ T4268] device veth0_macvtap entered promiscuous mode
[   84.331390][ T4269] device veth0_vlan entered promiscuous mode
[   84.345863][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   84.357384][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   84.373132][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   84.386926][   T40] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.388145][ T4268] device veth1_macvtap entered promiscuous mode
[   84.402042][   T40] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.438068][ T4269] device veth1_vlan entered promiscuous mode
[   84.445518][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   84.458398][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   84.466684][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   84.504381][ T4268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   84.529198][ T4268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   84.548164][ T4268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   84.559865][ T4268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   84.569863][ T4268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   84.580413][ T4268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   84.594834][ T4268] batman_adv: batadv0: Interface activated: batadv_slave_0
[   84.611466][ T4268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   84.631560][ T4268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   84.650172][ T4268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   84.669425][ T4268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   84.680013][ T4268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   84.691173][ T4268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   84.702855][ T4268] batman_adv: batadv0: Interface activated: batadv_slave_1
[   84.729026][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   84.738755][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   84.747633][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   84.758281][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   84.767655][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   84.802547][ T4269] device veth0_macvtap entered promiscuous mode
[   84.825679][ T4268] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   84.849523][ T4268] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   84.858539][ T4268] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   84.867372][ T4268] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   84.891362][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   84.902143][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   84.911362][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   84.930525][ T4269] device veth1_macvtap entered promiscuous mode
[   84.968559][   T40] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.979680][   T40] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.995675][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   85.009117][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   85.088757][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.104517][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   85.124876][ T4269] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   85.136737][ T4269] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   85.147124][ T4269] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   85.158235][ T4318] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   85.168853][ T4269] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   85.178883][ T4269] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   85.189761][ T4269] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   85.199941][ T4269] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   85.214222][ T4269] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   85.226171][ T4269] batman_adv: batadv0: Interface activated: batadv_slave_0
[   85.236995][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   85.249200][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   85.258997][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   85.283831][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.286801][ T4269] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   85.295899][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   85.318768][ T4269] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   85.336071][ T4269] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   85.351310][ T4318] usb 2-1: Using ep0 maxpacket: 8
[   85.366958][ T4269] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   85.380296][ T4318] usb 2-1: config 65 has too many interfaces: 73, using maximum allowed: 32
[   85.380444][ T4269] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   85.389774][ T4281] Bluetooth: hci0: command 0x0419 tx timeout
[   85.405750][ T4273] Bluetooth: hci3: command 0x0419 tx timeout
[   85.406002][ T4281] Bluetooth: hci1: command 0x0419 tx timeout
[   85.413029][ T4269] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   85.426521][ T4318] usb 2-1: config 65 has 3 interfaces, different from the descriptor's value: 73
[   85.436429][ T4269] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   85.437871][ T4318] usb 2-1: config 65 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[   85.448475][ T4269] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   85.469638][ T4273] Bluetooth: hci4: command 0x0419 tx timeout
[   85.469645][ T4281] Bluetooth: hci2: command 0x0419 tx timeout
[   85.484650][ T4269] batman_adv: batadv0: Interface activated: batadv_slave_1
[   85.499911][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   85.522116][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   85.546532][ T4367] Zero length message leads to an empty skb
[   85.554305][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   85.564140][ T4318] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b1, bcdDevice= 0.40
[   85.591060][ T4269] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   85.610917][ T4269] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   85.622406][ T4318] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   85.632892][ T4318] usb 2-1: Product: syz
[   85.637106][ T4318] usb 2-1: Manufacturer: syz
[   85.646849][ T4269] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   85.659310][ T4318] usb 2-1: SerialNumber: syz
[   85.664071][ T4269] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   85.691738][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.750408][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   85.814399][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   86.217664][ T4377] binder: 4372:4377 ioctl 4018620d 0 returned -22
[   86.298146][ T4378] netlink: 96 bytes leftover after parsing attributes in process `syz.3.4'.
[   86.448060][ T4318] snd-usb-audio: probe of 2-1:65.0 failed with error -71
[   86.536427][ T4318] usb 2-1: USB disconnect, device number 2
[   86.876779][  T126] cfg80211: failed to load regulatory.db
[   87.049041][ T4379] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   87.065543][ T4379] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   87.122574][ T4379] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   87.195819][ T4379] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   87.214231][ T4379] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   87.231190][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   88.329159][  T126] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   88.597842][  T126] usb 2-1: Using ep0 maxpacket: 16
[   88.605545][ T4402] binder: 4401:4402 ioctl c0306201 0 returned -14
[   88.612179][  T126] usb 2-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[   88.612212][  T126] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   88.612233][  T126] usb 2-1: Product: syz
[   88.612249][  T126] usb 2-1: Manufacturer: syz
[   88.612264][  T126] usb 2-1: SerialNumber: syz
[   88.654894][  T126] usb 2-1: config 0 descriptor??
[   88.906996][  T126] usb 2-1: USB disconnect, device number 3
[   89.282644][ T4410] loop4: detected capacity change from 0 to 512
[   89.316941][ T4410] EXT4-fs: Ignoring removed nomblk_io_submit option
[   89.355117][ T4410] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[   89.458873][ T4410] EXT4-fs (loop4): 1 truncate cleaned up
[   89.487114][ T4410] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[   89.910587][ T4416] loop1: detected capacity change from 0 to 128
[   90.187560][ T4269] EXT4-fs (loop4): unmounting filesystem.
[   90.202661][ T4416] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 1, start 0000000d)
[   90.302595][ T4416] FAT-fs (loop1): Filesystem has been set read-only
[   90.409374][ T4423] binder: 4417:4423 ioctl 4018620d 0 returned -22
[   90.477149][ T4424] netlink: 96 bytes leftover after parsing attributes in process `syz.3.20'.
[   90.909278][ T4284] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[   90.918258][ T4284] Bluetooth: hci2: Injecting HCI hardware error event
[   90.926894][ T4273] Bluetooth: hci2: hardware error 0x00
[   93.158015][ T4273] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[   93.541509][ T4426] syz.0.23 (4426) used greatest stack depth: 18096 bytes left
[   93.819085][ T4450] binder: 4449:4450 ioctl c0306201 0 returned -14
[   93.837836][ T2164] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   94.137763][    T0] NOHZ tick-stop error: local softirq work is pending, handler #382!!!
[   94.377767][    T0] NOHZ tick-stop error: local softirq work is pending, handler #382!!!
[   94.406954][ T2164] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[   94.418975][ T2164] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[   94.421994][ T4273] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[   94.429689][ T2164] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[   94.437721][ T4273] Bluetooth: hci0: Injecting HCI hardware error event
[   94.446981][ T2164] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   94.455291][ T4284] Bluetooth: hci0: hardware error 0x00
[   94.486988][ T4442] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[   94.747861][    T7] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   94.807928][   T14] usb 2-1: USB disconnect, device number 4
[   94.932679][ T4467] binder: 4465:4467 ioctl 4018620d 0 returned -22
[   94.957884][    T7] usb 5-1: Using ep0 maxpacket: 16
[   94.973777][    T7] usb 5-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[   95.013165][ T4468] netlink: 96 bytes leftover after parsing attributes in process `syz.2.35'.
[   95.165703][    T7] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   95.306352][    T7] usb 5-1: Product: syz
[   95.385455][    T7] usb 5-1: Manufacturer: syz
[   95.448027][    T7] usb 5-1: SerialNumber: syz
[   95.578289][    T7] usb 5-1: config 0 descriptor??
[   95.702879][ T4471] tipc: Started in network mode
[   95.755782][ T4471] tipc: Node identity d29fe6245ea, cluster identity 4711
[   95.764604][ T4471] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   95.772063][ T4475] device syzkaller0 entered promiscuous mode
[   95.840912][ T4471] tipc: Resetting bearer <eth:syzkaller0>
[   95.858026][ T4469] tipc: Resetting bearer <eth:syzkaller0>
[   95.875891][  T126] usb 5-1: USB disconnect, device number 2
[   95.905387][ T4479] loop0: detected capacity change from 0 to 128
[   95.927169][ T4469] tipc: Disabling bearer <eth:syzkaller0>
[   95.965717][ T4479] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 1, start 0000000d)
[   96.031749][ T4479] FAT-fs (loop0): Filesystem has been set read-only
[   96.507863][ T4284] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[   96.730090][ T4491] binder: 4489:4491 ioctl c0306201 0 returned -14
[   97.101340][ T4503] binder: 4500:4503 ioctl 4018620d 0 returned -22
[   97.170028][ T4504] netlink: 96 bytes leftover after parsing attributes in process `syz.4.48'.
[   98.625410][ T4284] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[   98.634507][ T4284] Bluetooth: hci4: Injecting HCI hardware error event
[   98.644864][ T4284] Bluetooth: hci4: hardware error 0x00
[   99.344539][ T4520] device syzkaller0 entered promiscuous mode
[   99.521562][ T4522] loop4: detected capacity change from 0 to 2048
[   99.591500][ T4522] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[   99.822937][ T4530] loop3: detected capacity change from 0 to 128
[  100.453847][ T4510] loop0: detected capacity change from 0 to 32768
[  100.480029][ T4530] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 1, start 0000000d)
[  100.507942][ T4530] FAT-fs (loop3): Filesystem has been set read-only
[  100.559178][ T4510] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.50 (4510)
[  100.705405][ T4510] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  100.800273][ T4510] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  100.837376][ T4510] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  100.919107][ T4510] BTRFS info (device loop0): trying to use backup root at mount time
[  100.936144][ T4269] EXT4-fs (loop4): unmounting filesystem.
[  100.942010][ T4510] BTRFS info (device loop0): setting nodatasum
[  100.949111][ T4510] BTRFS info (device loop0): enabling ssd optimizations
[  100.977852][ T4510] BTRFS info (device loop0): using spread ssd allocation scheme
[  101.041503][ T4510] BTRFS info (device loop0): turning on flush-on-commit
[  101.071866][ T4510] BTRFS info (device loop0): force zlib compression, level 3
[  101.127546][ T4510] BTRFS info (device loop0): using free space tree
[  101.228926][ T4284] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  101.416990][ T4510] BTRFS error (device loop0): open_ctree failed: -12
[  101.538699][ T4547] loop1: detected capacity change from 0 to 4096
[  101.669475][ T4547] ntfs3: loop1: Mark volume as dirty due to NTFS errors
[  101.740949][ T4547] ntfs3: loop1: Failed to load $Extend.
[  101.906007][   T26] audit: type=1800 audit(1775100960.463:2): pid=4547 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.62" name="file2" dev="loop1" ino=31 res=0 errno=0
[  103.397808][    T0] NOHZ tick-stop error: local softirq work is pending, handler #0a!!!
[  103.417828][    T0] NOHZ tick-stop error: local softirq work is pending, handler #0a!!!
[  103.427778][    T0] NOHZ tick-stop error: local softirq work is pending, handler #10a!!!
[  103.437787][    T0] NOHZ tick-stop error: local softirq work is pending, handler #10a!!!
[  103.447783][    T0] NOHZ tick-stop error: local softirq work is pending, handler #10a!!!
[  103.457786][    T0] NOHZ tick-stop error: local softirq work is pending, handler #10a!!!
[  103.467781][    T0] NOHZ tick-stop error: local softirq work is pending, handler #10a!!!
[  103.477780][    T0] NOHZ tick-stop error: local softirq work is pending, handler #18a!!!
[  103.879839][ T4581] loop1: detected capacity change from 0 to 128
[  104.098205][ T4581] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 1, start 0000000d)
[  104.137931][ T4581] FAT-fs (loop1): Filesystem has been set read-only
[  104.258112][ T4585] capability: warning: `syz.0.72' uses 32-bit capabilities (legacy support in use)
[  104.796501][ T2164] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  105.677828][ T2164] usb 4-1: Using ep0 maxpacket: 8
[  105.686780][ T2164] usb 4-1: config 65 has too many interfaces: 73, using maximum allowed: 32
[  105.756210][ T2164] usb 4-1: config 65 has 3 interfaces, different from the descriptor's value: 73
[  105.795651][ T2164] usb 4-1: config 65 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  105.855904][ T2164] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b1, bcdDevice= 0.40
[  105.886074][ T2164] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  105.919932][ T2164] usb 4-1: Product: syz
[  105.945451][ T2164] usb 4-1: Manufacturer: syz
[  105.963085][ T2164] usb 4-1: SerialNumber: syz
[  106.038674][ T4562] usb 1-1: new full-speed USB device number 2 using dummy_hcd
[  106.211960][ T2164] snd-usb-audio: probe of 4-1:65.0 failed with error -71
[  106.240378][ T4562] usb 1-1: unable to get BOS descriptor or descriptor too short
[  106.270569][ T4562] usb 1-1: not running at top speed; connect to a high speed hub
[  106.273918][ T2164] usb 4-1: USB disconnect, device number 2
[  106.312166][ T4562] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  106.354405][ T4562] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  106.375160][ T4562] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  106.429190][ T4562] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  106.438587][ T4562] usb 1-1: Product: syz
[  106.444532][ T4562] usb 1-1: Manufacturer: syz
[  106.451632][ T4562] usb 1-1: SerialNumber: syz
[  107.540648][ T4562] usb 1-1: 0:1 : does not exist
[  107.545770][ T4562] usb 1-1: 0:2 : does not exist
[  107.570446][ T4562] usb 1-1: 6:0: failed to get current value for ch 0 (-22)
[  107.638589][ T4562] usb 1-1: USB disconnect, device number 2
[  107.849275][ T4261] udevd[4261]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  107.922558][ T4606] input: syz0 as /devices/virtual/input/input5
[  109.239700][ T4618] loop0: detected capacity change from 0 to 128
[  109.708358][ T4618] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 1, start 0000000d)
[  109.737891][ T4618] FAT-fs (loop0): Filesystem has been set read-only
[  111.646595][   T52] block nbd2: Attempted send on invalid socket
[  111.653379][   T52] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  112.741308][   T52] block nbd2: Attempted send on invalid socket
[  112.747802][   T52] I/O error, dev nbd2, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  113.321979][ T4633] loop0: detected capacity change from 0 to 4096
[  114.355745][ T4651] syz.1.93 (4651): attempted to duplicate a private mapping with mremap.  This is not supported.
[  115.473995][ T4663] loop3: detected capacity change from 0 to 128
[  115.882101][ T4663] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 1, start 0000000d)
[  115.912544][ T4663] FAT-fs (loop3): Filesystem has been set read-only
[  116.097918][ T4666] loop4: detected capacity change from 0 to 32768
[  116.104910][ T4666] =======================================================
[  116.104910][ T4666] WARNING: The mand mount option has been deprecated and
[  116.104910][ T4666]          and is ignored by this kernel. Remove the mand
[  116.104910][ T4666]          option from the mount to silence this warning.
[  116.104910][ T4666] =======================================================
[  116.261137][ T4666] JBD2: Ignoring recovery information on journal
[  116.330997][ T4666] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  116.558015][ T4674] loop3: detected capacity change from 0 to 512
[  116.565845][ T4674] EXT4-fs: Ignoring removed nomblk_io_submit option
[  119.407676][   T52] block nbd1: Attempted send on invalid socket
[  119.414140][   T52] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  119.425160][   T52] block nbd1: Attempted send on invalid socket
[  119.431464][   T52] I/O error, dev nbd1, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  119.582431][ T4674] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  119.748649][ T4674] EXT4-fs: failed to create workqueue
[  119.768025][ T4674] EXT4-fs (loop3): mount failed
[  119.844381][ T4269] ocfs2: Unmounting device (7,4) on (node local)
[  120.267924][ T4284] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  120.276512][ T4284] Bluetooth: hci3: Injecting HCI hardware error event
[  120.284641][ T4273] Bluetooth: hci3: hardware error 0x00
[  121.517821][ T4320] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  121.728557][ T4320] usb 2-1: Using ep0 maxpacket: 8
[  121.736147][ T4320] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  121.815090][ T4320] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  121.863377][ T4320] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  121.931254][ T4320] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  121.972572][ T4320] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  121.995284][ T4320] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  122.006498][ T4320] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  122.228115][ T4702] loop3: detected capacity change from 0 to 128
[  122.253497][ T4702] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 1, start 0000000d)
[  122.263988][ T4702] FAT-fs (loop3): Filesystem has been set read-only
[  122.361314][ T4320] usb 2-1: usb_control_msg returned -32
[  122.367457][ T4320] usbtmc 2-1:16.0: can't read capabilities
[  123.227965][ T4273] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  124.077258][   T93] block nbd4: Attempted send on invalid socket
[  124.084819][   T93] I/O error, dev nbd4, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  124.095762][   T93] block nbd4: Attempted send on invalid socket
[  124.102506][   T93] I/O error, dev nbd4, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  124.394121][  T129] usb 2-1: USB disconnect, device number 5
[  125.679659][ T4714] loop2: detected capacity change from 0 to 2048
[  126.017253][ T4725] loop3: detected capacity change from 0 to 512
[  126.048221][ T4725] EXT4-fs: Ignoring removed nomblk_io_submit option
[  126.057666][ T4725] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  126.142960][ T4714] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  126.199544][ T4725] EXT4-fs (loop3): 1 truncate cleaned up
[  126.205423][ T4725] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  126.460650][ T4273] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  126.470791][ T4273] Bluetooth: hci1: Injecting HCI hardware error event
[  126.480619][ T4284] Bluetooth: hci1: hardware error 0x00
[  127.004177][ T4276] EXT4-fs (loop3): unmounting filesystem.
[  127.159722][ T4740] netlink: 'syz.4.123': attribute type 1 has an invalid length.
[  127.665206][   T52] block nbd0: Attempted send on invalid socket
[  127.671556][   T52] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  127.684135][   T52] block nbd0: Attempted send on invalid socket
[  127.690641][   T52] I/O error, dev nbd0, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  128.309273][ T4755] loop3: detected capacity change from 0 to 128
[  128.623749][ T4751] loop4: detected capacity change from 0 to 128
[  128.658003][ T4755] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 1, start 0000000d)
[  128.689021][ T4755] FAT-fs (loop3): Filesystem has been set read-only
[  128.870554][ T4751] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 1, start 0000000d)
[  128.912610][ T4261] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  129.916611][ T4284] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  129.968631][ T4751] FAT-fs (loop4): Filesystem has been set read-only
[  130.380105][ T4769] loop2: detected capacity change from 0 to 1024
[  130.541981][ T4769] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  130.576284][ T4773] loop4: detected capacity change from 0 to 512
[  130.639207][ T4773] EXT4-fs: Ignoring removed nomblk_io_submit option
[  130.767385][ T4773] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  130.787200][ T4769] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  132.313962][ T4773] EXT4-fs (loop4): 1 truncate cleaned up
[  132.906648][ T4773] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  132.919686][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  132.926652][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  133.595479][ T4269] EXT4-fs (loop4): unmounting filesystem.
[  133.637842][    T7] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  133.655786][ T4278] EXT4-fs (loop2): unmounting filesystem.
[  133.792942][ T4789] netlink: 12 bytes leftover after parsing attributes in process `syz.2.137'.
[  133.827839][    T7] usb 1-1: Using ep0 maxpacket: 8
[  133.835289][    T7] usb 1-1: config 65 has too many interfaces: 73, using maximum allowed: 32
[  133.862592][    T7] usb 1-1: config 65 has 3 interfaces, different from the descriptor's value: 73
[  133.906747][    T7] usb 1-1: config 65 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  133.961904][    T7] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b1, bcdDevice= 0.40
[  133.984890][    T7] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  134.002877][    T7] usb 1-1: Product: syz
[  134.021154][ T4791] loop4: detected capacity change from 0 to 2048
[  134.021958][    T7] usb 1-1: Manufacturer: syz
[  134.050201][    T7] usb 1-1: SerialNumber: syz
[  134.184828][ T4791] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  134.315335][    T7] snd-usb-audio: probe of 1-1:65.0 failed with error -71
[  134.387342][   T52] block nbd2: Attempted send on invalid socket
[  134.398769][   T52] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  134.414912][   T52] block nbd2: Attempted send on invalid socket
[  134.421895][   T52] I/O error, dev nbd2, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  134.523502][    T7] usb 1-1: USB disconnect, device number 3
[  134.937178][ T4791] xt_CT: You must specify a L4 protocol and not use inversions on it
[  135.076875][ T4269] EXT4-fs (loop4): unmounting filesystem.
[  135.333952][ T4801] netlink: 76 bytes leftover after parsing attributes in process `syz.2.140'.
[  136.606592][ T4811] loop0: detected capacity change from 0 to 32768
[  136.996281][ T4811] JBD2: Ignoring recovery information on journal
[  137.052781][ T4811] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  137.135970][ T4268] ocfs2: Unmounting device (7,0) on (node local)
[  138.058689][ T4824] loop4: detected capacity change from 0 to 512
[  138.097666][ T4824] EXT4-fs: Ignoring removed nomblk_io_submit option
[  138.147016][ T4824] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  138.192144][ T4826] device syzkaller0 entered promiscuous mode
[  138.227641][ T4824] EXT4-fs (loop4): 1 truncate cleaned up
[  138.242262][ T4824] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  138.290321][ T4829] binder_alloc: 4827: pid 4827 spamming oneway? 2 buffers allocated for a total size of 5120
[  138.497703][ T4834] binder_alloc: 4827: pid 4827 spamming oneway? 3 buffers allocated for a total size of 5128
[  139.089113][ T4269] EXT4-fs (loop4): unmounting filesystem.
[  139.105086][ T4837] loop3: detected capacity change from 0 to 128
[  139.218405][ T4837] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 1, start 0000000d)
[  139.247880][ T4837] FAT-fs (loop3): Filesystem has been set read-only
[  141.366405][   T52] block nbd1: Attempted send on invalid socket
[  141.376046][   T52] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  141.386007][   T52] block nbd1: Attempted send on invalid socket
[  141.392203][   T52] I/O error, dev nbd1, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  141.626904][ T4852] loop2: detected capacity change from 0 to 2048
[  141.764530][ T4852] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  142.930343][ T4852] xt_CT: You must specify a L4 protocol and not use inversions on it
[  143.646918][ T4278] EXT4-fs (loop2): unmounting filesystem.
[  143.957860][ T4373] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  143.991565][ T4870] loop4: detected capacity change from 0 to 32768
[  144.028023][ T4870] JBD2: Ignoring recovery information on journal
[  145.690119][ T4870] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  146.030313][ T4373] usb 2-1: Using ep0 maxpacket: 32
[  146.180044][ T4373] usb 2-1: config 0 has an invalid interface number: 51 but max is 0
[  146.428871][ T4373] usb 2-1: config 0 has no interface number 0
[  146.450558][ T4373] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  146.482134][ T4373] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  146.492582][ T4269] ocfs2: Unmounting device (7,4) on (node local)
[  146.495536][ T4880] loop2: detected capacity change from 0 to 512
[  146.506587][ T4373] usb 2-1: Product: syz
[  146.511796][ T4373] usb 2-1: Manufacturer: syz
[  146.533586][ T4880] EXT4-fs: Ignoring removed bh option
[  146.547586][ T4373] usb 2-1: SerialNumber: syz
[  146.613988][ T4880] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended
[  146.632081][ T4373] usb 2-1: config 0 descriptor??
[  146.683733][ T4373] usb 2-1: can't set config #0, error -71
[  146.769077][ T4373] usb 2-1: USB disconnect, device number 6
[  146.790602][ T4880] EXT4-fs (loop2): 1 truncate cleaned up
[  146.811599][ T4880] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  146.817896][ T4562] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  146.959887][ T4888] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.160: bg 0: block 465: padding at end of block bitmap is not set
[  147.044878][ T4562] usb 1-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  147.168361][ T4562] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  147.238494][ T4562] usb 1-1: Product: syz
[  147.701773][ T4562] usb 1-1: Manufacturer: syz
[  147.715725][ T4562] usb 1-1: SerialNumber: syz
[  147.862951][ T4891] binder_alloc: 4890: pid 4890 spamming oneway? 2 buffers allocated for a total size of 5120
[  147.888283][ T4891] binder_alloc: 4890: pid 4890 spamming oneway? 3 buffers allocated for a total size of 5128
[  147.908601][ T4278] EXT4-fs (loop2): unmounting filesystem.
[  148.056207][ T4894] loop2: detected capacity change from 0 to 2048
[  148.091189][ T4894] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  148.198973][ T4562] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -32
[  148.622591][ T4562] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -71
[  148.641239][ T4562] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  148.658622][ T4562] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  148.739201][ T4562] lan78xx: probe of 1-1:1.0 failed with error -71
[  148.753932][ T4562] usb 1-1: USB disconnect, device number 4
[  150.387140][ T4278] EXT4-fs (loop2): unmounting filesystem.
[  150.401349][ T4911] loop0: detected capacity change from 0 to 512
[  150.536556][ T4911] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  150.597955][ T4911] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  150.817342][ T4911] EXT4-fs (loop0): 1 truncate cleaned up
[  150.826666][ T4911] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  151.040351][ T4921] loop2: detected capacity change from 0 to 32768
[  151.070231][ T4920] device syzkaller0 entered promiscuous mode
[  151.070569][ T4268] EXT4-fs (loop0): unmounting filesystem.
[  151.198202][ T4921] JBD2: Ignoring recovery information on journal
[  151.450517][ T4921] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  152.666225][ T4278] ocfs2: Unmounting device (7,2) on (node local)
[  153.534743][ T4931] binder_alloc: 4930: pid 4930 spamming oneway? 2 buffers allocated for a total size of 5120
[  153.548841][ T4931] binder_alloc: 4930: pid 4930 spamming oneway? 3 buffers allocated for a total size of 5128
[  153.952324][ T4814] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  154.019679][ T4942] loop0: detected capacity change from 0 to 128
[  154.149734][ T4942] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 1, start 0000000d)
[  154.161262][ T4814] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  154.171560][ T4942] FAT-fs (loop0): Filesystem has been set read-only
[  154.194383][ T4814] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  154.271909][ T4814] usb 3-1: Product: syz
[  154.310321][ T4814] usb 3-1: Manufacturer: syz
[  154.346331][ T4814] usb 3-1: SerialNumber: syz
[  155.077874][ T4814] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000098. ret = -71
[  155.131606][ T4814] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -71
[  155.272959][ T4814] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  156.215374][ T4814] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  156.359123][ T4814] lan78xx: probe of 3-1:1.0 failed with error -71
[  156.421629][ T4814] usb 3-1: USB disconnect, device number 2
[  156.768170][ T4968] binder_alloc: 4966: pid 4966 spamming oneway? 2 buffers allocated for a total size of 5120
[  156.988013][    T7] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  157.198047][    T7] usb 2-1: Using ep0 maxpacket: 8
[  157.211430][    T7] usb 2-1: config 65 has too many interfaces: 73, using maximum allowed: 32
[  157.361879][    T7] usb 2-1: config 65 has 3 interfaces, different from the descriptor's value: 73
[  157.516983][    T7] usb 2-1: config 65 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  157.728586][    T7] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b1, bcdDevice= 0.40
[  157.818078][    T7] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  157.927680][    T7] usb 2-1: Product: syz
[  157.939124][    T7] usb 2-1: Manufacturer: syz
[  157.974760][    T7] usb 2-1: SerialNumber: syz
[  158.176226][ T4814] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  158.728720][    C0] raw-gadget.0 gadget.1: ignoring, device is not running
[  158.741318][ T4981] binder: BINDER_SET_CONTEXT_MGR already set
[  158.756153][    T7] snd-usb-audio: probe of 2-1:65.0 failed with error -71
[  158.788374][ T4981] binder: 4980:4981 ioctl 4018620d 200000000040 returned -16
[  158.820410][    T7] usb 2-1: USB disconnect, device number 7
[  158.997940][ T4814] usb 4-1: Using ep0 maxpacket: 16
[  159.139264][ T4989] loop2: detected capacity change from 0 to 32768
[  159.163302][ T4814] usb 4-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  159.204707][ T4814] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  159.223165][ T4989] JBD2: Ignoring recovery information on journal
[  159.304970][ T4814] usb 4-1: Product: syz
[  159.310371][ T4989] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  159.871058][ T4814] usb 4-1: Manufacturer: syz
[  159.875744][ T4814] usb 4-1: SerialNumber: syz
[  159.936192][ T4814] usb 4-1: config 0 descriptor??
[  160.005031][ T4994] loop1: detected capacity change from 0 to 2048
[  160.092281][ T4994] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  160.161402][   T22] usb 4-1: USB disconnect, device number 3
[  160.184715][ T4278] ocfs2: Unmounting device (7,2) on (node local)
[  161.512041][ T4274] EXT4-fs (loop1): unmounting filesystem.
[  162.138089][   T52] block nbd2: Attempted send on invalid socket
[  162.144415][   T52] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  162.155076][   T52] block nbd2: Attempted send on invalid socket
[  162.161519][   T52] I/O error, dev nbd2, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  162.967990][ T4814] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  163.247826][ T4814] usb 2-1: Using ep0 maxpacket: 8
[  163.258810][ T4814] usb 2-1: config 65 has too many interfaces: 73, using maximum allowed: 32
[  163.306294][ T4814] usb 2-1: config 65 has 3 interfaces, different from the descriptor's value: 73
[  163.347864][ T4814] usb 2-1: config 65 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  163.383912][ T4814] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b1, bcdDevice= 0.40
[  163.441208][ T4814] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  163.476837][ T4814] usb 2-1: Product: syz
[  163.496393][ T4814] usb 2-1: Manufacturer: syz
[  163.512208][ T4814] usb 2-1: SerialNumber: syz
[  163.640186][ T5035] loop4: detected capacity change from 0 to 128
[  163.673289][ T5035] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 1, start 0000000d)
[  163.693892][ T5035] FAT-fs (loop4): Filesystem has been set read-only
[  163.745159][ T4814] snd-usb-audio: probe of 2-1:65.0 failed with error -71
[  163.788900][ T4328] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  163.797155][ T4814] usb 2-1: USB disconnect, device number 8
[  163.989518][ T4328] usb 4-1: Using ep0 maxpacket: 8
[  164.004914][ T4328] usb 4-1: config 65 has too many interfaces: 73, using maximum allowed: 32
[  164.034190][ T4328] usb 4-1: config 65 has 3 interfaces, different from the descriptor's value: 73
[  164.052696][ T4328] usb 4-1: config 65 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  164.085556][ T4328] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b1, bcdDevice= 0.40
[  164.098342][ T4328] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  164.121354][ T4328] usb 4-1: Product: syz
[  164.125646][ T4328] usb 4-1: Manufacturer: syz
[  164.142053][ T4328] usb 4-1: SerialNumber: syz
[  164.389120][ T4328] snd-usb-audio: probe of 4-1:65.0 failed with error -71
[  164.461961][ T4328] usb 4-1: USB disconnect, device number 4
[  164.827911][ T2164] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  165.867818][ T2164] usb 3-1: Using ep0 maxpacket: 16
[  165.877014][ T2164] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  165.891012][ T2164] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  165.900278][ T2164] usb 3-1: Product: syz
[  165.904586][ T2164] usb 3-1: Manufacturer: syz
[  165.909599][ T2164] usb 3-1: SerialNumber: syz
[  165.942948][ T2164] usb 3-1: config 0 descriptor??
[  166.180190][ T4814] usb 3-1: USB disconnect, device number 3
[  167.669208][ T5074] loop1: detected capacity change from 0 to 2048
[  167.747410][ T5074] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  169.978339][  T129] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  170.208117][  T129] usb 5-1: Using ep0 maxpacket: 8
[  170.218951][  T129] usb 5-1: config 65 has too many interfaces: 73, using maximum allowed: 32
[  170.318719][  T129] usb 5-1: config 65 has 3 interfaces, different from the descriptor's value: 73
[  170.402843][  T129] usb 5-1: config 65 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  170.510083][  T129] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b1, bcdDevice= 0.40
[  170.737273][  T129] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  171.751999][  T129] usb 5-1: Product: syz
[  171.783854][  T129] usb 5-1: Manufacturer: syz
[  171.823316][  T129] usb 5-1: SerialNumber: syz
[  172.172240][  T129] snd-usb-audio: probe of 5-1:65.0 failed with error -71
[  172.180143][ T4814] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  172.397898][ T4814] usb 4-1: Using ep0 maxpacket: 8
[  172.425626][ T4814] usb 4-1: config 65 has too many interfaces: 73, using maximum allowed: 32
[  172.456569][  T129] usb 5-1: USB disconnect, device number 3
[  172.474677][ T4814] usb 4-1: config 65 has 3 interfaces, different from the descriptor's value: 73
[  172.536851][ T5091] loop0: detected capacity change from 0 to 128
[  172.541971][ T4814] usb 4-1: config 65 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  172.632637][ T5091] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 1, start 0000000d)
[  172.642417][ T4814] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b1, bcdDevice= 0.40
[  172.657939][ T5091] FAT-fs (loop0): Filesystem has been set read-only
[  172.687484][ T4814] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  172.738481][ T4814] usb 4-1: Product: syz
[  172.763150][ T4814] usb 4-1: Manufacturer: syz
[  172.777143][ T4814] usb 4-1: SerialNumber: syz
[  173.750618][ T4814] snd-usb-audio: probe of 4-1:65.0 failed with error -71
[  173.875348][ T5105] loop1: detected capacity change from 0 to 64
[  173.890830][ T5105] hfs: unable to parse mount options
[  175.748531][ T4814] usb 4-1: USB disconnect, device number 5
[  177.039102][ T5118] binder_alloc: 5117: pid 5117 spamming oneway? 2 buffers allocated for a total size of 5120
[  177.251524][ T5123] device syzkaller0 entered promiscuous mode
[  178.556615][ T5119] vidtv vidtv.0: No streaming. Skipping.
[  178.898622][ T5140] loop1: detected capacity change from 0 to 2048
[  179.044375][ T5140] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  180.760603][ T4274] EXT4-fs (loop1): unmounting filesystem.
[  181.832207][ T5166] loop4: detected capacity change from 0 to 64
[  181.843630][ T5166] hfs: unable to parse mount options
[  183.687249][ T5170] binder_alloc: 5163: pid 5163 spamming oneway? 2 buffers allocated for a total size of 5120
[  183.915588][ T5171] loop3: detected capacity change from 0 to 128
[  184.016757][ T5171] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 1, start 0000000d)
[  184.028255][ T5171] FAT-fs (loop3): Filesystem has been set read-only
[  184.904557][   T52] block nbd1: Attempted send on invalid socket
[  184.911009][   T52] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  184.922069][   T52] block nbd1: Attempted send on invalid socket
[  184.929359][   T52] I/O error, dev nbd1, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  185.133487][ T4328] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  185.357786][ T4328] usb 3-1: Using ep0 maxpacket: 8
[  185.386520][ T4328] usb 3-1: config 65 has too many interfaces: 73, using maximum allowed: 32
[  185.476480][ T4328] usb 3-1: config 65 has 3 interfaces, different from the descriptor's value: 73
[  185.544135][ T4328] usb 3-1: config 65 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  185.611824][ T4328] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b1, bcdDevice= 0.40
[  185.712081][ T4328] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  185.781350][ T5178] vidtv vidtv.0: No streaming. Skipping.
[  185.792324][ T4328] usb 3-1: Product: syz
[  185.823413][ T4328] usb 3-1: Manufacturer: syz
[  185.902016][ T4328] usb 3-1: SerialNumber: syz
[  186.672369][ T4328] snd-usb-audio: probe of 3-1:65.0 failed with error -71
[  186.689883][ T5198] loop0: detected capacity change from 0 to 2048
[  186.790473][ T4328] usb 3-1: USB disconnect, device number 4
[  188.378833][ T5207] loop4: detected capacity change from 0 to 64
[  188.393457][ T5207] hfs: unable to parse mount options
[  188.631805][ T5198] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  189.626798][ T5214] binder_alloc: 5213: pid 5213 spamming oneway? 2 buffers allocated for a total size of 5120
[  189.657478][ T4268] EXT4-fs (loop0): unmounting filesystem.
[  190.129971][ T5210] loop3: detected capacity change from 0 to 32768
[  190.222101][ T5220] loop0: detected capacity change from 0 to 128
[  190.345452][ T5220] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 1, start 0000000d)
[  190.356022][ T5220] FAT-fs (loop0): Filesystem has been set read-only
[  190.389128][ T5210] XFS (loop3): Mounting V5 Filesystem
[  190.758681][ T5210] XFS (loop3): Ending clean mount
[  190.833650][ T5210] XFS (loop3): Quotacheck needed: Please wait.
[  190.928869][ T5210] XFS (loop3): Quotacheck: Done.
[  191.968788][ T4276] XFS (loop3): Unmounting Filesystem
[  192.551572][ T5248] loop1: detected capacity change from 0 to 64
[  192.562882][ T5248] hfs: unable to parse mount options
[  193.492047][ T5252] device syzkaller0 entered promiscuous mode
[  193.784599][ T5258] binder_alloc: 5257: pid 5257 spamming oneway? 2 buffers allocated for a total size of 5120
[  193.876484][ T5261] binder: 5259:5261 ioctl 4018620d 0 returned -22
[  194.199372][ T5267] loop2: detected capacity change from 0 to 128
[  194.364842][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  194.373346][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  194.410077][ T5267] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 1, start 0000000d)
[  194.420804][ T5267] FAT-fs (loop2): Filesystem has been set read-only
[  199.422470][ T5295] loop4: detected capacity change from 0 to 64
[  199.432500][ T5295] hfs: unable to parse mount options
[  201.269417][ T4261] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  201.369563][ T5298] device syzkaller0 entered promiscuous mode
[  201.741399][ T5304] binder_alloc: 5301: pid 5301 spamming oneway? 2 buffers allocated for a total size of 5120
[  201.945318][ T5312] device syzkaller0 entered promiscuous mode
[  203.507727][    C1] sched: RT throttling activated
[  203.715532][ T5307] loop3: detected capacity change from 0 to 40427
[  203.848041][ T5307] F2FS-fs (loop3): Unrecognized mount option "age_extent_cache" or missing value
[  204.349762][ T5323] loop4: detected capacity change from 0 to 4096
[  204.442356][ T5323] ntfs3: loop4: Different NTFS' sector size (1024) and media sector size (512)
[  204.575860][ T5327] loop1: detected capacity change from 0 to 128
[  204.898126][ T5327] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 1, start 0000000d)
[  204.936598][ T5327] FAT-fs (loop1): Filesystem has been set read-only
[  205.128359][ T5333] loop2: detected capacity change from 0 to 64
[  205.141478][ T5333] hfs: unable to parse mount options
[  206.736098][ T4464] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  206.782443][ T4463] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  207.168315][ T5323] ntfs3: loop4: ino=1f, "file2" failed to open parent directory r=5 to update
[  208.085048][ T5341] binder_alloc: 5339: pid 5339 spamming oneway? 2 buffers allocated for a total size of 5120
[  208.332699][ T5108] ntfs3: loop4: ino=1f, failed to open parent directory r=5 to update
[  208.479539][ T5348] device syzkaller0 entered promiscuous mode
[  209.388680][ T5343] loop1: detected capacity change from 0 to 4096
[  209.424271][ T5343] ntfs3: Unknown parameter 'windows_names'
[  210.588398][   T22] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  210.720469][ T5372] loop2: detected capacity change from 0 to 128
[  210.807872][   T22] usb 1-1: Using ep0 maxpacket: 16
[  210.817292][ T5372] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 1, start 0000000d)
[  210.828643][   T22] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  210.828734][   T22] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  210.831365][   T22] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  210.841572][ T5372] FAT-fs (loop2): Filesystem has been set read-only
[  210.856315][   T22] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  210.877819][   T22] usb 1-1: Product: syz
[  210.882796][   T22] usb 1-1: Manufacturer: syz
[  210.890153][   T22] usb 1-1: SerialNumber: syz
[  211.238698][   T22] usb 1-1: 0:2 : does not exist
[  211.273651][   T22] usb 1-1: 5:0: failed to get current value for ch 0 (-22)
[  211.300074][   T22] usb 1-1: USB disconnect, device number 5
[  211.618487][ T4261] udevd[4261]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  211.926610][ T5381] netlink: 76 bytes leftover after parsing attributes in process `syz.4.313'.
[  212.824476][ T5388] loop2: detected capacity change from 0 to 128
[  212.930998][ T5388] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  214.258161][ T5388] hpfs: filesystem error: improperly stopped
[  214.333799][ T5388] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  214.343988][ T5388] hpfs: You really don't want any checks? You are crazy...
[  214.458658][ T5388] hpfs: hpfs_map_sector(): read error
[  214.488085][ T5388] hpfs: code page support is disabled
[  214.528754][ T5388] hpfs: hpfs_map_4sectors(): unaligned read
[  214.551161][ T5388] hpfs: hpfs_map_4sectors(): unaligned read
[  214.624103][ T5388] hpfs: filesystem error: unable to find root dir
[  214.711327][ T5388] hpfs: hpfs_map_4sectors(): unaligned read
[  215.174613][ T5388] hpfs: hpfs_map_sector(): read error
[  215.502490][ T5403] loop3: detected capacity change from 0 to 40427
[  215.529585][ T5403] F2FS-fs (loop3): Unrecognized mount option "age_extent_cache" or missing value
[  218.005908][ T5424] binder: 5419:5424 ioctl c0306201 0 returned -14
[  218.034029][ T5424] binder: 5419:5424 ioctl 4018620d 0 returned -22
[  218.114862][ T5425] netlink: 96 bytes leftover after parsing attributes in process `syz.4.327'.
[  220.129225][ T5433] device syzkaller0 entered promiscuous mode
[  220.216182][ T5435] netlink: 76 bytes leftover after parsing attributes in process `syz.3.330'.
[  220.384449][ T5438] device syzkaller0 entered promiscuous mode
[  220.696506][ T5446] binder: 5444:5446 ioctl 4018620d 0 returned -22
[  220.757605][ T5449] netlink: 96 bytes leftover after parsing attributes in process `syz.1.335'.
[  222.187254][   T52] block nbd0: Attempted send on invalid socket
[  222.194116][   T52] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  222.205625][   T52] block nbd0: Attempted send on invalid socket
[  222.213550][   T52] I/O error, dev nbd0, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  222.703293][ T5467] Bluetooth: MGMT ver 1.22
[  222.709034][ T5467] Bluetooth: hci0: invalid length 0, exp 2 for type 7
[  225.811443][ T5484] netlink: 76 bytes leftover after parsing attributes in process `syz.4.344'.
[  226.023554][ T5485] device syzkaller0 entered promiscuous mode
[  226.149788][   T26] audit: type=1326 audit(1775101084.703:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5492 comm="syz.3.348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f78d699c819 code=0x7ffc0000
[  226.244676][   T26] audit: type=1326 audit(1775101084.753:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5492 comm="syz.3.348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f78d699c819 code=0x7ffc0000
[  226.288792][   T26] audit: type=1326 audit(1775101084.753:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5492 comm="syz.3.348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f78d699c819 code=0x7ffc0000
[  226.317801][   T26] audit: type=1326 audit(1775101084.753:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5492 comm="syz.3.348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=92 compat=0 ip=0x7f78d699c819 code=0x7ffc0000
[  226.382801][   T26] audit: type=1326 audit(1775101084.753:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5492 comm="syz.3.348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f78d699c819 code=0x7ffc0000
[  226.416983][   T26] audit: type=1326 audit(1775101084.753:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5492 comm="syz.3.348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f78d699c819 code=0x7ffc0000
[  227.588061][   T26] audit: type=1326 audit(1775101084.753:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5492 comm="syz.3.348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f78d699c819 code=0x7ffc0000
[  227.805599][ T5504] binder: 5503:5504 ioctl 4018620d 0 returned -22
[  227.906247][   T52] block nbd3: Attempted send on invalid socket
[  227.918686][   T52] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  227.933563][   T52] block nbd3: Attempted send on invalid socket
[  227.941002][   T52] I/O error, dev nbd3, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  228.284991][ T5511] netlink: 96 bytes leftover after parsing attributes in process `syz.0.351'.
[  229.059776][ T5519] device syzkaller0 entered promiscuous mode
[  229.260184][ T4313] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  229.648160][ T4313] usb 3-1: Using ep0 maxpacket: 16
[  229.720430][ T4313] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  229.970396][ T4313] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  230.722793][ T4313] usb 3-1: Product: syz
[  230.728038][ T4313] usb 3-1: Manufacturer: syz
[  230.737792][ T4313] usb 3-1: SerialNumber: syz
[  230.758214][ T4313] usb 3-1: config 0 descriptor??
[  230.911752][ T5536] netlink: 76 bytes leftover after parsing attributes in process `syz.3.360'.
[  230.975743][ T4313] usb 3-1: USB disconnect, device number 5
[  230.989140][ T5538] device syzkaller0 entered promiscuous mode
[  232.873130][ T3600] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  233.009296][ T5551] binder: 5550:5551 ioctl 4018620d 0 returned -22
[  233.158712][ T3600] usb 4-1: Using ep0 maxpacket: 8
[  233.176748][ T5556] netlink: 96 bytes leftover after parsing attributes in process `syz.2.367'.
[  233.193044][ T3600] usb 4-1: config 65 has too many interfaces: 73, using maximum allowed: 32
[  233.254742][ T3600] usb 4-1: config 65 has 3 interfaces, different from the descriptor's value: 73
[  233.948716][ T5559] netlink: 8 bytes leftover after parsing attributes in process `syz.0.369'.
[  233.972628][ T3600] usb 4-1: config 65 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  234.018888][ T3600] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b1, bcdDevice= 0.40
[  234.040697][ T3600] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  234.058032][ T3600] usb 4-1: Product: syz
[  234.072529][ T3600] usb 4-1: Manufacturer: syz
[  234.082662][ T3600] usb 4-1: SerialNumber: syz
[  234.252052][ T3600] snd-usb-audio: probe of 4-1:65.0 failed with error -71
[  234.299361][ T3600] usb 4-1: USB disconnect, device number 6
[  235.189626][ T5575] netlink: 76 bytes leftover after parsing attributes in process `syz.2.374'.
[  235.292701][ T5578] device syzkaller0 entered promiscuous mode
[  238.347947][ T4373] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  238.547967][ T4373] usb 1-1: Using ep0 maxpacket: 32
[  238.554683][ T4373] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  238.576335][ T4373] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  238.588224][ T5596] binder: 5595:5596 ioctl 4018620d 0 returned -22
[  238.606865][ T4373] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  238.617020][ T4373] usb 1-1: Product: syz
[  238.639416][ T4373] usb 1-1: Manufacturer: syz
[  238.644087][ T4373] usb 1-1: SerialNumber: syz
[  238.650419][ T5600] netlink: 96 bytes leftover after parsing attributes in process `syz.4.382'.
[  238.788491][ T4373] usb 1-1: config 0 descriptor??
[  238.804773][ T5585] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  238.836282][ T4373] hub 1-1:0.0: bad descriptor, ignoring hub
[  239.558907][ T4373] hub: probe of 1-1:0.0 failed with error -5
[  239.820996][ T4314] usb 1-1: USB disconnect, device number 6
[  239.977374][ T5610] loop2: detected capacity change from 0 to 128
[  240.369617][ T5610] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 1, start 0000000d)
[  240.399082][ T5610] FAT-fs (loop2): Filesystem has been set read-only
[  240.617452][ T5620] loop2: detected capacity change from 0 to 1024
[  240.649651][ T5620] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  240.728166][ T5620] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  240.769857][    T7] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  241.118143][    T7] usb 5-1: Using ep0 maxpacket: 8
[  241.151373][    T7] usb 5-1: config 65 has too many interfaces: 73, using maximum allowed: 32
[  241.315491][ T5619] vidtv vidtv.0: No streaming. Skipping.
[  241.387767][    T7] usb 5-1: config 65 has 3 interfaces, different from the descriptor's value: 73
[  241.422301][    T7] usb 5-1: config 65 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  241.450765][ T5627] loop1: detected capacity change from 0 to 512
[  241.483671][    T7] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b1, bcdDevice= 0.40
[  241.520301][    T7] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  241.549879][ T5627] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  241.560779][    T7] usb 5-1: Product: syz
[  241.577026][    T7] usb 5-1: Manufacturer: syz
[  241.598243][    T7] usb 5-1: SerialNumber: syz
[  241.658780][ T5627] EXT4-fs error (device loop1): ext4_get_journal_inode:5756: comm syz.1.388: inode #1792: comm syz.1.388: iget: illegal inode #
[  241.813302][    T7] snd-usb-audio: probe of 5-1:65.0 failed with error -71
[  241.816256][ T5631] loop0: detected capacity change from 0 to 32768
[  241.857120][ T5631] JBD2: Ignoring recovery information on journal
[  241.897289][ T5631] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  241.931061][ T4278] EXT4-fs (loop2): unmounting filesystem.
[  241.933021][ T5627] EXT4-fs (loop1): Remounting filesystem read-only
[  241.988490][   T22] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  242.036787][    T7] usb 5-1: USB disconnect, device number 4
[  242.037839][ T5627] EXT4-fs (loop1): no journal found
[  242.051344][ T5627] EXT4-fs (loop1): can't get journal size
[  242.074125][ T5627] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended
[  242.102210][ T5627] EXT4-fs (loop1): Errors on filesystem, clearing orphan list.
[  242.110809][ T5627] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  242.178074][   T22] usb 4-1: Using ep0 maxpacket: 8
[  242.213714][   T22] usb 4-1: config 65 has too many interfaces: 73, using maximum allowed: 32
[  242.259258][   T22] usb 4-1: config 65 has 3 interfaces, different from the descriptor's value: 73
[  242.278933][   T22] usb 4-1: config 65 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  242.305132][   T22] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b1, bcdDevice= 0.40
[  242.317888][   T22] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  242.327274][   T22] usb 4-1: Product: syz
[  242.333507][   T22] usb 4-1: Manufacturer: syz
[  242.340256][   T22] usb 4-1: SerialNumber: syz
[  242.703473][   T22] snd-usb-audio: probe of 4-1:65.0 failed with error -71
[  242.735728][   T22] usb 4-1: USB disconnect, device number 7
[  242.804694][ T4268] ocfs2: Unmounting device (7,0) on (node local)
[  242.889549][ T5627] EXT4-fs error (device loop1): ext4_append:79: inode #2: comm syz.1.388: Logical block already allocated
[  242.981698][ T5627] EXT4-fs (loop1): Remounting filesystem read-only
[  243.656331][ T4274] EXT4-fs (loop1): unmounting filesystem.
[  243.808490][ T5654] binder: 5652:5654 ioctl 4018620d 0 returned -22
[  244.023512][ T5660] loop0: detected capacity change from 0 to 128
[  244.354148][ T5660] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 1, start 0000000d)
[  244.354248][ T5660] FAT-fs (loop0): Filesystem has been set read-only
[  244.443225][ T5659] netlink: 96 bytes leftover after parsing attributes in process `syz.2.396'.
[  244.934882][ T5673] loop0: detected capacity change from 0 to 1024
[  244.956402][ T5673] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  245.019560][ T5673] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  245.715711][ T4268] EXT4-fs (loop0): unmounting filesystem.
[  245.881299][ T5653] loop3: detected capacity change from 0 to 32768
[  245.975026][ T5653] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 scanned by syz.3.395 (5653)
[  246.187804][ T4320] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  246.427937][ T4320] usb 1-1: Using ep0 maxpacket: 8
[  246.452985][ T4320] usb 1-1: config 65 has too many interfaces: 73, using maximum allowed: 32
[  246.462404][ T4320] usb 1-1: config 65 has 3 interfaces, different from the descriptor's value: 73
[  246.473125][ T4320] usb 1-1: config 65 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  246.495031][ T4320] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b1, bcdDevice= 0.40
[  246.517788][ T4320] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  246.526985][ T4320] usb 1-1: Product: syz
[  246.531381][ T4320] usb 1-1: Manufacturer: syz
[  246.536715][ T4320] usb 1-1: SerialNumber: syz
[  246.663431][ T5653] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  246.674873][ T5653] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[  246.684630][ T5653] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  246.736946][ T5653] BTRFS info (device loop3): use zstd compression, level 3
[  246.804281][ T5653] BTRFS info (device loop3): using free space tree
[  246.829720][ T4320] snd-usb-audio: probe of 1-1:65.0 failed with error -71
[  246.919494][ T4320] usb 1-1: USB disconnect, device number 7
[  247.224005][ T5653] BTRFS error (device loop3): open_ctree failed: -12
[  247.225047][ T4261] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 scanned by udevd (4261)
[  248.051696][ T5684] loop1: detected capacity change from 0 to 32768
[  248.092185][ T5684] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.403 (5684)
[  248.537478][ T5684] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  248.719563][ T5684] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  248.921242][ T5684] BTRFS info (device loop1): enabling auto defrag
[  249.127813][ T5684] BTRFS info (device loop1): enabling ssd optimizations
[  249.135194][ T5684] BTRFS info (device loop1): using spread ssd allocation scheme
[  249.158561][ T5684] BTRFS info (device loop1): using free space tree
[  249.201624][ T5727] binder: 5726:5727 ioctl 4018620d 0 returned -22
[  249.264734][ T5738] netlink: 96 bytes leftover after parsing attributes in process `syz.3.410'.
[  249.527329][ T5748] loop4: detected capacity change from 0 to 128
[  249.880131][ T5684] BTRFS error (device loop1): open_ctree failed: -12
[  249.908006][ T5748] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 1, start 0000000d)
[  249.965115][ T4262] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by udevd (4262)
[  250.007090][ T5748] FAT-fs (loop4): Filesystem has been set read-only
[  250.519562][ T5760] loop3: detected capacity change from 0 to 1024
[  251.069535][ T5760] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  251.688840][ T5760] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  252.475149][ T4276] EXT4-fs (loop3): unmounting filesystem.
[  252.807887][ T5714] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  252.847904][ T4814] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  252.855459][   T27] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  252.997829][ T5714] usb 5-1: Using ep0 maxpacket: 8
[  253.005996][ T5714] usb 5-1: config 65 has too many interfaces: 73, using maximum allowed: 32
[  253.014820][ T5714] usb 5-1: config 65 has 3 interfaces, different from the descriptor's value: 73
[  253.024191][ T5714] usb 5-1: config 65 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  253.038505][ T5714] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b1, bcdDevice= 0.40
[  253.047789][ T4814] usb 2-1: Using ep0 maxpacket: 16
[  253.053005][ T5714] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  253.063554][   T27] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  253.072589][ T5714] usb 5-1: Product: syz
[  253.078125][   T27] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  253.088667][ T4814] usb 2-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  253.097817][ T5714] usb 5-1: Manufacturer: syz
[  253.102467][ T5714] usb 5-1: SerialNumber: syz
[  253.107650][ T4814] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  253.116134][ T4814] usb 2-1: Product: syz
[  253.120483][   T27] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  253.131940][ T4814] usb 2-1: Manufacturer: syz
[  253.139710][   T27] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  253.151231][ T4814] usb 2-1: SerialNumber: syz
[  253.159852][ T4814] usb 2-1: config 0 descriptor??
[  253.166808][   T27] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  253.177784][ T5707] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  253.187884][   T27] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  253.196003][   T27] usb 1-1: Product: syz
[  253.200325][   T27] usb 1-1: Manufacturer: syz
[  253.210202][   T27] cdc_wdm 1-1:1.0: skipping garbage
[  253.215552][   T27] cdc_wdm 1-1:1.0: skipping garbage
[  253.226341][   T27] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  253.232437][   T27] cdc_wdm 1-1:1.0: Unknown control protocol
[  253.358077][ T5714] snd-usb-audio: probe of 5-1:65.0 failed with error -71
[  253.367886][ T5707] usb 4-1: Using ep0 maxpacket: 16
[  253.387135][ T5707] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  253.428282][ T5714] usb 5-1: USB disconnect, device number 5
[  253.436599][ T5707] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  253.464660][   T27] usb 2-1: USB disconnect, device number 9
[  253.472668][ T5707] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  253.487756][ T5707] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  253.496214][ T5707] usb 4-1: Product: syz
[  253.500717][ T5707] usb 4-1: Manufacturer: syz
[  253.505460][ T5707] usb 4-1: SerialNumber: syz
[  253.547817][ T5708] usb 1-1: USB disconnect, device number 8
[  254.954987][ T5707] usb 4-1: 0:2 : does not exist
[  255.213981][ T5707] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[  255.321361][ T5792] binder: 5791:5792 ioctl 4018620d 0 returned -22
[  255.359961][ T5707] usb 4-1: USB disconnect, device number 8
[  255.392984][ T5793] netlink: 96 bytes leftover after parsing attributes in process `syz.3.425'.
[  255.618280][ T5799] loop1: detected capacity change from 0 to 128
[  255.644764][ T4261] udevd[4261]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  255.797993][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  255.805185][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  255.807802][ T5708] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  256.127827][ T5708] usb 5-1: Using ep0 maxpacket: 8
[  256.135051][ T5708] usb 5-1: config 65 has too many interfaces: 73, using maximum allowed: 32
[  256.168204][ T5708] usb 5-1: config 65 has 3 interfaces, different from the descriptor's value: 73
[  256.178352][ T5787] loop2: detected capacity change from 0 to 32768
[  256.209521][ T5708] usb 5-1: config 65 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  256.227379][ T5799] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 1, start 0000000d)
[  256.275435][ T5799] FAT-fs (loop1): Filesystem has been set read-only
[  256.284059][ T5787] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  256.306468][ T5708] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b1, bcdDevice= 0.40
[  256.318653][ T5787] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  256.330579][ T5708] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  256.340455][ T5708] usb 5-1: Product: syz
[  256.345890][ T5708] usb 5-1: Manufacturer: syz
[  256.351037][ T5708] usb 5-1: SerialNumber: syz
[  256.785221][ T5708] snd-usb-audio: probe of 5-1:65.0 failed with error -71
[  256.788481][ T5787] gfs2: fsid=syz:syz.0: journal 0 mapped with 3 extents in 32ms
[  256.898850][ T5708] usb 5-1: USB disconnect, device number 6
[  257.081002][   T27] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  257.103298][   T27] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  257.347507][   T27] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 244ms
[  257.459221][   T27] gfs2: fsid=syz:syz.0: jid=0: Done
[  257.465696][ T5787] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  258.494342][ T5787] gfs2: fsid=syz:syz.0: can't start logd thread: -4
[  259.083376][ T5825] loop4: detected capacity change from 0 to 2048
[  259.163904][ T5825] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  259.397357][ T5835] xt_CT: You must specify a L4 protocol and not use inversions on it
[  259.407778][ T5707] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  259.487990][    T7] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  259.607891][ T5707] usb 4-1: Using ep0 maxpacket: 16
[  259.617755][ T5707] usb 4-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  259.639022][ T5707] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  259.647384][ T5707] usb 4-1: Product: syz
[  259.654929][ T5707] usb 4-1: Manufacturer: syz
[  259.661075][ T5707] usb 4-1: SerialNumber: syz
[  259.677760][    T7] usb 2-1: Using ep0 maxpacket: 8
[  259.686387][ T5707] usb 4-1: config 0 descriptor??
[  259.701576][    T7] usb 2-1: config 65 has too many interfaces: 73, using maximum allowed: 32
[  259.747421][    T7] usb 2-1: config 65 has 3 interfaces, different from the descriptor's value: 73
[  259.772069][    T7] usb 2-1: config 65 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  259.782797][ T5834] loop2: detected capacity change from 0 to 32768
[  259.813439][    T7] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b1, bcdDevice= 0.40
[  259.838995][ T5834] XFS (loop2): Mounting V5 Filesystem
[  259.850413][    T7] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  259.887870][    T7] usb 2-1: Product: syz
[  259.892153][    T7] usb 2-1: Manufacturer: syz
[  259.899701][    T7] usb 2-1: SerialNumber: syz
[  259.900154][ T5707] usb 4-1: USB disconnect, device number 9
[  259.946721][ T5834] XFS (loop2): Ending clean mount
[  260.014998][ T5834] XFS (loop2): WARNING: Reset corrupted AGFL on AG 0. 1 blocks leaked. Please unmount and run xfs_repair.
[  260.639314][    T7] snd-usb-audio: probe of 2-1:65.0 failed with error -71
[  260.688155][    T7] usb 2-1: USB disconnect, device number 10
[  260.736365][ T4278] XFS (loop2): Unmounting Filesystem
[  261.406218][ T5857] loop0: detected capacity change from 0 to 128
[  261.758249][ T5857] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 1, start 0000000d)
[  261.785633][ T5857] FAT-fs (loop0): Filesystem has been set read-only
[  261.868179][ T5859] loop1: detected capacity change from 0 to 16
[  261.974080][ T5859] MTD: Attempt to mount non-MTD device "/dev/loop1"
[  263.098984][    T7] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  263.337929][    T7] usb 3-1: Using ep0 maxpacket: 8
[  263.348214][    T7] usb 3-1: config 65 has too many interfaces: 73, using maximum allowed: 32
[  263.369685][    T7] usb 3-1: config 65 has 3 interfaces, different from the descriptor's value: 73
[  263.699116][    T7] usb 3-1: config 65 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  263.842843][    T7] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b1, bcdDevice= 0.40
[  264.030279][    T7] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  264.058759][    T7] usb 3-1: Product: syz
[  264.063744][    T7] usb 3-1: Manufacturer: syz
[  264.071529][    T7] usb 3-1: SerialNumber: syz
[  264.307330][    T7] snd-usb-audio: probe of 3-1:65.0 failed with error -71
[  264.380720][    T7] usb 3-1: USB disconnect, device number 6
[  264.397461][ T4269] EXT4-fs (loop4): unmounting filesystem.
[  264.998082][ T5707] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  265.207907][ T5707] usb 4-1: Using ep0 maxpacket: 8
[  265.214926][ T5707] usb 4-1: config 65 has too many interfaces: 73, using maximum allowed: 32
[  265.225414][ T5707] usb 4-1: config 65 has 3 interfaces, different from the descriptor's value: 73
[  265.272202][ T5707] usb 4-1: config 65 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  265.292950][ T5707] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b1, bcdDevice= 0.40
[  265.310714][ T5707] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  265.319748][ T5707] usb 4-1: Product: syz
[  265.326807][ T5707] usb 4-1: Manufacturer: syz
[  265.541001][ T5902] loop2: detected capacity change from 0 to 32768
[  265.548922][ T5707] usb 4-1: SerialNumber: syz
[  265.560762][ T5902] JBD2: Ignoring recovery information on journal
[  265.621797][ T5902] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  266.331666][ T5707] snd-usb-audio: probe of 4-1:65.0 failed with error -71
[  266.419576][ T5707] usb 4-1: USB disconnect, device number 10
[  266.492203][ T4278] ocfs2: Unmounting device (7,2) on (node local)
[  266.609133][ T5912] netlink: 76 bytes leftover after parsing attributes in process `syz.4.458'.
[  266.637312][ T5910] loop0: detected capacity change from 0 to 2048
[  266.753341][ T5910] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  266.877963][ T4314] usb 2-1: new full-speed USB device number 11 using dummy_hcd
[  267.019761][ T5923] loop2: detected capacity change from 0 to 2048
[  267.153427][ T4314] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  267.165805][ T4314] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  267.189986][ T4314] usb 2-1: Product: syz
[  267.197168][ T4314] usb 2-1: Manufacturer: syz
[  267.208848][ T4314] usb 2-1: SerialNumber: syz
[  267.299195][ T5923] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  267.323620][ T4314] usb 2-1: config 0 descriptor??
[  267.374350][ T5932] tc_dump_action: action bad kind
[  267.401042][ T5933] xt_CT: You must specify a L4 protocol and not use inversions on it
[  267.644551][ T4314] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  267.847782][ T4313] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  268.189979][ T4313] usb 4-1: Using ep0 maxpacket: 8
[  268.639624][ T4313] usb 4-1: config 65 has too many interfaces: 73, using maximum allowed: 32
[  268.664490][ T4313] usb 4-1: config 65 has 3 interfaces, different from the descriptor's value: 73
[  268.728241][ T4313] usb 4-1: config 65 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  268.764532][ T4313] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b1, bcdDevice= 0.40
[  268.795958][ T4313] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  268.829840][ T4313] usb 4-1: Product: syz
[  268.839653][ T4313] usb 4-1: Manufacturer: syz
[  268.886754][ T4313] usb 4-1: SerialNumber: syz
[  269.198250][ T4313] snd-usb-audio: probe of 4-1:65.0 failed with error -71
[  269.775005][ T4314] dvb_usb_rtl28xxu: probe of 2-1:0.0 failed with error -71
[  269.806034][ T4313] usb 4-1: USB disconnect, device number 11
[  269.876587][ T4314] usb 2-1: USB disconnect, device number 11
[  270.395600][ T5951] loop3: detected capacity change from 0 to 32768
[  270.491315][ T5951] JBD2: Ignoring recovery information on journal
[  270.560888][ T5951] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  271.124762][ T5955] netlink: 76 bytes leftover after parsing attributes in process `syz.1.472'.
[  271.385873][ T4276] ocfs2: Unmounting device (7,3) on (node local)
[  272.877847][ T3600] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  273.068059][ T3600] usb 4-1: Using ep0 maxpacket: 8
[  273.078965][ T3600] usb 4-1: config 65 has too many interfaces: 73, using maximum allowed: 32
[  273.095306][ T3600] usb 4-1: config 65 has 3 interfaces, different from the descriptor's value: 73
[  273.108107][ T4268] EXT4-fs (loop0): unmounting filesystem.
[  273.152954][ T3600] usb 4-1: config 65 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  273.230392][ T3600] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b1, bcdDevice= 0.40
[  273.264590][ T3600] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  273.276693][ T3600] usb 4-1: Product: syz
[  273.281899][ T3600] usb 4-1: Manufacturer: syz
[  273.286823][ T3600] usb 4-1: SerialNumber: syz
[  275.716052][ T4278] EXT4-fs (loop2): unmounting filesystem.
[  275.792397][ T3600] snd-usb-audio: probe of 4-1:65.0 failed with error -71
[  275.867592][   T26] audit: type=1326 audit(1775101134.423:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5978 comm="syz.1.481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f555479c819 code=0x7ffc0000
[  275.907912][ T3600] usb 4-1: USB disconnect, device number 12
[  275.958104][   T26] audit: type=1326 audit(1775101134.433:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5978 comm="syz.1.481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=19 compat=0 ip=0x7f555479c819 code=0x7ffc0000
[  276.067838][   T26] audit: type=1326 audit(1775101134.433:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5978 comm="syz.1.481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f555479c819 code=0x7ffc0000
[  276.177190][ T5986] loop2: detected capacity change from 0 to 256
[  276.247105][ T5984] loop4: detected capacity change from 0 to 32768
[  276.251970][   T26] audit: type=1326 audit(1775101134.433:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5978 comm="syz.1.481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f555479c819 code=0x7ffc0000
[  276.352733][ T5986] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[  276.500468][ T5984] JBD2: Ignoring recovery information on journal
[  276.506116][ T5994] netlink: 76 bytes leftover after parsing attributes in process `syz.0.486'.
[  276.547798][ T3600] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  276.556677][   T26] audit: type=1800 audit(1775101135.113:14): pid=5986 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.480" name="bus" dev="loop2" ino=1048595 res=0 errno=0
[  276.560655][ T5984] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  276.824016][ T3600] usb 4-1: Using ep0 maxpacket: 8
[  276.861496][ T3600] usb 4-1: config 65 has too many interfaces: 73, using maximum allowed: 32
[  277.151036][ T3600] usb 4-1: config 65 has 3 interfaces, different from the descriptor's value: 73
[  277.304088][ T3600] usb 4-1: config 65 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  277.343875][ T3600] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b1, bcdDevice= 0.40
[  277.343923][ T3600] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  277.343945][ T3600] usb 4-1: Product: syz
[  277.343961][ T3600] usb 4-1: Manufacturer: syz
[  277.343976][ T3600] usb 4-1: SerialNumber: syz
[  277.374001][ T4269] ocfs2: Unmounting device (7,4) on (node local)
[  277.617810][ T3600] snd-usb-audio: probe of 4-1:65.0 failed with error -71
[  278.516255][ T3600] usb 4-1: USB disconnect, device number 13
[  279.309225][ T6012] loop1: detected capacity change from 0 to 2048
[  279.326260][ T6017] device syzkaller0 entered promiscuous mode
[  279.419459][ T6012] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  279.823639][ T6031] xt_CT: You must specify a L4 protocol and not use inversions on it
[  282.441135][ T6040] netlink: 76 bytes leftover after parsing attributes in process `syz.0.497'.
[  282.660939][ T6042] loop3: detected capacity change from 0 to 32768
[  282.734290][ T6042] JBD2: Ignoring recovery information on journal
[  282.955209][ T6042] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  284.559162][ T6052] wlan1 speed is unknown, defaulting to 1000
[  284.565446][ T6052] wlan1 speed is unknown, defaulting to 1000
[  284.574727][ T6052] wlan1 speed is unknown, defaulting to 1000
[  284.584306][ T6052] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  284.595889][ T6052] infiniband óyz2: RDMA CMA: cma_listen_on_dev, error -98
[  284.793615][ T6052] wlan1 speed is unknown, defaulting to 1000
[  284.800689][ T6052] wlan1 speed is unknown, defaulting to 1000
[  284.808334][ T6052] wlan1 speed is unknown, defaulting to 1000
[  284.815029][ T6052] wlan1 speed is unknown, defaulting to 1000
[  284.822480][ T6052] wlan1 speed is unknown, defaulting to 1000
[  286.634328][ T4276] ocfs2: Unmounting device (7,3) on (node local)
[  288.773239][ T6066] ubi31: attaching mtd0
[  288.780646][ T6066] ubi31: scanning is finished
[  288.785385][ T6066] ubi31: empty MTD device detected
[  288.857359][ T6066] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  288.865216][ T6066] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  288.872735][ T6066] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  288.880587][ T6066] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  288.888218][ T6066] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  288.895112][ T6066] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  288.903423][ T6066] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2934399898
[  288.913645][ T6066] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  288.967857][ T6074] ubi31: background thread "ubi_bgt31d" started, PID 6074
[  289.117102][ T6076] device syzkaller0 entered promiscuous mode
[  292.362799][ T6106] loop2: detected capacity change from 0 to 512
[  292.489266][ T6106] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[  292.533206][ T6106] EXT4-fs error (device loop2): ext4_get_journal_inode:5756: comm syz.2.514: inode #1792: comm syz.2.514: iget: illegal inode #
[  292.641077][ T6106] EXT4-fs (loop2): Remounting filesystem read-only
[  292.655373][ T6106] EXT4-fs (loop2): no journal found
[  292.662158][ T6108] loop3: detected capacity change from 0 to 64
[  292.697029][ T6106] EXT4-fs (loop2): can't get journal size
[  292.749324][ T6106] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended
[  292.754991][ T4274] EXT4-fs (loop1): unmounting filesystem.
[  292.769197][ T6108] hfs: unable to locate alternate MDB
[  292.774716][ T6108] hfs: continuing without an alternate MDB
[  292.801470][ T6106] EXT4-fs (loop2): Errors on filesystem, clearing orphan list.
[  292.826264][ T6106] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  292.912519][ T6106] EXT4-fs error (device loop2): ext4_append:79: inode #2: comm syz.2.514: Logical block already allocated
[  292.987115][ T6106] EXT4-fs (loop2): Remounting filesystem read-only
[  294.089261][ T6115] netlink: 76 bytes leftover after parsing attributes in process `syz.3.517'.
[  294.095061][ T4278] EXT4-fs (loop2): unmounting filesystem.
[  294.561164][ T6119] loop0: detected capacity change from 0 to 8192
[  297.513417][ T6140] loop3: detected capacity change from 0 to 1024
[  297.649674][ T6147] loop1: detected capacity change from 0 to 2048
[  297.698350][ T6140] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945)
[  297.760174][ T6140] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  297.838330][ T6140] EXT4-fs (loop3): orphan cleanup on readonly fs
[  297.870571][ T6140] EXT4-fs error (device loop3): ext4_read_inode_bitmap:168: comm syz.3.523: Inode bitmap for bg 0 marked uninitialized
[  297.894931][ T6147] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  298.033647][ T6140] EXT4-fs (loop3): Remounting filesystem read-only
[  298.049249][ T6140] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  299.364312][ T6157] xt_CT: You must specify a L4 protocol and not use inversions on it
[  299.490181][ T4276] EXT4-fs (loop3): unmounting filesystem.
[  299.956440][ T6164] loop2: detected capacity change from 0 to 1024
[  300.009686][ T6164] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  300.915875][ T4274] EXT4-fs (loop1): unmounting filesystem.
[  300.955003][ T6164] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  301.046633][ T6168] syz.3.531 uses obsolete (PF_INET,SOCK_PACKET)
[  301.223495][ T4278] EXT4-fs (loop2): unmounting filesystem.
[  301.270542][ T6176] loop0: detected capacity change from 0 to 128
[  301.366310][ T6176] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 1, start 0000000d)
[  301.378774][ T6176] FAT-fs (loop0): Filesystem has been set read-only
[  301.837400][ T6178] loop2: detected capacity change from 0 to 64
[  301.937280][ T6178] device erspan0 entered promiscuous mode
[  301.973507][ T6178] device vlan2 entered promiscuous mode
[  303.870964][ T6201] loop3: detected capacity change from 0 to 2048
[  305.539417][ T6201] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  306.369299][ T6217] xt_CT: You must specify a L4 protocol and not use inversions on it
[  306.473580][ T6219] loop1: detected capacity change from 0 to 1024
[  306.720775][ T6219] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  306.951530][ T6219] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  307.074531][ T4276] EXT4-fs (loop3): unmounting filesystem.
[  307.849182][ T4274] EXT4-fs (loop1): unmounting filesystem.
[  308.235575][ T6237] netlink: 'syz.1.547': attribute type 10 has an invalid length.
[  308.379731][ T6237] team0: Device vxcan1 is of different type
[  311.470911][ T6263] loop4: detected capacity change from 0 to 2048
[  311.604310][ T6270] loop0: detected capacity change from 0 to 2048
[  311.616200][ T6270] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  311.636221][ T6263] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  314.011677][ T6277] loop3: detected capacity change from 0 to 1024
[  314.290908][ T6277] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  314.684081][ T6277] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  315.624706][ T4269] EXT4-fs (loop4): unmounting filesystem.
[  315.678716][ T4276] EXT4-fs (loop3): unmounting filesystem.
[  315.870098][ T6285] binder: 6284:6285 ioctl 4018620d 0 returned -22
[  315.938846][ T6286] binder: 6284:6286 ioctl c0306201 0 returned -14
[  317.732059][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  317.748166][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  320.030684][ T6327] loop1: detected capacity change from 0 to 1024
[  320.063546][ T6324] loop3: detected capacity change from 0 to 2048
[  320.131873][ T6327] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  320.306074][ T6324] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  320.404731][ T6327] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  322.169881][ T6339] xt_CT: You must specify a L4 protocol and not use inversions on it
[  322.315393][ T4274] EXT4-fs (loop1): unmounting filesystem.
[  322.364321][ T4276] EXT4-fs (loop3): unmounting filesystem.
[  322.745756][ T6349] binder: 6345:6349 ioctl 4018620d 0 returned -22
[  322.812097][ T6351] binder: 6345:6351 ioctl c0306201 0 returned -14
[  325.607895][ T5708] usb 2-1: new full-speed USB device number 12 using dummy_hcd
[  325.913404][ T5708] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  325.936946][ T5708] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  325.967803][    T7] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  325.975513][ T5708] usb 2-1: Product: syz
[  325.987461][ T5708] usb 2-1: Manufacturer: syz
[  326.002896][ T5708] usb 2-1: SerialNumber: syz
[  326.052267][ T5708] usb 2-1: config 0 descriptor??
[  326.157878][    T7] usb 5-1: Using ep0 maxpacket: 8
[  326.179196][    T7] usb 5-1: config 65 has too many interfaces: 73, using maximum allowed: 32
[  326.312476][ T5708] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  326.992012][    T7] usb 5-1: config 65 has 3 interfaces, different from the descriptor's value: 73
[  327.001556][    T7] usb 5-1: config 65 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  327.039589][    T7] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b1, bcdDevice= 0.40
[  327.044656][ T6371] loop2: detected capacity change from 0 to 1024
[  327.057870][    T7] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  327.072537][    T7] usb 5-1: Product: syz
[  327.076777][    T7] usb 5-1: Manufacturer: syz
[  327.081794][    T7] usb 5-1: SerialNumber: syz
[  327.109936][ T6371] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  327.259333][ T6371] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  327.527978][    T7] snd-usb-audio: probe of 5-1:65.0 failed with error -71
[  327.797057][ T5708] dvb_usb_rtl28xxu: probe of 2-1:0.0 failed with error -71
[  327.811798][ T5708] usb 2-1: USB disconnect, device number 12
[  328.010782][    T7] usb 5-1: USB disconnect, device number 7
[  328.170700][ T4278] EXT4-fs (loop2): unmounting filesystem.
[  328.344755][ T6386] loop2: detected capacity change from 0 to 256
[  329.974143][ T6386] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[  330.388466][ T6401] process 'syz.3.592' launched './file0' with NULL argv: empty string added
[  331.027908][ T4319] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  331.767591][ T4319] usb 1-1: Using ep0 maxpacket: 16
[  331.915026][ T4319] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  331.924803][ T6413] loop3: detected capacity change from 0 to 2048
[  332.137739][ T4319] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  332.440427][ T4319] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  332.482030][ T6413] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  332.511334][ T4319] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  332.557887][ T4319] usb 1-1: Product: syz
[  332.576410][ T4319] usb 1-1: Manufacturer: syz
[  332.619053][ T4319] usb 1-1: SerialNumber: syz
[  332.687865][ T5714] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  332.691500][ T6426] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1126: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters
[  332.734313][ T6426] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 34 with error 28
[  332.766708][ T6426] EXT4-fs (loop3): This should not happen!! Data will be lost
[  332.766708][ T6426] 
[  332.841264][ T6426] EXT4-fs (loop3): Total free blocks count 0
[  332.877971][ T5714] usb 5-1: Using ep0 maxpacket: 8
[  332.884517][ T6426] EXT4-fs (loop3): Free/Dirty block details
[  332.895953][ T5714] usb 5-1: config 65 has too many interfaces: 73, using maximum allowed: 32
[  332.915404][ T6426] EXT4-fs (loop3): free_blocks=66060288
[  332.916422][ T5714] usb 5-1: config 65 has 3 interfaces, different from the descriptor's value: 73
[  332.941548][ T5714] usb 5-1: config 65 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  332.956854][ T6426] EXT4-fs (loop3): dirty_blocks=48
[  332.969301][ T6429] loop1: detected capacity change from 0 to 1024
[  332.975840][ T6426] EXT4-fs (loop3): Block reservation details
[  332.983504][ T5714] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b1, bcdDevice= 0.40
[  332.993313][ T6426] EXT4-fs (loop3): i_reserved_data_blocks=3
[  333.013672][ T5714] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  333.022360][ T6429] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  333.047082][ T4319] usb 1-1: 0:2 : does not exist
[  333.060585][ T4319] usb 1-1: 5:0: failed to get current value for ch 0 (-22)
[  333.100494][ T5714] usb 5-1: Product: syz
[  333.104733][ T5714] usb 5-1: Manufacturer: syz
[  333.129391][ T4319] usb 1-1: USB disconnect, device number 9
[  333.179573][ T5714] usb 5-1: SerialNumber: syz
[  333.199004][ T6429] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  334.820200][ T4261] udevd[4261]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  334.892400][ T5714] snd-usb-audio: probe of 5-1:65.0 failed with error -71
[  335.092024][ T5714] usb 5-1: USB disconnect, device number 8
[  335.543785][ T6439] loop0: detected capacity change from 0 to 64
[  335.555006][ T6439] hfs: unable to locate alternate MDB
[  335.561562][ T6439] hfs: continuing without an alternate MDB
[  335.641273][ T4436] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 2 with error 28
[  335.720586][ T4274] EXT4-fs (loop1): unmounting filesystem.
[  336.013114][ T6447] loop1: detected capacity change from 0 to 256
[  336.072348][ T6447] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[  336.277568][ T6449] netlink: 24 bytes leftover after parsing attributes in process `syz.0.608'.
[  336.335811][ T6449] netlink: 24 bytes leftover after parsing attributes in process `syz.0.608'.
[  336.567943][ T5749] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  336.757780][ T5749] usb 4-1: Using ep0 maxpacket: 8
[  336.776181][ T5749] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  336.818623][ T5749] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  336.829306][ T5749] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  336.840348][ T5749] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  336.850970][ T5749] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  336.865396][ T5749] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  336.879489][ T5749] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  337.130786][ T5749] usb 4-1: usb_control_msg returned -32
[  337.136542][ T5749] usbtmc 4-1:16.0: can't read capabilities
[  337.434890][ T6468] loop2: detected capacity change from 0 to 1024
[  337.473703][ T6468] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  337.488537][ T6464] netlink: 'syz.1.612': attribute type 1 has an invalid length.
[  337.544863][ T6472] usbtmc 4-1:16.0: INITIATE_ABORT_BULK_IN returned 0
[  337.556495][ T6464] 8021q: adding VLAN 0 to HW filter on device bond1
[  337.652841][ T6468] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  337.762410][ T5749] usb 4-1: USB disconnect, device number 14
[  338.603327][ T6474] bond1: (slave veth3): Enslaving as an active interface with a down link
[  338.630506][ T4278] EXT4-fs (loop2): unmounting filesystem.
[  338.732208][ T6464] bond1: (slave dummy0): making interface the new active one
[  338.746838][ T6485] loop3: detected capacity change from 0 to 64
[  338.789753][ T6464] device dummy0 entered promiscuous mode
[  338.796112][ T6464] bond1: (slave dummy0): Enslaving as an active interface with an up link
[  338.835310][ T6485] hfs: unable to locate alternate MDB
[  338.843634][ T6479] netlink: 14 bytes leftover after parsing attributes in process `syz.1.612'.
[  338.873148][ T6487] loop0: detected capacity change from 0 to 2048
[  338.902618][ T6485] hfs: continuing without an alternate MDB
[  338.955570][ T6487] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  339.008314][ T6479] bond1: (slave dummy0): Releasing active interface
[  339.018578][ T6479] device dummy0 left promiscuous mode
[  339.315015][ T6496] loop3: detected capacity change from 0 to 256
[  339.375388][ T6496] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[  339.398366][ T6493] device syzkaller0 entered promiscuous mode
[  339.835625][   T26] audit: type=1800 audit(1775101198.393:15): pid=6496 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.621" name="bus" dev="loop3" ino=1048599 res=0 errno=0
[  339.857075][ T6494] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1126: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters
[  339.905752][ T6494] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 34 with error 28
[  339.937834][ T6494] EXT4-fs (loop0): This should not happen!! Data will be lost
[  339.937834][ T6494] 
[  339.951531][ T6494] EXT4-fs (loop0): Total free blocks count 0
[  339.959494][ T6494] EXT4-fs (loop0): Free/Dirty block details
[  339.969919][ T6494] EXT4-fs (loop0): free_blocks=66060288
[  339.976580][ T6494] EXT4-fs (loop0): dirty_blocks=48
[  339.984158][ T6494] EXT4-fs (loop0): Block reservation details
[  339.995316][ T6494] EXT4-fs (loop0): i_reserved_data_blocks=3
[  340.233568][ T4268] EXT4-fs (loop0): unmounting filesystem.
[  340.402079][ T6509] binder: 6506:6509 ioctl 4018620d 0 returned -22
[  340.469735][ T6510] binder: 6506:6510 ioctl c0306201 0 returned -14
[  341.277383][ T6483] loop4: detected capacity change from 0 to 32768
[  341.376762][ T6522] loop2: detected capacity change from 0 to 1024
[  341.395375][ T6522] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  341.396234][ T6483] JBD2: Ignoring recovery information on journal
[  341.460295][ T6530] loop0: detected capacity change from 0 to 1024
[  341.470401][ T6528] i2c i2c-0: Frontend requested software zigzag, but didn't set the frequency step size
[  341.500024][ T6530] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945)
[  341.535861][ T6530] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  341.549749][ T6522] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  341.567428][ T6483] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  341.595284][ T6530] EXT4-fs (loop0): orphan cleanup on readonly fs
[  341.636124][ T6530] EXT4-fs error (device loop0): ext4_read_inode_bitmap:168: comm syz.0.630: Inode bitmap for bg 0 marked uninitialized
[  341.671307][ T6536] loop3: detected capacity change from 0 to 64
[  341.680121][ T6536] hfs: unable to locate alternate MDB
[  341.694114][ T6536] hfs: continuing without an alternate MDB
[  341.758301][ T6530] EXT4-fs (loop0): Remounting filesystem read-only
[  341.778153][ T6530] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  341.792809][ T4278] EXT4-fs (loop2): unmounting filesystem.
[  341.842004][ T4269] ocfs2: Unmounting device (7,4) on (node local)
[  343.316875][ T4268] EXT4-fs (loop0): unmounting filesystem.
[  343.460954][ T6547] device syzkaller0 entered promiscuous mode
[  344.383568][ T6564] binder: 6562:6564 ioctl 4018620d 0 returned -22
[  344.450230][ T6565] binder: 6562:6565 ioctl c0306201 0 returned -14
[  346.130526][ T6577] loop4: detected capacity change from 0 to 1024
[  346.142789][ T6580] loop3: detected capacity change from 0 to 2048
[  346.149584][ T6577] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  346.188611][ T6580] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  346.257882][   T14] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  346.291825][ T6577] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  347.727815][   T14] usb 3-1: Using ep0 maxpacket: 16
[  347.748414][   T14] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  347.865117][   T14] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  347.939558][   T14] usb 3-1: Product: syz
[  347.981420][   T14] usb 3-1: Manufacturer: syz
[  348.012926][   T14] usb 3-1: SerialNumber: syz
[  348.181187][   T14] usb 3-1: config 0 descriptor??
[  348.470284][ T4269] EXT4-fs (loop4): unmounting filesystem.
[  349.009991][ T4319] usb 3-1: USB disconnect, device number 7
[  351.554591][ T6600] loop3: detected capacity change from 0 to 16
[  351.624351][ T6600] MTD: Attempt to mount non-MTD device "/dev/loop3"
[  351.669582][ T6603] device syzkaller0 entered promiscuous mode
[  351.861500][ T6609] binder: 6606:6609 ioctl 4018620d 0 returned -22
[  351.927006][ T6610] binder: 6606:6610 ioctl c0306201 0 returned -14
[  353.066764][ T6618] loop0: detected capacity change from 0 to 1024
[  353.080815][ T6618] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  353.954901][ T6618] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  354.617708][ T4268] EXT4-fs (loop0): unmounting filesystem.
[  354.742974][ T6638] usb usb8: usbfs: process 6638 (syz.4.659) did not claim interface 0 before use
[  355.036395][ T6641] loop1: detected capacity change from 0 to 512
[  355.724883][ T6641] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  355.756596][ T6641] EXT4-fs error (device loop1): ext4_get_journal_inode:5756: comm syz.1.661: inode #1792: comm syz.1.661: iget: illegal inode #
[  355.959497][ T6641] EXT4-fs (loop1): Remounting filesystem read-only
[  356.047324][ T6641] EXT4-fs (loop1): no journal found
[  356.221890][ T6641] EXT4-fs (loop1): can't get journal size
[  356.398393][ T6641] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended
[  356.448470][ T6647] device syzkaller0 entered promiscuous mode
[  356.468981][ T6641] EXT4-fs (loop1): Errors on filesystem, clearing orphan list.
[  356.476721][ T6641] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  356.724002][ T4274] EXT4-fs (loop1): unmounting filesystem.
[  356.994025][ T6657] binder: 6655:6657 ioctl 4018620d 0 returned -22
[  357.058719][ T6658] binder: 6655:6658 ioctl c0306201 0 returned -14
[  357.829442][ T6660] loop0: detected capacity change from 0 to 64
[  357.836748][ T6660] hfs: unable to parse mount options
[  357.950640][ T4261] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  358.600706][ T6670] loop3: detected capacity change from 0 to 1024
[  358.891968][ T6670] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  359.116481][ T6670] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  359.274903][ T4276] EXT4-fs (loop3): unmounting filesystem.
[  359.574287][ T6688] loop0: detected capacity change from 0 to 512
[  359.996090][ T6688] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[  360.091285][ T6688] EXT4-fs error (device loop0): ext4_get_journal_inode:5756: comm syz.0.678: inode #1792: comm syz.0.678: iget: illegal inode #
[  360.105875][ T6689] device syzkaller0 entered promiscuous mode
[  360.157205][ T6688] EXT4-fs (loop0): Remounting filesystem read-only
[  360.168547][ T6688] EXT4-fs (loop0): no journal found
[  360.173792][ T6688] EXT4-fs (loop0): can't get journal size
[  360.192784][ T6688] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended
[  361.020101][ T6688] EXT4-fs (loop0): Errors on filesystem, clearing orphan list.
[  361.035974][ T6702] loop1: detected capacity change from 0 to 2048
[  361.102412][ T6688] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  361.250541][ T6699] binder: 6697:6699 ioctl 4018620d 0 returned -22
[  361.309322][ T6700] binder: 6697:6700 ioctl c0306201 0 returned -14
[  361.325160][ T6702] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  361.602176][ T6709] loop3: detected capacity change from 0 to 64
[  361.609168][ T6709] hfs: unable to parse mount options
[  361.671399][ T4268] EXT4-fs (loop0): unmounting filesystem.
[  361.904053][ T6711] xt_CT: You must specify a L4 protocol and not use inversions on it
[  362.377219][ T4274] EXT4-fs (loop1): unmounting filesystem.
[  363.453865][ T6721] loop3: detected capacity change from 0 to 256
[  363.501406][ T6721] FAT-fs (loop3): Directory bread(block 64) failed
[  363.559483][ T6721] FAT-fs (loop3): Directory bread(block 65) failed
[  363.606553][ T6721] FAT-fs (loop3): Directory bread(block 66) failed
[  363.623827][ T6721] FAT-fs (loop3): Directory bread(block 67) failed
[  363.647811][ T6723] loop0: detected capacity change from 0 to 1024
[  363.648117][ T6721] FAT-fs (loop3): Directory bread(block 68) failed
[  363.684567][ T6721] FAT-fs (loop3): Directory bread(block 69) failed
[  363.691443][ T6723] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  363.704516][ T6721] FAT-fs (loop3): Directory bread(block 70) failed
[  363.711933][ T6721] FAT-fs (loop3): Directory bread(block 71) failed
[  363.722828][ T6721] FAT-fs (loop3): Directory bread(block 72) failed
[  363.757140][ T6721] FAT-fs (loop3): Directory bread(block 73) failed
[  363.793963][ T6723] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  363.960441][ T4268] EXT4-fs (loop0): unmounting filesystem.
[  364.091540][   T26] audit: type=1800 audit(1775101222.653:16): pid=6721 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.685" name="file1" dev="loop3" ino=1048600 res=0 errno=0
[  364.112265][    C1] vkms_vblank_simulate: vblank timer overrun
[  364.317886][ T4814] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  364.566250][ T4814] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  364.655553][ T4814] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  364.849905][ T4814] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.80
[  364.859866][ T4814] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  364.893863][ T4814] usb 2-1: config 0 descriptor??
[  366.104303][ T6756] binder: 6753:6756 ioctl 4018620d 0 returned -22
[  366.170466][ T6757] binder: 6753:6757 ioctl c0306201 0 returned -14
[  366.233163][ T4814] cp2112 0003:10C4:EA90.0001: unknown main item tag 0x0
[  366.913076][ T4814] cp2112 0003:10C4:EA90.0001: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.1-1/input0
[  366.926644][ T6740] device syzkaller0 entered promiscuous mode
[  366.989824][ T4814] cp2112 0003:10C4:EA90.0001: error requesting version
[  367.035672][ T4814] cp2112: probe of 0003:10C4:EA90.0001 failed with error -71
[  367.051338][ T4814] usb 2-1: USB disconnect, device number 13
[  367.084662][ T6760] loop0: detected capacity change from 0 to 64
[  367.093348][ T6760] hfs: unable to parse mount options
[  367.138674][ T4262] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  367.331885][ T6765] loop4: detected capacity change from 0 to 128
[  367.496572][ T6762] fido_id[6762]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  368.576109][ T6779] loop1: detected capacity change from 0 to 1024
[  368.612030][ T6765] EXT4-fs (loop4): Test dummy encryption mode enabled
[  368.621326][ T6779] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  368.638855][ T6765] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  368.665673][ T6786] loop0: detected capacity change from 0 to 512
[  368.672607][ T6765] ext4 filesystem being mounted at /138/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  368.736720][ T6779] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  368.759600][ T6790] loop2: detected capacity change from 0 to 4096
[  368.823352][ T6786] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  368.902111][ T6790] ntfs3: loop2: Mark volume as dirty due to NTFS errors
[  368.947104][ T6790] ntfs3: loop2: Failed to load $Extend.
[  369.109513][   T26] audit: type=1800 audit(1775101227.673:17): pid=6790 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.703" name="file1" dev="loop2" ino=30 res=0 errno=0
[  369.130176][    C1] vkms_vblank_simulate: vblank timer overrun
[  370.527366][ T6800] netlink: 10 bytes leftover after parsing attributes in process `syz.3.704'.
[  370.529535][ T6786] EXT4-fs (loop0): shut down requested (2)
[  370.868625][ T6811] binder: 6806:6811 ioctl 4018620d 0 returned -22
[  370.919266][ T4268] EXT4-fs (loop0): unmounting filesystem.
[  370.936046][ T6812] binder: 6806:6812 ioctl c0306201 0 returned -14
[  371.688640][ T6816] loop0: detected capacity change from 0 to 64
[  371.695744][ T6816] hfs: unable to parse mount options
[  371.729165][ T4261] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  371.812707][ T4269] EXT4-fs (loop4): unmounting filesystem.
[  372.042159][ T6819] device syzkaller0 entered promiscuous mode
[  372.681805][ T6824] loop3: detected capacity change from 0 to 128
[  373.077809][ T6009] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  373.598282][ T6009] usb 4-1: Using ep0 maxpacket: 16
[  373.622494][ T6009] usb 4-1: unable to get BOS descriptor or descriptor too short
[  373.761945][ T6009] usb 4-1: config 1 has an invalid descriptor of length 99, skipping remainder of the config
[  373.823837][ T6009] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  373.941095][ T6009] usb 4-1: New USB device found, idVendor=04b4, idProduct=931c, bcdDevice= 0.40
[  373.950701][ T6009] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  373.960719][ T6009] usb 4-1: Product: syz
[  373.965564][ T6009] usb 4-1: Manufacturer: syz
[  373.980840][ T6009] usb 4-1: SerialNumber: syz
[  374.227128][ T6009] usb 4-1: unit 61 not found!
[  374.240730][ T6009] usb 4-1: unit 115 not found!
[  374.292575][ T6009] usb 4-1: USB disconnect, device number 15
[  374.389552][ T4261] udevd[4261]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  374.392259][ T6840] netlink: 4 bytes leftover after parsing attributes in process `syz.0.716'.
[  376.639710][ T4274] EXT4-fs (loop1): unmounting filesystem.
[  376.807954][ T6853] binder: 6850:6853 ioctl 4018620d 0 returned -22
[  376.872287][ T6854] binder: 6850:6854 ioctl c0306201 0 returned -14
[  377.697796][ T6840] device hsr_slave_1 left promiscuous mode
[  377.711061][ T6858] loop3: detected capacity change from 0 to 64
[  377.719218][ T6858] hfs: unable to parse mount options
[  377.764004][ T4261] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  377.979383][ T6862] loop2: detected capacity change from 0 to 32768
[  377.992747][ T6855] netlink: 76 bytes leftover after parsing attributes in process `syz.4.720'.
[  378.033132][ T6862] JBD2: Ignoring recovery information on journal
[  378.116935][ T6862] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  378.675006][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  378.687264][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  380.248287][ T4278] ocfs2: Unmounting device (7,2) on (node local)
[  380.945753][ T6882] loop0: detected capacity change from 0 to 256
[  381.861035][ T6882] FAT-fs (loop0): Directory bread(block 64) failed
[  381.887777][ T6882] FAT-fs (loop0): Directory bread(block 65) failed
[  381.894482][ T6882] FAT-fs (loop0): Directory bread(block 66) failed
[  381.995071][ T6889] loop3: detected capacity change from 0 to 1024
[  382.019628][ T6882] FAT-fs (loop0): Directory bread(block 67) failed
[  382.026817][ T6882] FAT-fs (loop0): Directory bread(block 68) failed
[  382.042822][ T6885] loop2: detected capacity change from 0 to 40427
[  382.053362][ T6885] F2FS-fs (loop2): Unrecognized mount option "age_extent_cache" or missing value
[  382.077732][ T6889] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  382.077872][ T6882] FAT-fs (loop0): Directory bread(block 69) failed
[  382.116540][ T6882] FAT-fs (loop0): Directory bread(block 70) failed
[  382.147775][ T6882] FAT-fs (loop0): Directory bread(block 71) failed
[  382.154632][ T6882] FAT-fs (loop0): Directory bread(block 72) failed
[  382.215487][ T6889] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  382.432039][ T6882] FAT-fs (loop0): Directory bread(block 73) failed
[  382.544764][ T6897] loop2: detected capacity change from 0 to 1024
[  382.554005][ T6897] hfsplus: unable to parse mount options
[  383.252217][   T26] audit: type=1800 audit(1775101241.813:18): pid=6882 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.729" name="file1" dev="loop0" ino=1048601 res=0 errno=0
[  383.682359][ T6907] loop4: detected capacity change from 0 to 64
[  383.692025][ T6907] hfs: unable to parse mount options
[  384.585038][ T6906] device syzkaller0 entered promiscuous mode
[  384.682012][ T6911] loop0: detected capacity change from 0 to 2048
[  385.385675][ T6911] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  386.029629][ T4268] EXT4-fs (loop0): unmounting filesystem.
[  387.732837][ T6931] loop0: detected capacity change from 0 to 16
[  387.743792][   T26] audit: type=1326 audit(1775101246.303:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6924 comm="syz.2.742" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1f30f9c819 code=0x0
[  387.789514][ T6931] MTD: Attempt to mount non-MTD device "/dev/loop0"
[  389.435606][ T6948] device syzkaller0 entered promiscuous mode
[  389.580533][ T6953] loop4: detected capacity change from 0 to 2048
[  389.702299][ T6953] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  390.308157][ T4276] EXT4-fs (loop3): unmounting filesystem.
[  390.712034][ T4269] EXT4-fs (loop4): unmounting filesystem.
[  390.873970][ T6973] loop2: detected capacity change from 0 to 16
[  391.044468][ T6973] MTD: Attempt to mount non-MTD device "/dev/loop2"
[  392.979829][ T6989] device syzkaller0 entered promiscuous mode
[  393.176431][ T6996] loop0: detected capacity change from 0 to 1024
[  393.218667][ T6996] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  393.616398][ T6996] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  396.091244][ T7024] loop1: detected capacity change from 0 to 16
[  396.149488][ T7024] MTD: Attempt to mount non-MTD device "/dev/loop1"
[  397.825858][ T7049] loop2: detected capacity change from 0 to 64
[  397.838690][ T7049] hfs: unable to parse mount options
[  398.643993][ T7045] device syzkaller0 entered promiscuous mode
[  400.057564][ T7063] loop3: detected capacity change from 0 to 2048
[  400.134374][ T7065] loop1: detected capacity change from 0 to 1024
[  400.151599][ T7063] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  400.181162][ T7065] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945)
[  400.279154][ T4268] EXT4-fs (loop0): unmounting filesystem.
[  400.299865][ T7065] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  400.350771][ T7065] EXT4-fs (loop1): orphan cleanup on readonly fs
[  400.398037][ T7065] EXT4-fs error (device loop1): ext4_read_inode_bitmap:168: comm syz.1.790: Inode bitmap for bg 0 marked uninitialized
[  400.550783][ T7073] binder: 7071:7073 ioctl 4018620d 0 returned -22
[  400.615890][ T7074] binder: 7071:7074 ioctl c0306201 0 returned -14
[  400.625470][ T7074] netlink: 128 bytes leftover after parsing attributes in process `syz.0.791'.
[  401.288442][ T7065] EXT4-fs (loop1): Remounting filesystem read-only
[  401.316681][ T7065] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  401.333818][ T7075] xt_CT: You must specify a L4 protocol and not use inversions on it
[  402.335863][ T4274] EXT4-fs (loop1): unmounting filesystem.
[  402.586560][ T4276] EXT4-fs (loop3): unmounting filesystem.
[  402.799483][ T7081] device syzkaller0 entered promiscuous mode
[  403.078488][ T7091] loop0: detected capacity change from 0 to 64
[  403.093756][ T7091] hfs: unable to parse mount options
[  404.379917][ T7100] device syzkaller0 entered promiscuous mode
[  405.205438][ T7105] loop3: detected capacity change from 0 to 1024
[  405.333164][ T7105] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  405.546721][ T7105] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  407.930220][ T4276] EXT4-fs (loop3): unmounting filesystem.
[  408.165043][ T7136] loop1: detected capacity change from 0 to 64
[  408.176193][ T7136] hfs: unable to parse mount options
[  410.945192][ T7143] device syzkaller0 entered promiscuous mode
[  412.225765][ T7161] loop1: detected capacity change from 0 to 1024
[  412.273642][ T7161] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945)
[  412.274259][ T7163] device syzkaller0 entered promiscuous mode
[  412.303381][ T7161] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  412.313731][ T7161] EXT4-fs (loop1): orphan cleanup on readonly fs
[  412.337760][ T7161] EXT4-fs error (device loop1): ext4_read_inode_bitmap:168: comm syz.1.814: Inode bitmap for bg 0 marked uninitialized
[  412.380360][ T7161] EXT4-fs (loop1): Remounting filesystem read-only
[  412.405563][ T7161] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  412.595340][ T3600] usb 5-1: new full-speed USB device number 9 using dummy_hcd
[  413.218677][ T4274] EXT4-fs (loop1): unmounting filesystem.
[  413.350597][ T3600] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  413.350686][ T7174] loop2: detected capacity change from 0 to 1024
[  413.381943][ T3600] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  413.400606][ T3600] usb 5-1: Product: syz
[  413.404829][ T3600] usb 5-1: Manufacturer: syz
[  413.417335][ T7177] loop0: detected capacity change from 0 to 2048
[  413.427685][ T3600] usb 5-1: SerialNumber: syz
[  413.438509][ T3600] usb 5-1: config 0 descriptor??
[  413.465230][ T7174] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  413.559977][ T7177] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  413.630964][ T7174] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  414.672394][ T3600] dvb_usb_rtl28xxu 5-1:0.0: chip type detection failed -110
[  415.527469][ T7181] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1126: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters
[  415.907786][ T7187] siw: device registration error -23
[  416.564983][ T7190] loop1: detected capacity change from 0 to 64
[  416.576791][ T7190] hfs: unable to parse mount options
[  416.753402][ T3600] dvb_usb_rtl28xxu: probe of 5-1:0.0 failed with error -110
[  418.765009][ T4320] usb 5-1: USB disconnect, device number 9
[  418.776509][ T4268] EXT4-fs (loop0): unmounting filesystem.
[  418.881311][ T4278] EXT4-fs (loop2): unmounting filesystem.
[  418.899232][ T7194] binder: 7193:7194 ioctl c0306201 0 returned -14
[  420.762604][ T7210] device syzkaller0 entered promiscuous mode
[  420.774637][ T7216] loop1: detected capacity change from 0 to 1024
[  420.784239][ T7214] device syzkaller0 entered promiscuous mode
[  420.809754][ T7216] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945)
[  420.901615][ T7216] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  420.951428][ T7216] EXT4-fs (loop1): orphan cleanup on readonly fs
[  420.977463][ T7216] EXT4-fs error (device loop1): ext4_read_inode_bitmap:168: comm syz.1.832: Inode bitmap for bg 0 marked uninitialized
[  421.044563][ T7216] EXT4-fs (loop1): Remounting filesystem read-only
[  421.058159][ T7216] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  421.719286][ T4274] EXT4-fs (loop1): unmounting filesystem.
[  421.847023][ T7228] siw: device registration error -23
[  423.904220][ T7235] loop1: detected capacity change from 0 to 64
[  423.988818][ T7236] loop0: detected capacity change from 0 to 1024
[  424.036952][ T7236] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  424.076030][ T7237] loop4: detected capacity change from 0 to 2048
[  424.124607][ T7236] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  424.180710][ T7237] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  425.232638][ T4269] EXT4-fs (loop4): unmounting filesystem.
[  425.260860][ T4268] EXT4-fs (loop0): unmounting filesystem.
[  425.581051][ T7256] device syzkaller0 entered promiscuous mode
[  426.732165][ T7267] loop2: detected capacity change from 0 to 1024
[  426.766741][ T7268] loop4: detected capacity change from 0 to 2048
[  426.787310][ T7267] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945)
[  426.821088][ T7268] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  426.825141][ T7270] ==================================================================
[  426.838204][ T7270] BUG: KASAN: use-after-free in ieee80211_monitor_select_queue+0x23a/0x240
[  426.846844][ T7270] Read of size 2 at addr ffff8880576aa5fb by task syz.3.847/7270
[  426.854600][ T7270] 
[  426.856949][ T7270] CPU: 1 PID: 7270 Comm: syz.3.847 Not tainted syzkaller #0
[  426.864267][ T7270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  426.874343][ T7270] Call Trace:
[  426.877793][ T7270]  <TASK>
[  426.880747][ T7270]  dump_stack_lvl+0x188/0x24e
[  426.885446][ T7270]  ? __lock_acquire+0x7d10/0x7d10
[  426.890488][ T7270]  ? show_regs_print_info+0x12/0x12
[  426.895876][ T7270]  ? load_image+0x400/0x400
[  426.900566][ T7270]  ? _raw_spin_lock_irqsave+0xbc/0x100
[  426.906118][ T7270]  ? __virt_addr_valid+0x188/0x540
[  426.911244][ T7270]  ? __virt_addr_valid+0x465/0x540
[  426.916373][ T7270]  ? ieee80211_monitor_select_queue+0x23a/0x240
[  426.922624][ T7270]  print_report+0xa8/0x210
[  426.927054][ T7270]  kasan_report+0x10b/0x140
[  426.931573][ T7270]  ? ieee80211_monitor_select_queue+0x23a/0x240
[  426.937824][ T7270]  ieee80211_monitor_select_queue+0x23a/0x240
[  426.943991][ T7270]  ? ieee80211_activate_links_work+0x60/0x60
[  426.949975][ T7270]  netdev_core_pick_tx+0x118/0x340
[  426.955181][ T7270]  __dev_queue_xmit+0xb19/0x37c0
[  426.960214][ T7270]  ? __dev_queue_xmit+0x26b/0x37c0
[  426.965337][ T7270]  ? netdev_core_pick_tx+0x340/0x340
[  426.970632][ T7270]  ? virtio_net_hdr_to_skb+0xac2/0x1290
[  426.976199][ T7270]  ? packet_extra_vlan_len_allowed+0x200/0x200
[  426.982364][ T7270]  ? skb_copy_datagram_from_iter+0x5e0/0x690
[  426.988355][ T7270]  packet_sendmsg+0x3bc3/0x4e60
[  426.993306][ T7270]  ? __schedule+0x119d/0x40e0
[  426.997992][ T7270]  ? __might_sleep+0xd0/0xd0
[  427.002585][ T7270]  ? verify_lock_unused+0x140/0x140
[  427.007799][ T7270]  ? aa_sk_perm+0x81f/0x950
[  427.012312][ T7270]  ? packet_getsockopt+0x9a0/0x9a0
[  427.017458][ T7270]  ? aa_sock_msg_perm+0x94/0x150
[  427.022489][ T7270]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  427.027786][ T7270]  ? security_socket_sendmsg+0x7c/0xa0
[  427.033340][ T7270]  ? packet_getsockopt+0x9a0/0x9a0
[  427.038458][ T7270]  ____sys_sendmsg+0x5be/0x970
[  427.043237][ T7270]  ? __sys_sendmsg_sock+0x30/0x30
[  427.048269][ T7270]  ? __import_iovec+0x315/0x500
[  427.053126][ T7270]  ? import_iovec+0x6f/0xa0
[  427.057633][ T7270]  ___sys_sendmsg+0x2a2/0x360
[  427.062328][ T7270]  ? try_to_wake_up+0x6ae/0x1080
[  427.067278][ T7270]  ? __sys_sendmsg+0x290/0x290
[  427.072070][ T7270]  __se_sys_sendmsg+0x1bb/0x2a0
[  427.076933][ T7270]  ? __x64_sys_sendmsg+0x80/0x80
[  427.081889][ T7270]  ? lockdep_hardirqs_on+0x94/0x140
[  427.087092][ T7270]  do_syscall_64+0x4c/0xa0
[  427.091526][ T7270]  ? clear_bhb_loop+0x60/0xb0
[  427.096262][ T7270]  ? clear_bhb_loop+0x60/0xb0
[  427.100949][ T7270]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  427.106851][ T7270] RIP: 0033:0x7f78d699c819
[  427.111278][ T7270] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  427.130912][ T7270] RSP: 002b:00007f78d784f028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  427.139339][ T7270] RAX: ffffffffffffffda RBX: 00007f78d6c15fa0 RCX: 00007f78d699c819
[  427.147313][ T7270] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  427.155293][ T7270] RBP: 00007f78d6a32c91 R08: 0000000000000000 R09: 0000000000000000
[  427.163279][ T7270] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  427.171253][ T7270] R13: 00007f78d6c16038 R14: 00007f78d6c15fa0 R15: 00007ffea6962228
[  427.179234][ T7270]  </TASK>
[  427.182256][ T7270] 
[  427.184581][ T7270] Allocated by task 7102:
[  427.188912][ T7270]  kasan_set_track+0x4b/0x70
[  427.193515][ T7270]  __kasan_kmalloc+0x8e/0xa0
[  427.198115][ T7270]  __kmalloc_node_track_caller+0xae/0x230
[  427.203847][ T7270]  __alloc_skb+0x22a/0x7e0
[  427.208273][ T7270]  skb_copy+0x139/0x790
[  427.212438][ T7270]  mac80211_hwsim_tx_frame_no_nl+0xcef/0x12c0
[  427.218505][ T7270]  mac80211_hwsim_tx_frame+0x1b5/0x200
[  427.223964][ T7270]  mac80211_hwsim_beacon_tx+0x61e/0xae0
[  427.229514][ T7270]  __iterate_interfaces+0x243/0x500
[  427.234720][ T7270]  ieee80211_iterate_active_interfaces_atomic+0xd7/0x170
[  427.241759][ T7270]  mac80211_hwsim_beacon+0xb7/0x1b0
[  427.246967][ T7270]  __hrtimer_run_queues+0x54a/0xd50
[  427.252170][ T7270]  hrtimer_run_softirq+0x183/0x2a0
[  427.257299][ T7270]  handle_softirqs+0x2a1/0x930
[  427.262075][ T7270]  __irq_exit_rcu+0x13b/0x230
[  427.266774][ T7270]  irq_exit_rcu+0x5/0x20
[  427.271017][ T7270]  sysvec_apic_timer_interrupt+0xa0/0xc0
[  427.276742][ T7270]  asm_sysvec_apic_timer_interrupt+0x16/0x20
[  427.282925][ T7270] 
[  427.285268][ T7270] Freed by task 4398:
[  427.289253][ T7270]  kasan_set_track+0x4b/0x70
[  427.293860][ T7270]  kasan_save_free_info+0x2d/0x50
[  427.298901][ T7270]  ____kasan_slab_free+0x126/0x1e0
[  427.304025][ T7270]  slab_free_freelist_hook+0x131/0x1a0
[  427.309584][ T7270]  __kmem_cache_free+0xb6/0x1f0
[  427.314440][ T7270]  skb_release_data+0x5db/0x7c0
[  427.319385][ T7270]  kfree_skb_reason+0x163/0x370
[  427.324274][ T7270]  ieee80211_iface_work+0x7b3/0xc80
[  427.329495][ T7270]  cfg80211_wiphy_work+0x221/0x260
[  427.334632][ T7270]  process_one_work+0x8a2/0x1160
[  427.339581][ T7270]  worker_thread+0xaa2/0x1270
[  427.344367][ T7270]  kthread+0x29d/0x330
[  427.348438][ T7270]  ret_from_fork+0x1f/0x30
[  427.352861][ T7270] 
[  427.355190][ T7270] The buggy address belongs to the object at ffff8880576aa400
[  427.355190][ T7270]  which belongs to the cache kmalloc-512 of size 512
[  427.369330][ T7270] The buggy address is located 507 bytes inside of
[  427.369330][ T7270]  512-byte region [ffff8880576aa400, ffff8880576aa600)
[  427.382800][ T7270] 
[  427.385138][ T7270] The buggy address belongs to the physical page:
[  427.391558][ T7270] page:ffffea00015daa00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x576a8
[  427.401723][ T7270] head:ffffea00015daa00 order:2 compound_mapcount:0 compound_pincount:0
[  427.410054][ T7270] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  427.418047][ T7270] raw: 00fff00000010200 0000000000000000 dead000000000001 ffff888017441c80
[  427.426677][ T7270] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[  427.435260][ T7270] page dumped because: kasan: bad access detected
[  427.441675][ T7270] page_owner tracks the page as allocated
[  427.447388][ T7270] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4269, tgid 4269 (syz-executor), ts 79555307233, free_ts 23726744177
[  427.468757][ T7270]  post_alloc_hook+0x173/0x1a0
[  427.473539][ T7270]  get_page_from_freelist+0x1a1e/0x1ab0
[  427.479093][ T7270]  __alloc_pages+0x1ec/0x4f0
[  427.483693][ T7270]  alloc_slab_page+0x5d/0x160
[  427.488372][ T7270]  new_slab+0x87/0x2c0
[  427.492444][ T7270]  ___slab_alloc+0xbc6/0x1240
[  427.497821][ T7270]  __kmem_cache_alloc_node+0x1a0/0x260
[  427.503291][ T7270]  kmalloc_trace+0x26/0xe0
[  427.507729][ T7270]  __ipv6_dev_mc_inc+0x3fa/0xa90
[  427.512669][ T7270]  ipv6_add_dev+0xcf0/0x1120
[  427.517266][ T7270]  addrconf_notify+0x634/0xf40
[  427.522036][ T7270]  raw_notifier_call_chain+0xcb/0x160
[  427.527416][ T7270]  register_netdevice+0x163f/0x1b00
[  427.532623][ T7270]  veth_newlink+0x60f/0xc80
[  427.537133][ T7270]  rtnl_newlink+0x1542/0x2080
[  427.541820][ T7270]  rtnetlink_rcv_msg+0x87c/0xfc0
[  427.546781][ T7270] page last free stack trace:
[  427.551454][ T7270]  free_unref_page_prepare+0x8b4/0x9a0
[  427.556919][ T7270]  free_unref_page+0x2e/0x3f0
[  427.561610][ T7270]  free_contig_range+0x9d/0x150
[  427.566465][ T7270]  destroy_args+0xf0/0xa0a
[  427.570888][ T7270]  debug_vm_pgtable+0x33c/0x38e
[  427.575776][ T7270]  do_one_initcall+0x26a/0x840
[  427.580576][ T7270]  do_initcall_level+0x137/0x1e4
[  427.585522][ T7270]  do_initcalls+0x4b/0x8a
[  427.589958][ T7270]  kernel_init_freeable+0x415/0x5be
[  427.595162][ T7270]  kernel_init+0x19/0x1b0
[  427.599497][ T7270]  ret_from_fork+0x1f/0x30
[  427.603921][ T7270] 
[  427.606249][ T7270] Memory state around the buggy address:
[  427.611881][ T7270]  ffff8880576aa480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  427.619973][ T7270]  ffff8880576aa500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  427.628227][ T7270] >ffff8880576aa580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  427.636317][ T7270]                                                                 ^
[  427.644317][ T7270]  ffff8880576aa600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  427.652385][ T7270]  ffff8880576aa680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  427.660444][ T7270] ==================================================================
[  427.668638][ T7270] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  427.675866][ T7270] CPU: 1 PID: 7270 Comm: syz.3.847 Not tainted syzkaller #0
[  427.683172][ T7270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  427.693311][ T7270] Call Trace:
[  427.696610][ T7270]  <TASK>
[  427.699725][ T7270]  dump_stack_lvl+0x188/0x24e
[  427.704422][ T7270]  ? memcpy+0x3c/0x60
[  427.708419][ T7270]  ? show_regs_print_info+0x12/0x12
[  427.713622][ T7270]  ? load_image+0x400/0x400
[  427.718135][ T7270]  panic+0x2e5/0x730
[  427.722030][ T7270]  ? asm_common_interrupt+0x22/0x40
[  427.727225][ T7270]  ? bpf_jit_dump+0xd0/0xd0
[  427.731728][ T7270]  ? _raw_spin_unlock_irqrestore+0xbc/0x120
[  427.737631][ T7270]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[  427.743532][ T7270]  ? _raw_spin_unlock+0x40/0x40
[  427.748385][ T7270]  check_panic_on_warn+0x80/0xa0
[  427.753319][ T7270]  ? ieee80211_monitor_select_queue+0x23a/0x240
[  427.759570][ T7270]  end_report+0x66/0x110
[  427.763839][ T7270]  kasan_report+0x118/0x140
[  427.768337][ T7270]  ? ieee80211_monitor_select_queue+0x23a/0x240
[  427.774570][ T7270]  ieee80211_monitor_select_queue+0x23a/0x240
[  427.780633][ T7270]  ? ieee80211_activate_links_work+0x60/0x60
[  427.786611][ T7270]  netdev_core_pick_tx+0x118/0x340
[  427.791717][ T7270]  __dev_queue_xmit+0xb19/0x37c0
[  427.796646][ T7270]  ? __dev_queue_xmit+0x26b/0x37c0
[  427.801855][ T7270]  ? netdev_core_pick_tx+0x340/0x340
[  427.807134][ T7270]  ? virtio_net_hdr_to_skb+0xac2/0x1290
[  427.812928][ T7270]  ? packet_extra_vlan_len_allowed+0x200/0x200
[  427.819283][ T7270]  ? skb_copy_datagram_from_iter+0x5e0/0x690
[  427.825280][ T7270]  packet_sendmsg+0x3bc3/0x4e60
[  427.830137][ T7270]  ? __schedule+0x119d/0x40e0
[  427.834822][ T7270]  ? __might_sleep+0xd0/0xd0
[  427.839406][ T7270]  ? verify_lock_unused+0x140/0x140
[  427.844708][ T7270]  ? aa_sk_perm+0x81f/0x950
[  427.849236][ T7270]  ? packet_getsockopt+0x9a0/0x9a0
[  427.854441][ T7270]  ? aa_sock_msg_perm+0x94/0x150
[  427.859377][ T7270]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  427.864675][ T7270]  ? security_socket_sendmsg+0x7c/0xa0
[  427.870230][ T7270]  ? packet_getsockopt+0x9a0/0x9a0
[  427.875336][ T7270]  ____sys_sendmsg+0x5be/0x970
[  427.880116][ T7270]  ? __sys_sendmsg_sock+0x30/0x30
[  427.885156][ T7270]  ? __import_iovec+0x315/0x500
[  427.890017][ T7270]  ? import_iovec+0x6f/0xa0
[  427.894613][ T7270]  ___sys_sendmsg+0x2a2/0x360
[  427.899295][ T7270]  ? try_to_wake_up+0x6ae/0x1080
[  427.904250][ T7270]  ? __sys_sendmsg+0x290/0x290
[  427.909050][ T7270]  __se_sys_sendmsg+0x1bb/0x2a0
[  427.913909][ T7270]  ? __x64_sys_sendmsg+0x80/0x80
[  427.918933][ T7270]  ? lockdep_hardirqs_on+0x94/0x140
[  427.924127][ T7270]  do_syscall_64+0x4c/0xa0
[  427.928542][ T7270]  ? clear_bhb_loop+0x60/0xb0
[  427.933228][ T7270]  ? clear_bhb_loop+0x60/0xb0
[  427.937926][ T7270]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  427.943832][ T7270] RIP: 0033:0x7f78d699c819
[  427.948251][ T7270] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  427.967863][ T7270] RSP: 002b:00007f78d784f028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  427.976295][ T7270] RAX: ffffffffffffffda RBX: 00007f78d6c15fa0 RCX: 00007f78d699c819
[  427.984282][ T7270] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  427.992270][ T7270] RBP: 00007f78d6a32c91 R08: 0000000000000000 R09: 0000000000000000
[  428.000250][ T7270] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  428.008235][ T7270] R13: 00007f78d6c16038 R14: 00007f78d6c15fa0 R15: 00007ffea6962228
[  428.016223][ T7270]  </TASK>
[  428.019612][ T7270] Kernel Offset: disabled
[  428.023943][ T7270] Rebooting in 86400 seconds..