last executing test programs:

5m26.466617878s ago: executing program 2 (id=834):
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x10)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001040)={0x0}, 0x1, 0x0, 0x0, 0x801}, 0x4)
tkill(0x0, 0x7)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000240)='./file3\x00', 0x4002, &(0x7f0000000200)={[{@errors_remount}, {@bh}, {@grpquota}, {@stripe={'stripe', 0x3d, 0x1}}]}, 0x1, 0xbdd, &(0x7f0000019200)="$eJzs3M1rXNcVAPDznkZj2VY9ciml7qYqpdhQOpZcZGpTqF1cuumi0G4LFvLICI0/kBQcyVqMkn8gJFkHsgkkMQlZxGTpTUKyzSaxtwlZBExQrARCSBTefEhja0aS4xk/Yf9+cDX3vjsz55x5jN69MDMBPLVGsz9pxJGIOJ9ElJrH04go1ntDEbXG/dZWl6e+XV2eSmJ9/b9fJZFExL3V5anWcyXN24PNwVBEfPyPJH75/Na484tLs5PVamWuOT6+cOnq8fnFpT/PXJq8WLlYuTx+8q8TJyZOjp2a6Fmt33125uY3v//XF7Xv3/jhxtcvvZbEmRhuzrXX0SujMbrxmrQrRMRkr4PlZKBZT3udSWGHB6V9TgoAgK7StjXcr6MUA7G5eCvF+5/kmhwAAADQE+sDEesAAADAEy6x/wcAAIAnXOtzAPdWl6daLd9PJDxed89GxEij/rVma8wUola/HYrBiDhwL4n2r7UmjYc9stGI+PzOqbezFn36HvJ2aisR8ZtO5z+p1z9S/xb31vrTiBjrQfzRB8Y71D/Qg5D3eZT6z/Qg/kPWDwA9cets40K29fqXbqx/osP1r9Dh2vVzdLj+9fwav53W+m9ty/pvs/6BtvqLzcdl67//7DLG9ddfudZtLqv/bzf/+VarZfGz28bse4Ndn3THH1nZnbsrEb8tdKo/2ag/6bL+Pb/LGKUfr1W6zW1ff/+tvxpxNDrX35Js//tEx6dnqpWxxt+OMVY+mnizW/y868/O/4Eu9bd+/6nb+b+6yxj/P3funS0H72x2t68//bKY/K/ea733np1cWJgbjygm/956/MT2ubTu03qOrP5jf9j+/d+p/ux/Qq35OmR7gZXmbTZ+7oGYf79x/d1u+bT2f3me/wtdzn97/R8Wtp7/F3YZ448fvHis21z7/jdrWfzWXhgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWtKIGI4kLW/007RcjjgYEb+KA2n1yvzCn6avPHP5QjYXMRKD6fRMtTIWEaXGOMnG4/X+5vjEA+O/RMThiHi5tL8+Lk9dqV7Iu3gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2HIyI4UjSckSkEbFWStNyOe+sAAAAgJ47lHcCAAAAQN+N5J0AAAAA0Hf2/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPTZ4d/dup1ERO30/nrLFJtzg7lmBvRbmncCQG4G8k4AyE0h7wSA3DzkHt9yAZ5AyQ7zQ11n9vU8FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD2rqNHbt1OIqJ2en+9ZYrNucFcMwP6Lc07ASA3A90mhiKi8HhzAR4vb3F4etnjA8kO80Ob96ndP7OvbzkBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsPcM11uSliOi2DxWLkf8IiJGYjCZnqlWxiLiUER8Whrcl43Hc84ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA3ptfXJqdrFYrc1knjWZn44jOZidpvGK1vZKPziN2irEn0tijnbz/MwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkIf5xaXZyWq1MjefdyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA3uYXl2Ynq9XKXB87edcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB+fgoAAP//LdIK5Q==")
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000580)={{r3, <r4=>0xffffffffffffffff}, &(0x7f00000003c0), &(0x7f0000000200)='%+9llu \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r4, <r5=>0xffffffffffffffff}, 0x4)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000010000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb702000008000000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r6}, 0xc)
renameat2(0xffffffffffffffff, &(0x7f0000000180)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x4)

5m20.213978511s ago: executing program 2 (id=841):
socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000b80)=@security={'security\x00', 0x64, 0x4, 0x2c8, 0x100000c, 0x0, 0xe0, 0x178, 0xffffffff, 0xffffffff, 0x230, 0x230, 0x230, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0x98, 0xe0, 0x0, {0x0, 0x1000000000000}, [@common=@inet=@dscp={{0x28}, {0x10, 0x1}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x6, 'syz1\x00', {0x2}}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x42}}}, {{@ip={@multicast2, @private=0xa010101, 0xff000000, 0xff, 'veth0_macvtap\x00', 'vcan0\x00', {0xff}, {0xff}, 0x21}, 0x0, 0x90, 0xb8, 0x0, {}, [@common=@socket0={{0x20}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0xffffffffffffffff, 0x2, 0x7}, {0x2, 0x0, 0x1}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x328)
r4 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r4, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x1}}, 0x10)
r5 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r5, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10)
bind$tipc(r5, 0x0, 0x0)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000100)={0x42, 0x4}, 0x10)
sendmsg$tipc(r5, &(0x7f0000000380)={&(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42, 0x2000006}}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x20000000}, 0x0)

5m17.261172159s ago: executing program 2 (id=850):
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
socket$packet(0x11, 0x3, 0x300)
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x301880, 0x20d)
write$tun(r3, &(0x7f0000000000)={@val={0x0, 0x886c}, @void, @eth={@random="000000f400", @dev={'\xaa\xaa\xaa\xaa\xaa', 0x18}, @val={@void, {0x8100, 0x0, 0x1, 0x2}}, {@llc_tr={0x11, {@llc={0xaa, 0xe, "d8"}}}}}}, 0x19)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1, 0x0, 0x38}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x80)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'veth1_to_bridge\x00'})
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="5c0000002000010000000000000000000220000400000000000000000500150002000000080009000000000008000b00"], 0x5c}}, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[], 0x5c}}, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r7, 0x0, 0x0)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r6)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r8, @ANYBLOB="796100000000000000007e00000008000300da041347", @ANYRES32=0x0], 0x1c}}, 0x4000054)

5m15.057315669s ago: executing program 2 (id=854):
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
socket$packet(0x11, 0x3, 0x300)
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x301880, 0x20d)
write$tun(r3, &(0x7f0000000000)={@val={0x0, 0x886c}, @void, @eth={@random="000000f400", @dev={'\xaa\xaa\xaa\xaa\xaa', 0x18}, @val={@void, {0x8100, 0x0, 0x1, 0x2}}, {@llc_tr={0x11, {@llc={0xaa, 0xe, "d8"}}}}}}, 0x19)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1, 0x0, 0x38}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x80)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'veth1_to_bridge\x00'})
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="5c0000002000010000000000000000000220000400000000000000000500150002000000080009000000000008000b0005000000080017004e214e22080001"], 0x5c}}, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[], 0x5c}}, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r6)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="796100000000000000007e00000008000300da041347", @ANYRES32=0x0], 0x1c}}, 0x4000054)

5m11.265987376s ago: executing program 2 (id=861):
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
socket$packet(0x11, 0x3, 0x300)
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x301880, 0x20d)
write$tun(r3, &(0x7f0000000000)={@val={0x0, 0x886c}, @void, @eth={@random="000000f400", @dev={'\xaa\xaa\xaa\xaa\xaa', 0x18}, @val={@void, {0x8100, 0x0, 0x1, 0x2}}, {@llc_tr={0x11, {@llc={0xaa, 0xe, "d8"}}}}}}, 0x19)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1, 0x0, 0x38}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x80)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'veth1_to_bridge\x00'})
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="5c0000002000010000000000000000000220000400000000000000000500150002000000080009000000000008000b0005000000080017004e214e22080001"], 0x5c}}, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[], 0x5c}}, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r7, 0x0, 0x0)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r6)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=ANY=[@ANYRES16=r8, @ANYBLOB="796100000000000000007e00000008000300da041347", @ANYRES32=0x0], 0x1c}}, 0x4000054)

5m6.3050237s ago: executing program 2 (id=867):
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x10)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001040)={0x0}, 0x1, 0x0, 0x0, 0x801}, 0x4)
tkill(0x0, 0x7)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000240)='./file3\x00', 0x4002, &(0x7f0000000200)={[{@errors_remount}, {@bh}, {@grpquota}, {@stripe={'stripe', 0x3d, 0x1}}]}, 0x1, 0xbdd, &(0x7f0000019200)="$eJzs3M1rXNcVAPDznkZj2VY9ciml7qYqpdhQOpZcZGpTqF1cuumi0G4LFvLICI0/kBQcyVqMkn8gJFkHsgkkMQlZxGTpTUKyzSaxtwlZBExQrARCSBTefEhja0aS4xk/Yf9+cDX3vjsz55x5jN69MDMBPLVGsz9pxJGIOJ9ElJrH04go1ntDEbXG/dZWl6e+XV2eSmJ9/b9fJZFExL3V5anWcyXN24PNwVBEfPyPJH75/Na484tLs5PVamWuOT6+cOnq8fnFpT/PXJq8WLlYuTx+8q8TJyZOjp2a6Fmt33125uY3v//XF7Xv3/jhxtcvvZbEmRhuzrXX0SujMbrxmrQrRMRkr4PlZKBZT3udSWGHB6V9TgoAgK7StjXcr6MUA7G5eCvF+5/kmhwAAADQE+sDEesAAADAEy6x/wcAAIAnXOtzAPdWl6daLd9PJDxed89GxEij/rVma8wUola/HYrBiDhwL4n2r7UmjYc9stGI+PzOqbezFn36HvJ2aisR8ZtO5z+p1z9S/xb31vrTiBjrQfzRB8Y71D/Qg5D3eZT6z/Qg/kPWDwA9cets40K29fqXbqx/osP1r9Dh2vVzdLj+9fwav53W+m9ty/pvs/6BtvqLzcdl67//7DLG9ddfudZtLqv/bzf/+VarZfGz28bse4Ndn3THH1nZnbsrEb8tdKo/2ag/6bL+Pb/LGKUfr1W6zW1ff/+tvxpxNDrX35Js//tEx6dnqpWxxt+OMVY+mnizW/y868/O/4Eu9bd+/6nb+b+6yxj/P3funS0H72x2t68//bKY/K/ea733np1cWJgbjygm/956/MT2ubTu03qOrP5jf9j+/d+p/ux/Qq35OmR7gZXmbTZ+7oGYf79x/d1u+bT2f3me/wtdzn97/R8Wtp7/F3YZ448fvHis21z7/jdrWfzWXhgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWtKIGI4kLW/007RcjjgYEb+KA2n1yvzCn6avPHP5QjYXMRKD6fRMtTIWEaXGOMnG4/X+5vjEA+O/RMThiHi5tL8+Lk9dqV7Iu3gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2HIyI4UjSckSkEbFWStNyOe+sAAAAgJ47lHcCAAAAQN+N5J0AAAAA0Hf2/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPTZ4d/dup1ERO30/nrLFJtzg7lmBvRbmncCQG4G8k4AyE0h7wSA3DzkHt9yAZ5AyQ7zQ11n9vU8FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD2rqNHbt1OIqJ2en+9ZYrNucFcMwP6Lc07ASA3A90mhiKi8HhzAR4vb3F4etnjA8kO80Ob96ndP7OvbzkBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsPcM11uSliOi2DxWLkf8IiJGYjCZnqlWxiLiUER8Whrcl43Hc84ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA3ptfXJqdrFYrc1knjWZn44jOZidpvGK1vZKPziN2irEn0tijnbz/MwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkIf5xaXZyWq1MjefdyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA3uYXl2Ynq9XKXB87edcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB+fgoAAP//LdIK5Q==")
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000580)={{r2, <r3=>0xffffffffffffffff}, &(0x7f00000003c0), &(0x7f0000000200)='%+9llu \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r3, <r4=>0xffffffffffffffff}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000010000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

4m50.13653274s ago: executing program 32 (id=867):
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x10)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001040)={0x0}, 0x1, 0x0, 0x0, 0x801}, 0x4)
tkill(0x0, 0x7)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000240)='./file3\x00', 0x4002, &(0x7f0000000200)={[{@errors_remount}, {@bh}, {@grpquota}, {@stripe={'stripe', 0x3d, 0x1}}]}, 0x1, 0xbdd, &(0x7f0000019200)="$eJzs3M1rXNcVAPDznkZj2VY9ciml7qYqpdhQOpZcZGpTqF1cuumi0G4LFvLICI0/kBQcyVqMkn8gJFkHsgkkMQlZxGTpTUKyzSaxtwlZBExQrARCSBTefEhja0aS4xk/Yf9+cDX3vjsz55x5jN69MDMBPLVGsz9pxJGIOJ9ElJrH04go1ntDEbXG/dZWl6e+XV2eSmJ9/b9fJZFExL3V5anWcyXN24PNwVBEfPyPJH75/Na484tLs5PVamWuOT6+cOnq8fnFpT/PXJq8WLlYuTx+8q8TJyZOjp2a6Fmt33125uY3v//XF7Xv3/jhxtcvvZbEmRhuzrXX0SujMbrxmrQrRMRkr4PlZKBZT3udSWGHB6V9TgoAgK7StjXcr6MUA7G5eCvF+5/kmhwAAADQE+sDEesAAADAEy6x/wcAAIAnXOtzAPdWl6daLd9PJDxed89GxEij/rVma8wUola/HYrBiDhwL4n2r7UmjYc9stGI+PzOqbezFn36HvJ2aisR8ZtO5z+p1z9S/xb31vrTiBjrQfzRB8Y71D/Qg5D3eZT6z/Qg/kPWDwA9cets40K29fqXbqx/osP1r9Dh2vVzdLj+9fwav53W+m9ty/pvs/6BtvqLzcdl67//7DLG9ddfudZtLqv/bzf/+VarZfGz28bse4Ndn3THH1nZnbsrEb8tdKo/2ag/6bL+Pb/LGKUfr1W6zW1ff/+tvxpxNDrX35Js//tEx6dnqpWxxt+OMVY+mnizW/y868/O/4Eu9bd+/6nb+b+6yxj/P3funS0H72x2t68//bKY/K/ea733np1cWJgbjygm/956/MT2ubTu03qOrP5jf9j+/d+p/ux/Qq35OmR7gZXmbTZ+7oGYf79x/d1u+bT2f3me/wtdzn97/R8Wtp7/F3YZ448fvHis21z7/jdrWfzWXhgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWtKIGI4kLW/007RcjjgYEb+KA2n1yvzCn6avPHP5QjYXMRKD6fRMtTIWEaXGOMnG4/X+5vjEA+O/RMThiHi5tL8+Lk9dqV7Iu3gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2HIyI4UjSckSkEbFWStNyOe+sAAAAgJ47lHcCAAAAQN+N5J0AAAAA0Hf2/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPTZ4d/dup1ERO30/nrLFJtzg7lmBvRbmncCQG4G8k4AyE0h7wSA3DzkHt9yAZ5AyQ7zQ11n9vU8FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD2rqNHbt1OIqJ2en+9ZYrNucFcMwP6Lc07ASA3A90mhiKi8HhzAR4vb3F4etnjA8kO80Ob96ndP7OvbzkBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsPcM11uSliOi2DxWLkf8IiJGYjCZnqlWxiLiUER8Whrcl43Hc84ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA3ptfXJqdrFYrc1knjWZn44jOZidpvGK1vZKPziN2irEn0tijnbz/MwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkIf5xaXZyWq1MjefdyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA3uYXl2Ynq9XKXB87edcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB+fgoAAP//LdIK5Q==")
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000580)={{r2, <r3=>0xffffffffffffffff}, &(0x7f00000003c0), &(0x7f0000000200)='%+9llu \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r3, <r4=>0xffffffffffffffff}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000010000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

7.313680162s ago: executing program 0 (id=1955):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000000000000000ac1e000100000000000000000000000000000000000000000a0040"], 0xb8}}, 0x0)

7.313094232s ago: executing program 0 (id=1956):
recvmmsg(0xffffffffffffffff, &(0x7f0000006800)=[{{0x0, 0x0, &(0x7f0000004dc0)=[{&(0x7f0000003ac0)=""/247, 0xf7}, {0x0}, {0x0}], 0x3}, 0x5}, {{0x0, 0x0, 0x0}, 0x6}], 0x2, 0x141, 0x0)
r0 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r0, &(0x7f00000003c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x11}, 0x2}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x0)
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYRES64=0x0, @ANYBLOB="644a0ce3a7d8a6cecbfc1f5c56d41c137c743ababa2b36ff835b00594da92f6c67dcd82c7f067560f0ae9c45a55703b2f63abe7b95fedddb78ffce323c6f2687610150e9336739"], 0x1, 0x1b4, &(0x7f00000001c0)="$eJzsmLFv2kAUxr+zwchVJbq2SysVCTrU2KatytABdezQSq1adQMVF5GYEIEHYCJ/RebMGTKjLPwfyZBkyhCyZYoUR2ef4xOCIBKCUPJ+w/Nn7vH87gEf0oEgiCfLyfHF0V42o3P9HBmkxOunapyjSPmD9OW7g/r3/W3z/HAw/FYcK6fN+/wEgGFJhSfufd/35SoZcf0FJdJJlOP1P2AwhC5DwW+hHTD8FXpN0k2ebxj/665j/Gu6VS5MHiwebB4K4/2NthiqUn9MWm93e+sV13Va9xdfeduTlmbNb1RS8EXqT/68otmY8fxgQYEldAEMP4X+rCKaTTgSaf+vEnF99WH2/0jFy/SMnCRWpdWVFXrsLMt8uvih9+d6FwMXZ/pyW12U2NWBxRSM/cnfYchK/pSQ/CPvNTbz7W7vfb1RqTk1Z8O2C5/MD6b50c4HRhTGW/xPD/zpmVQ/OSVXYxo6Fc9rWWG8ubc7KXgte5LjaoH/Kci9DbtmE/7kgq/JC/aGX3IqcOWHTG2aIAiCIAiCIAiCIAiCIAjiTrwGgx+dQPaFKEIXh6MR9o8g+zoAAP//uJxoHg==")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file2\x00', 0x80000, 0x40)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setrlimit(0xd, 0x0)
openat$selinux_load(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r1, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000004500)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000004400)={0x34, 0x1, 0x1, 0x801, 0x0, 0x0, {0x0, 0x0, 0x4}, [@CTA_TUPLE_ORIG={0x4}, @CTA_SEQ_ADJ_REPLY={0x4}, @CTA_STATUS_MASK={0x8, 0x1a, 0x1, 0x0, 0x7}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x3}, @CTA_MARK_MASK={0x8, 0x15, 0x1, 0x0, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x88000)
sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(0xffffffffffffffff, 0x0, 0x24044000)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x2016840, 0x0, 0x0, 0x0, 0x0)

6.25221746s ago: executing program 0 (id=1964):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000280)={0xa, 0x4e22, 0xd, @loopback, 0x6}, 0x1c)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000080)=0x40, 0x4)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f0000000240)={0xa, 0x4e20, 0x9, @ipv4={'\x00', '\xff\xff', @loopback}, 0x5}, 0x1c)
sendmmsg$inet6(r2, &(0x7f0000000140)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x2, @empty, 0xfffffffe}, 0x1c, 0x0}}], 0x1, 0x20080058)
openat$kvm(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e20, @broadcast}, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000001d00)=@newtaction={0x490, 0x30, 0x12f, 0x0, 0x0, {}, [{0x47c, 0x1, [@m_police={0x478, 0x1, 0x0, 0x0, {{0xb}, {0x44c, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffff, 0x0, 0x2, 0xfffffffe, 0xb84, 0x9, 0x5, 0x0, 0x200000, 0x0, 0x0, 0x4, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xcf5, 0x0, 0x0, 0xc74, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x5, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x7f, 0x0, 0x0, 0x100, 0x5, 0x0, 0x0, 0x0, 0x0, 0x6, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x100, 0x2000000, 0x7, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x800, 0xffffffff, 0x0, 0xffff18e5, 0x0, 0x0, 0xfffff002, 0x0, 0x0, 0x2000400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x3, 0x6, 0x0, 0x1, 0x0, 0x3, 0x0, 0x1, 0x0, 0xffffffff, 0x0, 0x201, 0x3, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x4000, 0x20000000, 0x0, 0x0, 0xa2b1, 0x6, 0x0, 0x0, 0xffffffff, 0xf, 0xf, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x1, 0x5, 0x1000000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5, 0x7, 0x0, 0x0, 0xfffffffc, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x4, 0xfffffffe, 0x0, 0xfffffffe, 0x0, 0x0, 0x100000, 0x0, 0x1, 0xfffffffd, 0x0, 0xdffffffc, 0x0, 0x7, 0x0, 0xfffffffc, 0x1]}, @TCA_POLICE_TBF={0x3c, 0x1, {0xdc, 0x10000016, 0x7fffffff, 0x6, 0xfffffffd, {0x6, 0x2, 0x1, 0x401, 0x1, 0x22}, {0x9a, 0x0, 0x40, 0x5, 0x400}, 0x5, 0x2, 0x81}}], [@TCA_POLICE_RESULT={0x8, 0x5, 0x2}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa, {0x1}}}}]}]}, 0x490}}, 0xc0)
sendto$inet(r3, 0x0, 0x0, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10)
connect$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x23, @loopback, 0x23}, 0x1c)
setsockopt$inet6_int(r1, 0x29, 0x42, &(0x7f0000000100)=0x80000001, 0x4)
r5 = dup(r1)
sendmmsg$inet(r5, &(0x7f000000d4c0)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000380)="be", 0x1}], 0x1}}], 0x1, 0x91)
write$binfmt_elf32(r5, &(0x7f00000004c0)=ANY=[], 0x258)
read$FUSE(r5, &(0x7f0000002a00)={0x2020}, 0x2020)
socket$inet_udp(0x2, 0x2, 0x0) (async)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4) (async)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
bind$inet6(r1, &(0x7f0000000280)={0xa, 0x4e22, 0xd, @loopback, 0x6}, 0x1c) (async)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000080)=0x40, 0x4) (async)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
bind$inet6(r2, &(0x7f0000000240)={0xa, 0x4e20, 0x9, @ipv4={'\x00', '\xff\xff', @loopback}, 0x5}, 0x1c) (async)
sendmmsg$inet6(r2, &(0x7f0000000140)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x2, @empty, 0xfffffffe}, 0x1c, 0x0}}], 0x1, 0x20080058) (async)
openat$kvm(0xffffffffffffff9c, 0x0, 0x101000, 0x0) (async)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e20, @broadcast}, 0x10) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
sendmsg$nl_route_sched(r4, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000001d00)=@newtaction={0x490, 0x30, 0x12f, 0x0, 0x0, {}, [{0x47c, 0x1, [@m_police={0x478, 0x1, 0x0, 0x0, {{0xb}, {0x44c, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffff, 0x0, 0x2, 0xfffffffe, 0xb84, 0x9, 0x5, 0x0, 0x200000, 0x0, 0x0, 0x4, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xcf5, 0x0, 0x0, 0xc74, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x5, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x7f, 0x0, 0x0, 0x100, 0x5, 0x0, 0x0, 0x0, 0x0, 0x6, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x100, 0x2000000, 0x7, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x800, 0xffffffff, 0x0, 0xffff18e5, 0x0, 0x0, 0xfffff002, 0x0, 0x0, 0x2000400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x3, 0x6, 0x0, 0x1, 0x0, 0x3, 0x0, 0x1, 0x0, 0xffffffff, 0x0, 0x201, 0x3, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x4000, 0x20000000, 0x0, 0x0, 0xa2b1, 0x6, 0x0, 0x0, 0xffffffff, 0xf, 0xf, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x1, 0x5, 0x1000000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5, 0x7, 0x0, 0x0, 0xfffffffc, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x4, 0xfffffffe, 0x0, 0xfffffffe, 0x0, 0x0, 0x100000, 0x0, 0x1, 0xfffffffd, 0x0, 0xdffffffc, 0x0, 0x7, 0x0, 0xfffffffc, 0x1]}, @TCA_POLICE_TBF={0x3c, 0x1, {0xdc, 0x10000016, 0x7fffffff, 0x6, 0xfffffffd, {0x6, 0x2, 0x1, 0x401, 0x1, 0x22}, {0x9a, 0x0, 0x40, 0x5, 0x400}, 0x5, 0x2, 0x81}}], [@TCA_POLICE_RESULT={0x8, 0x5, 0x2}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa, {0x1}}}}]}]}, 0x490}}, 0xc0) (async)
sendto$inet(r3, 0x0, 0x0, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) (async)
connect$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x23, @loopback, 0x23}, 0x1c) (async)
setsockopt$inet6_int(r1, 0x29, 0x42, &(0x7f0000000100)=0x80000001, 0x4) (async)
dup(r1) (async)
sendmmsg$inet(r5, &(0x7f000000d4c0)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000380)="be", 0x1}], 0x1}}], 0x1, 0x91) (async)
write$binfmt_elf32(r5, &(0x7f00000004c0)=ANY=[], 0x258) (async)
read$FUSE(r5, &(0x7f0000002a00)={0x2020}, 0x2020) (async)

6.114953211s ago: executing program 0 (id=1966):
socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, 0x0, 0x0, 0x40010140, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000b80)=@security={'security\x00', 0x64, 0x4, 0x2c8, 0x100000c, 0x0, 0xe0, 0x178, 0xffffffff, 0xffffffff, 0x230, 0x230, 0x230, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0x98, 0xe0, 0x0, {0x0, 0x1000000000000}, [@common=@inet=@dscp={{0x28}, {0x10, 0x1}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x6, 'syz1\x00', {0x2}}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x42}}}, {{@ip={@multicast2, @private=0xa010101, 0xff000000, 0xff, 'veth0_macvtap\x00', 'vcan0\x00', {0xff}, {0xff}, 0x21}, 0x0, 0x90, 0xb8, 0x0, {}, [@common=@socket0={{0x20}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0xffffffffffffffff, 0x2, 0x7}, {0x2, 0x0, 0x1}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x328)
r4 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r4, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x1}}, 0x10)
r5 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r5, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10)
bind$tipc(r5, 0x0, 0x0)

5.254886538s ago: executing program 0 (id=1978):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x30000c6, &(0x7f0000000080)={[{@auto_da_alloc}, {@mblk_io_submit}]}, 0x1, 0x569, &(0x7f0000000a00)="$eJzs3d1rm9UfAPDvkzZ7//3WwRgqIgUvnMyla+vLBC/mtQ4Gej9D+6yMpsto0rHWgduFu5bhnQPxXrz2UvwHvPBvGOhgyCiCeBN50idZ2iZtuqUvms8HnnK+z0vPOXlyTs7JSUgAQ2s8+1OIeDkivkoiTkZEkh8bjfzg+Np5q0/vzGRbEo3GJ38kzfOyuPW/Wtcdz4OXIuLnLyPOFTbnW1temS9XKuliHk/UF25O1JZXzl9fKM+lc+mNqenpi+9MT73/3rsDq+ubV7KCjOTRqQdJXIoTedRZjxdwtzMYj/H8MSnGpQ0nTg4gs4Mk6br3hz0vBzszkrfzYmR9wMkYyVs98N/3RUQ0gCGV7Lj9/1rcnZIAe6s1DmjN7Qc0D/7XePLh2gRoc/1H194biSPNudGx1WTdzCib744NIP8sjx9/f/gg22Jw70MAbOvuvYi4MDq6uf9L8v7v+V3o45yNeej/YO/8lI1/3uo2/im0xz/RZfxzvEvbfR7bt//C4wFk01M2/vug6/i3vWg1NpJH/2uO+YrJteuVNOvb/h8RZ6N4OIu3Ws+5uPqo0etY5/gv27L8W2PBvByPRw+vv2a2XC+/SJ07PbkX8UrX8W/Svv/J2v1ft8STPR5X+szjTPrwtV7Htq//7mp8F/FG1/v/rLrJ1uuTE83nw0TrWbHZn/fP/NIr//2uf3b/j21d/7Gkc722tvM8vj3ydxrt9eT11tU/+n/+H0o+baYP5ftul+v1xcmIQ8nH7f2F1v6pZ9e24tb5Wf3Pvr51/5d06f+ORsRnfdb//unvX+117CDc/9mu9789u91w/3eeePTR59/0yr+//u/tZupsvqef/q/fAr7IYwcAAAAAAAAHTSEiTkRSKLXThUKptPb5jtNxrFCp1urnrlWXbsxG87uyY1EstFa6T3Z8HmIyXzFsxVMb4umIOBURX48cbcalmWpldr8rDwAAAAAAAAAAAAAAAAAAAAfE8R7f/8/8NrLfpQN2nZ/8huG1bfsfxC89AQeS138YXto/DK++2n9x98sB7D2v/zC8tH8YXto/DC/tH4aX9g8AAAAAAAAAAAAAAAAAAAAAAAAAAAADdeXy5WxrrD69M5PFs7eWl+art87PprX50sLSTGmmunizNFetzlXS0kx1Ybv/V6lWb05OxdLtiXpaq0/UlleuLlSXbtSvXl8oz6VXU78iBgAAAAAAAAAAAAAAAAAAAJvVllfmy5VKuigxxIm/Go3G814+ut+Fl9iVxH73TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwzD8BAAD//1hdMq0=")
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080)=@raw={'raw\x00', 0x8, 0x3, 0x1f0, 0x0, 0x11, 0x148, 0x340, 0x0, 0x440, 0x2a8, 0x2a8, 0x440, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48}}, {{@ip={@multicast2, @empty, 0x0, 0x0, 'vlan0\x00', 'netdevsim0\x00'}, 0x0, 0x70, 0xa0}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x250)
r0 = creat(&(0x7f0000000240)='./file1\x00', 0x0)
io_setup(0x200, &(0x7f0000000140)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000003440)=[&(0x7f00000000c0)={0x25, 0x0, 0x2, 0x1, 0xfffd, r0, 0x0}])
mount$fuseblk(&(0x7f0000000000), 0x0, 0x0, 0x2010002, 0x0)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x11b)
write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0x32600)

5.180070199s ago: executing program 0 (id=1979):
recvmmsg(0xffffffffffffffff, &(0x7f0000006800)=[{{0x0, 0x0, &(0x7f0000004dc0)=[{&(0x7f0000003ac0)=""/247, 0xf7}, {0x0}, {0x0}], 0x3}, 0x5}, {{0x0, 0x0, 0x0}, 0x6}], 0x2, 0x141, 0x0)
r0 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r0, &(0x7f00000003c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x11}, 0x2}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x0)
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYRES64=0x0, @ANYBLOB="644a0ce3a7d8a6cecbfc1f5c56d41c137c743ababa2b36ff835b00594da92f6c67dcd82c7f067560f0ae9c45a55703b2f63abe7b95fedddb78ffce323c6f2687610150e9336739"], 0x1, 0x1b4, &(0x7f00000001c0)="$eJzsmLFv2kAUxr+zwchVJbq2SysVCTrU2KatytABdezQSq1adQMVF5GYEIEHYCJ/RebMGTKjLPwfyZBkyhCyZYoUR2ef4xOCIBKCUPJ+w/Nn7vH87gEf0oEgiCfLyfHF0V42o3P9HBmkxOunapyjSPmD9OW7g/r3/W3z/HAw/FYcK6fN+/wEgGFJhSfufd/35SoZcf0FJdJJlOP1P2AwhC5DwW+hHTD8FXpN0k2ebxj/665j/Gu6VS5MHiwebB4K4/2NthiqUn9MWm93e+sV13Va9xdfeduTlmbNb1RS8EXqT/68otmY8fxgQYEldAEMP4X+rCKaTTgSaf+vEnF99WH2/0jFy/SMnCRWpdWVFXrsLMt8uvih9+d6FwMXZ/pyW12U2NWBxRSM/cnfYchK/pSQ/CPvNTbz7W7vfb1RqTk1Z8O2C5/MD6b50c4HRhTGW/xPD/zpmVQ/OSVXYxo6Fc9rWWG8ubc7KXgte5LjaoH/Kci9DbtmE/7kgq/JC/aGX3IqcOWHTG2aIAiCIAiCIAiCIAiCIAjiTrwGgx+dQPaFKEIXh6MR9o8g+zoAAP//uJxoHg==")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file2\x00', 0x80000, 0x40)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setrlimit(0xd, 0x0)
openat$selinux_load(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r1, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x88000)
sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(0xffffffffffffffff, 0x0, 0x24044000)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x2016840, 0x0, 0x0, 0x0, 0x0)

3.486500622s ago: executing program 4 (id=1999):
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000580)={@fallback=r0, 0x16, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)

3.418911543s ago: executing program 4 (id=2000):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), r0)
sendmsg$TIPC_NL_MON_GET(r0, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x80, r1, 0x1, 0x70bd28, 0x25dfdbff, {}, [@TIPC_NLA_MEDIA={0x40, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xdcb}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}, @TIPC_NLA_MON={0x2c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x6c04}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x200}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xa}]}]}, 0x80}, 0x1, 0x0, 0x0, 0x400c811}, 0x4008800)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001940), r0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
syz_emit_ethernet(0x76, &(0x7f0000000180)={@link_local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f57a14", 0x40, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "508359", 0x0, 0x0, 0x0, @private1, @mcast1, [@hopopts={0x3a}, @routing={0x80}]}}}}}}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r4=>0x0})
sendmsg$ETHTOOL_MSG_DEBUG_GET(r0, &(0x7f0000001b00)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000040)={0x28, r2, 0x1, 0x70bd2a, 0x25dfdbfe, {}, [@HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x4000000)

3.418611013s ago: executing program 4 (id=2001):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in=@multicast1, @in=@private=0xa010100, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20, 0x0, 0x0, 0xee01}, {0x1, 0x20000000000}, {0x1, 0x2, 0x0, 0x1}, 0x400000, 0x0, 0x2, 0x0, 0x1}}, 0xb8}}, 0x4004880)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000002000000e0000001000000000000000000000000e00000010000000000000000000000004e2400000000000002000010"], 0xb8}}, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'team_slave_0\x00', &(0x7f0000000100)=@ethtool_link_settings={0x4c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, [0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x1]}})

3.418300013s ago: executing program 4 (id=2002):
recvmmsg(0xffffffffffffffff, &(0x7f0000006800)=[{{0x0, 0x0, &(0x7f0000004dc0)=[{&(0x7f0000003ac0)=""/247, 0xf7}, {0x0}, {0x0}], 0x3}, 0x5}, {{0x0, 0x0, 0x0}, 0x6}], 0x2, 0x141, 0x0)
r0 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r0, &(0x7f00000003c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x11}, 0x2}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x0)
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYRES64=0x0, @ANYBLOB="644a0ce3a7d8a6cecbfc1f5c56d41c137c743ababa2b36ff835b00594da92f6c67dcd82c7f067560f0ae9c45a55703b2f63abe7b95fedddb78ffce323c6f2687610150e9336739"], 0x1, 0x1b4, &(0x7f00000001c0)="$eJzsmLFv2kAUxr+zwchVJbq2SysVCTrU2KatytABdezQSq1adQMVF5GYEIEHYCJ/RebMGTKjLPwfyZBkyhCyZYoUR2ef4xOCIBKCUPJ+w/Nn7vH87gEf0oEgiCfLyfHF0V42o3P9HBmkxOunapyjSPmD9OW7g/r3/W3z/HAw/FYcK6fN+/wEgGFJhSfufd/35SoZcf0FJdJJlOP1P2AwhC5DwW+hHTD8FXpN0k2ebxj/665j/Gu6VS5MHiwebB4K4/2NthiqUn9MWm93e+sV13Va9xdfeduTlmbNb1RS8EXqT/68otmY8fxgQYEldAEMP4X+rCKaTTgSaf+vEnF99WH2/0jFy/SMnCRWpdWVFXrsLMt8uvih9+d6FwMXZ/pyW12U2NWBxRSM/cnfYchK/pSQ/CPvNTbz7W7vfb1RqTk1Z8O2C5/MD6b50c4HRhTGW/xPD/zpmVQ/OSVXYxo6Fc9rWWG8ubc7KXgte5LjaoH/Kci9DbtmE/7kgq/JC/aGX3IqcOWHTG2aIAiCIAiCIAiCIAiCIAjiTrwGgx+dQPaFKEIXh6MR9o8g+zoAAP//uJxoHg==")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file2\x00', 0x80000, 0x40)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setrlimit(0xd, 0x0)
openat$selinux_load(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r1, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x88000)
sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(0xffffffffffffffff, 0x0, 0x24044000)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3)
openat$kvm(0xffffffffffffff9c, 0x0, 0x1, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x2016840, 0x0, 0x0, 0x0, 0x0)

3.085555405s ago: executing program 1 (id=2003):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000100)={@mcast2}, 0x14) (fail_nth: 3)

2.606822379s ago: executing program 1 (id=2006):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f000090b000/0x400000)=nil)
syz_mount_image$ext4(&(0x7f00000005c0)='ext4\x00', &(0x7f0000000600)='./file0\x00', 0x0, &(0x7f0000000640), 0x1, 0x5b9, &(0x7f0000000680)="$eJzs3W2IHHcdB/Df7N6mebiaNLZqa2xOQ20gdPdyuYREfGGJD7UmtaL4IhTCkdvuhezdnrkN9LaCLb4pCiL4RgShYl9YEQ3kTaXU9kWLbxSU+kClxoAKIhStFERQV2YfrmszaYr3MHjz+cDc/ec/c/v/7y3fndmd/8wEUFgT6Y8kYjwiLkXEzv7sf68w0f/VOXRxLp2S6HY//Zekt97soYtzw1WHf7cj/TEWsTUidh9PYl/l6naXljvnZprN+vnBfK09v1hbWu7cdXZ+plFv1BcOH50+NnVk+uj02j3XyZ9uv+WPd9x35Ynn//7Pb/76yPfT/o4Plo0+j7UyEROD/0klbhqpH0si7l3rxnJS7r/UccdIXTKWY4d4y7rd3d9LX7+3R8S+Xv53Rjn6L95LTz/wt53xy3vy7iOwfrpD2Ytf7QKbVqm3D5yUqhHRL5dK1Wp/H/7m2F5qtpbaBx5sXViY7e8r74pK6cGzzfrk4LPCrqgk6fzBXvn1+ak3zB+K6O0DP1be1puvnmk1Zzf6zQ7oGY+4fOlzZ7bseEP+/1Tu5x/YvNL8/+KFp55Ny6+V8+4NsJHS/H/3tflPhPxD4cg/FJf8Q3HJPxSX/ENxyT8Ul/xDcck/FJf8Q3HJPxTXMP/3nzwZ95882e0Mzn9faDXOnptbPDY1WZ2/cKZ6pnV+sdpotRq9M3bmr/+4zVZr8eBUXHio1q4vtWtLy53T860LC+3TvfP6T9czLgUA5ODUla333rT3uZeSiHjkA9t6U2rLYLmswubW7SaR9znIQD589Ificqk2KC6f8YHkOsu3XmtBc+37AmyMUt4dAHJz562O/0FR+f4fisv3/1Bc9vEB3/9D8fj+H4pr/Br3/7px5N5dkxHxtoj4Sblyw/BeX8D/r/GIy5e//dnayn24FRQUFFYKeb9DAevt9dDn3RMgL7OHLs4Np41q85nGRrUEZHnl7v4goDT3ncHUXzK2cmygsk7jhF5+LGIifvjbx/fPldMpBu9D69AUkOGRRyPiXVnb/6R3bGDXYL3d/dXi5oi4JSLeERHvXGXbX/9Umv8X6qN18g8b563m/9aIuD0ibouId0fEnoh4zyrb/vmlNP+/2jZaJ/9QDJ9/Pu8eAHn5+FN59wDIyyljDKCwvvNw3j0A8vL0D/LuAZCXr7yYdw+g2J67OyIms47/lXrH+4cqg+sC3jC4FsC2iNgeETsG5xDeODhHcOfIMcPrOf3JiIm4/UejdY7/wcYZjv/rXDX+r7Qy/q8cEXtX0cYzHxz/clb9zJ40/088PBz/l05p+8OxgMD6euXRiNsy85+sjPlNIs1pxHv/xzYmvnDlyaz6F+9LH7fyM/mHfHS/FfH+yM7/UFqqtecXa0vLnbt69/Fu1BcOH50+NnVk+uh0rXeJkNrwQiEZTvz11QNZ9S9Ppfn/xmH5h3yk2//t18j/6P7/+1bRxvGvfelUVv3479P873n2zfNf+vOW5DO9+eF9CR6aabfPH4zYkpy4un5qFR2FTW6YkWGG0vzv35f9+X/34G/S7f/xiPhwur8QEf+KiH9HxEci4qMR8bGIuOdN2vzqnY0rWfW/ezLN/+PnbP8hH2n+Z6+z/U9//2MVbRzY/+MvZtV/aG+a/+pv/nDigbF0kn8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAtbe03Dk302zWz69jIe/nCAAAAAAAAEXxnwAAAP//xOQ08g==")
r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='.\x00', 0x0, 0x0)
mmap(&(0x7f00009c9000/0x2000)=nil, 0x2000, 0xa, 0xe6152076a2d81ad0, r0, 0xd970000)
ioctl$EXT4_IOC_MOVE_EXT(r1, 0x8004587d, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x8000200000000000, 0x0, 0x85c, 0x5})
mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x1000021, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x210000, &(0x7f0000000280)={[{@user_xattr}, {@noquota}, {@dioread_nolock}, {@jqfmt_vfsv1}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x70}}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x7b1}}, {@stripe={'stripe', 0x3d, 0x20}}, {@bsdgroups}, {@max_batch_time={'max_batch_time', 0x3d, 0x3}}, {@user_xattr}, {@noinit_itable}]}, 0x3, 0x589, &(0x7f00000083c0)="$eJzs3c1rHOUfAPDvbHb7/vs1hVKsiBR6sFK7aRJfKnioR9FiQT3XkGxDyaZbspvSxILtwV68SBFELIh3vXvwULx49K8oaKFICQp6WZnNbLJpNslmszFp9/OBSZ5nZnafeeaZ78Mz++wyAfStE+mfXMTxiPgiiTjcsi0f2cYTi/stPL45ni5J1Osf/JFEkq1r7p9k/w9mmeci4ufPIk7nVpdbnZufGiuXSzNZfqg2fW2oOjd/5sr02GRpsnR1ZHT03GujI2++8XrP6vryxb++fv/+O+c+P7nw1Q8Pj9xN4nwcyra11mNT9q7I3WrNnKjXs3NSiPNPvGy4q8J2r2SnD4CuDGRxXoiI44XDhWbUA8++TyOiDvSpZJPxv1d/Ac+I5jigeW/f9X3wU+rR24s3QKvrn1/8bCT2Ne6NDiwkK+6M0vvdwR6Un5bx4+/37qZLbOVzCIBNunU7Is7m86v7vyTr/7p3toN9nixD/wf/nfvp+OeVduOf3NL4J9qMfw62id1ubBz/uYc9KGZN6fjvrbbj36VJq8GBLPe/xpivkFy+Ui6lfdv/I+JUFPam+fXmc84tPKivta11/JcuafnNsWB2HA/zK+eYYmKsNraVOrd6dDvi+bbj32Sp/ZM27Z+ej486LONY6d6La23buP7bq/5dxEtt2395RitZf35yqHE9DDWvitX+vHPs17XKb1//X37ahqq2lbb/gfXrP5i0ztdWN1/Gt/v+Ka21rdvrf0/yYSO9J1t3Y6xWmxmO2JO8t3r9yPJrm/nm/mn9T51cv/9rd/3vj4iPO6z/naPfv9B9/bdXWv+JTbX/5hMP3v3km7XK76z9X22kTmVrOun/Oj3ArZw7AAAAAAAA2G1yEXEoklwx9mXpXK5YXPx+x9E4kCtXqrXTlyuzVyei8VvZwSjkmjPdh1u+DzGcfR+2mR95Ij8aEUci4suB/Y18cbxSntjpygMAAAAAAAAAAAAAAAAAAMAucXDp9/+x4vf/qd8GdvrogG2XX3z+N9CHNnzkfy+e9ATsShvGP/DMEv/Qv8Q/9C/xD32pMcUn/qF/iX/oX+If+pf4BwAAAAAAAAAAAAAAAAAAAAAAAAAAgJ66eOFCutQXHt8cT/MT1+dmpyrXz0yUqlPF6dnx4nhl5lpxslKZLJeK45Xpjd6vXKlcGx6J2RtDtVK1NlSdm780XZm9Wrt0ZXpssnSp5DnjAAAAAAAAAAAAAAAAAAAAsFp1bn5qrFwuzfQgUSiXS7mI6GTniB4V+tQl/t7y+6Ttdivf2XnenkQSy2vyu+KsSvQ6sdM9EwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAs+zcAAP//MUwypA==")
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
write$hidraw(r2, &(0x7f0000000140)="e0553907924f3e3524daf3", 0xb)
syz_open_procfs(0x0, &(0x7f0000000040)='task\x00')
write$P9_RVERSION(0xffffffffffffffff, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff01800000080039503230"], 0x15)
unshare(0x2040600)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000001000000000000000000009500000000000000"], &(0x7f0000000040)='syzkaller\x00'}, 0x94)
syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0xc41a, &(0x7f0000000240)={[{@noblock_validity}, {@noblock_validity}, {@nobh}, {@nodioread_nolock}, {@data_err_ignore}, {@usrjquota, 0x2e}, {@resuid}, {@quota}, {@jqfmt_vfsv0}, {@nodiscard}], [], 0x2c}, 0x1, 0x477, &(0x7f0000000480)="$eJzs289vFFUcAPDvbFt+YyviDxC1ij8af7S0oHLwgtGEi4mJHvBYSyFIoYbWRAiR6gGPhpNH9WjiX+BJLkY9abzq3ZgQw0U0kYyZ3ZllaXeX7W63C+znk0x33uybed83M6998940gL41mv1IIrZFxG8RMRwRA8szjFY+rl09P/PP1fMzSaTpW38l2W7x99XzM0XWJP/cmifGStVNKyycPXdyem5u9kyenlg89f7EwtlzL5w4NX189vjs6amDBw/sn3z5pakX16Se27NYd380v2fX4XcuvTFz5NK7P36TBbct/762HhUjHZc5GqMNT8BTHR/99rI9/2x4wbktZW19MCKGyu1/OAbKqYrheP2TngYHdFWapunGFVurPYClFLiLJdHrCIDeKP7QZ8+/xbKO3Y+eu3Ko8gCU1ftavlS+GYxSnmeo5vl2rY1GxJGlf7/Ilqg7DgEAsLa+y/o/z9fr/5XigZp89+RzQyMRcW9E7IiI+yJiZ0TcH1HO+2BEPLTK8keXpW+Ufz0fhPplc/u1u7UrhyJ5JZ/burn/V/T+YmQgT20v138oOXZibnZffk7GYmhjlp5sUsbl1379rNF3tf2/bMnKL/qCeRx/Di4boDs6vTjdSZ1rXfm4PAZ4YWX9k+pMQBIRuyJidxvH3xQRJ579ek91w4aag+aa17+JwTYCWib9KuKZyvVfimX1j5pQm8xPTmyKudl9E8VdsdJPP198s1H5t77+3ZVd/y117/9q/UeS2vnahdWXcfH3Txs+07R7/29I3i6vF7fTh9OLi2cmIzYkSyu3T93Yt0gX+bP6j+2t3/53RFz/Mt/v4YjIbuJHIuLRiHgsj/3xiHgiIvY2qf8Prz75Xvv1766s/kdXdf1XvzJw8vtvG5Xf2vU/UF4by7e08vuv1QA7OXcAAABwpyiV34FPSuPV9VJpfLzyDv/O2FKam19YfO7Y/Aenj1belR+JoVIx0jVcMx46mY+5FOmpfKy4SO8vjxunaZpuLqfHZ+bnujWnDrRma4P2n/ljoNfRAV1Xnkc7+Hlrmf2HF9xVbppHH+pdHMD6W4P3aIA7lPYP/Uv7h/5Vr/1fiLjWg1CAdebvP/Qv7R/6l/YP/Uv7h77Uyf/1N1vZcbhbR74TVy5HRKM8A20feWNEdBrh01vb3T1KvT6rra8U77RVt5TqZP6vVxFm17HVzBdivQLr8S8mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACANfJ/AAAA///tr+cS")
bind$pptp(0xffffffffffffffff, &(0x7f0000000140)={0x18, 0x2, {0xffff, @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1e)
prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x2)
connect$pptp(0xffffffffffffffff, &(0x7f0000000080)={0x18, 0x2, {0x4, @multicast1}}, 0x1e)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f00000002c0), 0x202, 0x0)
ioctl$PPPIOCATTCHAN(r3, 0x40047438, &(0x7f0000000040)=0x1)

2.606537719s ago: executing program 3 (id=2007):
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x800, &(0x7f0000000440)=ANY=[@ANYBLOB="73686f72746e616d653d77696e39352c6e6f6e756d7461696c3d302c73686f72746e616d653d77696e6e742c756e695f786c6174653d312c6e66732c73686f72746e616d653d77696e6e742c726f6469722c696f636861727365743d6b6f69382d72752c73686f72746e616d653d6d697865642c757466383d302c756e695f786c6174653d312c756e695f786c6174653d312c006a4fcfcc9fc5ea902e1a6384d405e843e1dfa18259eaaba553a63617a0f84f2e66f4a8121e2cea67640f61a98cef24cdbc0121ddb0212c7365c895e70775f8c82357782f45acff678373e50747f0dbd34a6c51a45f248402fd4340c0024ca0ee5de3af9233d9e31dd6f105e2696137379613fb63ef2a91ccf785af00684cfa440b01bda2cbcd1b326a0ee91991ebfbd00ec2a75ac8d59d1e7793dfb73a16dd3b166bc6a158528f"], 0x1, 0x26c, &(0x7f0000000840)="$eJzs3U9rU1kYB+A3bTpJC0OyGCgzDMwdZjOr0HaYfcrQgWECipKFriw2RWlqoYWCLtruit9Bv4Iu3QouxK1fQASpghvrqgshEm//JDWJjZpG7PNs+nLu++Ock17upYueXPl1eWlhZW1xd3cn8vlMZMtRjr1MFGMkRiO1FQDA92Sv0Yg3jdSw1wIAnA7vfwA4e3q9/zNbh2PnT39lAMCgfNHf/yMDWRIAMGAXL13+f7ZSmbuQJPmI5e316no1/Zlen12M61GPWkxFId5FNA6l9b//VeamkqaXxcgvb46k+c316mh7fjoKUeycn05SUW3mDvJjMbGffzYRtZiJQvzUOT/TMf9D/PlHy/ylKMTTq7ES9ViIZjbN5yJiYzpJ/jlXOZbPfegDAAAAAAAAAAAAAAAAAAAAAIBBKCWHiu3n36Tn95RK3a6n+dbzgcZ7nQ/U2Dx2vk42fskOd+8AAAAAAAAAAAAAAAAAAADwrVi7eWtpvl6vrfYqbjy592gnlwY+2dy7yOzP219qu2fP+Ml2caz48fcXdzpdykWu38/n84qxiGgdSfanfPjbACf9WsXjnWs//7U2+Xe3nsi2jtxubrWtp8uNlB3UB/66ENG1J9/3Ddla3D8oym8/6jm4lWqr48P+xU3eLc8/2Hj+6qSpHg+NxuggHkUAAAAAAAAAAAAAAAAAAHDmHf3T77BXAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADDc/T9//0WuWgbyXdt3hr2HgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4H0AAAD//7qXlSU=") (async)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x8042, 0x1f6) (async)
openat$dir(0xffffffffffffff9c, &(0x7f0000000ac0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x80042, 0x10) (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) (async)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f00000000c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x804053, 0x0, 0xfc, 0x0, &(0x7f00000000c0)) (async)
mknod(&(0x7f0000001040)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x8000, 0xd02) (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='net_prio.prioidx\x00', 0x275a, 0x0) (async)
clock_adjtime(0x0, &(0x7f0000000000)={0x66b6, 0xfffffffe, 0x1, 0x7, 0xfffffffffffffff7, 0xffffffffffffffff, 0x7, 0x0, 0x7, 0x1, 0x10000003, 0x2486, 0x3, 0x401, 0x0, 0x8d, 0x80003600000, 0x10001, 0x4, 0x2000000002, 0x0, 0x80000071, 0x400, 0x9, 0x32, 0x6})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) (async)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140), 0x501003, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)={{0x0, 0xeeef0000, 0xe, 0x0, 0x81, 0x4, 0x9, 0x4e, 0x0, 0x2, 0x6, 0x1}, {0x3000, 0xffff1000, 0x3, 0x5, 0x2, 0x8, 0xd, 0x3, 0x0, 0x81, 0x8, 0x1}, {0x5000, 0x0, 0x0, 0x27, 0x3, 0x1, 0x7, 0xf, 0x8, 0x6, 0x2}, {0x8000000, 0xd5dd0000, 0xe, 0x2, 0x1, 0x3, 0xc, 0x0, 0x1, 0xfe, 0x4, 0x9}, {0x100002, 0xeeee8000, 0x9, 0x0, 0x80, 0xee, 0x0, 0x87, 0x7c, 0x0, 0xe, 0x9}, {0x3000, 0x4, 0xc, 0x1, 0x5, 0x4, 0x1, 0x1, 0x6, 0x88, 0xb, 0x2}, {0xeeee8000, 0xeeee0000, 0xc, 0x7, 0x7, 0x3, 0x1d, 0x46, 0x8, 0x2, 0x8, 0xe1}, {0xf000, 0x2, 0xc, 0xf8, 0xfd, 0xa, 0x2, 0x44, 0x3, 0xa, 0x5, 0xce}, {0xe000, 0x7}, {0x6000, 0x5}, 0x80000035, 0x0, 0x0, 0x60, 0x7, 0x1000, 0xeeef0000, [0x5, 0x8001, 0x8]}) (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.stat\x00', 0x275a, 0x0)

2.606388809s ago: executing program 3 (id=2008):
r0 = gettid()
timer_create(0x1, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe(&(0x7f00000008c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_icmp(0x2, 0x2, 0x1)
ioctl$KVM_MEMORY_ENCRYPT_UNREG_REGION(r1, 0x8010aebc, 0x0)
splice(r2, 0x0, r1, 0x0, 0x1000000008, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = epoll_create1(0x80000)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x0, 0x10)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r4, &(0x7f00000000c0)={0xe000001a})
sendfile(r3, r4, 0x0, 0x8)

2.550441249s ago: executing program 4 (id=2009):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
epoll_create1(0x80000)
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, 0xffffffffffffffff, &(0x7f0000000040)={0xa0000004})
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
syz_mount_image$erofs(&(0x7f0000000000), &(0x7f00000001c0)='./file1\x00', 0x4, &(0x7f0000000800)=ANY=[@ANYBLOB="00ea2eb34e7ea51c9446c55a2d1e0be39af9faf44ad59cb6ad1c94490d970e811439edddc71c9b18946b559ce53bee0a1abe562fc3f3898e5826eda1962cf6e3c4c0ade52151923a70b46eacfc1aaaebcf156e549e884bcabc1333f344f31cd30cd93cb2814e0dbc24a7a107e295e86e09283c825fe177c89c6385f68f2c843cffffffff15539bab6142ceed9265ba989d1a283fc4ffc83f3a7a6c746823e656ad78f3b5a336cdbd83dad59e0debb36b4ea5e658e253f01637cc03f704a08019f95b92fffffffff8dd21552d6967ab1b01e5d52a5793eb179deee4572770a5197127b090287bca2a4eaa1705b42c16968d0201d3ba3cc8000000657ea095f152b1b6a1e6ad8d24ad17f649ccc23d4ecbcdb5620cc48f95f563c2230f859d196e6c4f00b8e3a7b01fcb1d79dcc09b7a854ec8c31dd27ff9b4a2864e1dcaf719d20b56769d51228ecc1915fb8c8b598c11b3c296b05f9c5355fc6f19a7b28f5ae9a0d0804ccc5716cfac0246ddffa2f12077a02a959aa1b74373c38b2bcc90743b80666eae25dea73e127263b8fdbc64fe862b994ca8473d00000000000000009cf153dc0bf708", @ANYRESDEC], 0x1, 0x194, &(0x7f0000000640)="$eJzsmD9P+kAYx7/X8if88ktw1UUTScDB0hY1MjgwO2ii0bhJpBK0iIEOwGZ8Ec6+AmfiwvvQQZ0cxM3Joebawx4oYuI/jM9neO57dw/Hc0+Tb5OCIIg/y831w9VZMhHj+j8SiIr1WzXIUaT8Vvxx5qK0cn6i31+22svZ/vMYANd9//+HALRzKhwxd93eXyfEuA6lq8Py/iYYNKG3oWBDaAsMW0LvSbrC8zVtt2Rb2k7FLnCh82DwYPKQ6a+vc8RQkOpj0n6t0dzP27ZV/UIxrH+dnIIlqT75eXV7owf9gwEFhtAZMKwJvYhotzd+S6T7T4SC89Vvvv/vFuPxITlhjEqpJD5BMHBxFwNGo56fEoE/uacMScmfQpJ/pJ3yYbrWaM6WyvmiVbQOTDOzoM/p+ryZ9ozIj2/4X8zzp3/S+eEBuREWQT3vOFXDj89zsx6FUzVfc9yI538KUtN+1UysyXjvgzE2xYeUChwPrJYgCIIgCIIgCIIgCIIgCOIjTIJ5X0F7yL5YMle97KcAAAD//5Z1cak=")
sendmsg$nl_route_sched(r4, 0x0, 0x880)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file2\x00', 0x80000, 0x0)
read$FUSE(r5, &(0x7f0000003f00)={0x2020}, 0x2020)

2.53424267s ago: executing program 5 (id=2010):
mkdirat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x158)
mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000)='proc\x00', 0x14092, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})

2.323142991s ago: executing program 5 (id=2011):
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000580)={@fallback=r0, 0x16, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)

2.106916943s ago: executing program 1 (id=2012):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000e40), 0xffffffffffffffff)
r2 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r2, &(0x7f0000000080)={0x2, 0x4e24, @local}, 0x10)
sendmmsg$inet(r2, &(0x7f0000005240)=[{{0x0, 0x0, 0x0}, 0xfffffdef}], 0x4000095, 0x0)
getpeername(r2, 0x0, 0x0)
sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000200)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000fedbdf2503000000580001"], 0x6c}}, 0x0)
fadvise64(0xffffffffffffffff, 0x7f, 0x0, 0x4)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}}, 0x20040014)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300020000000000fedbdf25fc0000000000000000f1000000000000ac1414bb00000000000000ecffffffffffffff04000000000a006080"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x50)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}}, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e99900000000fedbdf25fc0000000000000000"], 0xb8}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300020000000000fbdbdf25fc00"/33, @ANYBLOB], 0xb8}, 0x1, 0x0, 0x0, 0x24000080}, 0x240400c4)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9"], 0xb8}}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000000000000000ac1e000100000000000000000000000000000000000000000a0040"], 0xb8}}, 0x0)

2.106626683s ago: executing program 5 (id=2013):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, 0xffffffffffffffff, &(0x7f0000000040)={0xa0000004})
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7020000000d0000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000be000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3a, 0x10, &(0x7f0000000340), 0xd58495bc, 0x0, 0xffffffffffffffff, 0xffffffffffffff5b}, 0x42)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r5, 0x0, 0x25, 0x0, @val=@tcx}, 0x1c)
syz_emit_ethernet(0x10e80, &(0x7f00000000c0)=ANY=[], 0x0)
syz_mount_image$erofs(&(0x7f0000000000), &(0x7f00000001c0)='./file1\x00', 0x4, &(0x7f0000000800)=ANY=[@ANYBLOB="00ea2eb34e7ea51c9446c55a2d1e0be39af9faf44ad59cb6ad1c94490d970e811439edddc71c9b18946b559ce53bee0a1abe562fc3f3898e5826eda1962cf6e3c4c0ade52151923a70b46eacfc1aaaebcf156e549e884bcabc1333f344f31cd30cd93cb2814e0dbc24a7a107e295e86e09283c825fe177c89c6385f68f2c843cffffffff15539bab6142ceed9265ba989d1a283fc4ffc83f3a7a6c746823e656ad78f3b5a336cdbd83dad59e0debb36b4ea5e658e253f01637cc03f704a08019f95b92fffffffff8dd21552d6967ab1b01e5d52a5793eb179deee4572770a5197127b090287bca2a4eaa1705b42c16968d0201d3ba3cc8000000657ea095f152b1b6a1e6ad8d24ad17f649ccc23d4ecbcdb5620cc48f95f563c2230f859d196e6c4f00b8e3a7b01fcb1d79dcc09b7a854ec8c31dd27ff9b4a2864e1dcaf719d20b56769d51228ecc1915fb8c8b598c11b3c296b05f9c5355fc6f19a7b28f5ae9a0d0804ccc5716cfac0246ddffa2f12077a02a959aa1b74373c38b2bcc90743b80666eae25dea73e127263b8fdbc64fe862b994ca8473d00000000000000009cf153dc0bf708", @ANYRESDEC], 0x1, 0x194, &(0x7f0000000640)="$eJzsmD9P+kAYx7/X8if88ktw1UUTScDB0hY1MjgwO2ii0bhJpBK0iIEOwGZ8Ec6+AmfiwvvQQZ0cxM3Joebawx4oYuI/jM9neO57dw/Hc0+Tb5OCIIg/y831w9VZMhHj+j8SiIr1WzXIUaT8Vvxx5qK0cn6i31+22svZ/vMYANd9//+HALRzKhwxd93eXyfEuA6lq8Py/iYYNKG3oWBDaAsMW0LvSbrC8zVtt2Rb2k7FLnCh82DwYPKQ6a+vc8RQkOpj0n6t0dzP27ZV/UIxrH+dnIIlqT75eXV7owf9gwEFhtAZMKwJvYhotzd+S6T7T4SC89Vvvv/vFuPxITlhjEqpJD5BMHBxFwNGo56fEoE/uacMScmfQpJ/pJ3yYbrWaM6WyvmiVbQOTDOzoM/p+ryZ9ozIj2/4X8zzp3/S+eEBuREWQT3vOFXDj89zsx6FUzVfc9yI538KUtN+1UysyXjvgzE2xYeUChwPrJYgCIIgCIIgCIIgCIIgCOIjTIJ5X0F7yL5YMle97KcAAAD//5Z1cak=")
sendmsg$nl_route_sched(r4, 0x0, 0x880)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file2\x00', 0x80000, 0x0)
r7 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x3c, r7, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}, @WGDEVICE_A_LISTEN_PORT={0x6, 0x6, 0x4e23}, @WGDEVICE_A_FLAGS={0x8, 0x5, 0x1}, @WGDEVICE_A_PEERS={0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x44001}, 0x4c020)
read$FUSE(r6, &(0x7f0000003f00)={0x2020}, 0x2020)

1.737207367s ago: executing program 3 (id=2014):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
epoll_create1(0x80000)
epoll_create1(0x0)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
syz_mount_image$erofs(&(0x7f0000000000), &(0x7f00000001c0)='./file1\x00', 0x4, &(0x7f0000000800)=ANY=[@ANYBLOB="00ea2eb34e7ea51c9446c55a2d1e0be39af9faf44ad59cb6ad1c94490d970e811439edddc71c9b18946b559ce53bee0a1abe562fc3f3898e5826eda1962cf6e3c4c0ade52151923a70b46eacfc1aaaebcf156e549e884bcabc1333f344f31cd30cd93cb2814e0dbc24a7a107e295e86e09283c825fe177c89c6385f68f2c843cffffffff15539bab6142ceed9265ba989d1a283fc4ffc83f3a7a6c746823e656ad78f3b5a336cdbd83dad59e0debb36b4ea5e658e253f01637cc03f704a08019f95b92fffffffff8dd21552d6967ab1b01e5d52a5793eb179deee4572770a5197127b090287bca2a4eaa1705b42c16968d0201d3ba3cc8000000657ea095f152b1b6a1e6ad8d24ad17f649ccc23d4ecbcdb5620cc48f95f563c2230f859d196e6c4f00b8e3a7b01fcb1d79dcc09b7a854ec8c31dd27ff9b4a2864e1dcaf719d20b56769d51228ecc1915fb8c8b598c11b3c296b05f9c5355fc6f19a7b28f5ae9a0d0804ccc5716cfac0246ddffa2f12077a02a959aa1b74373c38b2bcc90743b80666eae25dea73e127263b8fdbc64fe862b994ca8473d00000000000000009cf153dc0bf708", @ANYRESDEC], 0x1, 0x194, &(0x7f0000000640)="$eJzsmD9P+kAYx7/X8if88ktw1UUTScDB0hY1MjgwO2ii0bhJpBK0iIEOwGZ8Ec6+AmfiwvvQQZ0cxM3Joebawx4oYuI/jM9neO57dw/Hc0+Tb5OCIIg/y831w9VZMhHj+j8SiIr1WzXIUaT8Vvxx5qK0cn6i31+22svZ/vMYANd9//+HALRzKhwxd93eXyfEuA6lq8Py/iYYNKG3oWBDaAsMW0LvSbrC8zVtt2Rb2k7FLnCh82DwYPKQ6a+vc8RQkOpj0n6t0dzP27ZV/UIxrH+dnIIlqT75eXV7owf9gwEFhtAZMKwJvYhotzd+S6T7T4SC89Vvvv/vFuPxITlhjEqpJD5BMHBxFwNGo56fEoE/uacMScmfQpJ/pJ3yYbrWaM6WyvmiVbQOTDOzoM/p+ryZ9ozIj2/4X8zzp3/S+eEBuREWQT3vOFXDj89zsx6FUzVfc9yI538KUtN+1UysyXjvgzE2xYeUChwPrJYgCIIgCIIgCIIgCIIgCOIjTIJ5X0F7yL5YMle97KcAAAD//5Z1cak=")
sendmsg$nl_route_sched(r3, 0x0, 0x880)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file2\x00', 0x80000, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000300), 0xffffffffffffffff)
read$FUSE(r4, &(0x7f0000003f00)={0x2020}, 0x2020)

1.695755707s ago: executing program 4 (id=2015):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0xe, 0x4, 0x8, 0x7, 0x0, 0xffffffffffffffff, 0x7ff}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0xe, 0xc, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xaa9a}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x80000000}, {0x3, 0x3, 0x3, 0xa, 0x5}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x54}}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_usb_connect(0x2, 0x3d, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000b19a3640d219751205000002030109022b000207000000090400010079319c0009040000000202ff00082402db59c820f7"], 0x0)
syz_mount_image$msdos(&(0x7f0000000200), &(0x7f0000000000)='./file2\x00', 0x1000000, &(0x7f00000000c0)=ANY=[@ANYBLOB='nodots,dmask=00000000000000000000003,usefree,nodots,flush,dots,dots,gid=', @ANYRESHEX=0x0, @ANYBLOB], 0x1, 0x214, &(0x7f0000000840)="$eJzs3D1rW1cYB/AjWa6tlhZPhXbpoV3a5bb10qVDS3GhVNCSRCEv0zWWEyFFAl8NksmgOVM+RwhkCWQL+QL+DFmymYDx5Ck3OJKs2NixE0dy4vx+ix6e/z1X5+jARVy9bP5+91ZjNUtW004ozRdC8Y/QDzuFsBCKYaQffnpwZfvOxavX/v2zUlm6MDvsx/jVd4+v377//ZPOF5cf7nYKIYStxWcbX298s/ni0s16FutZbLU7MY3L7XYnXW7W4ko9ayQx/t+spVkt1ltZbW1fvtpsj5861LIspq1ebNR6sdOOnbVeTG+k9VZMkiTOB06lem8nz8NWnuf5XD/kef62JyhMZl5Myyn3n4/c3kU97l5Nn/e71W518DjI//6nsvRLfGVhPGq7263O7OW/DvK4P58Nnw/zxUPzz8KPPwzy3eyv/yoH8nJYmfzyAQAAAADgXErinkPv7yfJUfmgeu3zgQP370vh29K4MzP5pQAAAABHyHrrjbS5Mrs2KJq1Myvmwv7Ob4+GUzxu+M9Pjz9mQsWXwyK843nKIYSjjymGM9+U6RSj75EPO6PfF5xseOl9TaP8gbwao2I+HBaVw3pjbjqbAgAAnC/jN/0nHlKc6IQAAAAAAAAAAAAAAAAAAADgEzSNPzM76zUCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALzJywAAAP//ixdW4w==")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x103a42, 0x32)
ftruncate(r1, 0x6000000)
openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x103a42, 0x32)
syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000280)='./bus\x00', 0x3c9c9b, 0x0, 0x0, 0x0, &(0x7f0000000140))
r2 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$inet6_mtu(r2, 0x29, 0x17, &(0x7f00000002c0)=0x3, 0x4)
setsockopt$inet6_opts(r2, 0x29, 0x36, &(0x7f0000000840)=@hopopts={0x87}, 0x8)
setsockopt$inet6_udp_int(r2, 0x11, 0x67, &(0x7f0000000000)=0x28, 0x4)
sendmmsg$inet6(r2, &(0x7f0000001340)=[{{&(0x7f0000000140)={0xa, 0x4e21, 0x8, @dev={0xfe, 0x80, '\x00', 0x29}}, 0x1c, 0x0}}], 0x1, 0xc040)
syz_usb_connect$uac3(0x0, 0x116, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x8, 0x582, 0x29, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x104, 0x3, 0x1, 0x8, 0x40, 0xe0, {0x8, 0xb, 0x2, 0x0, 0x1, 0x23, 0x30, 0xaa}, {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x30, 0x0, {{0xa, 0x24, 0x1, 0xff, 0x3a, 0x800}, [@source_unit={0xc, 0x24, 0xb, 0x7, 0x1, 0x823, 0x7, 0x101}, @input_terminal={0x14, 0x24, 0x2, 0x4, 0x201, 0x2, 0x1, 0xe8, 0x3, 0xc, 0x3, 0x3}, @mixer_unit={0x5, 0x24, 0x5, 0x5, 0x7f}, @multiply_unit={0xb, 0x24, 0xd, 0x6, 0x5b, 0x5, 0xaf7}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {[@format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0x1, 0x8, 0x6, 0x8}, @format_type_i_discrete={0x8, 0x24, 0x2, 0x1, 0x4, 0x1, 0x5, 0x1}, @format_type_i_discrete={0x8, 0x24, 0x2, 0x1, 0x7f, 0x4, 0xe, 0x3}]}, {{0x9, 0x5, 0x1, 0x9, 0x200, 0xff, 0xff, 0x8, {0xa, 0x25, 0x25, 0x6, 0x10, 0x1}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {[@format_type_i_descriptor={0x6, 0x24, 0x2, 0x1, 0x4, 0x3}, @as_header={0x17, 0x24, 0x1, 0xe9, 0x8, 0x8, 0x1002, 0x0, 0x3, 0x1000, 0x10}, @format_type_i_continuous={0xd, 0x24, 0x2, 0x1, 0xb5, 0x3, 0x9, 0x3, "7496", "d427db"}, @as_header={0x17, 0x24, 0x1, 0x81, 0x7ffd, 0x3, 0x2, 0x2, 0xd, 0x4, 0x5b}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x20, 0x2, 0xc, 0x7, "c861", 'O'}]}, {{0x9, 0x5, 0x82, 0x9, 0x40, 0x18, 0x9e, 0xa6, {0xa, 0x25, 0x25, 0x9b, 0xf, 0xbc3c}}}}}}}}]}}, &(0x7f0000000340)={0xa, &(0x7f00000003c0)={0xa, 0x6, 0x110, 0x5, 0xb, 0xf8, 0x8, 0x2}, 0xa4, &(0x7f0000000180)={0x5, 0xf, 0xa4, 0x1, [@generic={0x9f, 0x10, 0x1, "8e56308a88f4f5f90ae42176c9a186b0ac564b7f516a9889cbbbc20b84051721438c22a6c4ee09378cb279c27b25152ea49996f1879942ebd7c63aa29b9f497d9c32f7d11163f7370405d38753da49b58b34ab9b88e743dd369f336c38beca35b741fbd1303cfbc650512dfe6de2d2155e72efeddf19bb7faf2af9f922dbd516a29feda5d3f0e689c5d23bb5105d158549f0d24ca94fea9c25b7c49d"}]}, 0x4, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x1c24}}, {0x40, &(0x7f0000000140)=@string={0x40, 0x3, "4c808ef6b031d42b3ae010918984f841ed1b7f2c918dccae6511f9a2e12228952c342e8c14dcb55e6f2df4f11db7cf5498bd897f7bac69c16086e023c004"}}, {0x21, &(0x7f00000002c0)=ANY=[@ANYBLOB="2103975f265d38d77893c2bae43292419793699bb9d78f8c020dbd95a9d80ba252"]}, {0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x418}}]})
ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000400)=@usbdevfs_connect={0x3})

1.24884248s ago: executing program 5 (id=2016):
r0 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000080)="441f080100000007c94ef56491ee54be34042074ed27c1c60477cef3e2", 0x1d)
connect$inet(r0, &(0x7f00000000c0)={0x2, 0x4e21, @remote}, 0x10)

1.2200146s ago: executing program 5 (id=2017):
r0 = syz_clone(0x80000000, &(0x7f0000000040)="c106197f510d9ec0eafe81587a20373bba1bed0ab63d7f6d5260908b64f2be3873745c", 0x23, &(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)="f707c182bbc8f19f4e5c9eadb0e6b32396172b2b73ea7ec320e440d6496d557e521d841a227d473398f9e37eca47616d4348d1b2c5")
r1 = syz_open_procfs(r0, &(0x7f0000000000)='net/dev\x00')
getdents(r1, &(0x7f0000000200)=""/38, 0x26)
getdents(r1, 0xffffffffffffffff, 0x5a)

1.199391571s ago: executing program 1 (id=2018):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000000800000005"], 0x48)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xf, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=<r6=>r5, @ANYBLOB="0000000000000000b702000002000110850000008600000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1e, 0x10, &(0x7f0000002000)=ANY=[@ANYRESDEC=r1, @ANYRES16, @ANYBLOB="d23014b237bbd59df41f0e23e07d371af2678ad05743c317ab4a27f7392baa9575066a3f68d862b0091f3340c7e1ed3be859546096b712af703b40e4bb3d1bee9da79c964496e5103488b841529dc63af6b56c57f33528511c50e502ac31a31b52395b899ce00f5bae0edf4a98cd113e4b601497711cb93685b159b291aae3eb2bb943ab8fb2c061046a5c8703286ec7826c252859196145d1e785f7b50008d3a539a084b017230c90cd26723a08f727fc49af276e9563f0c01e43605c2d6c481399b6a700d638e6257b073baab1008336166b3df653eaf2955edbef8819df6922b3c0951ed365242f17b67e7cf5771dd130af42a1d057040131df330ab4b977ff00193e0fd5645026d808939615d911673ba78be60c0a5c41597f4a9c142068400cc8e444c40c70074f3ff3f51ca3bd89141fcfc64f4a5da32812b7d502efbaa4a164352d8d55f017d74d8d2796f9785c3be8f886dbfc1bf3d15d3d82303468089f5a7f5ac54515ad90700450b79800cdc4dcacb025a05b8b8c8119f45201488fb005c78145d590c7149ed53ba489245974c8b0c7d48165cf0dd34a5c9d2489c698bf4da6781e1663b7bd2577a1cd7ea00e0e59049ed05c1c538d26dc4e690fdb23e1da6342a8741cb66656d77884904b00b5d1c92941047e539127d66c9b590d54b41cfe0fde255b3210bd4c05377bf2adbf08fb20fe1495b2da99dd4ef50055c8d78dec9b846ba783dfb8c138b1fcaa54e99dfbc13112329f0236170bae8f891691e5f755c41d47487868325f7635eeaf32ba20e48ad95e6cc90eee769b2e61394d949d261de98d6a07fe67e66bb4487e140495b1d3e4deb9f519365fc5cca970ed1fb35c78f03a02f43dbbb94a26cf9270b1c21ddcf160d487aa30fb4c0e063703448412d5aa7bbecd48fae28ee9a2e3109b7f94f546cc08f85a13569226ccf50b0d46ace5b5ee884e26e723d71b3e33f0b383cec93b6649ba69571bbc1fb7fb98aa3913f97e6afc9d26f4ee8cb46ff0ba53f71d782d257668f700bb64af4a8eab44848a8b456edbda945045331dc6337c0d365f55af0de029c6bd55d8ddb493316f201e2c8ee2bc2515a1d476f14905f046234f8b4589eae43ce52e81c49660fce97334a8578d3adbace8178ee4a6f5548839e1485a7c2337008212c899e8ae45508d8508b9f115ea460365946c5e107cee65f42b1f1a6c9e11b3205e6bb561bd24d9f902fabce64d8b2f10712c0850fcd42cbdb8ba49b94d9152db228a329776b476ce8ee4419fc87dc6d4b8d6222506ca94ce6f78d38e76a24bea9d338a06193e29d4850d1d199620f00cceee61b4ee92e842c7d9874bc5d0561c8bdfba99b34a79c9e477cbd74e0a21ef1b89e494a748cfda6f840beb159179f5361b6474b73c99cdae4041c44ca39b89dfbd24133e721905ef5b524125373275cffab6868023865475b967ca06a0678ad378ecc2ed360ef07b49e26fe302630ae351142be05389cbc4a7fbef40bcb469beccc44b32c613b53827aa1e62b21883719b385b1152981807a38d8de18406ba8dbb46a7b740708b9a9e6ccbafc795f865ea34369e688aea5fd2a3fa255f4a651c08c09effb9e50b0c3599bf1d6496dda0fa429936f32af1db0003c2227ff1c810103a6551969801a7ed500badb6f46202190f6fbaa3f1b1b7fde3da8ddd89b79ee5b29f0aaeeffcb864c71233cc80b5d8785f4fd4a1ee613302db7c89818aa1425b722a4b756856ba444c53817f056efd21c0e7d92c5aa484eb43d834107407dfd9ff751036d18f137a493a1e5ff92db0abb33020841effbbdde3a0670d5a09900d2da63a04f2508fdc0321345dbc23aa8a74846d264a076fe6457f96d7f0f0bf5342cf7ed77101f8e91e63e741771919095b7090b6509efaa60284b3b2f74ca137ceb46947b2edc71484b6539ed9de98424e7817d85f9d1a7c5a91e1509c0beaafef247cc1b8152fe9bd87360a8dcb29b268bc8772ed8e62996f746c057c25c147ef972270d5724b58243bc3a592b962f9bf7fb6df1ca1bb98023a51b11b89ce612a8c5e20981cd1d26a81ec40fde72353466fc3e4a8f1f6754b149e63ddf1e1e0c95b24005fa71b7dbc280ddb5cac2b75f3e8dfc244f63afbe414d14853be441f47c7b26dfbc91d5879b97b80fa113b6adf18b3390b569c3193df5a0f6bc81b1260a1c209c7e6d84228a971be29e6e94aa6e0f1b3cdd6c75bb3512b554cd7ad8e1f1ccc3d01b98c7bd25b110fcd270b24c7fa0c17a41f4239ae6a0682cb56d63d1c99e2aabc3ff94de828bbe528c64658be4fd8ef9c28a62ede8a57ba29ac5784053bae25c9dae6fcec3d93445b805dffdad078058d7cbd2ad8fe43eb744c98eefe9b829a2825b50db8d1268589edc1faa201e9ba88dd16d9e505bfca602075a8a077bf276ab63f2764b102e6aa81730397c9f5e80af8ef74cd8fe137a51aefe3f24529a9f0b4269034687934407dec247aff4f4ff23aa71f40dfa8fea36cbd66da457f77c3ece38a0692cac6aa56d7548f016aa31fb3c701330697043899f6ed09eac7a335c4ba6343c7abdac444407b623442b06afae9b3bfb22afb5f6c415b75f1565909871b13af35d031c34af96e76f84926e286a4d054076c8516ad000a9ad731dda6b8998b73ccc900b07b02896d3d1e01a9781dddee503516efb8d473fef853ca3f2c04aa5012e814ded337cb087262f82d39c02c7b821583341ad39fce59a7e9078566db8ebf3fba048d56f45e8f52d33922ccb7926c831ed12b2590ae0b499ba850f19a8f39a398a8f862c321b8501ec484339ab846029ef294306328148badfe3ae1acfb049a6f03cfcd58a079b81637534e9505a06df55a02c4dbbb9d7024c13d92cc5a03843ab805667de591249b187e85e6c55843e64f78b802e1ed2103c0f08531831f4694ec5bed3c5dcdcf70942c390578e12a89cca62509d68635a2588677a5dccc8d86a88be1344354b39a504483ff28807d24ef086a4035286544f000de1e8acf8767965217e0234d113d3343e92d6acedc34c8cb8d622a2f46e5e881bb46865f0e5ffcd8037b54efab21a00787b8fb7b6835eb8b6156e8d4b063b2b9b492888d91e2aa403f9a9adb714c094abe144594420a11dbcb738e41390e123370b4df4d52ace51783e3e087fbe5c44f7fd025e7f4cd45ff7d67ffcfdd19f8aa801fd84c8b5e1e4f940b33a11a1829bb64baab3ff00ebc9cbdcbf42313e03cec6007672c25f6e31bfc67dda557f802d81678d119cde55a2dae06f5a5b88e5258a5ea98c73fed68c37c4fcbd6d62cfbb06453c16457ecaedb3fdf828676bf24bbbc6e6ef2166b06b8cba00925d527dc00a6b78484cb30f366f1bc79c3cc778734cf8a91f346287ac65dfa41a0cc84f7b701112421d4c0018c3f21caebf14601eea72df416a9a0790947ef966de0b1e0d1357af8b05b6ecb3d34786daa49b5a9bb1a37eeccac2b80e4f9d74e31fb92e9578a0899f412a88fab4bd972cbb81804a2d632e10f95f286136538b0ac43e3872f105e0415644164ba8b81db33513b11c8f9cfe30efbd2a17ccb85da62c80a52b9d7fca1edd0bf78f1ef6364db8b219d9097f27aeafaf49c12901c5b46f64c0308a4f273eb4af62109abab722641ff48f372a6b175b276debcf1cfbf45c47c1286f25e309a6531829826a4645683d466dc5d5f575bd45abb7b34df593a9dae137350c10edbe8716ecb94873d7a4a97656fcc00bb09bf843659e3d74d9d5fe4f50d1a95e2d4da96a032c93ee763a38d747de984316bb6c01beec99dee9a5b85733af4200f1f9f75479f131d76cc0f383858771247853604faac7278cd214599fa2dbb43b86cf19c34ea252f00b475eb92c87514d8215ca9faa78b6e278308ec5beed04001bd445dbe14768f68f7922b65427596be1374601a6835e0718755f2429981f44b4b43e75e02d3b35a8bc67bc4064b5f8a33d07a00b88c893ed528946c5ca5dd87bcf50bd067851e5d9555097f73bd8440c597300ea4ec8b326e0c054fc8c3988ea542f7765b24f19f9c5ebd2793a5caaabbf8848116a35a467e6fad90ca96089f476a90f6794728036c1ada9a737ab8ed34d2cc8c6a32722c95724c6f7ce89d1a89ef19b1e560d87c052bb23d9bf7b25c22c242591d829414bd8f9f3dd9d0aae98857659c5bce4b2365597f4030a86212258aa62e133f1d434cf3ec38de0ffb9713b62a6aec69eb3b9998cdcdc9b74c36ff946b6391e466d0cc396ca394d99935ace15d363ac8565918ca0ada021bc557aa5ebd6705040cfd49a973fd9bbc6d4719813f9e4ee1a38bba3dfead5dd070c1f777c3cc58da22e5561db0d24e0fe4549ddb60264b91fe55f6ed2c37428f86ec1caf7b1f35a036cba178dc398fd1c199a407fbea9a26c8bf83a91ece4897a7a68a78e37441e1ff5368a7b176fe9047b77a7b717570790735d1a00d3d28bd11f3993c06a38695a26efab91ee23f66eea3382bf4d53816a5986d95bb40e2239a13ccffcdd6a3b51f1e41823e382ff9284dc25344da80c2e6eb9892f57b9a392705bde313e1d03b2886c1136cf391f2b73efa96f871c29a7d978de3595c05dfcb055697ec834ec3b6899b7e8edae85e9a211095359e2cd0ccc9745aade98c180a04eb6dfd4c00d7b7f0b49d3d44ce222ae4f61fa65c7a237ad90d82e2cb74ad04f37e1d7cec10c6aec4d154372b68a089dcb294abaef187dbd65a42b0784763e706b146d607b1bab8815ee2491a07839044307a6d9095c5082e5dcdde1eae268fd50d052264207a97501576ebb7503de2f2e971d6e647f53c8a19e36cb8c15e1a7b87f57c2901fab7dd5d650c69e20545cde9a50c6e28a5f338c40339919fc3a6b43a693999c1c44813a473e484047ab23f56c47529fb9455bc7dfea9d2def9a4e34647d45a7eda08645b4522c012a3d86f6f4dd98d28f93e95a19baee06e49dfec10c62363a434c7120ada53d545a2f954f47049d2e32740bcb44dbb29d29bbbbce352ef5221c1e58a59139786ba3601935c5009581b4bfb1d4934de6ded30354f6f9d4eb99c9766c6cdf9bac0db704517a9a8886855fc02475d9e2201e3b5d788701ef73d935857a80fc7e54451e19894e70f7d10d00714d04b68bd4b36cdda3ba3eee17394a2c352d7d0cb79db1c6da9564da37045c405518d13234888c0feda69ad3e2ec169da92a8c9b6bbc7a6b3b756e71bc7bbff50aecb8a9c4ef969f2617c64c4420e5f7095b0a03cc962615c4bbb3554d3bf8a84ccbcc2412c1bab203cb83938b70afae7bd642e74a76326b11e5fb7bc44d38610d90468824a7d239671ac76f06023cb68384ebf7eed465cec1817059c5c7949cd35a7c61a35f9dfb5c554c246ec870345813ef385ea23fae87e0f272d6f1408ad7d1c4e8f32bfe23cbf767031da9443d2bc30b6287060a56e30e6680e1053192ff4aa2656bf9fa6769cae962bd62c0c859dc5eb790a5f7ed6e71da5bd230e5f21cb02bdb1725d5ce68401e55b7de788f7c96e89ad8c6e60b1d15b494a5c960e7bd0d4b99c4027df10ebc7d339b437f388d6a5c43f8ce9119cb06e155b2fb69d4035d45941fe1eafac64fe2cefcd827481ae9114a5a4d189ad23dceaf55a08178dcd628ebfebeff2366a51dd9a744d57da9942a87a9169fe9d0aae8e2080ac478501a1d0e636067ea13814dbe1be3f8b646e3f11d26550c2f17f16b9e5190517032c3c87501eb1ed102681519e5d20c25d72a88c4a1eafab1f0b89caeb4180dcbfc27fe7c664e3c7de2ec5e481ac4a1d6d", @ANYBLOB="0ea2d69806ac40917ff70acbb3451a4a39cefdfc9b6298fb6a0cf7680ffdff0f000080154ba51b3ab93a0cf8dee4f3ea7bdf", @ANYRES16=r4], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r7, 0x4)
sendmsg$unix(r3, &(0x7f00000006c0)={0x0, 0xfffffffffffffe96, 0x0, 0x0, 0x0, 0x0, 0x20000001}, 0x40000)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f00000001c0)={0x3, &(0x7f0000000040)=[{0x50, 0x0, 0x2c, 0xdcef}, {0x20, 0x0, 0x2, 0xfffff024}, {0x6, 0xfc, 0x0, 0x4}]}, 0x10)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f00004f3000/0x2000)=nil, 0x2000, 0x1000004, 0x13, r8, 0xfffff000)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000080000000b00000000000000", @ANYRES32=0x1, @ANYBLOB="00000000de010fe100"/20, @ANYRES32=0x0, @ANYRES32, @ANYRES16=r6], 0x48)
r9 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r9, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r9, &(0x7f0000000700)="eeb83910c2c00069136017b426982b3bd312112cf54812761b572402ed1c1b21296bcb973d16209bc1e9598a1e9eb0c0198b3b689cb2e15d7d1d9b898a0c4865012baf7182c3e25fd2008838f7a7dea9fab313a282add98d2efc433255e884bdb15caee2782a2e847598b677af563e6c6fb813eb071fe9e7c36215856f26f23c9f", 0xfffffffffffffedf, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20, @rand_addr=0x64010100}, 0x4081a01f3f02744a)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r9, 0x6, 0x23, &(0x7f00000001c0)={&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0}, &(0x7f0000000200)=0x40)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$ENABLE_STATS(0x20, &(0x7f0000000100), 0x4)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r10}, 0xc)
mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x3, 0x28011, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x4008032, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305829, &(0x7f0000000180)={0x1100, 0x3, 0x52, 0x11000})
syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000240)='./file1\x00', 0xe, &(0x7f00000005c0)={[{@journal_checksum}, {@debug}]}, 0x1, 0x445, &(0x7f0000000b00)="$eJzs28+PE1UcAPDvTLeLCLgr4g9+qKto3PhjlwVUDh7UaOIBExM96HGzuxCksIZdEyFEwRg8GWPi3Xj0X/CkF2M8mXjVuyEhhgvgqWbaGbYtbdktLUX6+SQD78282fe+nXnte/PaAEbWVPZPErE1Iv6MiIl6trnAVP2/q5fPLly7fHYhiWr13X+SWrkrl88uFEWL87bkmek0Iv0iid1t6l05feb4fKWydCrPz66e+Gh25fSZF46dmD+6dHTp5P5Dhw4emHv5pf0v9iXOrE1Xdn26vGfnWx988/bhr5rib4mjT6a6HXy6Wu1zdcO1rSGdjA2xIWxIKSKyy1Wu9f+JKMXaxZuINz8fauOAgapWq9UtnQ+fqwJ3sSSa87o8jIrigz6b/xZb6yDg1cENP4bu0mv1CVAW99V8qx8ZizQvU26Z3/bTVES8f+7f77ItBvMcAgCgyU/Z+Of5duO/NB5qKHdfvjY0GRH3R8T2iHggInZExIMRtbIPR8QjG6y/dZHkxvFPerGnwNYpG/+9kq9tNY//itFfTJby3LZa/OXkyLHK0r78NZmO8qYsP9eljp/f+OPrTscax3/ZltVfjAXzdlwc29R8zuL86vytxNzo0vmIXWPt4k+urwQkEbEzInb1WMexZ3/Y0+nYzePvog/rTNXvI56pX/9z0RJ/Iem+Pjl7T1SW9s0Wd8WNfvv9wjud6r+l+Psgu/73tr3/r8c/mTSu165svI4Lf33ZcU7T6/0/nrxXS4/n+z6ZX109NRcxnhyuN7px//61c4t8UT6Lf3pv+/6/PdZeid0Rkd3Ej0bEYxHxeN72JyLiyYjY2yX+X19/6sPe4x+sLP7FDV3/tcR4tO5pnygd/+XHpkonb4j/Wvfrf7CWms73rOf9bz3t6u1uBgAAgP+fNCK2RpLOXE+n6cxM/fvyOyLSyvLK6nNHlj8+uVj/jcBklNPiSddEw/PQuXxaX8+fj4j6VwuK4wfy58bfljbX8jMLy5XFYQcPI25Lh/6f+bs07NYBA+f3WjC69H8YXfo/jC79H0ZXm/6/eRjtAG6/dp//nw2hHcDt19L/LfvBCDH/h9Gl/8Po0v9hJK1sjpv/SL5rovhLPZ5+1yaifEc0Y2CJSO+IZkgMKDHc9yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB++S8AAP///fHg0g==")
open(&(0x7f00000001c0)='./bus\x00', 0x4c27e, 0x2)
r11 = openat(0xffffffffffffff9c, &(0x7f0000000480)='.\x00', 0x10000, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r11, 0x8004587d, &(0x7f0000000080)={@id={0x2, 0x0, @a}})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080))

1.134921381s ago: executing program 5 (id=2019):
r0 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r0, &(0x7f0000000040)=@id={0x1e, 0x3, 0x1, {0x4e22, 0x2}}, 0x10)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
connect$netlink(r1, &(0x7f0000000100)=@kern={0x10, 0x0, 0x0, 0x1}, 0xc)
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000080)='./file1\x00', 0x800, &(0x7f0000000100)=ANY=[@ANYBLOB='iocharset=iso8859-9,utf8,dmask=00000000000000000000011,utf8,errors=remount-ro,utf8,fmask=00000000000000000000001,errors=remount-ro,iocharset=iso8859-5,gid=', @ANYRESHEX=0x0, @ANYBLOB="0002"], 0x1, 0x1548, &(0x7f0000000380)="$eJzs3AuYTdX7OPD3XWvtMSSdJrkMa613c5LLMkmSS5JckiRJktwSkib5SkJiyC1pSEJyGZLLEJLLxKRxv98vCU2SJklCckvW/1H8fftVv++lvl/P85v38zz7sd6z9rv22vOeM2fvdZz5psvQmo1rVWtIRPCn4C//JAFALAAMBIBrACAAgHJx5eIu9OeUmPTnDsL+Wg+lXukZsCuJ65+9cf2zN65/9sb1z964/tkb1z974/pnb1x/xrKzzdMLXstb9t14/T874/f//0OySo/9Ym3p67sCxPyzKVz/7I3r/39W8M/sxPXP3rj+2VXslZ4A+yvN/vfS+PWfHeT4wx6uf/bG9WcsO/t5HTgnXPF16Cu1QSR7fwZypZ9/jDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcayh9P+MgUAl9pXel6MMcYYY4wxxhj76/gcV3oGjDHGGGOMMcYY+89DECBBQQAxkANiISfkAgEAV0MeuAYicC3EwXWQF66HfJAfCkBBiIdCUBg0GLBAEEIRKApRuAGKwY1QHEpASSgFDkpDAtwEZeBmKAu3QDm4FcrDbVABKkIlqAy3QxW4A6rCnVAN7oLqUANqQi24G2rDPVAH7oW6cB/Ug/uhPjwADeBBaAgPQSN4GBrDI9AEHoWm0AyaQwto+W/lvwA94EXoCb0gCXpDH3gJ+kI/6A8DYCC8DIPgFRgMr0IyDIGh8BoMg9dhOLwBI2AkjII3YTS8BWNgLIyD8ZACE2AivA2T4B2YDFNgKkyDVJgOM+BdmAmzYDa8B3PgfZgL82A+LIA0+AAWwiJIhw9hMXwEGbAElsIyWA4rYCWsgtWwBtbCuh/7wgbYCJtgM2yBrbANtsMO2Akfwy74BHbDntfnAUAmfPZH+bD+d/NPXcqHvfApZEJXBAQUKFChwhiMwViMxVyYC3NjbsyDeTCCEYzDOMyLeTEf5sMCWADjMR4LY2E0aJCQsAgWwShGsRgWw+JYHEtiSXToMAETsAzejGWxLJbDclgey2MFrIgVsTJWxipYBatiVayG1bA6VseaWBPvxruxN9bBOlgX62I9rHdpeQobYkNshI2wMTbGJtgEm2JTbI7NsSW2xFbYCltja2yLbbEdtsP22B4TMRE7YAfsiB2xE3bCztgZu2AX7IrdsFvWCzkAX8QXsRdWF72xD/bBvpicoz8OwAH4Mg7CV/AVfBWTcQgOxdfwNXwdh+NJHIEjcRSOwiriLRyDY5HEeEzBFJyIE3ESTsLJOAWn4DRMxek4A2fgTJyFs/A9nIPv4/s4D+fhAkzDNFyIizAd03ExnsIMXIJLcRkuxxW4HFfhalyFa3EdrsUNuAE34SbcgltwG27DHbgDP0YFgJ/gHtyDyZiJmbgP9+F+3I8H8ABmYRYexIN4CA/hYTyMR/AIHsVjeByP4Qk8gSfxFJ7G03gWz+I5fC7+q0Yfl1iTDOICJZSIETEiVsSKXCKXyC1yizwij4iIiIgTcSKvyCvyiXyigCgg4kW8KCwKCyOMIBHGAICIiqgoJoqJ4qK4KClKCiecSBAJoowoI8qKsqKcuFWUF7eJCqKiaOMqi8qiimjrqoo7RTVRTVQXNURNUUvUErVFbVFH1BF1RV1RT9QT9cUDooHojf3xIXGhMo3FEGwihmJT0UzIi7/BWonh2Fq0EW3FE2IkjsD2opVLFE+LDmIMdhR/E2PxWdFZjMcu4nnRVXQT3cULoodo7XqKXmIy9hZ9xDTsK/qJ/mKAmIk1xHs4J2dN8apIFkPEUPGaWICvi+HiDTFCjBSjxJtitHhLjBFjxTgxXqSICWKieFtMEu+IyWKKmCqmiVQxXcwQ74qZYpaYLd4Tc8T7Yq6YJ+aLBSJNfCAWikUiXXwoFouPRIZYIpaKZWK5WCFWilVitVgj1op1Yr3YIDaKTWKz2CK2im1iu9ghdoqPxS7xidgt9oi94lORKT4T+8TnYr/4QhwQX4os8ZU4KL4Wh8Q34rD4VhwR34mj4pg4Lr4XJ8QP4qQ4JU6LM+Ks+FGcEz+J88ILkCiFlFLJQMbIHDJW5pS55FUytwwu/nSvlXHyOplXXi/zyfyygCwo42UhWVhqaaSVJENZRBaVUXmDLCZvlMVlCVlSlpJOlpYJ8iZZRt4sy8pbZDl5qywvb5MVZEVZSVaWt8sq8g4JkV+OUV3WkDVlLXm3TIJ7ZB15r6wr75P15P2yvnxANpAPyobyIdlIPiwby0dkE/mobCqbyeayhWwpH5Ot5OOytWwj28onZDv5pGwvn5KJ8mnZQfqLT5FnZWf5nOwin5ddZTfZXf4kz0sve8peEnqD7CNfkn1lP9lfDpAD5ctykHxFDpavymQ5RA6Vr8lh8nU5XL4hR8iRcpR8U46Wb8kxcqwcJ8fLFDlBTpRvy0nyHTlZTpFT5TSZKqfL/hdHmi3lP8x/+3fyB/989E1ys9wit8ptcrvcIXfKj+UuuUvulrvlXrlXZspMuU/uk/vlfnlAHpBZMkselAflIXlIHpaH5RF5RB6Vx+QZ+b08IX+QJ+UpeUqekWflWXnu4s8AFCqhpFIqUDEqh4pVOVUudZXKra5WedQ1KqKuVXHqOpVXXa/yqfyqgCqo4lUhVVhpZZRVpEJVRBVVUXUDXnzCqJKqlHKqtEpQN/0r+aqYulEVVyV+lX9pfkl/ML+WqqVqpVqp1qq1aqvaqnaqnWqv2qtElag6qA6qo+qoOqlOqrPqrLqoLqqr6qq6q+6qh+qheqqeKkklqT7qJdVX9VP91QA1UL2sBqlBarAarJJVshqqhqphapgaroarEWqEGqVGqdFqtBqjxqhxapxKUSlqopqoJqlJarKarKaqqSpVpaoZaoaaqWaq2Wq2mqPmqLlqrpqv5qs0laYWqoUqXaWrxWqxylBL1BK1TC1TK9QKtUqtUmvUGrVOrVMb1AaVoTarzWqr2qq2q+1qp9qpdqldarfarfaqvSpTZap9ap/ar/arA+qAylJZ6qA6qA6pQ+qwOqyOqCPqqDqqjqvj6oQ6oU6qk+q0Oq3OqrPqnDqnzqvzFy77AhGIQAUqiAligtggNsgV5ApyB7mDPEGeIBJEgrggLsgbXB/kC/IHBYKCQXxQKCgc6MAENhAXix4NbgiKBTcGxYMSQcmgVOCC0kFCzMXO4JagXHBrUD64LagQVAwqBZWD24MqwR1B1eDOoFpwV1A9qBHUDGoFdwe1g3uCOsG9Qd3gvqBecH9QP3ggaBA8GDQMHgoaBQ8HjYNHgibBo0HToFnQPGgRtAxuDsr+ZeN7fzL/466n7qWTdG/dR7+k++p+ur8eoAfql/Ug/YoerF/VyXqIHqpf08P063q4fkOP0CP1KP2mHq3f0mP0WD1Oj9cpeoKeqN/Wk/Q7erKeoqfqaTpVT9cz9Lt6pp6lZ+v39Bz9vp6r5+n5eoFO0x/ohXqRTtcf6sX6I52hl+ileplerlfolXqVXq3X6LV6nV6vN+iNepPerLforXqb3q536J36Y71Lf6J36z16r/5UZ+rP9D79ud6vv9AH9Jc6S3+lD+qv9SH9jT6sv9VH9Hf6qD6mj+vv9Qn9gz6pT+nT+ow+q3/U5/RP+rz2Fy7uL7y9G2WUiTExJtbEmlwml8ltcps8Jo+JmIiJM3Emr8lr8pl8poApYOJNvClsCpsLyJApYoqYqImaYqaYKW6Km5KmpHHGmQSTYMqYMqasKWvKmXKmvClvKpgKppKpZG43t5s7zB3mTnOnucvcZWqYGqaWqWVqm9qmjqlj6pq6pp6pZ+qb+qaBaWAamoamkWlkGpvGpolpYpqapqa5aW5ampamlWllWpvWpq1pa9qZdqa9aW8STaLpYDqYjqaj6WQ6mc6ms+liupiupqvpbrqbHqaH6Wl6miSTZPqYPqav6Wv6m/5moBloBplBZrAZbJJNshlqhpphZpgZboabEWakGXXhQtW8ZcaYsWacGW9STIqZaCaaSWaSmWwmm6lmqkk1qWaGmWFmmplmtplt5pg5Zq6Za+ab+SbNpJmFZqFJN+lmsVlsMkyGWWqWmuVmuVlpVprVZrVZa9aa9bDebDQbzWaz2Ww1W812s93sNDvNLrPL7Da7zV6z12SaTLPP7DP7zX5zwBwwWSbLHDQHzSFzyBw2h80Rc8QcNUfNcXPcnDAnzElz0pw2p81Zk//i+6U3sTanzWWvsrnt1TaPvcb+z7iALWjjbSFb2Gqbz+b/VWystcVtCVvSlrLOlrYJ9qbfxBVsRVvJVra32yr2Dlv1N3Fte4+tY++1de19tpa9+1dxPXu/rW8fsQ0QAWwz28i2sI3tI7aJfdQ2tc1sc9vCtrNP2vb2KZton7Yd7DO/iRfaRXa1XWPX2nV2t91jT9sz9pD9xp61P9qetpcdaF+2g+wrdrB91SbbIb+JR9k37Wj7lh1jx9pxdvxv4ql2mk210+0M+66daWf9Jk6zH9g5Nt3OtfPsfLvg5/jCnNLth3ax/chm2ACW2mV2uV1hV9pV/3+uy+wGu9FusrvsJ3ar3Wa32x1256ULYbvH7rWf2kz7mT1ov7b77Rf2gD1ss+xXP8cXzu+w/dYesd/Zo/aYPW6/tyfsD+pS9oVz/97+ZM9bb4GQgCQpCiiGclAs5aRcdBXlpqspD11DEbqW4ug6ykvXUz7KTwWoIMVTISpMmgxZIgqpCBWlKN1Al6ZXkkqRo9KUQDdRGbqZytItVI5upfJ0G1WgilSJKtPtVIXuoKp0J1Wju6g61aCaVIvuptp0D9Whe6ku3Uf16H6qTw9QA3qQGtJD1Igepsb0CDWhR6kpNaPm1IJa0mPUih6n1tSG2tIT1I6epPb0FCXS09SBnqGO9DfqRM9SZ3qOutDz1JW6UXd6gXrQi9STelES9aY+9BL1pX7UnwbQQHqZBtErNJhepWQaQkPpNRpGr9NweoNG0EgaRW/SaHqLxtBYGkfjKYUm0ER6mybROzSZptBUmkapNJ1m0Ls0k2bRbHqP5tD7NJfm0XxaQGn0AS2kRZROH9Ji+ogyaAktpWW0nFbQSlpFq2kNraV1tJ420EbaRJtpC22lbbSddtBO+ph20Se0m/bQXvqUMukz2kef0376gg7Ql5RFX9FB+poO0Td0mL71veg7OkrH6Dh9TyfoBzpJp+g0naGz9COdo5/oPHmCEEMRylCFQRgT5ghjw5xhrvCqMHd4dZgnvCaMhNeGceF1Yd7w+jBfmD8sEBYM48NCYeFQhya0IYVhWCQsGkbDG8Ji4Y1h8bBEWDIsFbqwdJgQ3hSWCW8Oy4a3hOXCW8Py4W1hhbBi+Mh9lcPbwyrhHWHV8M6wWnhXWD2sEdYMa4V3h7XDe8I64b1h3fC+sGx4f1g/fCBsED4YNgwfChuFD4eNw0fCJuGjYdOwWdg8bBG2DB8LW4WPh63DNmHb8ImwXfhk2D58KkwMnw47hM/83H//oj/uTwp7h33Cl8KXQu/vlfOjC6Jp0Q+iC6OLounRD6OLox9FM6JLokujy6LLoyuiK6Oroquja6Jro+ui66Mbohujm6Le18oBDp1w0ikXuBiXw8W6nC6Xu8rldle7PO4aF3HXujh3ncvrrnf5XH5XwBV08a6QK+y0M846cqEr4oq6qLvBFXM3uuKuhCvpSjnnSrsE18K1dC1dK/e4a+3auLbuCfeEe9I96Z5yT7mnXQf3jOvo/uY6uWddZ/ece84977q6bq67e8H1cBPy/PKaTHJ9XB/X1/V1/V1/N9ANdIPcIDfYDXbJLtkNdUPdMDfMDXfD3Qg3wo1yo9xoN9qNcWPcODfOpbgUN9FNdJPcJDfZTXZT3VSX6lLdDDfDzXQzXZVZvxxlrpvr5rv5Ls2luYXuwjVjulvsFrsMl+GWuqVuuVvuVrqVbrVb7da6tW69W+82uo1us9vstrqtbrvb7na6nW6X2+V2+2t+GdRlun1un9vv9rsD7kuX5b5yB93X7pD7xh1237oj7jt31B1zx9337oT7wZ10p9xpd8addT+6c+4nd955lxKZEJkYeTsyKfJOZHJkSmRqZFokNTI9MiPybmRmZFZkduS9yJzI+5G5kXmR+ZEFkbTIB5GFkUWR9MiHkcWRjyIZkSWRpZFlkeWRFRHvC20NfRFf1Ef9Db6Yv9EX9yV8SV/KO1/aJ/ibfBl/sy/rb/Hl/K2+vL/NV/AVfSX/qG/qm/nmvoVv6R/zrfzjvrVv49v6J3w7/6Rv75/yif5p38E/4zv6v/lO/lnf2T/nu/jnfVffzXf3L/ge/kXf0/fySb637+Nf8n19P9/fD/AD/ct+kH/FD/av+mQ/xA/1r/lh/nU/3L/hR/iRflTMm370pVtkGO9T/AQ/0b/tJ/l3/GQ/xU/103yqn+5n+Hf9TD/Lz/bv+Tn+fT/Xz/Pz/QKf5j/wC/0in+4/9Iv9Rz7DL7m0qOxX+lV+tV/j1/p1fr3f4Df6TX6z3+K3+m1+u9/hd/qP/S7/id/t9/i9/lOf6T/z+/znfr//wh/wX/os/5U/6L/2h/w3/rD/1h/x3/mj/pg/7r/3J/wP/qQ/5U/7M/6s/9Gf8z/58/ydNcYYY4yxf8qEy03x655flvN7/06O+Lud+wDA1dsKZv19/4UryvX5fmn3E/HtIgDwdK8uD13aqldPSkq6uG+GhKDoPIBLnwRd8POy8cV4CbSFJyER2kCZ351/P9HtLP2D8aO3AuT6u5xYuBxfHv9zAEz6nfEfe2LUwvLh6bj/Zfx5AMWLXs7JCZfjJdD25/WVNlD2D+afv9U/mH/OL1IAWv9dTm64HF+efwI8Ds9A4q/2ZIwxxhhjjDHGftFPVOp06f7z0v/4/L3783h1OScHXI7/0f05Y4wxxhhjjDHGrrxnu3V/6rFL39x7LDGxTaefH/lnGlX/lZ3/9UYT+E+NzI3fbXgPcOkRBQB/ckCACw353zyLLf+VYyVffLX8z67lZ3wA3Ytd/NLjX3fQ2D9fi3+ncaV+IzHGGGOMMcb+Uy5f9P/6cXWlJsQYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjGVD/40/J3alz5ExxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhi70v5fAAAA//8XnvpB")
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9)
syz_mount_image$fuse(0x0, &(0x7f0000000580)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
fchdir(r1)
mount(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000080)='proc\x00', 0x189, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000240)='oom_adj\x00')
fchdir(r2)
exit(0xffff)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x1a42028, 0x0, 0x1, 0x0, 0x0)
syz_usb_connect$midi(0x5, 0x3a, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x20, 0x1430, 0x474b, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x28, 0x1, 0x1, 0x2, 0x50, 0x9, "", {{{0x9, 0x4, 0x0, 0x0, 0x1, 0x1, 0x3, 0x0, 0x3, [@midi_in_jack={0x6, 0x24, 0x2, 0x1, 0xe9}], [{{0x9, 0x5, 0xe, 0x3, 0x8, 0x3, 0x0, 0xff, {0x7, 0x25, 0x1, 0x3, "88cae9"}}}]}}}}}]}}, &(0x7f0000000bc0)={0x0, 0x0, 0x0, 0x0})

930.118373ms ago: executing program 1 (id=2020):
recvmmsg(0xffffffffffffffff, &(0x7f0000006800)=[{{0x0, 0x0, &(0x7f0000004dc0)=[{&(0x7f0000003ac0)=""/247, 0xf7}, {0x0}, {0x0}], 0x3}, 0x5}, {{0x0, 0x0, 0x0}, 0x6}], 0x2, 0x141, 0x0)
r0 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r0, &(0x7f00000003c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x11}, 0x2}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x0)
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYRES64=0x0, @ANYBLOB="644a0ce3a7d8a6cecbfc1f5c56d41c137c743ababa2b36ff835b00594da92f6c67dcd82c7f067560f0ae9c45a55703b2f63abe7b95fedddb78ffce323c6f2687610150e9336739"], 0x1, 0x1b4, &(0x7f00000001c0)="$eJzsmLFv2kAUxr+zwchVJbq2SysVCTrU2KatytABdezQSq1adQMVF5GYEIEHYCJ/RebMGTKjLPwfyZBkyhCyZYoUR2ef4xOCIBKCUPJ+w/Nn7vH87gEf0oEgiCfLyfHF0V42o3P9HBmkxOunapyjSPmD9OW7g/r3/W3z/HAw/FYcK6fN+/wEgGFJhSfufd/35SoZcf0FJdJJlOP1P2AwhC5DwW+hHTD8FXpN0k2ebxj/665j/Gu6VS5MHiwebB4K4/2NthiqUn9MWm93e+sV13Va9xdfeduTlmbNb1RS8EXqT/68otmY8fxgQYEldAEMP4X+rCKaTTgSaf+vEnF99WH2/0jFy/SMnCRWpdWVFXrsLMt8uvih9+d6FwMXZ/pyW12U2NWBxRSM/cnfYchK/pSQ/CPvNTbz7W7vfb1RqTk1Z8O2C5/MD6b50c4HRhTGW/xPD/zpmVQ/OSVXYxo6Fc9rWWG8ubc7KXgte5LjaoH/Kci9DbtmE/7kgq/JC/aGX3IqcOWHTG2aIAiCIAiCIAiCIAiCIAjiTrwGgx+dQPaFKEIXh6MR9o8g+zoAAP//uJxoHg==")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file2\x00', 0x80000, 0x40)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setrlimit(0xd, 0x0)
openat$selinux_load(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r1, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x88000)
sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(0xffffffffffffffff, 0x0, 0x24044000)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
syz_mount_image$fuse(0x0, 0x0, 0x2016840, 0x0, 0x0, 0x0, 0x0)

840.659474ms ago: executing program 3 (id=2021):
mkdirat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x158)
mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000)='proc\x00', 0x14092, 0x0)
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='mnt\x00', 0x4, &(0x7f0000000000), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000540)='mnt/encrypted_dir\x00', 0x48)
chdir(&(0x7f00000002c0)='mnt/encrypted_dir\x00')
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', &(0x7f0000000140)={0x474082, 0x5c, 0x8}, 0x18)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})

473.467766ms ago: executing program 3 (id=2022):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00000002c0), 0x202, 0x0)
ioctl$PPPIOCATTCHAN(r0, 0x40047438, &(0x7f0000000040)=0x1)

387.078107ms ago: executing program 3 (id=2023):
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc)=0x4, 0x9, 0x4, 0x0, 0x0, 0x400000)
futex(&(0x7f000000cffc), 0x5, 0x0, 0x0, &(0x7f0000048000)=0x1, 0x0) (fail_nth: 3)

0s ago: executing program 1 (id=2024):
r0 = gettid()
timer_create(0x1, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe(&(0x7f00000008c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_icmp(0x2, 0x2, 0x1)
ioctl$KVM_MEMORY_ENCRYPT_UNREG_REGION(r1, 0x8010aebc, &(0x7f0000000080)={0xffffffff, 0x10000})
splice(r2, 0x0, r1, 0x0, 0x1000000008, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = epoll_create1(0x80000)
r4 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x10)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r4, &(0x7f00000000c0)={0xe000001a})
sendfile(r3, r4, 0x0, 0x8)

kernel console output (not intermixed with test programs):

164] RSP: 002b:00007f117232d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  677.010875][ T7164] RAX: ffffffffffffffda RBX: 00007f1171615fa0 RCX: 00007f117139cdd9
[  677.018860][ T7164] RDX: 000000002400c000 RSI: 00002000000003c0 RDI: 0000000000000003
[  677.026908][ T7164] RBP: 00007f117232d090 R08: 0000000000000000 R09: 0000000000000000
[  677.034869][ T7164] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  677.042836][ T7164] R13: 00007f1171616038 R14: 00007f1171615fa0 R15: 00007fff5a67e688
[  677.050806][ T7164]  </TASK>
[  677.111977][ T7167] erofs: (device loop1): z_erofs_lz4_decompress_mem: failed to decompress -4082 in[4096, 0] out[9000]
[  677.133505][ T7167] erofs: (device loop1): z_erofs_lz4_decompress_mem: failed to decompress -4082 in[4096, 0] out[9000]
[  677.172953][ T7167] erofs: (device loop1): z_erofs_lz4_decompress_mem: failed to decompress -4082 in[4096, 0] out[9000]
[  677.210739][ T7167] erofs: (device loop1): z_erofs_lz4_decompress_mem: failed to decompress -4082 in[4096, 0] out[9000]
[  677.347678][ T7180] FAULT_INJECTION: forcing a failure.
[  677.347678][ T7180] name fail_futex, interval 1, probability 0, space 0, times 1
[  677.360604][ T7180] CPU: 1 PID: 7180 Comm: syz.5.1768 Not tainted syzkaller #0
[  677.367981][ T7180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  677.378018][ T7180] Call Trace:
[  677.381312][ T7180]  <TASK>
[  677.384315][ T7180]  __dump_stack+0x21/0x24
[  677.388645][ T7180]  dump_stack_lvl+0x110/0x170
[  677.393365][ T7180]  ? __cfi_dump_stack_lvl+0x8/0x8
[  677.398397][ T7180]  ? stack_trace_save+0xa6/0xf0
[  677.403245][ T7180]  dump_stack+0x15/0x24
[  677.407396][ T7180]  should_fail_ex+0x3d4/0x520
[  677.412062][ T7180]  should_fail+0xb/0x10
[  677.416203][ T7180]  get_futex_key+0x143/0xb10
[  677.420775][ T7180]  ? _parse_integer+0x2a/0x40
[  677.425438][ T7180]  ? __cfi_get_futex_key+0x10/0x10
[  677.430543][ T7180]  futex_wake_op+0x179/0xd50
[  677.435133][ T7180]  ? __cfi_kstrtouint_from_user+0x10/0x10
[  677.440840][ T7180]  ? __cfi_futex_wake_op+0x10/0x10
[  677.446026][ T7180]  ? __kasan_check_write+0x14/0x20
[  677.451119][ T7180]  ? proc_fail_nth_write+0x180/0x200
[  677.456390][ T7180]  ? security_file_permission+0x8a/0xb0
[  677.461919][ T7180]  ? vfs_write+0xa2c/0xce0
[  677.466426][ T7180]  do_futex+0x1b3/0x430
[  677.470559][ T7180]  ? __cfi_do_futex+0x10/0x10
[  677.475211][ T7180]  ? __kasan_check_write+0x14/0x20
[  677.480299][ T7180]  ? mutex_unlock+0x8f/0x230
[  677.484872][ T7180]  __se_sys_futex+0x136/0x310
[  677.489527][ T7180]  ? __x64_sys_futex+0x100/0x100
[  677.494441][ T7180]  ? ksys_write+0x1f4/0x250
[  677.498926][ T7180]  ? __cfi_ksys_write+0x10/0x10
[  677.503757][ T7180]  ? do_user_addr_fault+0x9ac/0x1050
[  677.509022][ T7180]  __x64_sys_futex+0xe5/0x100
[  677.513679][ T7180]  x64_sys_call+0x7ec/0x9a0
[  677.518181][ T7180]  do_syscall_64+0x4c/0xa0
[  677.522575][ T7180]  ? clear_bhb_loop+0x30/0x80
[  677.527233][ T7180]  ? clear_bhb_loop+0x30/0x80
[  677.531897][ T7180]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  677.537769][ T7180] RIP: 0033:0x7f9626d9cdd9
[  677.542160][ T7180] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  677.562005][ T7180] RSP: 002b:00007f9627cb2028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  677.570405][ T7180] RAX: ffffffffffffffda RBX: 00007f9627016180 RCX: 00007f9626d9cdd9
[  677.578358][ T7180] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 000020000000cffc
[  677.586399][ T7180] RBP: 00007f9627cb2090 R08: 0000200000048000 R09: 0000000000000000
[  677.594468][ T7180] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  677.602427][ T7180] R13: 00007f9627016218 R14: 00007f9627016180 R15: 00007ffde5876038
[  677.610423][ T7180]  </TASK>
[  677.657232][ T7182] erofs: (device loop3): mounted with root inode @ nid 36.
[  677.728590][ T7186] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  677.742212][ T7186] overlayfs: unrecognized mount option "verity=off" or missing value
[  677.844224][  T287] EXT4-fs (loop1): unmounting filesystem.
[  677.850237][ T7192] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -4082 in[4096, 0] out[9000]
[  677.877488][ T7192] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -4082 in[4096, 0] out[9000]
[  677.900597][ T7194] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  677.915632][ T7192] bio_check_eod: 12 callbacks suppressed
[  677.915650][ T7192] syz.3.1769: attempt to access beyond end of device
[  677.915650][ T7192] loop3: rw=0, sector=34359738360, nr_sectors = 8 limit=16
[  677.940297][ T7192] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -4082 in[4096, 0] out[9000]
[  677.952719][ T7192] syz.3.1769: attempt to access beyond end of device
[  677.952719][ T7192] loop3: rw=0, sector=34359738360, nr_sectors = 8 limit=16
[  677.968801][ T7194] EXT4-fs error (device loop1): ext4_acquire_dquot:6822: comm syz.1.1772: Failed to acquire dquot type 1
[  677.980674][ T7194] EXT4-fs error (device loop1): ext4_do_update_inode:5270: inode #16: comm syz.1.1772: corrupted inode contents
[  677.993588][ T7192] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -4082 in[4096, 0] out[9000]
[  678.004808][ T7194] EXT4-fs error (device loop1): ext4_dirty_inode:6135: inode #16: comm syz.1.1772: mark_inode_dirty error
[  678.024271][ T7194] EXT4-fs error (device loop1): ext4_do_update_inode:5270: inode #16: comm syz.1.1772: corrupted inode contents
[  678.036665][ T7194] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #16: comm syz.1.1772: mark_inode_dirty error
[  678.048303][ T7194] EXT4-fs error (device loop1): ext4_do_update_inode:5270: inode #16: comm syz.1.1772: corrupted inode contents
[  678.064834][ T7194] EXT4-fs error (device loop1) in ext4_orphan_del:303: Corrupt filesystem
[  678.074056][ T7194] EXT4-fs error (device loop1): ext4_do_update_inode:5270: inode #16: comm syz.1.1772: corrupted inode contents
[  678.091782][ T7194] EXT4-fs error (device loop1): ext4_truncate:4316: inode #16: comm syz.1.1772: mark_inode_dirty error
[  678.113653][ T7194] EXT4-fs error (device loop1) in ext4_process_orphan:345: Corrupt filesystem
[  678.123288][ T7194] EXT4-fs (loop1): 1 truncate cleaned up
[  678.129027][ T7194] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  678.372451][ T7202] F2FS-fs (loop5): invalid crc value
[  678.379786][ T7202] F2FS-fs (loop5): Found nat_bits in checkpoint
[  678.409267][ T7202] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4
[  678.530088][ T7210] device bridge12 entered promiscuous mode
[  678.567607][ T7215] EXT4-fs: Ignoring removed mblk_io_submit option
[  678.588655][ T7215] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  678.601921][ T7215] FAULT_INJECTION: forcing a failure.
[  678.601921][ T7215] name failslab, interval 1, probability 0, space 0, times 1
[  678.615365][ T7215] CPU: 1 PID: 7215 Comm: syz.3.1780 Not tainted syzkaller #0
[  678.622752][ T7215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  678.632827][ T7215] Call Trace:
[  678.636152][ T7215]  <TASK>
[  678.639172][ T7215]  __dump_stack+0x21/0x24
[  678.643504][ T7215]  dump_stack_lvl+0x110/0x170
[  678.648186][ T7215]  ? __cfi_dump_stack_lvl+0x8/0x8
[  678.653212][ T7215]  dump_stack+0x15/0x24
[  678.657375][ T7215]  should_fail_ex+0x3d4/0x520
[  678.662139][ T7215]  __should_failslab+0xac/0xf0
[  678.666919][ T7215]  ? ext4_find_extent+0x29c/0xca0
[  678.672009][ T7215]  should_failslab+0x9/0x20
[  678.676591][ T7215]  __kmem_cache_alloc_node+0x3d/0x2c0
[  678.676620][ T7215]  ? ext4_find_extent+0x29c/0xca0
[  678.676633][ T7215]  __kmalloc+0xa1/0x1e0
[  678.676646][ T7215]  ext4_find_extent+0x29c/0xca0
[  678.676658][ T7215]  ? __cfi_avc_has_perm+0x10/0x10
[  678.676672][ T7215]  ext4_ext_map_blocks+0x207/0x6200
[  678.676688][ T7215]  ? is_bpf_text_address+0x177/0x190
[  678.676705][ T7215]  ? kernel_text_address+0xa0/0xd0
[  678.676722][ T7215]  ? __kasan_check_write+0x14/0x20
[  678.676742][ T7215]  ? __cfi__raw_spin_lock_irqsave+0x10/0x10
[  678.676758][ T7215]  ? __cfi_ext4_ext_map_blocks+0x10/0x10
[  678.676774][ T7215]  ? ext4_es_lookup_extent+0x54c/0x900
[  678.676791][ T7215]  ext4_map_blocks+0x9d8/0x1b70
[  678.676807][ T7215]  ? __cfi_ext4_map_blocks+0x10/0x10
[  678.676822][ T7215]  ? __kasan_check_read+0x11/0x20
[  678.676833][ T7215]  ? __ext4_journal_start_sb+0x2ed/0x4a0
[  678.676847][ T7215]  ext4_alloc_file_blocks+0x372/0xb60
[  678.676864][ T7215]  ? trace_ext4_fallocate_enter+0x130/0x130
[  678.676879][ T7215]  ? ext4_inode_journal_mode+0x19a/0x480
[  678.676892][ T7215]  ext4_zero_range+0x449/0xd00
[  678.676908][ T7215]  ext4_fallocate+0x539/0x1d20
[  678.676922][ T7215]  ? fsnotify_perm+0x67/0x5b0
[  678.676940][ T7215]  vfs_fallocate+0x4c5/0x5a0
[  678.676953][ T7215]  __x64_sys_fallocate+0xc0/0x110
[  678.676972][ T7215]  x64_sys_call+0x7fa/0x9a0
[  678.676986][ T7215]  do_syscall_64+0x4c/0xa0
[  678.676999][ T7215]  ? clear_bhb_loop+0x30/0x80
[  678.677014][ T7215]  ? clear_bhb_loop+0x30/0x80
[  678.677030][ T7215]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  678.677045][ T7215] RIP: 0033:0x7f01de99cdd9
[  678.677058][ T7215] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  678.677069][ T7215] RSP: 002b:00007f01df778028 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
[  678.677084][ T7215] RAX: ffffffffffffffda RBX: 00007f01dec15fa0 RCX: 00007f01de99cdd9
[  678.677093][ T7215] RDX: 00000000000037ec RSI: 0000000000000010 RDI: 0000000000000004
[  678.677102][ T7215] RBP: 00007f01df778090 R08: 0000000000000000 R09: 0000000000000000
[  678.677110][ T7215] R10: 0000000000000683 R11: 0000000000000246 R12: 0000000000000001
[  678.677118][ T7215] R13: 00007f01dec16038 R14: 00007f01dec15fa0 R15: 00007ffeaacdfce8
[  678.677130][ T7215]  </TASK>
[  678.692543][ T1610] EXT4-fs error (device loop3): ext4_map_blocks:745: inode #15: block 3: comm kworker/u4:7: lblock 3 mapped to illegal pblock 3 (length 3)
[  678.692732][ T1610] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  678.692754][ T1610] EXT4-fs (loop3): This should not happen!! Data will be lost
[  678.692754][ T1610] 
[  678.696624][ T1610] EXT4-fs error (device loop3): ext4_map_blocks:745: inode #15: block 8: comm kworker/u4:7: lblock 8 mapped to illegal pblock 8 (length 8)
[  678.958042][ T1610] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  678.970923][ T1610] EXT4-fs (loop3): This should not happen!! Data will be lost
[  678.970923][ T1610] 
[  678.982212][  T289] EXT4-fs (loop3): unmounting filesystem.
[  678.982512][  T287] EXT4-fs (loop1): unmounting filesystem.
[  679.016268][ T7231] FAULT_INJECTION: forcing a failure.
[  679.016268][ T7231] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  679.029418][ T7231] CPU: 1 PID: 7231 Comm: syz.1.1785 Not tainted syzkaller #0
[  679.036797][ T7231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  679.046837][ T7231] Call Trace:
[  679.050097][ T7231]  <TASK>
[  679.053006][ T7231]  __dump_stack+0x21/0x24
[  679.057322][ T7231]  dump_stack_lvl+0x110/0x170
[  679.061975][ T7231]  ? __cfi_dump_stack_lvl+0x8/0x8
[  679.066976][ T7231]  ? _parse_integer_limit+0x18a/0x1d0
[  679.072328][ T7231]  dump_stack+0x15/0x24
[  679.076640][ T7231]  should_fail_ex+0x3d4/0x520
[  679.081305][ T7231]  should_fail+0xb/0x10
[  679.085454][ T7231]  should_fail_usercopy+0x1a/0x20
[  679.090529][ T7231]  _copy_from_user+0x1e/0xc0
[  679.095110][ T7231]  input_event_from_user+0xae/0x290
[  679.100298][ T7231]  ? __cfi_input_event_from_user+0x10/0x10
[  679.106096][ T7231]  ? __cfi_kstrtouint_from_user+0x10/0x10
[  679.111804][ T7231]  evdev_write+0x2fe/0x470
[  679.116207][ T7231]  ? __cfi_evdev_write+0x10/0x10
[  679.121124][ T7231]  ? fsnotify_perm+0x67/0x5b0
[  679.125780][ T7231]  ? security_file_permission+0x8a/0xb0
[  679.131306][ T7231]  ? security_file_permission+0x94/0xb0
[  679.136828][ T7231]  ? __cfi_evdev_write+0x10/0x10
[  679.141745][ T7231]  vfs_write+0x40e/0xce0
[  679.145973][ T7231]  ? __cfi_vfs_write+0x10/0x10
[  679.150737][ T7231]  ? __fget_files+0x2d5/0x330
[  679.155402][ T7231]  ? __fdget_pos+0x1f2/0x380
[  679.157045][ T7234] set_capacity_and_notify: 6 callbacks suppressed
[  679.157060][ T7234] loop3: detected capacity change from 0 to 16
[  679.159993][ T7231]  ? ksys_write+0x71/0x250
[  679.169719][ T7234] erofs: (device loop3): mounted with root inode @ nid 36.
[  679.172522][ T7231]  ksys_write+0x149/0x250
[  679.172561][ T7231]  ? __cfi_ksys_write+0x10/0x10
[  679.172576][ T7231]  ? debug_smp_processor_id+0x17/0x20
[  679.172593][ T7231]  __x64_sys_write+0x7b/0x90
[  679.172609][ T7231]  x64_sys_call+0x27b/0x9a0
[  679.172628][ T7231]  do_syscall_64+0x4c/0xa0
[  679.172644][ T7231]  ? clear_bhb_loop+0x30/0x80
[  679.172665][ T7231]  ? clear_bhb_loop+0x30/0x80
[  679.172686][ T7231]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  679.172706][ T7231] RIP: 0033:0x7f0f3719cdd9
[  679.172720][ T7231] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  679.172734][ T7231] RSP: 002b:00007f0f37f9f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  679.172752][ T7231] RAX: ffffffffffffffda RBX: 00007f0f37415fa0 RCX: 00007f0f3719cdd9
[  679.172765][ T7231] RDX: 0000000000002250 RSI: 0000200000000040 RDI: 0000000000000003
[  679.172775][ T7231] RBP: 00007f0f37f9f090 R08: 0000000000000000 R09: 0000000000000000
[  679.172785][ T7231] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  679.172796][ T7231] R13: 00007f0f37416038 R14: 00007f0f37415fa0 R15: 00007ffc0e59b838
[  679.172809][ T7231]  </TASK>
[  679.175290][  T372] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  679.313573][ T7232] syz.3.1781: attempt to access beyond end of device
[  679.313573][ T7232] loop3: rw=524288, sector=1056, nr_sectors = 16 limit=16
[  679.327875][ T7232] syz.3.1781: attempt to access beyond end of device
[  679.327875][ T7232] loop3: rw=524288, sector=8, nr_sectors = 16 limit=16
[  679.352687][ T7236] device syzkaller0 entered promiscuous mode
[  679.360626][ T7238] loop4: detected capacity change from 0 to 16
[  679.367455][ T7238] erofs: (device loop4): mounted with root inode @ nid 36.
[  679.483726][ T7243] device bridge27 entered promiscuous mode
[  679.513935][  T372] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  679.523465][ T7244] syz.4.1787: attempt to access beyond end of device
[  679.523465][ T7244] loop4: rw=524288, sector=34359738360, nr_sectors = 8 limit=16
[  679.531586][  T372] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2
[  679.556986][  T372] usb 1-1: config 1 has no interface number 0
[  679.559462][ T7244] syz.4.1787: attempt to access beyond end of device
[  679.559462][ T7244] loop4: rw=0, sector=34359738360, nr_sectors = 8 limit=16
[  679.563436][  T372] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  679.589504][  T372] usb 1-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  679.596882][ T7244] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -4082 in[4096, 0] out[9000]
[  679.599294][  T372] usb 1-1: too many endpoints for config 1 interface 1 altsetting 1: 247, using maximum allowed: 30
[  679.624425][ T7244] syz.4.1787: attempt to access beyond end of device
[  679.624425][ T7244] loop4: rw=0, sector=34359738360, nr_sectors = 8 limit=16
[  679.631682][  T372] usb 1-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 247
[  679.656796][ T7244] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -4082 in[4096, 0] out[9000]
[  679.665188][  T372] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  679.670005][ T7248] FAULT_INJECTION: forcing a failure.
[  679.670005][ T7248] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  679.688198][  T372] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  679.690347][ T7244] syz.4.1787: attempt to access beyond end of device
[  679.690347][ T7244] loop4: rw=0, sector=34359738360, nr_sectors = 8 limit=16
[  679.706714][  T372] usb 1-1: Product: syz
[  679.712548][ T7248] CPU: 0 PID: 7248 Comm: syz.1.1791 Not tainted syzkaller #0
[  679.720634][  T372] usb 1-1: Manufacturer: syz
[  679.723483][ T7248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  679.723493][ T7248] Call Trace:
[  679.723498][ T7248]  <TASK>
[  679.723505][ T7248]  __dump_stack+0x21/0x24
[  679.723528][ T7248]  dump_stack_lvl+0x110/0x170
[  679.723544][ T7248]  ? __cfi_dump_stack_lvl+0x8/0x8
[  679.723561][ T7248]  ? _parse_integer+0x2a/0x40
[  679.723577][ T7248]  dump_stack+0x15/0x24
[  679.734276][  T372] usb 1-1: SerialNumber: syz
[  679.738189][ T7248]  should_fail_ex+0x3d4/0x520
[  679.776758][ T7248]  should_fail+0xb/0x10
[  679.780919][ T7248]  should_fail_usercopy+0x1a/0x20
[  679.785944][ T7248]  _copy_from_user+0x1e/0xc0
[  679.790543][ T7248]  ___sys_sendmsg+0x1c3/0x360
[  679.795486][ T7248]  ? __sys_sendmsg+0x290/0x290
[  679.800249][ T7248]  ? __kasan_check_write+0x14/0x20
[  679.805366][ T7248]  ? proc_fail_nth_write+0x180/0x200
[  679.810650][ T7248]  ? vfs_write+0xa2c/0xce0
[  679.815141][ T7248]  ? __fdget+0x19c/0x220
[  679.819397][ T7248]  __x64_sys_sendmsg+0x205/0x2d0
[  679.824353][ T7248]  ? __cfi___x64_sys_sendmsg+0x10/0x10
[  679.829833][ T7248]  ? fpregs_assert_state_consistent+0xb1/0xe0
[  679.835914][ T7248]  x64_sys_call+0x171/0x9a0
[  679.840426][ T7248]  do_syscall_64+0x4c/0xa0
[  679.844845][ T7248]  ? clear_bhb_loop+0x30/0x80
[  679.849524][ T7248]  ? clear_bhb_loop+0x30/0x80
[  679.854207][ T7248]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  679.860106][ T7248] RIP: 0033:0x7f0f3719cdd9
[  679.864520][ T7248] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  679.883813][ T7244] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -4082 in[4096, 0] out[9000]
[  679.884209][ T7248] RSP: 002b:00007f0f37f9f028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  679.884231][ T7248] RAX: ffffffffffffffda RBX: 00007f0f37415fa0 RCX: 00007f0f3719cdd9
[  679.902275][ T7244] syz.4.1787: attempt to access beyond end of device
[  679.902275][ T7244] loop4: rw=0, sector=34359738360, nr_sectors = 8 limit=16
[  679.903521][ T7248] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003
[  679.903534][ T7248] RBP: 00007f0f37f9f090 R08: 0000000000000000 R09: 0000000000000000
[  679.903545][ T7248] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  679.912620][ T7244] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -4082 in[4096, 0] out[9000]
[  679.925204][ T7248] R13: 00007f0f37416038 R14: 00007f0f37415fa0 R15: 00007ffc0e59b838
[  679.925231][ T7248]  </TASK>
[  679.972464][ T7250] loop1: detected capacity change from 0 to 512
[  679.980204][ T7250] EXT4-fs: Ignoring removed mblk_io_submit option
[  680.059181][   T28] kauditd_printk_skb: 65 callbacks suppressed
[  680.059230][   T28] audit: type=1400 audit(680.080:3595): avc:  denied  { read } for  pid=7251 comm="syz.3.1793" name="usbmon0" dev="devtmpfs" ino=159 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  680.231987][ T7250] EXT4-fs (loop1): orphan cleanup on readonly fs
[  680.248657][ T7250] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -13
[  680.298594][ T7250] EXT4-fs error (device loop1): ext4_clear_blocks:883: inode #13: comm syz.1.1792: attempt to clear invalid blocks 2 len 1
[  680.324143][ T7261] netlink: 'syz.3.1795': attribute type 4 has an invalid length.
[  680.332036][   T28] audit: type=1400 audit(680.080:3596): avc:  denied  { open } for  pid=7251 comm="syz.3.1793" path="/dev/usbmon0" dev="devtmpfs" ino=159 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  680.372668][ T7261] FAULT_INJECTION: forcing a failure.
[  680.372668][ T7261] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  680.390610][ T7250] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1126: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  680.441044][ T7263] loop4: detected capacity change from 0 to 2048
[  680.452188][ T7261] CPU: 1 PID: 7261 Comm: syz.3.1795 Not tainted syzkaller #0
[  680.459609][ T7261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  680.469675][ T7261] Call Trace:
[  680.472962][ T7261]  <TASK>
[  680.475894][ T7261]  __dump_stack+0x21/0x24
[  680.480228][ T7261]  dump_stack_lvl+0x110/0x170
[  680.484905][ T7261]  ? __cfi_dump_stack_lvl+0x8/0x8
[  680.489937][ T7261]  dump_stack+0x15/0x24
[  680.494096][ T7261]  should_fail_ex+0x3d4/0x520
[  680.498773][ T7261]  should_fail+0xb/0x10
[  680.502920][ T7261]  should_fail_usercopy+0x1a/0x20
[  680.507941][ T7261]  _copy_from_user+0x1e/0xc0
[  680.512546][ T7261]  iovec_from_user+0x1aa/0x2e0
[  680.517308][ T7261]  __import_iovec+0x71/0x470
[  680.521912][ T7261]  import_iovec+0x7c/0xb0
[  680.526329][ T7261]  vfs_writev+0x154/0x5f0
[  680.530667][ T7261]  ? do_writev+0x2c0/0x2c0
[  680.535083][ T7261]  ? vfs_write+0xa2c/0xce0
[  680.539501][ T7261]  ? __fdget_pos+0x1f2/0x380
[  680.544088][ T7261]  ? do_writev+0x76/0x2c0
[  680.548417][ T7261]  do_writev+0x14e/0x2c0
[  680.552659][ T7261]  ? do_readv+0x450/0x450
[  680.556985][ T7261]  ? debug_smp_processor_id+0x17/0x20
[  680.562366][ T7261]  __x64_sys_writev+0x7d/0x90
[  680.567054][ T7261]  x64_sys_call+0xad/0x9a0
[  680.571483][ T7261]  do_syscall_64+0x4c/0xa0
[  680.575908][ T7261]  ? clear_bhb_loop+0x30/0x80
[  680.580591][ T7261]  ? clear_bhb_loop+0x30/0x80
[  680.585272][ T7261]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  680.591167][ T7261] RIP: 0033:0x7f01de99cdd9
[  680.594265][   T28] audit: type=1400 audit(680.080:3597): avc:  denied  { ioctl } for  pid=7251 comm="syz.3.1793" path="/dev/usbmon0" dev="devtmpfs" ino=159 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  680.595754][ T7261] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  680.595770][ T7261] RSP: 002b:00007f01df778028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  680.595788][ T7261] RAX: ffffffffffffffda RBX: 00007f01dec15fa0 RCX: 00007f01de99cdd9
[  680.595801][ T7261] RDX: 0000000000000001 RSI: 0000200000000100 RDI: 0000000000000004
[  680.595813][ T7261] RBP: 00007f01df778090 R08: 0000000000000000 R09: 0000000000000000
[  680.595824][ T7261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  680.595833][ T7261] R13: 00007f01dec16038 R14: 00007f01dec15fa0 R15: 00007ffeaacdfce8
[  680.688550][ T7261]  </TASK>
[  680.692663][ T7250] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.1792: invalid indirect mapped block 1819239214 (level 0)
[  680.696551][   T28] audit: type=1400 audit(680.270:3598): avc:  denied  { unlink } for  pid=7258 comm="syz.3.1794" name="#3" dev="tmpfs" ino=2133 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  680.709779][ T7266] netlink: 'syz.3.1797': attribute type 4 has an invalid length.
[  680.733680][ T7266] netlink: 'syz.3.1797': attribute type 4 has an invalid length.
[  680.791363][ T7268] device syzkaller0 entered promiscuous mode
[  680.810366][ T7250] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.1792: invalid indirect mapped block 1819239214 (level 1)
[  680.841887][ T7250] EXT4-fs (loop1): 1 truncate cleaned up
[  680.847587][ T7250] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  680.883421][ T7273] device bridge13 entered promiscuous mode
[  680.896845][ T7250] EXT4-fs (loop1): Quota file not on filesystem root. Journaled quota will not work
[  680.897009][   T28] audit: type=1400 audit(680.920:3599): avc:  denied  { create } for  pid=7276 comm="syz.4.1802" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  680.927701][ T7277] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1802'.
[  680.943858][ T7277] netlink: 'syz.4.1802': attribute type 4 has an invalid length.
[  680.953763][  T287] EXT4-fs (loop1): unmounting filesystem.
[  680.960020][ T7278] binder: 7224:7278 ioctl c0306201 2000000003c0 returned -14
[  680.965501][   T28] audit: type=1400 audit(680.960:3600): avc:  denied  { quotaon } for  pid=7249 comm="syz.1.1792" name="file0" dev="loop1" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  680.968787][ T7280] tipc: Enabled bearer <eth:vlan0>, priority 16
[  680.997813][   T28] audit: type=1400 audit(680.990:3601): avc:  denied  { read } for  pid=7224 comm="syz.0.1783" name="binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  681.031124][   T28] audit: type=1400 audit(680.990:3602): avc:  denied  { open } for  pid=7224 comm="syz.0.1783" path="/dev/binderfs/binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  681.031663][ T7280] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1803'.
[  681.056206][   T28] audit: type=1400 audit(680.990:3603): avc:  denied  { ioctl } for  pid=7224 comm="syz.0.1783" path="/dev/binderfs/binder0" dev="binder" ino=13 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  681.092957][   T28] audit: type=1400 audit(680.990:3604): avc:  denied  { set_context_mgr } for  pid=7224 comm="syz.0.1783" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  681.103105][ T7280] netlink: 'syz.3.1803': attribute type 4 has an invalid length.
[  681.125146][ T7280] netlink: 'syz.3.1803': attribute type 4 has an invalid length.
[  681.151771][ T7290] fuse: Bad value for 'fd'
[  681.306213][ T7296] fuse: Bad value for 'fd'
[  681.371293][    T6] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  681.552736][    T6] usb 5-1: unable to get BOS descriptor or descriptor too short
[  681.561414][    T6] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  681.571589][    T6] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  681.580525][    T6] usb 5-1: config 1 has no interface number 0
[  681.588569][    T6] usb 5-1: New USB device found, idVendor=0e41, idProduct=4650, bcdDevice= 0.40
[  681.597844][    T6] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  681.606040][    T6] usb 5-1: Product: syz
[  681.610266][    T6] usb 5-1: Manufacturer: syz
[  681.615136][    T6] usb 5-1: SerialNumber: syz
[  681.704358][ T7298] loop3: detected capacity change from 0 to 131072
[  681.717370][ T7298] F2FS-fs (loop3): Test dummy encryption mode enabled
[  681.731357][ T7298] F2FS-fs (loop3): invalid crc value
[  681.732693][ T7300] loop5: detected capacity change from 0 to 2048
[  681.746000][ T7298] F2FS-fs (loop3): Found nat_bits in checkpoint
[  681.763097][ T4359] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  681.793306][ T7298] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=80000000, run fsck to fix.
[  681.805210][ T7298] F2FS-fs (loop3): Start checkpoint disabled!
[  681.812039][ T7298] F2FS-fs (loop3): f2fs_disable_checkpoint() finish, err:0
[  681.819985][ T7298] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  681.847847][ T7298] fscrypt: AES-256-XTS using implementation "xts-aes-aesni"
[  681.880070][    T6] usb 5-1: 1:0 : does not exist
[  681.891474][ T7307] SELinux:  policydb version 18779607 does not match my version range 15-33
[  681.911994][    T6] usb 5-1: BAAD GENERIC IO: no channels?
[  681.926778][ T7307] SELinux: failed to load policy
[  681.933329][    T6] snd-usb-audio: probe of 5-1:1.1 failed with error -22
[  681.943317][    T6] usb 5-1: USB disconnect, device number 2
[  681.955959][ T3756] udevd[3756]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.1/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  682.091856][   T24] tipc: Node number set to 1
[  682.188273][  T318] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=80000000, run fsck to fix.
[  682.334845][  T372] cdc_ncm 1-1:1.1: bind() failure
[  682.420928][  T372] usb 1-1: USB disconnect, device number 2
[  682.444698][ T7320] fuse: Bad value for 'fd'
[  682.617893][ T7318] loop5: detected capacity change from 0 to 131072
[  682.635243][ T7318] F2FS-fs (loop5): Test dummy encryption mode enabled
[  682.651764][ T7318] F2FS-fs (loop5): invalid crc value
[  682.677856][ T7329] loop0: detected capacity change from 0 to 16
[  682.685296][ T7329] erofs: (device loop0): mounted with root inode @ nid 36.
[  682.697736][ T7318] F2FS-fs (loop5): Found nat_bits in checkpoint
[  682.704306][ T7329] syz.0.1819: attempt to access beyond end of device
[  682.704306][ T7329] loop0: rw=524288, sector=1056, nr_sectors = 16 limit=16
[  682.745167][ T7312] loop1: detected capacity change from 0 to 131072
[  682.768580][ T7331] loop0: detected capacity change from 0 to 2048
[  682.786498][ T7312] F2FS-fs (loop1): Test dummy encryption mode enabled
[  682.809918][ T7318] F2FS-fs (loop5): f2fs_check_nid_range: out-of-range nid=80000000, run fsck to fix.
[  682.824059][ T7312] F2FS-fs (loop1): invalid crc value
[  682.843357][ T7312] F2FS-fs (loop1): Found nat_bits in checkpoint
[  682.853528][ T7318] F2FS-fs (loop5): Start checkpoint disabled!
[  682.863824][ T7318] F2FS-fs (loop5): f2fs_disable_checkpoint() finish, err:0
[  682.887322][ T7318] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  682.906763][ T7312] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=80000000, run fsck to fix.
[  682.936842][ T7312] F2FS-fs (loop1): Start checkpoint disabled!
[  682.972027][ T7312] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0
[  682.985997][ T7312] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  683.068582][ T7345] erofs: (device loop0): mounted with root inode @ nid 36.
[  683.082118][ T7345] bio_check_eod: 1 callbacks suppressed
[  683.082151][ T7345] syz.0.1822: attempt to access beyond end of device
[  683.082151][ T7345] loop0: rw=524288, sector=1056, nr_sectors = 16 limit=16
[  683.101720][ T7345] syz.0.1822: attempt to access beyond end of device
[  683.101720][ T7345] loop0: rw=524288, sector=8, nr_sectors = 16 limit=16
[  683.290254][ T7346] FAULT_INJECTION: forcing a failure.
[  683.290254][ T7346] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  683.358701][ T7346] CPU: 0 PID: 7346 Comm: syz.1.1812 Not tainted syzkaller #0
[  683.366129][ T7346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  683.376283][ T7346] Call Trace:
[  683.379565][ T7346]  <TASK>
[  683.382508][ T7346]  __dump_stack+0x21/0x24
[  683.386857][ T7346]  dump_stack_lvl+0x110/0x170
[  683.391538][ T7346]  ? __cfi_dump_stack_lvl+0x8/0x8
[  683.396740][ T7346]  ? __local_bh_enable_ip+0x58/0x80
[  683.401948][ T7346]  dump_stack+0x15/0x24
[  683.406114][ T7346]  should_fail_ex+0x3d4/0x520
[  683.410795][ T7346]  should_fail+0xb/0x10
[  683.414968][ T7346]  should_fail_usercopy+0x1a/0x20
[  683.420047][ T7346]  _copy_from_user+0x1e/0xc0
[  683.424670][ T7346]  copy_from_sockptr+0x6f/0x90
[  683.429552][ T7346]  packet_setsockopt+0x9ee/0x1390
[  683.434592][ T7346]  ? __cfi_packet_setsockopt+0x10/0x10
[  683.440107][ T7346]  ? proc_fail_nth_write+0x180/0x200
[  683.445413][ T7346]  ? __cfi_selinux_socket_setsockopt+0x10/0x10
[  683.451588][ T7346]  ? __fget_files+0x2d5/0x330
[  683.456281][ T7346]  ? security_socket_setsockopt+0x93/0xb0
[  683.462020][ T7346]  ? __cfi_packet_setsockopt+0x10/0x10
[  683.467494][ T7346]  __sys_setsockopt+0x2ff/0x4e0
[  683.472359][ T7346]  ? __cfi___sys_setsockopt+0x10/0x10
[  683.477753][ T7346]  ? ksys_write+0x1f4/0x250
[  683.482275][ T7346]  ? __kasan_check_write+0x14/0x20
[  683.487397][ T7346]  ? fpregs_restore_userregs+0x128/0x260
[  683.493042][ T7346]  __x64_sys_setsockopt+0xbf/0xd0
[  683.498084][ T7346]  x64_sys_call+0x124/0x9a0
[  683.502608][ T7346]  do_syscall_64+0x4c/0xa0
[  683.507051][ T7346]  ? clear_bhb_loop+0x30/0x80
[  683.511777][ T7346]  ? clear_bhb_loop+0x30/0x80
[  683.516471][ T7346]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  683.522397][ T7346] RIP: 0033:0x7f0f3719cdd9
[  683.526828][ T7346] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  683.546545][ T7346] RSP: 002b:00007f0f37f7e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  683.555099][ T7346] RAX: ffffffffffffffda RBX: 00007f0f37416090 RCX: 00007f0f3719cdd9
[  683.563170][ T7346] RDX: 000000000000000d RSI: 0000000000000107 RDI: 0000000000000006
[  683.571159][ T7346] RBP: 00007f0f37f7e090 R08: 0000000000000010 R09: 0000000000000000
[  683.579233][ T7346] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000001
[  683.587228][ T7346] R13: 00007f0f37416128 R14: 00007f0f37416090 R15: 00007ffc0e59b838
[  683.595225][ T7346]  </TASK>
[  683.598797][ T7348] FAULT_INJECTION: forcing a failure.
[  683.598797][ T7348] name failslab, interval 1, probability 0, space 0, times 0
[  683.612266][ T7348] CPU: 1 PID: 7348 Comm: syz.4.1823 Not tainted syzkaller #0
[  683.619666][ T7348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  683.629908][ T7348] Call Trace:
[  683.633193][ T7348]  <TASK>
[  683.636138][ T7348]  __dump_stack+0x21/0x24
[  683.640481][ T7348]  dump_stack_lvl+0x110/0x170
[  683.645167][ T7348]  ? __cfi_dump_stack_lvl+0x8/0x8
[  683.650210][ T7348]  ? avc_has_perm+0x163/0x250
[  683.653803][  T318] F2FS-fs (loop5): f2fs_check_nid_range: out-of-range nid=80000000, run fsck to fix.
[  683.654898][ T7348]  dump_stack+0x15/0x24
[  683.654921][ T7348]  should_fail_ex+0x3d4/0x520
[  683.673157][ T7348]  __should_failslab+0xac/0xf0
[  683.677937][ T7348]  should_failslab+0x9/0x20
[  683.682463][ T7348]  slab_pre_alloc_hook+0x30/0x1e0
[  683.687511][ T7348]  ? __kasan_check_write+0x14/0x20
[  683.692637][ T7348]  kmem_cache_alloc_lru+0x49/0x280
[  683.697781][ T7348]  ? sock_alloc_inode+0x28/0xc0
[  683.702757][ T7348]  sock_alloc_inode+0x28/0xc0
[  683.707453][ T7348]  ? __cfi_sock_alloc_inode+0x10/0x10
[  683.712947][ T7348]  new_inode_pseudo+0x70/0x1f0
[  683.717736][ T7348]  __sock_create+0x12c/0x7c0
[  683.722352][ T7348]  __sys_socketpair+0x1a1/0x5b0
[  683.727217][ T7348]  __x64_sys_socketpair+0x9b/0xb0
[  683.732257][ T7348]  x64_sys_call+0x6e/0x9a0
[  683.736694][ T7348]  do_syscall_64+0x4c/0xa0
[  683.741129][ T7348]  ? clear_bhb_loop+0x30/0x80
[  683.745828][ T7348]  ? clear_bhb_loop+0x30/0x80
[  683.750525][ T7348]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  683.756432][ T7348] RIP: 0033:0x7f6d15b9cdd9
[  683.760923][ T7348] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  683.780543][ T7348] RSP: 002b:00007f6d145f7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000035
[  683.788973][ T7348] RAX: ffffffffffffffda RBX: 00007f6d15e15fa0 RCX: 00007f6d15b9cdd9
[  683.796960][ T7348] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000001
[  683.804963][ T7348] RBP: 00007f6d145f7090 R08: 0000000000000000 R09: 0000000000000000
[  683.806260][ T7322] F2FS-fs (loop3): Test dummy encryption mode enabled
[  683.812950][ T7348] R10: 0000200000000200 R11: 0000000000000246 R12: 0000000000000001
[  683.812965][ T7348] R13: 00007f6d15e16038 R14: 00007f6d15e15fa0 R15: 00007ffdf3a868b8
[  683.812979][ T7348]  </TASK>
[  683.813834][ T7348] socket: no more sockets
[  683.878572][ T7322] F2FS-fs (loop3): invalid crc value
[  684.048149][ T7362] FAULT_INJECTION: forcing a failure.
[  684.048149][ T7362] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  684.061564][ T7362] CPU: 1 PID: 7362 Comm: syz.4.1824 Not tainted syzkaller #0
[  684.069122][ T7362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  684.079180][ T7362] Call Trace:
[  684.082463][ T7362]  <TASK>
[  684.085392][ T7362]  __dump_stack+0x21/0x24
[  684.089722][ T7362]  dump_stack_lvl+0x110/0x170
[  684.094398][ T7362]  ? __cfi_dump_stack_lvl+0x8/0x8
[  684.099426][ T7362]  dump_stack+0x15/0x24
[  684.103938][ T7362]  should_fail_ex+0x3d4/0x520
[  684.108626][ T7362]  should_fail+0xb/0x10
[  684.112786][ T7362]  should_fail_usercopy+0x1a/0x20
[  684.117814][ T7362]  _copy_from_user+0x1e/0xc0
[  684.122423][ T7362]  get_user_ifreq+0x6c/0x180
[  684.127032][ T7362]  sock_ioctl+0x631/0x710
[  684.131376][ T7362]  ? __cfi_sock_ioctl+0x10/0x10
[  684.136246][ T7362]  ? security_file_ioctl+0x95/0xc0
[  684.141483][ T7362]  ? __cfi_sock_ioctl+0x10/0x10
[  684.146365][ T7362]  __se_sys_ioctl+0x12f/0x1b0
[  684.151062][ T7362]  __x64_sys_ioctl+0x7b/0x90
[  684.155663][ T7362]  x64_sys_call+0x58b/0x9a0
[  684.160194][ T7362]  do_syscall_64+0x4c/0xa0
[  684.164628][ T7362]  ? clear_bhb_loop+0x30/0x80
[  684.169323][ T7362]  ? clear_bhb_loop+0x30/0x80
[  684.174064][ T7362]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  684.180077][ T7362] RIP: 0033:0x7f6d15b9cdd9
[  684.184603][ T7362] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  684.204488][ T7362] RSP: 002b:00007f6d145b5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  684.212914][ T7362] RAX: ffffffffffffffda RBX: 00007f6d15e16180 RCX: 00007f6d15b9cdd9
[  684.220890][ T7362] RDX: 0000200000000040 RSI: 00000000000089f0 RDI: 0000000000000005
[  684.228861][ T7362] RBP: 00007f6d145b5090 R08: 0000000000000000 R09: 0000000000000000
[  684.236917][ T7362] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  684.245148][ T7362] R13: 00007f6d15e16218 R14: 00007f6d15e16180 R15: 00007ffdf3a868b8
[  684.253134][ T7362]  </TASK>
[  684.584913][ T7322] F2FS-fs (loop3): Found nat_bits in checkpoint
[  684.938430][  T442] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=80000000, run fsck to fix.
[  684.959960][ T7322] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=80000000, run fsck to fix.
[  684.981166][ T7322] F2FS-fs (loop3): Start checkpoint disabled!
[  684.990225][ T7322] F2FS-fs (loop3): f2fs_disable_checkpoint() finish, err:0
[  685.097828][ T7322] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  685.199902][ T7370] fuse: Bad value for 'fd'
[  685.393820][ T7374] set_capacity_and_notify: 2 callbacks suppressed
[  685.393953][ T7374] loop1: detected capacity change from 0 to 256
[  685.419277][ T7374] exfat: Deprecated parameter 'utf8'
[  685.425917][ T7374] exfat: Deprecated parameter 'namecase'
[  685.441948][ T7374] exfat: Deprecated parameter 'namecase'
[  685.456674][ T7374] exfat: Deprecated parameter 'namecase'
[  685.579948][ T7374] exFAT-fs (loop1): failed to load upcase table (idx : 0x0001fe89, chksum : 0xc374f927, utbl_chksum : 0xe619d30d)
[  686.423229][ T7382] loop0: detected capacity change from 0 to 16
[  686.551377][ T7382] erofs: (device loop0): mounted with root inode @ nid 36.
[  686.565037][ T7382] syz.0.1831: attempt to access beyond end of device
[  686.565037][ T7382] loop0: rw=524288, sector=1056, nr_sectors = 16 limit=16
[  686.579026][ T7382] syz.0.1831: attempt to access beyond end of device
[  686.579026][ T7382] loop0: rw=524288, sector=8, nr_sectors = 16 limit=16
[  686.776303][   T28] kauditd_printk_skb: 18 callbacks suppressed
[  686.776319][   T28] audit: type=1400 audit(686.800:3623): avc:  denied  { map } for  pid=7383 comm="syz.5.1832" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=41202 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  686.804894][ T7386] loop4: detected capacity change from 0 to 16
[  686.832417][ T7386] erofs: (device loop4): mounted with root inode @ nid 36.
[  686.846036][   T28] audit: type=1400 audit(686.830:3624): avc:  denied  { read write } for  pid=7383 comm="syz.5.1832" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=41202 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  686.890031][ T7388] loop0: detected capacity change from 0 to 512
[  686.931466][ T1610] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=80000000, run fsck to fix.
[  686.955102][ T7394] loop1: detected capacity change from 0 to 512
[  686.965742][ T7388] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  687.032987][ T7398] syz.4.1833: attempt to access beyond end of device
[  687.032987][ T7398] loop4: rw=524288, sector=34359738360, nr_sectors = 8 limit=16
[  687.092126][ T7398] syz.4.1833: attempt to access beyond end of device
[  687.092126][ T7398] loop4: rw=0, sector=34359738360, nr_sectors = 8 limit=16
[  687.109288][ T7398] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -4082 in[4096, 0] out[9000]
[  687.121834][ T7398] syz.4.1833: attempt to access beyond end of device
[  687.121834][ T7398] loop4: rw=0, sector=34359738360, nr_sectors = 8 limit=16
[  687.139071][ T7398] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -4082 in[4096, 0] out[9000]
[  687.152085][ T7398] syz.4.1833: attempt to access beyond end of device
[  687.152085][ T7398] loop4: rw=0, sector=34359738360, nr_sectors = 8 limit=16
[  687.169235][ T7398] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -4082 in[4096, 0] out[9000]
[  687.181668][ T7398] syz.4.1833: attempt to access beyond end of device
[  687.181668][ T7398] loop4: rw=0, sector=34359738360, nr_sectors = 8 limit=16
[  687.198876][ T7398] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -4082 in[4096, 0] out[9000]
[  687.214016][ T7399] loop5: detected capacity change from 0 to 512
[  687.222347][   T28] audit: type=1400 audit(687.090:3625): avc:  denied  { read } for  pid=7389 comm="syz.5.1835" name="rtc0" dev="devtmpfs" ino=263 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  687.246274][ T7399] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  687.272652][   T28] audit: type=1400 audit(687.230:3626): avc:  denied  { connect } for  pid=7389 comm="syz.5.1835" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  687.298327][ T7399] EXT4-fs error (device loop5): ext4_init_orphan_info:621: comm syz.5.1835: orphan file block 0: bad magic
[  687.312891][ T7399] EXT4-fs (loop5): mount failed
[  687.435488][ T7394] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  687.446007][ T7388] EXT4-fs error (device loop0): ext4_orphan_get:1399: inode #15: comm syz.0.1834: casefold flag without casefold feature
[  687.486550][ T7394] EXT4-fs error (device loop1): ext4_xattr_block_get:543: inode #15: comm syz.1.1838: corrupted xattr block 33
[  687.499747][ T7388] EXT4-fs error (device loop0): ext4_orphan_get:1404: comm syz.0.1834: couldn't read orphan inode 15 (err -117)
[  687.500839][ T7394] EXT4-fs (loop1): Remounting filesystem read-only
[  687.518464][ T7394] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=15
[  687.527944][ T7394] EXT4-fs error (device loop1): ext4_xattr_block_get:543: inode #15: comm syz.1.1838: corrupted xattr block 33
[  687.540104][ T7388] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  687.540195][ T7394] EXT4-fs (loop1): Remounting filesystem read-only
[  687.568181][ T7394] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=15
[  687.577553][ T7394] EXT4-fs error (device loop1): ext4_xattr_block_get:543: inode #15: comm syz.1.1838: corrupted xattr block 33
[  687.577661][   T28] audit: type=1400 audit(687.600:3627): avc:  denied  { read } for  pid=7393 comm="syz.1.1838" name="file1" dev="loop1" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  687.589705][ T7394] EXT4-fs (loop1): Remounting filesystem read-only
[  687.619015][  T288] EXT4-fs (loop0): unmounting filesystem.
[  687.622299][ T7409] loop3: detected capacity change from 0 to 1024
[  687.625459][ T7394] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=15
[  687.663507][ T7413] loop0: detected capacity change from 0 to 16
[  687.672403][  T287] EXT4-fs (loop1): unmounting filesystem.
[  687.673707][   T28] audit: type=1400 audit(687.680:3628): avc:  denied  { open } for  pid=7393 comm="syz.1.1838" path="/373/file1/file1" dev="loop1" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  687.707101][ T7409] Quota error (device loop3): do_check_range: Getting block 64 out of range 1-5
[  687.719394][ T7409] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0
[  687.729069][ T7409] EXT4-fs error (device loop3): ext4_acquire_dquot:6822: comm syz.3.1837: Failed to acquire dquot type 0
[  687.736608][ T7413] erofs: (device loop0): mounted with root inode @ nid 36.
[  687.751672][ T7409] EXT4-fs error (device loop3): mb_free_blocks:1839: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt.
[  687.757041][ T7415] loop5: detected capacity change from 0 to 128
[  687.766235][ T7409] EXT4-fs error (device loop3): ext4_do_update_inode:5270: inode #13: comm syz.3.1837: corrupted inode contents
[  687.789997][ T7409] EXT4-fs error (device loop3): ext4_dirty_inode:6135: inode #13: comm syz.3.1837: mark_inode_dirty error
[  687.802258][ T7409] EXT4-fs error (device loop3): ext4_do_update_inode:5270: inode #13: comm syz.3.1837: corrupted inode contents
[  687.814211][ T7415] FAT-fs (loop5): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1)
[  687.821542][ T7409] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #13: comm syz.3.1837: mark_inode_dirty error
[  687.830162][   T28] audit: type=1400 audit(687.850:3629): avc:  denied  { setopt } for  pid=7418 comm="syz.1.1840" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  687.860214][ T7409] EXT4-fs error (device loop3): ext4_do_update_inode:5270: inode #13: comm syz.3.1837: corrupted inode contents
[  687.904563][ T7409] EXT4-fs error (device loop3) in ext4_orphan_del:303: Corrupt filesystem
[  687.905595][ T7419] xt_hashlimit: size too large, truncated to 1048576
[  687.945066][ T7415] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1842'.
[  687.951530][ T7409] EXT4-fs error (device loop3): ext4_do_update_inode:5270: inode #13: comm syz.3.1837: corrupted inode contents
[  687.966262][ T7409] EXT4-fs error (device loop3): ext4_truncate:4316: inode #13: comm syz.3.1837: mark_inode_dirty error
[  687.966758][   T28] audit: type=1400 audit(688.000:3630): avc:  denied  { mount } for  pid=7418 comm="syz.1.1840" name="/" dev="configfs" ino=13058 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[  687.977749][ T7409] EXT4-fs error (device loop3) in ext4_process_orphan:345: Corrupt filesystem
[  688.009747][ T7420] syz.0.1839: attempt to access beyond end of device
[  688.009747][ T7420] loop0: rw=524288, sector=34359738360, nr_sectors = 8 limit=16
[  688.010385][ T7409] EXT4-fs (loop3): 1 truncate cleaned up
[  688.031321][ T7409] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  688.041071][ T7420] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -4082 in[4096, 0] out[9000]
[  688.041671][ T7415] FAULT_INJECTION: forcing a failure.
[  688.041671][ T7415] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  688.052697][ T7420] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -4082 in[4096, 0] out[9000]
[  688.076423][ T7420] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -4082 in[4096, 0] out[9000]
[  688.087730][ T7420] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -4082 in[4096, 0] out[9000]
[  688.098917][ T7415] CPU: 1 PID: 7415 Comm: syz.5.1842 Not tainted syzkaller #0
[  688.106301][ T7415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  688.116454][ T7415] Call Trace:
[  688.119743][ T7415]  <TASK>
[  688.122678][ T7415]  __dump_stack+0x21/0x24
[  688.127021][ T7415]  dump_stack_lvl+0x110/0x170
[  688.131711][ T7415]  ? __cfi_dump_stack_lvl+0x8/0x8
[  688.136747][ T7415]  dump_stack+0x15/0x24
[  688.140912][ T7415]  should_fail_ex+0x3d4/0x520
[  688.145598][ T7415]  should_fail+0xb/0x10
[  688.149764][ T7415]  should_fail_usercopy+0x1a/0x20
[  688.154799][ T7415]  _copy_from_user+0x1e/0xc0
[  688.157059][ T7409] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1837'.
[  688.159404][ T7415]  __sys_sendto+0x30b/0x660
[  688.159430][ T7415]  ? __cfi___sys_sendto+0x10/0x10
[  688.178117][ T7415]  ? ksys_write+0x1f4/0x250
[  688.179224][ T7417] loop4: detected capacity change from 0 to 40427
[  688.182633][ T7415]  ? __cfi_ksys_write+0x10/0x10
[  688.182668][ T7415]  __x64_sys_sendto+0xe5/0x100
[  688.182685][ T7415]  x64_sys_call+0x83/0x9a0
[  688.182701][ T7415]  do_syscall_64+0x4c/0xa0
[  688.182716][ T7415]  ? clear_bhb_loop+0x30/0x80
[  688.182736][ T7415]  ? clear_bhb_loop+0x30/0x80
[  688.182756][ T7415]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  688.182777][ T7415] RIP: 0033:0x7f9626d9cdd9
[  688.182792][ T7415] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  688.182809][ T7415] RSP: 002b:00007f9627cf4028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  688.182828][ T7415] RAX: ffffffffffffffda RBX: 00007f9627015fa0 RCX: 00007f9626d9cdd9
[  688.182840][ T7415] RDX: 0000000000010000 RSI: 0000200000000180 RDI: 0000000000000009
[  688.182851][ T7415] RBP: 00007f9627cf4090 R08: 0000200000000140 R09: 0000000000000014
[  688.182864][ T7415] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  688.182874][ T7415] R13: 00007f9627016038 R14: 00007f9627015fa0 R15: 00007ffde5876038
[  688.182890][ T7415]  </TASK>
[  688.190413][ T7409] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1025 sclass=netlink_route_socket pid=7409 comm=syz.3.1837
[  688.221353][ T7417] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  688.329811][ T7417] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  688.347544][ T7417] F2FS-fs (loop4): Found nat_bits in checkpoint
[  688.384845][ T7417] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  688.393783][ T7417] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  688.468072][  T289] EXT4-fs (loop3): unmounting filesystem.
[  688.484368][ T7431] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  688.603120][ T7440] FAT-fs (loop0): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1)
[  688.651828][ T7441] erofs: (device loop3): mounted with root inode @ nid 36.
[  688.660511][ T7441] bio_check_eod: 4 callbacks suppressed
[  688.660528][ T7441] syz.3.1845: attempt to access beyond end of device
[  688.660528][ T7441] loop3: rw=524288, sector=1056, nr_sectors = 16 limit=16
[  688.679864][ T7441] syz.3.1845: attempt to access beyond end of device
[  688.679864][ T7441] loop3: rw=524288, sector=8, nr_sectors = 16 limit=16
[  688.723309][ T7417] syz.4.1841: attempt to access beyond end of device
[  688.723309][ T7417] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  689.023359][ T7453] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x246f1341, utbl_chksum : 0xe619d30d)
[  689.565585][ T3774] EXT4-fs (loop5): unmounting filesystem.
[  689.667488][ T7463] fuse: Bad value for 'group_id'
[  689.667812][ T7463] netlink: 'syz.5.1854': attribute type 2 has an invalid length.
[  689.797257][ T7470] FAULT_INJECTION: forcing a failure.
[  689.797257][ T7470] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  689.822193][ T7467] xt_CONNSECMARK: invalid mode: 66
[  689.847546][ T7470] CPU: 1 PID: 7470 Comm: syz.0.1856 Not tainted syzkaller #0
[  689.854964][ T7470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  689.858421][ T7451] F2FS-fs (loop4): Test dummy encryption mode enabled
[  689.865022][ T7470] Call Trace:
[  689.865033][ T7470]  <TASK>
[  689.865041][ T7470]  __dump_stack+0x21/0x24
[  689.865061][ T7470]  dump_stack_lvl+0x110/0x170
[  689.865077][ T7470]  ? __cfi_dump_stack_lvl+0x8/0x8
[  689.865094][ T7470]  dump_stack+0x15/0x24
[  689.865109][ T7470]  should_fail_ex+0x3d4/0x520
[  689.865126][ T7470]  should_fail+0xb/0x10
[  689.865140][ T7470]  should_fail_usercopy+0x1a/0x20
[  689.865155][ T7470]  _copy_from_user+0x1e/0xc0
[  689.865176][ T7470]  __sys_bpf+0x2a0/0x850
[  689.865193][ T7470]  ? bpf_link_show_fdinfo+0x330/0x330
[  689.865212][ T7470]  ? __cfi_ksys_write+0x10/0x10
[  689.865227][ T7470]  ? do_user_addr_fault+0x9ac/0x1050
[  689.865249][ T7470]  ? debug_smp_processor_id+0x17/0x20
[  689.865265][ T7470]  __x64_sys_bpf+0x7c/0x90
[  689.865279][ T7470]  x64_sys_call+0x488/0x9a0
[  689.865298][ T7470]  do_syscall_64+0x4c/0xa0
[  689.865314][ T7470]  ? clear_bhb_loop+0x30/0x80
[  689.884722][ T7451] F2FS-fs (loop4): invalid crc value
[  689.887235][ T7470]  ? clear_bhb_loop+0x30/0x80
[  689.967672][ T7470]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  689.973582][ T7470] RIP: 0033:0x7f117139cdd9
[  689.978006][ T7470] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  689.997701][ T7470] RSP: 002b:00007f117232d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  690.006240][ T7470] RAX: ffffffffffffffda RBX: 00007f1171615fa0 RCX: 00007f117139cdd9
[  690.014213][ T7470] RDX: 0000000000000050 RSI: 0000200000000500 RDI: 0000000000000000
[  690.022186][ T7470] RBP: 00007f117232d090 R08: 0000000000000000 R09: 0000000000000000
[  690.030156][ T7470] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  690.038128][ T7470] R13: 00007f1171616038 R14: 00007f1171615fa0 R15: 00007fff5a67e688
[  690.046108][ T7470]  </TASK>
[  690.051952][ T7451] F2FS-fs (loop4): Found nat_bits in checkpoint
[  690.101800][ T7451] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=80000000, run fsck to fix.
[  690.123036][ T7451] F2FS-fs (loop4): Start checkpoint disabled!
[  690.140877][ T7451] F2FS-fs (loop4): f2fs_disable_checkpoint() finish, err:0
[  690.148689][ T7451] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  690.751381][ T7480] set_capacity_and_notify: 6 callbacks suppressed
[  690.751431][ T7480] loop5: detected capacity change from 0 to 512
[  690.835116][ T7482] loop3: detected capacity change from 0 to 512
[  691.009980][ T7480] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  691.082395][ T7480] EXT4-fs warning (device loop5): ext4_expand_extra_isize_ea:2800: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  691.102939][ T7482] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  691.138008][ T7480] EXT4-fs (loop5): 1 truncate cleaned up
[  691.154274][ T7482] overlayfs: unrecognized mount option "verity=off" or missing value
[  691.169146][ T7480] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  691.214537][ T7480] EXT4-fs (loop5): resizing filesystem from 256 to 1 blocks
[  691.271761][ T7480] EXT4-fs warning (device loop5): ext4_resize_fs:2051: can't shrink FS - resize aborted
[  691.310927][ T3774] EXT4-fs (loop5): unmounting filesystem.
[  691.359102][  T289] EXT4-fs (loop3): unmounting filesystem.
[  691.383519][ T7501] loop3: detected capacity change from 0 to 128
[  691.393558][ T7501] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1865'.
[  691.455015][ T7503] loop1: detected capacity change from 0 to 16
[  691.464219][ T7503] erofs: (device loop1): mounted with root inode @ nid 36.
[  691.483874][ T7503] syz.1.1863: attempt to access beyond end of device
[  691.483874][ T7503] loop1: rw=524288, sector=1056, nr_sectors = 16 limit=16
[  691.497802][ T7503] syz.1.1863: attempt to access beyond end of device
[  691.497802][ T7503] loop1: rw=524288, sector=8, nr_sectors = 16 limit=16
[  691.751284][ T3840] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  691.771747][ T7511] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1868'.
[  691.797559][  T318] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=80000000, run fsck to fix.
[  691.955109][ T7515] loop3: detected capacity change from 0 to 512
[  691.965003][ T7515] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  692.046168][ T7515] EXT4-fs error (device loop3): ext4_init_orphan_info:621: comm syz.3.1870: orphan file block 0: bad magic
[  692.088162][ T7515] EXT4-fs (loop3): mount failed
[  692.231898][ T3840] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  692.251301][ T3840] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  692.282827][ T7521] loop1: detected capacity change from 0 to 512
[  692.290551][ T3840] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  692.310769][ T3840] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  693.282557][ T7521] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  693.299831][   T28] kauditd_printk_skb: 13 callbacks suppressed
[  693.299845][   T28] audit: type=1400 audit(693.324:3644): avc:  denied  { map } for  pid=7520 comm="syz.1.1872" path="socket:[40496]" dev="sockfs" ino=40496 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1
[  693.329728][ T7521] EXT4-fs (loop1): shut down requested (0)
[  693.337073][ T7521] EXT4-fs (loop1): re-mounted. Quota mode: writeback.
[  693.350225][   T28] audit: type=1400 audit(693.364:3645): avc:  denied  { remount } for  pid=7520 comm="syz.1.1872" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  693.415993][ T7523] netlink: 216 bytes leftover after parsing attributes in process `syz.4.1869'.
[  693.425139][ T7523] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1869'.
[  693.440936][ T7521] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop1 ino=15
[  693.458959][   T28] audit: type=1400 audit(693.374:3646): avc:  denied  { read } for  pid=85 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[  693.495079][   T28] audit: type=1400 audit(693.374:3647): avc:  denied  { search } for  pid=85 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  693.518213][ T7521] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop1 ino=12
[  693.535550][   T28] audit: type=1400 audit(693.374:3648): avc:  denied  { write } for  pid=85 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  693.570672][ T7521] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop1 ino=12
[  693.588666][ T7537] loop4: detected capacity change from 0 to 2048
[  693.595555][   T28] audit: type=1400 audit(693.374:3649): avc:  denied  { add_name } for  pid=85 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  693.622037][  T287] EXT4-fs (loop1): unmounting filesystem.
[  693.623939][ T3840] usb 6-1: SerialNumber: syz
[  693.636773][   T28] audit: type=1400 audit(693.374:3650): avc:  denied  { create } for  pid=85 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  693.657402][   T28] audit: type=1400 audit(693.374:3651): avc:  denied  { append open } for  pid=85 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  693.669551][ T7541] loop1: detected capacity change from 0 to 128
[  693.681453][   T28] audit: type=1400 audit(693.374:3652): avc:  denied  { getattr } for  pid=85 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  693.694993][ T3756] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  693.708821][   T28] audit: type=1400 audit(693.484:3653): avc:  denied  { append } for  pid=7529 comm="syz.3.1873" name="kvm" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  693.775955][ T7544] input: syz1 as /devices/virtual/input/input53
[  693.803462][ T7544] netlink: 260 bytes leftover after parsing attributes in process `syz.3.1877'.
[  693.812817][ T7544] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1877'.
[  693.821936][ T7544] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1877'.
[  693.854822][ T7552] loop3: detected capacity change from 0 to 256
[  693.864453][ T7553] syz.0.1879 uses obsolete (PF_INET,SOCK_PACKET)
[  693.883327][ T3840] usb 6-1: 0:2 : does not exist
[  693.906254][ T3840] usb 6-1: USB disconnect, device number 2
[  693.926801][ T7556] loop0: detected capacity change from 0 to 16
[  693.947684][ T7556] erofs: (device loop0): mounted with root inode @ nid 36.
[  694.132654][ T7563] syz.0.1881: attempt to access beyond end of device
[  694.132654][ T7563] loop0: rw=524288, sector=34359738360, nr_sectors = 8 limit=16
[  694.153082][ T7563] syz.0.1881: attempt to access beyond end of device
[  694.153082][ T7563] loop0: rw=0, sector=34359738360, nr_sectors = 8 limit=16
[  694.167540][ T7563] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -4082 in[4096, 0] out[9000]
[  694.179066][ T7563] syz.0.1881: attempt to access beyond end of device
[  694.179066][ T7563] loop0: rw=0, sector=34359738360, nr_sectors = 8 limit=16
[  694.193476][ T7563] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -4082 in[4096, 0] out[9000]
[  694.204727][ T7563] syz.0.1881: attempt to access beyond end of device
[  694.204727][ T7563] loop0: rw=0, sector=34359738360, nr_sectors = 8 limit=16
[  694.219058][ T7563] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -4082 in[4096, 0] out[9000]
[  694.230240][ T7563] syz.0.1881: attempt to access beyond end of device
[  694.230240][ T7563] loop0: rw=0, sector=34359738360, nr_sectors = 8 limit=16
[  694.244623][ T7563] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -4082 in[4096, 0] out[9000]
[  694.259775][ T3750] udevd[3750]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  694.393375][ T7558] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  694.966731][ T7578] netlink: 'syz.3.1888': attribute type 4 has an invalid length.
[  694.982737][ T7578] FAULT_INJECTION: forcing a failure.
[  694.982737][ T7578] name failslab, interval 1, probability 0, space 0, times 0
[  695.006265][ T7578] CPU: 1 PID: 7578 Comm: syz.3.1888 Not tainted syzkaller #0
[  695.013675][ T7578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  695.023817][ T7578] Call Trace:
[  695.027099][ T7578]  <TASK>
[  695.030023][ T7578]  __dump_stack+0x21/0x24
[  695.034352][ T7578]  dump_stack_lvl+0x110/0x170
[  695.039029][ T7578]  ? __cfi_dump_stack_lvl+0x8/0x8
[  695.044068][ T7578]  dump_stack+0x15/0x24
[  695.048226][ T7578]  should_fail_ex+0x3d4/0x520
[  695.052901][ T7578]  __should_failslab+0xac/0xf0
[  695.057712][ T7578]  should_failslab+0x9/0x20
[  695.062215][ T7578]  kmem_cache_alloc_node+0x42/0x340
[  695.067421][ T7578]  ? __alloc_skb+0xea/0x4b0
[  695.071934][ T7578]  __alloc_skb+0xea/0x4b0
[  695.076278][ T7578]  ? security_socket_getpeersec_dgram+0xb4/0xd0
[  695.082522][ T7578]  netlink_sendmsg+0x635/0xbd0
[  695.087293][ T7578]  ? __cfi_netlink_sendmsg+0x10/0x10
[  695.092576][ T7578]  ? security_socket_sendmsg+0x93/0xb0
[  695.098037][ T7578]  sock_write_iter+0x2ee/0x3f0
[  695.102801][ T7578]  ? __cfi_sock_write_iter+0x10/0x10
[  695.108089][ T7578]  ? fsnotify_perm+0x67/0x5b0
[  695.111276][ T3840] usb 1-1: new full-speed USB device number 3 using dummy_hcd
[  695.112763][ T7578]  ? security_file_permission+0x8a/0xb0
[  695.125758][ T7578]  do_iter_write+0x665/0xb40
[  695.130432][ T7578]  ? _copy_from_user+0x8f/0xc0
[  695.135200][ T7578]  ? vfs_iter_write+0xa0/0xa0
[  695.140050][ T7578]  ? import_iovec+0x7c/0xb0
[  695.144563][ T7578]  vfs_writev+0x339/0x5f0
[  695.148902][ T7578]  ? do_writev+0x2c0/0x2c0
[  695.153317][ T7578]  ? vfs_write+0xa2c/0xce0
[  695.157737][ T7578]  ? __fdget_pos+0x1f2/0x380
[  695.162332][ T7578]  ? do_writev+0x76/0x2c0
[  695.166835][ T7578]  do_writev+0x14e/0x2c0
[  695.171076][ T7578]  ? do_readv+0x450/0x450
[  695.175402][ T7578]  ? debug_smp_processor_id+0x17/0x20
[  695.180767][ T7578]  __x64_sys_writev+0x7d/0x90
[  695.185524][ T7578]  x64_sys_call+0xad/0x9a0
[  695.189948][ T7578]  do_syscall_64+0x4c/0xa0
[  695.194368][ T7578]  ? clear_bhb_loop+0x30/0x80
[  695.199057][ T7578]  ? clear_bhb_loop+0x30/0x80
[  695.203737][ T7578]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  695.209636][ T7578] RIP: 0033:0x7f01de99cdd9
[  695.214055][ T7578] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  695.233748][ T7578] RSP: 002b:00007f01df778028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  695.242212][ T7578] RAX: ffffffffffffffda RBX: 00007f01dec15fa0 RCX: 00007f01de99cdd9
[  695.250186][ T7578] RDX: 0000000000000001 RSI: 0000200000000100 RDI: 0000000000000004
[  695.258245][ T7578] RBP: 00007f01df778090 R08: 0000000000000000 R09: 0000000000000000
[  695.266226][ T7578] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  695.274203][ T7578] R13: 00007f01dec16038 R14: 00007f01dec15fa0 R15: 00007ffeaacdfce8
[  695.282193][ T7578]  </TASK>
[  695.289588][ T7575] FAULT_INJECTION: forcing a failure.
[  695.289588][ T7575] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  695.304434][ T3840] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 1023, setting to 64
[  695.322885][ T3840] usb 1-1: New USB device found, idVendor=200c, idProduct=100b, bcdDevice= 0.40
[  695.339620][ T7575] CPU: 0 PID: 7575 Comm: syz.1.1885 Not tainted syzkaller #0
[  695.347029][ T7575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  695.357084][ T7575] Call Trace:
[  695.360370][ T7575]  <TASK>
[  695.363303][ T7575]  __dump_stack+0x21/0x24
[  695.367641][ T7575]  dump_stack_lvl+0x110/0x170
[  695.372321][ T7575]  ? __cfi_dump_stack_lvl+0x8/0x8
[  695.377345][ T7575]  ? __asan_set_shadow_00+0xe/0x10
[  695.382465][ T7575]  ? do_vfs_ioctl+0x1b6c/0x1cd0
[  695.387503][ T7575]  dump_stack+0x15/0x24
[  695.391672][ T7575]  should_fail_ex+0x3d4/0x520
[  695.396363][ T7575]  should_fail+0xb/0x10
[  695.400524][ T7575]  should_fail_usercopy+0x1a/0x20
[  695.405560][ T7575]  _copy_from_user+0x1e/0xc0
[  695.410164][ T7575]  memdup_user+0x63/0xc0
[  695.414423][ T7575]  raw_ioctl+0x1cf5/0x3130
[  695.418852][ T7575]  ? ioctl_has_perm+0x1b8/0x4f0
[  695.423720][ T7575]  ? ioctl_has_perm+0x3a6/0x4f0
[  695.428585][ T7575]  ? __cfi_raw_ioctl+0x10/0x10
[  695.433358][ T7575]  ? has_cap_mac_admin+0x370/0x370
[  695.438564][ T7575]  ? vfs_write+0xa2c/0xce0
[  695.442982][ T7575]  ? selinux_file_ioctl+0x3a0/0x4d0
[  695.448195][ T7575]  ? __cfi_selinux_file_ioctl+0x10/0x10
[  695.453757][ T7575]  ? mutex_unlock+0x8f/0x230
[  695.458357][ T7575]  ? __cfi_mutex_unlock+0x10/0x10
[  695.463381][ T7575]  ? __fget_files+0x2d5/0x330
[  695.468057][ T7575]  ? security_file_ioctl+0x95/0xc0
[  695.473433][ T7575]  ? __cfi_raw_ioctl+0x10/0x10
[  695.478207][ T7575]  __se_sys_ioctl+0x12f/0x1b0
[  695.482887][ T7575]  __x64_sys_ioctl+0x7b/0x90
[  695.487490][ T7575]  x64_sys_call+0x58b/0x9a0
[  695.491999][ T7575]  do_syscall_64+0x4c/0xa0
[  695.496400][ T7575]  ? clear_bhb_loop+0x30/0x80
[  695.501073][ T7575]  ? clear_bhb_loop+0x30/0x80
[  695.505727][ T7575]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  695.511610][ T7575] RIP: 0033:0x7f0f3719cdd9
[  695.516009][ T7575] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  695.535608][ T7575] RSP: 002b:00007f0f37f9f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  695.544006][ T7575] RAX: ffffffffffffffda RBX: 00007f0f37415fa0 RCX: 00007f0f3719cdd9
[  695.551987][ T7575] RDX: 0000200000000100 RSI: 0000000040085507 RDI: 0000000000000003
[  695.559965][ T7575] RBP: 00007f0f37f9f090 R08: 0000000000000000 R09: 0000000000000000
[  695.567945][ T7575] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  695.575919][ T7575] R13: 00007f0f37416038 R14: 00007f0f37415fa0 R15: 00007ffc0e59b838
[  695.583900][ T7575]  </TASK>
[  695.716486][ T7588] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x246f1341, utbl_chksum : 0xe619d30d)
[  695.761301][ T3840] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  695.770468][ T3840] usb 1-1: Product: syz
[  695.774786][ T3840] usb 1-1: Manufacturer: syz
[  695.782966][ T3840] usb 1-1: SerialNumber: syz
[  696.109521][ T7573] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  696.119397][ T7573] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  696.143254][ T3840] usb 1-1: USB disconnect, device number 3
[  696.208998][ T7594] set_capacity_and_notify: 1 callbacks suppressed
[  696.209010][ T7594] loop1: detected capacity change from 0 to 2048
[  696.222159][ T7595] xt_CONNSECMARK: invalid mode: 66
[  696.227796][ T7595] FAULT_INJECTION: forcing a failure.
[  696.227796][ T7595] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  696.241137][ T7595] CPU: 1 PID: 7595 Comm: syz.4.1892 Not tainted syzkaller #0
[  696.248510][ T7595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  696.253088][ T7594] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  696.258551][ T7595] Call Trace:
[  696.258559][ T7595]  <TASK>
[  696.258565][ T7595]  __dump_stack+0x21/0x24
[  696.277887][ T7595]  dump_stack_lvl+0x110/0x170
[  696.282585][ T7595]  ? __cfi_dump_stack_lvl+0x8/0x8
[  696.287640][ T7595]  ? __cfi_avc_has_perm+0x10/0x10
[  696.292661][ T7595]  dump_stack+0x15/0x24
[  696.296804][ T7595]  should_fail_ex+0x3d4/0x520
[  696.301563][ T7595]  should_fail+0xb/0x10
[  696.305706][ T7595]  should_fail_usercopy+0x1a/0x20
[  696.310717][ T7595]  _copy_from_user+0x1e/0xc0
[  696.315312][ T7595]  tipc_setsockopt+0x355/0x960
[  696.320058][ T7595]  ? __cfi_tipc_setsockopt+0x10/0x10
[  696.325334][ T7595]  ? security_socket_setsockopt+0x93/0xb0
[  696.331054][ T7595]  ? __cfi_tipc_setsockopt+0x10/0x10
[  696.336330][ T7595]  __sys_setsockopt+0x2ff/0x4e0
[  696.341178][ T7595]  ? __cfi___sys_setsockopt+0x10/0x10
[  696.346541][ T7595]  ? ksys_write+0x1f4/0x250
[  696.351028][ T7595]  ? __cfi_ksys_write+0x10/0x10
[  696.352320][ T3750] udevd[3750]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  696.355870][ T7595]  __x64_sys_setsockopt+0xbf/0xd0
[  696.376569][ T7595]  x64_sys_call+0x124/0x9a0
[  696.381077][ T7595]  do_syscall_64+0x4c/0xa0
[  696.385574][ T7595]  ? clear_bhb_loop+0x30/0x80
[  696.390238][ T7595]  ? clear_bhb_loop+0x30/0x80
[  696.394903][ T7595]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  696.400815][ T7595] RIP: 0033:0x7f6d15b9cdd9
[  696.405221][ T7595] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  696.424807][ T7595] RSP: 002b:00007f6d145d6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  696.433392][ T7595] RAX: ffffffffffffffda RBX: 00007f6d15e16090 RCX: 00007f6d15b9cdd9
[  696.441348][ T7595] RDX: 0000000000000087 RSI: 000000000000010f RDI: 0000000000000009
[  696.449303][ T7595] RBP: 00007f6d145d6090 R08: 0000000000000010 R09: 0000000000000000
[  696.457261][ T7595] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000001
[  696.465217][ T7595] R13: 00007f6d15e16128 R14: 00007f6d15e16090 R15: 00007ffdf3a868b8
[  696.473199][ T7595]  </TASK>
[  696.477387][  T287] EXT4-fs (loop1): unmounting filesystem.
[  696.497491][ T7602] netlink: 84 bytes leftover after parsing attributes in process `syz.3.1895'.
[  696.505126][ T7603] loop1: detected capacity change from 0 to 1024
[  696.518592][ T7603] EXT4-fs: Ignoring removed mblk_io_submit option
[  696.527574][ T7605] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1896'.
[  696.542267][ T7603] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  696.561892][  T318] EXT4-fs error (device loop1): ext4_map_blocks:745: inode #15: block 3: comm kworker/u4:3: lblock 3 mapped to illegal pblock 3 (length 3)
[  696.576434][  T318] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  696.588920][  T318] EXT4-fs (loop1): This should not happen!! Data will be lost
[  696.588920][  T318] 
[  696.599022][  T442] EXT4-fs error (device loop1): ext4_map_blocks:745: inode #15: block 8: comm kworker/u4:5: lblock 8 mapped to illegal pblock 8 (length 5)
[  696.613564][  T442] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 5 with error 117
[  696.625860][  T442] EXT4-fs (loop1): This should not happen!! Data will be lost
[  696.625860][  T442] 
[  696.636269][  T287] EXT4-fs (loop1): unmounting filesystem.
[  696.665804][ T7612] loop0: detected capacity change from 0 to 256
[  696.676744][ T7612] FAT-fs (loop0): Directory bread(block 64) failed
[  696.683576][ T7612] FAT-fs (loop0): Directory bread(block 65) failed
[  696.690225][ T7612] FAT-fs (loop0): Directory bread(block 66) failed
[  696.697762][ T7612] FAT-fs (loop0): Directory bread(block 67) failed
[  696.704749][ T7612] FAT-fs (loop0): Directory bread(block 68) failed
[  696.711734][ T7612] FAT-fs (loop0): Directory bread(block 69) failed
[  696.718445][ T7612] FAT-fs (loop0): Directory bread(block 70) failed
[  696.725212][ T7612] FAT-fs (loop0): Directory bread(block 71) failed
[  696.732276][ T7612] FAT-fs (loop0): Directory bread(block 72) failed
[  696.738862][ T7612] FAT-fs (loop0): Directory bread(block 73) failed
[  697.001280][  T372] usb 4-1: new low-speed USB device number 2 using dummy_hcd
[  697.017959][ T7615] loop4: detected capacity change from 0 to 2048
[  697.155797][ T7613] loop1: detected capacity change from 0 to 131072
[  697.182380][ T7613] F2FS-fs (loop1): Test dummy encryption mode enabled
[  697.209596][ T7613] F2FS-fs (loop1): invalid crc value
[  697.221463][  T372] usb 4-1: Invalid ep0 maxpacket: 64
[  697.240545][ T7613] F2FS-fs (loop1): Found nat_bits in checkpoint
[  697.302220][ T7613] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=80000000, run fsck to fix.
[  697.333093][ T7613] F2FS-fs (loop1): Start checkpoint disabled!
[  697.341663][ T7613] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0
[  697.359303][ T7613] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  697.371269][  T372] usb 4-1: new low-speed USB device number 3 using dummy_hcd
[  697.581281][  T372] usb 4-1: Invalid ep0 maxpacket: 64
[  697.586764][  T372] usb usb4-port1: attempt power cycle
[  697.587064][ T7621] FAULT_INJECTION: forcing a failure.
[  697.587064][ T7621] name failslab, interval 1, probability 0, space 0, times 0
[  697.621292][ T7621] CPU: 0 PID: 7621 Comm: syz.1.1899 Not tainted syzkaller #0
[  697.628704][ T7621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  697.638755][ T7621] Call Trace:
[  697.642030][ T7621]  <TASK>
[  697.644957][ T7621]  __dump_stack+0x21/0x24
[  697.649296][ T7621]  dump_stack_lvl+0x110/0x170
[  697.654067][ T7621]  ? __cfi_dump_stack_lvl+0x8/0x8
[  697.659091][ T7621]  dump_stack+0x15/0x24
[  697.663242][ T7621]  should_fail_ex+0x3d4/0x520
[  697.667942][ T7621]  ? security_inode_alloc+0x33/0x120
[  697.673237][ T7621]  __should_failslab+0xac/0xf0
[  697.678016][ T7621]  should_failslab+0x9/0x20
[  697.682525][ T7621]  kmem_cache_alloc+0x3b/0x330
[  697.687299][ T7621]  security_inode_alloc+0x33/0x120
[  697.692422][ T7621]  inode_init_always+0x6fc/0x960
[  697.697370][ T7621]  new_inode_pseudo+0xa2/0x1f0
[  697.702159][ T7621]  new_inode+0x28/0x1e0
[  697.706323][ T7621]  f2fs_new_inode+0xe8/0x1240
[  697.711004][ T7621]  ? f2fs_get_link+0x120/0x120
[  697.715766][ T7621]  __f2fs_tmpfile+0x13d/0x480
[  697.720444][ T7621]  ? f2fs_get_tmpfile+0x40/0x40
[  697.725298][ T7621]  f2fs_get_tmpfile+0x2f/0x40
[  697.729970][ T7621]  f2fs_ioc_start_atomic_write+0x922/0xda0
[  697.735788][ T7621]  __f2fs_ioctl+0x133d/0xc2f0
[  697.740473][ T7621]  ? arch_stack_walk+0xfc/0x150
[  697.745336][ T7621]  ? avc_has_extended_perms+0x86b/0xed0
[  697.750888][ T7621]  ? memcpy+0x56/0x70
[  697.754963][ T7621]  ? avc_has_extended_perms+0x9d7/0xed0
[  697.760515][ T7621]  ? __cfi_avc_has_extended_perms+0x10/0x10
[  697.766418][ T7621]  ? f2fs_ioctl+0x240/0x240
[  697.770933][ T7621]  ? __asan_set_shadow_00+0xe/0x10
[  697.776065][ T7621]  ? do_vfs_ioctl+0x1b6c/0x1cd0
[  697.780922][ T7621]  ? __ia32_compat_sys_ioctl+0x860/0x860
[  697.786653][ T7621]  ? kstrtouint+0x74/0xe0
[  697.790999][ T7621]  ? ioctl_has_perm+0x1b8/0x4f0
[  697.796030][ T7621]  ? ioctl_has_perm+0x3a6/0x4f0
[  697.800884][ T7621]  ? has_cap_mac_admin+0x370/0x370
[  697.806009][ T7621]  ? vfs_write+0xa2c/0xce0
[  697.810526][ T7621]  ? selinux_file_ioctl+0x3a0/0x4d0
[  697.815737][ T7621]  ? __kasan_check_read+0x11/0x20
[  697.820766][ T7621]  ? has_not_enough_free_secs+0xb20/0xe60
[  697.826501][ T7621]  f2fs_ioctl+0x14c/0x240
[  697.830833][ T7621]  ? __cfi_f2fs_ioctl+0x10/0x10
[  697.835691][ T7621]  __se_sys_ioctl+0x12f/0x1b0
[  697.840473][ T7621]  __x64_sys_ioctl+0x7b/0x90
[  697.845077][ T7621]  x64_sys_call+0x58b/0x9a0
[  697.849588][ T7621]  do_syscall_64+0x4c/0xa0
[  697.854017][ T7621]  ? clear_bhb_loop+0x30/0x80
[  697.858792][ T7621]  ? clear_bhb_loop+0x30/0x80
[  697.863481][ T7621]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  697.869384][ T7621] RIP: 0033:0x7f0f3719cdd9
[  697.873799][ T7621] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  697.893756][ T7621] RSP: 002b:00007f0f37f7e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  697.902178][ T7621] RAX: ffffffffffffffda RBX: 00007f0f37416090 RCX: 00007f0f3719cdd9
[  697.910157][ T7621] RDX: 0000000000000000 RSI: 000000000000f501 RDI: 0000000000000004
[  697.918134][ T7621] RBP: 00007f0f37f7e090 R08: 0000000000000000 R09: 0000000000000000
[  697.926189][ T7621] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  697.926208][ T7612] syz.0.1898: attempt to access beyond end of device
[  697.926208][ T7612] loop0: rw=2049, sector=1224, nr_sectors = 608 limit=256
[  697.934156][ T7621] R13: 00007f0f37416128 R14: 00007f0f37416090 R15: 00007ffc0e59b838
[  697.934171][ T7621]  </TASK>
[  697.964574][ T7612] syz.0.1898: attempt to access beyond end of device
[  697.964574][ T7612] loop0: rw=2049, sector=1864, nr_sectors = 11024 limit=256
[  697.984404][ T7612] syz.0.1898: attempt to access beyond end of device
[  697.984404][ T7612] loop0: rw=2049, sector=12888, nr_sectors = 5672 limit=256
[  698.008160][ T7612] syz.0.1898: attempt to access beyond end of device
[  698.008160][ T7612] loop0: rw=2049, sector=18560, nr_sectors = 15240 limit=256
[  698.070917][ T6129] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=80000000, run fsck to fix.
[  698.081454][  T372] usb 4-1: new low-speed USB device number 4 using dummy_hcd
[  698.105105][ T7624] loop5: detected capacity change from 0 to 16
[  698.124478][ T7624] erofs: (device loop5): mounted with root inode @ nid 36.
[  698.132476][  T372] usb 4-1: Invalid ep0 maxpacket: 64
[  698.291280][  T372] usb 4-1: new low-speed USB device number 5 using dummy_hcd
[  698.312082][ T7629] netlink: 'syz.5.1904': attribute type 16 has an invalid length.
[  698.340250][ T7629] netlink: 'syz.5.1904': attribute type 2 has an invalid length.
[  698.399386][  T372] usb 4-1: Invalid ep0 maxpacket: 64
[  698.410905][  T372] usb usb4-port1: unable to enumerate USB device
[  699.444795][ T7636] loop5: detected capacity change from 0 to 256
[  699.462389][   T28] kauditd_printk_skb: 9 callbacks suppressed
[  699.462404][   T28] audit: type=1400 audit(698.584:3663): avc:  denied  { ioctl } for  pid=7630 comm="syz.1.1901" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=40678 ioctlcmd=0xaa00 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  699.495349][ T7636] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x246f1341, utbl_chksum : 0xe619d30d)
[  699.531831][ T7643] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=27 sclass=netlink_route_socket pid=7643 comm=syz.4.1907
[  699.584846][ T7647] netlink: 10 bytes leftover after parsing attributes in process `syz.3.1910'.
[  699.598178][ T7647] capability: warning: `syz.3.1910' uses deprecated v2 capabilities in a way that may be insecure
[  699.707230][ T7660] loop1: detected capacity change from 0 to 512
[  699.717707][ T7661] netlink: 84 bytes leftover after parsing attributes in process `syz.4.1912'.
[  699.739351][ T7660] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  699.840976][ T7660] EXT4-fs error (device loop1): ext4_init_orphan_info:621: comm syz.1.1911: orphan file block 0: bad magic
[  699.859205][ T7660] EXT4-fs (loop1): mount failed
[  700.040172][ T7647] loop3: detected capacity change from 0 to 40427
[  700.210817][ T7668] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=259 sclass=netlink_route_socket pid=7668 comm=syz.3.1915
[  700.228440][ T7668] netlink: 'syz.3.1915': attribute type 4 has an invalid length.
[  700.241097][ T7668] netlink: 'syz.3.1915': attribute type 4 has an invalid length.
[  700.264113][ T7670] loop4: detected capacity change from 0 to 16
[  700.273461][ T7670] erofs: (device loop4): mounted with root inode @ nid 36.
[  700.289986][ T7670] syz.4.1914: attempt to access beyond end of device
[  700.289986][ T7670] loop4: rw=524288, sector=1056, nr_sectors = 16 limit=16
[  700.304258][ T7670] syz.4.1914: attempt to access beyond end of device
[  700.304258][ T7670] loop4: rw=524288, sector=8, nr_sectors = 16 limit=16
[  700.563007][ T7678] erofs: (device loop3): mounted with root inode @ nid 36.
[  701.405216][ T7681] set_capacity_and_notify: 1 callbacks suppressed
[  701.405251][ T7681] loop5: detected capacity change from 0 to 512
[  701.421831][ T7681] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  701.451370][ T7679] loop0: detected capacity change from 0 to 16
[  701.459731][ T7679] erofs: (device loop0): mounted with root inode @ nid 36.
[  701.482208][ T7679] syz.0.1916: attempt to access beyond end of device
[  701.482208][ T7679] loop0: rw=524288, sector=1056, nr_sectors = 16 limit=16
[  701.496283][ T7679] syz.0.1916: attempt to access beyond end of device
[  701.496283][ T7679] loop0: rw=524288, sector=8, nr_sectors = 16 limit=16
[  701.570416][ T7681] EXT4-fs error (device loop5): ext4_init_orphan_info:621: comm syz.5.1917: orphan file block 0: bad magic
[  701.583423][ T7681] EXT4-fs (loop5): mount failed
[  701.584049][ T7684] netlink: 'syz.1.1920': attribute type 12 has an invalid length.
[  701.596629][ T7684] netlink: 'syz.1.1920': attribute type 29 has an invalid length.
[  701.604640][ T7684] netlink: 148 bytes leftover after parsing attributes in process `syz.1.1920'.
[  701.615328][ T7684] netlink: 'syz.1.1920': attribute type 1 has an invalid length.
[  701.615349][ T7684] netlink: 'syz.1.1920': attribute type 2 has an invalid length.
[  701.615359][ T7684] netlink: 15 bytes leftover after parsing attributes in process `syz.1.1920'.
[  701.617671][ T7684] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1920'.
[  701.945138][ T7689] loop4: detected capacity change from 0 to 512
[  702.163171][ T7689] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  702.264365][ T7692] syz.3.1919: attempt to access beyond end of device
[  702.264365][ T7692] loop3: rw=524288, sector=34359738360, nr_sectors = 8 limit=16
[  702.281405][ T7689] EXT4-fs error (device loop4): ext4_init_orphan_info:621: comm syz.4.1921: orphan file block 0: bad magic
[  702.296200][ T7689] EXT4-fs (loop4): mount failed
[  702.326999][ T7691] syz.3.1919: attempt to access beyond end of device
[  702.326999][ T7691] loop3: rw=0, sector=34359738360, nr_sectors = 8 limit=16
[  702.360338][ T7691] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -4082 in[4096, 0] out[9000]
[  702.361982][   T28] audit: type=1400 audit(702.384:3664): avc:  denied  { write } for  pid=7685 comm="syz.4.1921" name="001" dev="devtmpfs" ino=182 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  702.393824][ T7688] usb usb7: usbfs: process 7688 (syz.4.1921) did not claim interface 0 before use
[  702.412265][ T7705] loop1: detected capacity change from 0 to 16
[  702.414899][ T7691] syz.3.1919: attempt to access beyond end of device
[  702.414899][ T7691] loop3: rw=0, sector=34359738360, nr_sectors = 8 limit=16
[  702.453242][ T7705] erofs: Unknown parameter '/dev/kvm'
[  702.459227][ T7706] loop0: detected capacity change from 0 to 512
[  702.505976][ T7706] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  702.551653][ T7691] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -4082 in[4096, 0] out[9000]
[  702.579493][ T7706] EXT4-fs error (device loop0): ext4_init_orphan_info:621: comm syz.0.1925: orphan file block 0: bad magic
[  702.613989][ T7706] EXT4-fs (loop0): mount failed
[  702.623192][ T7691] syz.3.1919: attempt to access beyond end of device
[  702.623192][ T7691] loop3: rw=0, sector=34359738360, nr_sectors = 8 limit=16
[  702.637478][ T7691] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -4082 in[4096, 0] out[9000]
[  702.880976][ T7716] loop3: detected capacity change from 0 to 512
[  702.890922][ T7716] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  702.905399][ T7716] EXT4-fs error (device loop3): ext4_init_orphan_info:621: comm syz.3.1929: orphan file block 0: bad magic
[  702.917737][ T7716] EXT4-fs (loop3): mount failed
[  703.246166][ T7723] loop0: detected capacity change from 0 to 128
[  703.288981][ T7723] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  703.314295][ T7723] overlayfs: upper fs does not support tmpfile.
[  703.324267][   T28] audit: type=1400 audit(703.354:3665): avc:  denied  { read write } for  pid=7722 comm="syz.0.1932" name="vhost-vsock" dev="devtmpfs" ino=268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  703.347904][   T28] audit: type=1400 audit(703.354:3666): avc:  denied  { open } for  pid=7722 comm="syz.0.1932" path="/dev/vhost-vsock" dev="devtmpfs" ino=268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  703.373896][   T28] audit: type=1326 audit(703.354:3667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7722 comm="syz.0.1932" exe="/root/ci2-android-6-1/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f117139cdd9 code=0x0
[  703.538392][ T7733] loop5: detected capacity change from 0 to 8192
[  703.637097][   T28] audit: type=1400 audit(703.434:3668): avc:  denied  { ioctl } for  pid=7720 comm="syz.5.1931" path="/dev/rtc0" dev="devtmpfs" ino=263 ioctlcmd=0x7003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  703.716232][   T24] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  704.002747][   T24] usb 2-1: too many configurations: 151, using maximum allowed: 8
[  704.017467][ T7738] loop4: detected capacity change from 0 to 16
[  704.347936][  T288] EXT4-fs (loop0): unmounting filesystem.
[  704.359086][   T24] usb 2-1: New USB device found, idVendor=04d8, idProduct=0082, bcdDevice=ce.b7
[  704.373072][ T7738] erofs: (device loop4): mounted with root inode @ nid 36.
[  704.401294][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=130
[  704.410755][   T24] usb 2-1: Product: syz
[  704.415370][   T24] usb 2-1: Manufacturer: syz
[  704.420074][   T24] usb 2-1: SerialNumber: syz
[  704.431740][   T24] usb 2-1: config 0 descriptor??
[  704.443434][   T28] audit: type=1400 audit(704.464:3669): avc:  denied  { unmount } for  pid=288 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  704.476507][ T7746] loop0: detected capacity change from 0 to 16
[  704.542166][ T7746] erofs: (device loop0): mounted with root inode @ nid 36.
[  704.634310][ T7748] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x246f1341, utbl_chksum : 0xe619d30d)
[  705.104417][   T24] usb 2-1: USB disconnect, device number 2
[  705.130309][ T7740] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  705.157301][ T7740] device veth0_vlan left promiscuous mode
[  705.172849][ T7740] device veth0_vlan entered promiscuous mode
[  705.185160][ T7740] tipc: Resetting bearer <eth:vlan0>
[  705.187574][ T7755] fuse: Bad value for 'group_id'
[  705.190700][ T7740] device veth1_macvtap left promiscuous mode
[  705.207018][ T7740] device veth1_macvtap entered promiscuous mode
[  705.215291][ T3749] I/O error, dev loop3, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  705.222268][   T28] audit: type=1400 audit(705.244:3670): avc:  denied  { setopt } for  pid=7754 comm="syz.4.1942" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  705.251004][ T3124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  705.259314][   T28] audit: type=1400 audit(705.294:3671): avc:  denied  { ioctl } for  pid=7754 comm="syz.4.1942" path="socket:[42117]" dev="sockfs" ino=42117 ioctlcmd=0x6e81 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  705.299297][ T3124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  705.314518][ T7757] syz.0.1939: attempt to access beyond end of device
[  705.314518][ T7757] loop0: rw=524288, sector=34359738360, nr_sectors = 8 limit=16
[  705.326522][ T3124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  705.362960][ T3124] bridge0: port 1(bridge_slave_0) entered blocking state
[  705.370056][ T3124] bridge0: port 1(bridge_slave_0) entered forwarding state
[  705.371065][ T7757] syz.0.1939: attempt to access beyond end of device
[  705.371065][ T7757] loop0: rw=0, sector=34359738360, nr_sectors = 8 limit=16
[  705.386780][ T3124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  705.408828][ T3124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  705.420928][ T7763] erofs: (device loop5): mounted with root inode @ nid 36.
[  705.422324][ T3124] bridge0: port 2(bridge_slave_1) entered blocking state
[  705.435312][ T3124] bridge0: port 2(bridge_slave_1) entered forwarding state
[  705.461720][ T7757] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -4082 in[4096, 0] out[9000]
[  705.482982][ T7757] syz.0.1939: attempt to access beyond end of device
[  705.482982][ T7757] loop0: rw=0, sector=34359738360, nr_sectors = 8 limit=16
[  705.514248][ T3124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  705.531652][ T3124] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[  705.531676][ T7757] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -4082 in[4096, 0] out[9000]
[  705.541819][ T3124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  705.595579][ T7757] syz.0.1939: attempt to access beyond end of device
[  705.595579][ T7757] loop0: rw=0, sector=34359738360, nr_sectors = 8 limit=16
[  705.616856][ T7767] syz.5.1945: attempt to access beyond end of device
[  705.616856][ T7767] loop5: rw=524288, sector=34359738360, nr_sectors = 8 limit=16
[  705.638490][ T7767] syz.5.1945: attempt to access beyond end of device
[  705.638490][ T7767] loop5: rw=0, sector=34359738360, nr_sectors = 8 limit=16
[  705.653566][ T7767] syz.5.1945: attempt to access beyond end of device
[  705.653566][ T7767] loop5: rw=0, sector=34359738360, nr_sectors = 8 limit=16
[  705.668462][ T7767] erofs: (device loop5): z_erofs_lz4_decompress_mem: failed to decompress -4082 in[4096, 0] out[9000]
[  705.680107][ T7767] syz.5.1945: attempt to access beyond end of device
[  705.680107][ T7767] loop5: rw=0, sector=34359738360, nr_sectors = 8 limit=16
[  705.695747][ T7767] erofs: (device loop5): z_erofs_lz4_decompress_mem: failed to decompress -4082 in[4096, 0] out[9000]
[  705.706874][ T7767] syz.5.1945: attempt to access beyond end of device
[  705.706874][ T7767] loop5: rw=0, sector=34359738360, nr_sectors = 8 limit=16
[  705.721029][ T7767] erofs: (device loop5): z_erofs_lz4_decompress_mem: failed to decompress -4082 in[4096, 0] out[9000]
[  705.721060][ T3124] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[  705.752444][ T7757] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -4082 in[4096, 0] out[9000]
[  705.768958][ T3124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  705.777493][ T3124] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  705.786046][ T3124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  705.794782][ T3124] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  705.803186][ T3124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  705.811535][ T3124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  705.819972][ T3124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  705.828693][ T3124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  705.837363][ T3124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  705.845957][ T3124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  705.854796][ T3124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  705.863140][ T3124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  705.871486][ T3124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  705.879641][ T3124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  705.888351][ T3124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  705.896969][ T3124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  705.908123][   T28] audit: type=1400 audit(705.934:3672): avc:  denied  { read } for  pid=7768 comm="syz.1.1946" path="socket:[40859]" dev="sockfs" ino=40859 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  705.936222][ T3124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  705.952444][ T3124] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  705.968237][ T3124] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  705.985998][ T3124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  705.999657][ T3124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  706.014425][ T3124] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  706.029685][ T7772] netlink: 'syz.1.1946': attribute type 4 has an invalid length.
[  706.038751][ T7773] netlink: 'syz.1.1946': attribute type 4 has an invalid length.
[  706.048488][ T3124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  706.056758][ T7740] syz.3.1938 (7740) used greatest stack depth: 19088 bytes left
[  706.960469][ T7791] set_capacity_and_notify: 3 callbacks suppressed
[  706.960554][ T7791] loop3: detected capacity change from 0 to 512
[  706.999588][ T7793] loop1: detected capacity change from 0 to 512
[  707.021137][ T7791] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  707.032288][ T7793] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  707.144707][ T7791] EXT4-fs error (device loop3): ext4_init_orphan_info:621: comm syz.3.1951: orphan file block 0: bad magic
[  707.157746][ T7793] EXT4-fs error (device loop1): ext4_init_orphan_info:621: comm syz.1.1952: orphan file block 0: bad magic
[  707.170379][ T7791] EXT4-fs (loop3): mount failed
[  707.175961][ T7793] EXT4-fs (loop1): mount failed
[  707.209807][ T7799] FAULT_INJECTION: forcing a failure.
[  707.209807][ T7799] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  707.226601][ T7799] CPU: 1 PID: 7799 Comm: syz.5.1954 Not tainted syzkaller #0
[  707.234092][ T7799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  707.244240][ T7799] Call Trace:
[  707.247526][ T7799]  <TASK>
[  707.250462][ T7799]  __dump_stack+0x21/0x24
[  707.254805][ T7799]  dump_stack_lvl+0x110/0x170
[  707.259487][ T7799]  ? __cfi_dump_stack_lvl+0x8/0x8
[  707.264518][ T7799]  dump_stack+0x15/0x24
[  707.268788][ T7799]  should_fail_ex+0x3d4/0x520
[  707.270035][ T7803] loop0: detected capacity change from 0 to 16
[  707.273478][ T7799]  should_fail+0xb/0x10
[  707.273500][ T7799]  should_fail_usercopy+0x1a/0x20
[  707.273514][ T7799]  _copy_from_user+0x1e/0xc0
[  707.273533][ T7799]  strndup_user+0xb6/0x150
[  707.273549][ T7799]  __se_sys_mount+0x9c/0x390
[  707.273571][ T7799]  ? fput+0x154/0x1a0
[  707.273590][ T7799]  ? __x64_sys_mount+0xd0/0xd0
[  707.273611][ T7799]  ? __cfi_ksys_write+0x10/0x10
[  707.273628][ T7799]  __x64_sys_mount+0xbf/0xd0
[  707.273649][ T7799]  x64_sys_call+0x65d/0x9a0
[  707.273669][ T7799]  do_syscall_64+0x4c/0xa0
[  707.273686][ T7799]  ? clear_bhb_loop+0x30/0x80
[  707.273706][ T7799]  ? clear_bhb_loop+0x30/0x80
[  707.273727][ T7799]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  707.273747][ T7799] RIP: 0033:0x7f9626d9cdd9
[  707.273763][ T7799] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  707.321464][ T7803] erofs: (device loop0): mounted with root inode @ nid 36.
[  707.325415][ T7799] RSP: 002b:00007f9627cf4028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  707.325438][ T7799] RAX: ffffffffffffffda RBX: 00007f9627015fa0 RCX: 00007f9626d9cdd9
[  707.325448][ T7799] RDX: 0000200000000040 RSI: 00002000000003c0 RDI: 0000000000000000
[  707.325457][ T7799] RBP: 00007f9627cf4090 R08: 0000200000000500 R09: 0000000000000000
[  707.325467][ T7799] R10: 0000000000010001 R11: 0000000000000246 R12: 0000000000000001
[  707.325476][ T7799] R13: 00007f9627016038 R14: 00007f9627015fa0 R15: 00007ffde5876038
[  707.325489][ T7799]  </TASK>
[  707.454402][ T7808] FAULT_INJECTION: forcing a failure.
[  707.454402][ T7808] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  707.454983][ T7807] loop5: detected capacity change from 0 to 128
[  707.468071][ T7808] CPU: 1 PID: 7808 Comm: syz.1.1958 Not tainted syzkaller #0
[  707.481173][ T7808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  707.491234][ T7808] Call Trace:
[  707.494514][ T7808]  <TASK>
[  707.497444][ T7808]  __dump_stack+0x21/0x24
[  707.501780][ T7808]  dump_stack_lvl+0x110/0x170
[  707.506467][ T7808]  ? __cfi_dump_stack_lvl+0x8/0x8
[  707.511508][ T7808]  dump_stack+0x15/0x24
[  707.515669][ T7808]  should_fail_ex+0x3d4/0x520
[  707.520352][ T7808]  should_fail+0xb/0x10
[  707.524527][ T7808]  should_fail_usercopy+0x1a/0x20
[  707.529555][ T7808]  _copy_to_user+0x1e/0x90
[  707.533979][ T7808]  simple_read_from_buffer+0xe9/0x160
[  707.539356][ T7808]  proc_fail_nth_read+0x1a6/0x220
[  707.544388][ T7808]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  707.549945][ T7808]  ? security_file_permission+0x94/0xb0
[  707.555498][ T7808]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  707.561049][ T7808]  vfs_read+0x27a/0x910
[  707.565213][ T7808]  ? __cfi_vfs_read+0x10/0x10
[  707.570137][ T7808]  ? __kasan_check_write+0x14/0x20
[  707.575324][ T7808]  ? mutex_lock+0x93/0x1b0
[  707.579785][ T7808]  ? __cfi_mutex_lock+0x10/0x10
[  707.584737][ T7808]  ? __fdget_pos+0x2cd/0x380
[  707.589328][ T7808]  ? ksys_read+0x71/0x250
[  707.593728][ T7808]  ksys_read+0x149/0x250
[  707.597967][ T7808]  ? __cfi_ksys_read+0x10/0x10
[  707.602734][ T7808]  ? do_user_addr_fault+0x9ac/0x1050
[  707.608027][ T7808]  ? debug_smp_processor_id+0x17/0x20
[  707.613391][ T7808]  __x64_sys_read+0x7b/0x90
[  707.617879][ T7808]  x64_sys_call+0x2f/0x9a0
[  707.622290][ T7808]  do_syscall_64+0x4c/0xa0
[  707.626709][ T7808]  ? clear_bhb_loop+0x30/0x80
[  707.631384][ T7808]  ? clear_bhb_loop+0x30/0x80
[  707.636072][ T7808]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  707.641951][ T7808] RIP: 0033:0x7f0f3715d60e
[  707.646354][ T7808] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  707.666118][ T7808] RSP: 002b:00007f0f37f9efe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  707.674568][ T7808] RAX: ffffffffffffffda RBX: 00007f0f37f9f6c0 RCX: 00007f0f3715d60e
[  707.682588][ T7808] RDX: 000000000000000f RSI: 00007f0f37f9f0a0 RDI: 0000000000000003
[  707.690588][ T7808] RBP: 00007f0f37f9f090 R08: 0000000000000000 R09: 0000000000000000
[  707.698588][ T7808] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  707.706550][ T7808] R13: 00007f0f37416038 R14: 00007f0f37415fa0 R15: 00007ffc0e59b838
[  707.714731][ T7808]  </TASK>
[  707.776356][ T7807] FAT-fs (loop5): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1)
[  707.918397][ T7807] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1957'.
[  707.984656][ T7815] syz.0.1956: attempt to access beyond end of device
[  707.984656][ T7815] loop0: rw=524288, sector=34359738360, nr_sectors = 8 limit=16
[  708.022469][ T7815] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -4082 in[4096, 0] out[9000]
[  708.035538][ T7815] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -4082 in[4096, 0] out[9000]
[  708.048414][ T7815] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -4082 in[4096, 0] out[9000]
[  708.061203][ T7815] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -4082 in[4096, 0] out[9000]
[  708.131925][   T28] audit: type=1326 audit(708.164:3673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7806 comm="syz.3.1959" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01de99cdd9 code=0x7ffc0000
[  708.152193][ T7765] loop4: detected capacity change from 0 to 262144
[  708.159722][ T7817] loop1: detected capacity change from 0 to 512
[  708.163385][ T7765] F2FS-fs (loop4): Unrecognized mount option "è" or missing value
[  708.185062][   T28] audit: type=1326 audit(708.214:3674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7806 comm="syz.3.1959" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01de99cdd9 code=0x7ffc0000
[  708.264934][ T7821] netlink: 84 bytes leftover after parsing attributes in process `syz.5.1962'.
[  708.275543][   T28] audit: type=1326 audit(708.284:3675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7806 comm="syz.3.1959" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=276 compat=0 ip=0x7f01de99cdd9 code=0x7ffc0000
[  708.308732][ T7823] xt_CONNSECMARK: invalid mode: 66
[  708.314496][ T7823] tipc: Withdrawal distribution failure
[  708.340554][ T7817] EXT4-fs error (device loop1): __ext4_iget:5093: inode #11: block 1: comm syz.1.1961: invalid block
[  708.350448][   T28] audit: type=1326 audit(708.304:3676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7806 comm="syz.3.1959" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01de99cdd9 code=0x7ffc0000
[  708.382899][   T28] audit: type=1326 audit(708.304:3677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7806 comm="syz.3.1959" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01de99cdd9 code=0x7ffc0000
[  708.399648][ T7817] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.1961: couldn't read orphan inode 11 (err -117)
[  708.408775][   T28] audit: type=1326 audit(708.354:3678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7806 comm="syz.3.1959" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f01de99cdd9 code=0x7ffc0000
[  708.473443][ T7817] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  708.482854][ T7833] device syzkaller0 entered promiscuous mode
[  708.518995][   T28] audit: type=1326 audit(708.354:3679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7806 comm="syz.3.1959" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01de99cdd9 code=0x7ffc0000
[  708.549865][ T7837] xt_CONNSECMARK: invalid mode: 66
[  708.558000][ T7817] EXT4-fs error (device loop1): htree_dirblock_to_tree:1083: inode #2: comm syz.1.1961: Directory hole found for htree leaf block 0
[  708.580288][  T287] EXT4-fs (loop1): unmounting filesystem.
[  708.779529][ T7856] FAULT_INJECTION: forcing a failure.
[  708.779529][ T7856] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  708.793134][ T7856] CPU: 1 PID: 7856 Comm: syz.1.1975 Not tainted syzkaller #0
[  708.800528][ T7856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  708.810597][ T7856] Call Trace:
[  708.813890][ T7856]  <TASK>
[  708.816832][ T7856]  __dump_stack+0x21/0x24
[  708.821190][ T7856]  dump_stack_lvl+0x110/0x170
[  708.826051][ T7856]  ? __cfi_dump_stack_lvl+0x8/0x8
[  708.831085][ T7856]  ? __cfi_copy_fpstate_to_sigframe+0x10/0x10
[  708.837176][ T7856]  dump_stack+0x15/0x24
[  708.841349][ T7856]  should_fail_ex+0x3d4/0x520
[  708.846044][ T7856]  should_fail+0xb/0x10
[  708.850214][ T7856]  should_fail_usercopy+0x1a/0x20
[  708.855298][ T7856]  _copy_to_user+0x1e/0x90
[  708.859736][ T7856]  copy_siginfo_to_user+0x28/0xa0
[  708.864774][ T7856]  arch_do_signal_or_restart+0xb9d/0x1140
[  708.867437][ T7858] loop5: detected capacity change from 0 to 512
[  708.870508][ T7856]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  708.877545][ T7858] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  708.882933][ T7856]  ? __kasan_check_write+0x14/0x20
[  708.882963][ T7856]  ? fput+0x154/0x1a0
[  708.882981][ T7856]  ? __se_sys_splice+0x23c/0x450
[  708.883002][ T7856]  ? __cfi_ksys_write+0x10/0x10
[  708.883019][ T7856]  exit_to_user_mode_loop+0x7a/0xb0
[  708.883038][ T7856]  exit_to_user_mode_prepare+0x87/0xd0
[  708.883055][ T7856]  syscall_exit_to_user_mode+0x1a/0x30
[  708.883078][ T7856]  do_syscall_64+0x58/0xa0
[  708.883094][ T7856]  ? clear_bhb_loop+0x30/0x80
[  708.883115][ T7856]  ? clear_bhb_loop+0x30/0x80
[  708.883136][ T7856]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  708.883156][ T7856] RIP: 0033:0x7f0f3719cdd7
[  708.883171][ T7856] Code: 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89
[  708.883185][ T7856] RSP: 002b:00007f0f37f9f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[  708.883204][ T7856] RAX: 0000000000000113 RBX: 00007f0f37415fa0 RCX: 00007f0f3719cdd9
[  708.883216][ T7856] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000005
[  708.883226][ T7856] RBP: 00007f0f37f9f090 R08: 0000001000000008 R09: 0000000000000000
[  708.883237][ T7856] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  708.936619][ T7858] EXT4-fs error (device loop5): ext4_init_orphan_info:621: comm syz.5.1974: orphan file block 0: bad magic
[  708.937269][ T7856] R13: 00007f0f37416038 R14: 00007f0f37415fa0 R15: 00007ffc0e59b838
[  708.942895][ T7858] EXT4-fs (loop5): mount failed
[  708.947871][ T7856]  </TASK>
[  709.125911][ T7864] xt_CONNSECMARK: invalid mode: 66
[  709.266183][ T7868] loop0: detected capacity change from 0 to 1024
[  709.273006][ T7868] EXT4-fs: Ignoring removed mblk_io_submit option
[  709.283083][ T7868] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  709.467944][ T7876] loop3: detected capacity change from 0 to 4096
[  709.479074][ T7876] ext4: Unknown parameter 'fsname'
[  709.822504][ T7889] loop5: detected capacity change from 0 to 16
[  709.831045][ T7889] erofs: (device loop5): mounted with root inode @ nid 36.
[  710.135617][ T7896] FAULT_INJECTION: forcing a failure.
[  710.135617][ T7896] name failslab, interval 1, probability 0, space 0, times 0
[  710.148482][ T7896] CPU: 1 PID: 7896 Comm: syz.1.1989 Not tainted syzkaller #0
[  710.155864][ T7896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  710.165997][ T7896] Call Trace:
[  710.169276][ T7896]  <TASK>
[  710.172198][ T7896]  __dump_stack+0x21/0x24
[  710.176525][ T7896]  dump_stack_lvl+0x110/0x170
[  710.181199][ T7896]  ? __cfi_dump_stack_lvl+0x8/0x8
[  710.186222][ T7896]  dump_stack+0x15/0x24
[  710.190373][ T7896]  should_fail_ex+0x3d4/0x520
[  710.195048][ T7896]  __should_failslab+0xac/0xf0
[  710.199808][ T7896]  ? kvmalloc_node+0x28a/0x460
[  710.204562][ T7896]  should_failslab+0x9/0x20
[  710.209063][ T7896]  __kmem_cache_alloc_node+0x3d/0x2c0
[  710.214433][ T7896]  ? kvmalloc_node+0x28a/0x460
[  710.219189][ T7896]  __kmalloc_node+0xa1/0x1e0
[  710.223774][ T7896]  kvmalloc_node+0x28a/0x460
[  710.228358][ T7896]  ? __cfi_kvmalloc_node+0x10/0x10
[  710.233554][ T7896]  xt_alloc_table_info+0x3b/0xa0
[  710.238494][ T7896]  do_ip6t_set_ctl+0x8f5/0xe00
[  710.243254][ T7896]  ? __cfi_avc_has_perm_noaudit+0x10/0x10
[  710.248971][ T7896]  ? __cfi_do_ip6t_set_ctl+0x10/0x10
[  710.254252][ T7896]  ? kstrtouint_from_user+0x113/0x170
[  710.259710][ T7896]  ? __cfi_avc_has_perm+0x10/0x10
[  710.264723][ T7896]  ? __kasan_check_write+0x14/0x20
[  710.269826][ T7896]  ? mutex_unlock+0x8f/0x230
[  710.274412][ T7896]  ? __cfi_mutex_unlock+0x10/0x10
[  710.279430][ T7896]  ? selinux_socket_setsockopt+0x282/0x360
[  710.285241][ T7896]  nf_setsockopt+0x284/0x2b0
[  710.289931][ T7896]  ipv6_setsockopt+0x170/0x1a0
[  710.294693][ T7896]  udpv6_setsockopt+0x92/0xb0
[  710.299371][ T7896]  sock_common_setsockopt+0xb1/0xc0
[  710.304570][ T7896]  ? __cfi_sock_common_setsockopt+0x10/0x10
[  710.310463][ T7896]  __sys_setsockopt+0x2ff/0x4e0
[  710.315490][ T7896]  ? __cfi___sys_setsockopt+0x10/0x10
[  710.320889][ T7896]  ? ksys_write+0x1f4/0x250
[  710.325386][ T7896]  ? __cfi_ksys_write+0x10/0x10
[  710.330231][ T7896]  __x64_sys_setsockopt+0xbf/0xd0
[  710.335262][ T7896]  x64_sys_call+0x124/0x9a0
[  710.339763][ T7896]  do_syscall_64+0x4c/0xa0
[  710.344173][ T7896]  ? clear_bhb_loop+0x30/0x80
[  710.348846][ T7896]  ? clear_bhb_loop+0x30/0x80
[  710.353559][ T7896]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  710.359449][ T7896] RIP: 0033:0x7f0f3719cdd9
[  710.363862][ T7896] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  710.383456][ T7896] RSP: 002b:00007f0f37f9f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  710.391865][ T7896] RAX: ffffffffffffffda RBX: 00007f0f37415fa0 RCX: 00007f0f3719cdd9
[  710.399838][ T7896] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003
[  710.407802][ T7896] RBP: 00007f0f37f9f090 R08: 0000000000000450 R09: 0000000000000000
[  710.415798][ T7896] R10: 0000200000000480 R11: 0000000000000246 R12: 0000000000000001
[  710.423758][ T7896] R13: 00007f0f37416038 R14: 00007f0f37415fa0 R15: 00007ffc0e59b838
[  710.431725][ T7896]  </TASK>
[  710.483600][ T7900] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  710.505070][  T287] EXT4-fs (loop1): unmounting filesystem.
[  710.607915][   T28] kauditd_printk_skb: 11 callbacks suppressed
[  710.607929][   T28] audit: type=1400 audit(710.634:3691): avc:  denied  { execute } for  pid=7909 comm="syz.3.1993" name="bus" dev="tmpfs" ino=2385 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  710.676634][   T28] audit: type=1326 audit(710.674:3692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7903 comm="syz.1.1991" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f3719cdd9 code=0x7fc00000
[  710.702028][   T28] audit: type=1326 audit(710.674:3693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7903 comm="syz.1.1991" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f0f3719cdd9 code=0x7fc00000
[  710.800586][ T7918] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x246f1341, utbl_chksum : 0xe619d30d)
[  711.025476][ T7922] icmp: detected local route for 172.20.20.13 during ICMP sending, src 172.20.20.187
[  711.034656][ T7920] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  711.050237][ T7920] overlayfs: upper fs does not support tmpfile.
[  711.067900][  T291] EXT4-fs (loop4): unmounting filesystem.
[  711.142096][ T7931] erofs: (device loop4): mounted with root inode @ nid 36.
[  711.324638][ T7933] bio_check_eod: 6 callbacks suppressed
[  711.324665][ T7933] syz.4.2002: attempt to access beyond end of device
[  711.324665][ T7933] loop4: rw=524288, sector=34359738360, nr_sectors = 8 limit=16
[  711.352709][ T7933] syz.4.2002: attempt to access beyond end of device
[  711.352709][ T7933] loop4: rw=0, sector=34359738360, nr_sectors = 8 limit=16
[  711.367895][ T7933] syz.4.2002: attempt to access beyond end of device
[  711.367895][ T7933] loop4: rw=0, sector=34359738360, nr_sectors = 8 limit=16
[  711.383056][ T7933] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -4082 in[4096, 0] out[9000]
[  711.394650][ T7933] syz.4.2002: attempt to access beyond end of device
[  711.394650][ T7933] loop4: rw=0, sector=34359738360, nr_sectors = 8 limit=16
[  711.409819][ T7933] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -4082 in[4096, 0] out[9000]
[  711.420990][ T7933] syz.4.2002: attempt to access beyond end of device
[  711.420990][ T7933] loop4: rw=0, sector=34359738360, nr_sectors = 8 limit=16
[  711.427750][   T28] audit: type=1326 audit(711.454:3694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7903 comm="syz.1.1991" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f3719cdd9 code=0x7fc00000
[  711.435062][ T7933] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -4082 in[4096, 0] out[9000]
[  711.470138][   T28] audit: type=1326 audit(711.454:3695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7903 comm="syz.1.1991" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0f3719cdd9 code=0x7fc00000
[  711.496064][ T7935] FAULT_INJECTION: forcing a failure.
[  711.496064][ T7935] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  711.509604][ T7935] CPU: 0 PID: 7935 Comm: syz.1.2003 Not tainted syzkaller #0
[  711.516999][ T7935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  711.518519][   T28] audit: type=1326 audit(711.454:3696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7903 comm="syz.1.1991" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f3719cdd9 code=0x7fc00000
[  711.527050][ T7935] Call Trace:
[  711.527056][ T7935]  <TASK>
[  711.527062][ T7935]  __dump_stack+0x21/0x24
[  711.527082][ T7935]  dump_stack_lvl+0x110/0x170
[  711.566494][ T7935]  ? __cfi_dump_stack_lvl+0x8/0x8
[  711.571516][ T7935]  dump_stack+0x15/0x24
[  711.575662][ T7935]  should_fail_ex+0x3d4/0x520
[  711.580357][ T7935]  should_fail+0xb/0x10
[  711.582351][   T28] audit: type=1326 audit(711.454:3697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7903 comm="syz.1.1991" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f3719cdd9 code=0x7fc00000
[  711.584499][ T7935]  should_fail_usercopy+0x1a/0x20
[  711.613606][ T7935]  _copy_to_user+0x1e/0x90
[  711.618022][ T7935]  simple_read_from_buffer+0xe9/0x160
[  711.623395][ T7935]  proc_fail_nth_read+0x1a6/0x220
[  711.628429][ T7935]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  711.631343][   T28] audit: type=1326 audit(711.454:3698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7903 comm="syz.1.1991" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f3719cdd9 code=0x7fc00000
[  711.633983][ T7935]  ? security_file_permission+0x94/0xb0
[  711.663732][ T7935]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  711.669297][ T7935]  vfs_read+0x27a/0x910
[  711.673469][ T7935]  ? __cfi_vfs_read+0x10/0x10
[  711.678225][ T7935]  ? __kasan_check_write+0x14/0x20
[  711.683359][ T7935]  ? mutex_lock+0x93/0x1b0
[  711.687794][ T7935]  ? __cfi_mutex_lock+0x10/0x10
[  711.691287][   T28] audit: type=1326 audit(711.454:3699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7903 comm="syz.1.1991" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f3719cdd9 code=0x7fc00000
[  711.692724][ T7935]  ? __fdget_pos+0x2cd/0x380
[  711.721396][ T7935]  ? ksys_read+0x71/0x250
[  711.725730][ T7935]  ksys_read+0x149/0x250
[  711.729964][ T7935]  ? __cfi_ksys_read+0x10/0x10
[  711.734720][ T7935]  ? debug_smp_processor_id+0x17/0x20
[  711.740082][ T7935]  __x64_sys_read+0x7b/0x90
[  711.741252][   T28] audit: type=1326 audit(711.454:3700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7903 comm="syz.1.1991" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f3719cdd9 code=0x7fc00000
[  711.744579][ T7935]  x64_sys_call+0x2f/0x9a0
[  711.773272][ T7935]  do_syscall_64+0x4c/0xa0
[  711.777696][ T7935]  ? clear_bhb_loop+0x30/0x80
[  711.782383][ T7935]  ? clear_bhb_loop+0x30/0x80
[  711.787061][ T7935]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  711.792963][ T7935] RIP: 0033:0x7f0f3715d60e
[  711.797368][ T7935] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  711.816968][ T7935] RSP: 002b:00007f0f37f9efe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  711.825382][ T7935] RAX: ffffffffffffffda RBX: 00007f0f37f9f6c0 RCX: 00007f0f3715d60e
[  711.833368][ T7935] RDX: 000000000000000f RSI: 00007f0f37f9f0a0 RDI: 0000000000000004
[  711.841333][ T7935] RBP: 00007f0f37f9f090 R08: 0000000000000000 R09: 0000000000000000
[  711.849295][ T7935] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  711.857259][ T7935] R13: 00007f0f37416038 R14: 00007f0f37415fa0 R15: 00007ffc0e59b838
[  711.865236][ T7935]  </TASK>
[  711.893871][ T7937] device pim6reg1 entered promiscuous mode
[  711.959755][ T7941] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  712.004285][ T7941] EXT4-fs (loop1): shut down requested (0)
[  712.039722][ T7941] EXT4-fs (loop1): re-mounted. Quota mode: writeback.
[  712.047769][ T7956] overlayfs: maximum fs stacking depth exceeded
[  712.126248][ T7958] set_capacity_and_notify: 5 callbacks suppressed
[  712.126283][ T7958] loop4: detected capacity change from 0 to 16
[  712.141867][ T7958] erofs: (device loop4): mounted with root inode @ nid 36.
[  712.151631][ T7958] syz.4.2009: attempt to access beyond end of device
[  712.151631][ T7958] loop4: rw=524288, sector=1056, nr_sectors = 16 limit=16
[  712.165499][ T7958] syz.4.2009: attempt to access beyond end of device
[  712.165499][ T7958] loop4: rw=524288, sector=8, nr_sectors = 16 limit=16
[  712.266021][ T7941] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop1 ino=15
[  712.413544][  T287] EXT4-fs (loop1): unmounting filesystem.
[  712.539186][ T7967] loop5: detected capacity change from 0 to 16
[  712.548342][ T7967] erofs: (device loop5): mounted with root inode @ nid 36.
[  712.603694][ T7967] syz.5.2013: attempt to access beyond end of device
[  712.603694][ T7967] loop5: rw=524288, sector=1056, nr_sectors = 16 limit=16
[  712.618241][ T7967] syz.5.2013: attempt to access beyond end of device
[  712.618241][ T7967] loop5: rw=524288, sector=8, nr_sectors = 16 limit=16
[  712.734323][ T7968] netlink: 84 bytes leftover after parsing attributes in process `syz.1.2012'.
[  712.971169][ T7974] loop3: detected capacity change from 0 to 16
[  712.987584][ T7974] erofs: (device loop3): mounted with root inode @ nid 36.
[  713.075488][ T7974] syz.3.2014: attempt to access beyond end of device
[  713.075488][ T7974] loop3: rw=524288, sector=1056, nr_sectors = 16 limit=16
[  713.241308][   T24] usb 5-1: new full-speed USB device number 3 using dummy_hcd
[  713.391754][ T7983] loop5: detected capacity change from 0 to 256
[  713.410851][ T7983] exfat: Deprecated parameter 'utf8'
[  713.421210][ T7983] exfat: Deprecated parameter 'utf8'
[  713.432990][ T7983] exfat: Deprecated parameter 'utf8'
[  713.440643][ T7981] loop1: detected capacity change from 0 to 512
[  713.451678][ T7983] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d)
[  713.464869][ T7981] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  713.491969][ T7981] EXT4-fs (loop1): can't mount with journal_checksum, fs mounted w/o journal
[  713.501424][   T24] usb 5-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config
[  713.512577][   T24] usb 5-1: config 7 has 1 interface, different from the descriptor's value: 2
[  713.522762][   T24] usb 5-1: New USB device found, idVendor=19d2, idProduct=1275, bcdDevice= 0.05
[  713.541267][   T24] usb 5-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[  713.559637][   T24] usb 5-1: Product: syz
[  713.568979][   T24] usb 5-1: SerialNumber: syz
[  713.584272][   T24] usb 5-1: bad CDC descriptors
[  713.633721][ T7987] loop1: detected capacity change from 0 to 16
[  713.661477][ T7987] erofs: (device loop1): mounted with root inode @ nid 36.
[  713.786993][ T7972] loop4: detected capacity change from 0 to 128
[  713.787182][ T7989] loop3: detected capacity change from 0 to 128
[  713.853950][ T7989] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  714.019556][ T7972] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  714.061696][    T6] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  714.070273][ T7972] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  714.082555][  T289] EXT4-fs (loop3): unmounting filesystem.
[  714.221339][    T6] usb 6-1: device descriptor read/64, error -71
[  714.230791][ T7999] FAULT_INJECTION: forcing a failure.
[  714.230791][ T7999] name fail_futex, interval 1, probability 0, space 0, times 0
[  714.258887][ T7999] CPU: 1 PID: 7999 Comm: syz.3.2023 Not tainted syzkaller #0
[  714.266296][ T7999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  714.276357][ T7999] Call Trace:
[  714.279634][ T7999]  <TASK>
[  714.282563][ T7999]  __dump_stack+0x21/0x24
[  714.286894][ T7999]  dump_stack_lvl+0x110/0x170
[  714.291569][ T7999]  ? __cfi_dump_stack_lvl+0x8/0x8
[  714.296589][ T7999]  ? get_user_pages_fast_only+0x50/0x50
[  714.302220][ T7999]  ? stack_trace_save+0xa6/0xf0
[  714.307078][ T7999]  dump_stack+0x15/0x24
[  714.311230][ T7999]  should_fail_ex+0x3d4/0x520
[  714.315909][ T7999]  should_fail+0xb/0x10
[  714.320061][ T7999]  get_futex_key+0x6a4/0xb10
[  714.324651][ T7999]  ? __cfi_get_futex_key+0x10/0x10
[  714.329760][ T7999]  futex_wake_op+0x179/0xd50
[  714.334348][ T7999]  ? __cfi_kstrtouint_from_user+0x10/0x10
[  714.340071][ T7999]  ? __cfi_futex_wake_op+0x10/0x10
[  714.345178][ T7999]  ? __kasan_check_write+0x14/0x20
[  714.350384][ T7999]  ? proc_fail_nth_write+0x180/0x200
[  714.355665][ T7999]  ? security_file_permission+0x8a/0xb0
[  714.361215][ T7999]  ? vfs_write+0xa2c/0xce0
[  714.365632][ T7999]  do_futex+0x1b3/0x430
[  714.369785][ T7999]  ? __cfi_do_futex+0x10/0x10
[  714.374455][ T7999]  ? __kasan_check_write+0x14/0x20
[  714.379560][ T7999]  ? mutex_unlock+0x8f/0x230
[  714.384147][ T7999]  __se_sys_futex+0x136/0x310
[  714.388820][ T7999]  ? __x64_sys_futex+0x100/0x100
[  714.393753][ T7999]  ? ksys_write+0x1f4/0x250
[  714.398250][ T7999]  ? __cfi_ksys_write+0x10/0x10
[  714.403088][ T7999]  ? do_user_addr_fault+0x9ac/0x1050
[  714.408632][ T7999]  __x64_sys_futex+0xe5/0x100
[  714.413304][ T7999]  x64_sys_call+0x7ec/0x9a0
[  714.417800][ T7999]  do_syscall_64+0x4c/0xa0
[  714.422211][ T7999]  ? clear_bhb_loop+0x30/0x80
[  714.426891][ T7999]  ? clear_bhb_loop+0x30/0x80
[  714.431564][ T7999]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  714.437452][ T7999] RIP: 0033:0x7f01de99cdd9
[  714.441862][ T7999] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  714.461462][ T7999] RSP: 002b:00007f01dd3d6028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  714.469873][ T7999] RAX: ffffffffffffffda RBX: 00007f01dec16180 RCX: 00007f01de99cdd9
[  714.477925][ T7999] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 000020000000cffc
[  714.485891][ T7999] RBP: 00007f01dd3d6090 R08: 0000200000048000 R09: 0000000000000000
[  714.493970][ T7999] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  714.501272][    T6] usb 6-1: device descriptor read/64, error -71
[  714.501930][ T7999] R13: 00007f01dec16218 R14: 00007f01dec16180 R15: 00007ffeaacdfce8
[  714.516135][ T7999]  </TASK>
[  714.525724][ T7869] ------------[ cut here ]------------
[  714.531269][ T7869] kernel BUG at fs/buffer.c:2714!
[  714.538379][  T372] usb 5-1: USB disconnect, device number 3
[  714.548163][ T7869] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[  714.554259][ T7869] CPU: 1 PID: 7869 Comm: kmmpd-loop0 Not tainted syzkaller #0
[  714.561704][ T7869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  714.571751][ T7869] RIP: 0010:submit_bh_wbc+0x4c9/0x4f0
[  714.577123][ T7869] Code: c3 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c bd fe ff ff 48 89 df e8 68 d5 e7 ff e9 b0 fe ff ff e8 6e 3b a2 ff 0f 0b e8 67 3b a2 ff <0f> 0b e8 60 3b a2 ff 0f 0b e8 59 3b a2 ff 0f 0b e8 52 3b a2 ff 0f
[  714.596809][ T7869] RSP: 0018:ffffc9000ca57ca0 EFLAGS: 00010293
[  714.602869][ T7869] RAX: ffffffff81cf3ae9 RBX: 0000000000000000 RCX: ffff888112f01440
[  714.610835][ T7869] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  714.618803][ T7869] RBP: ffffc9000ca57cf0 R08: ffff888137733b2f R09: 1ffff11026ee6765
[  714.626774][ T7869] R10: dffffc0000000000 R11: ffffed1026ee6766 R12: 0000000000000000
[  714.634749][ T7869] R13: 1ffff11026ee6765 R14: ffff888137733b28 R15: 0000000000003801
[  714.642722][ T7869] FS:  0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[  714.651643][ T7869] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  714.658228][ T7869] CR2: 00007ffde5875f40 CR3: 0000000110086000 CR4: 00000000003506a0
[  714.666213][ T7869] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  714.674180][ T7869] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  714.682137][ T7869] Call Trace:
[  714.685404][ T7869]  <TASK>
[  714.688334][ T7869]  ? _raw_spin_unlock_irqrestore+0x5a/0x80
[  714.694142][ T7869]  submit_bh+0x1f/0x30
[  714.698211][ T7869]  write_mmp_block_thawed+0x397/0x510
[  714.703570][ T7869]  ? __cfi_schedule_timeout+0x10/0x10
[  714.709097][ T7869]  ? read_mmp_block+0x720/0x720
[  714.713930][ T7869]  ? __cfi_process_timeout+0x10/0x10
[  714.719199][ T7869]  write_mmp_block+0x138/0x2b0
[  714.723981][ T7869]  kmmpd+0x3ce/0x950
[  714.727890][ T7869]  kthread+0x281/0x320
[  714.731944][ T7869]  ? __cfi_kmmpd+0x10/0x10
[  714.736340][ T7869]  ? __cfi_kthread+0x10/0x10
[  714.740914][ T7869]  ret_from_fork+0x1f/0x30
[  714.745313][ T7869]  </TASK>
[  714.748319][ T7869] Modules linked in:
[  714.760129][ T7869] ---[ end trace 0000000000000000 ]---
[  714.765756][ T7869] RIP: 0010:submit_bh_wbc+0x4c9/0x4f0
[  714.771481][ T7869] Code: c3 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c bd fe ff ff 48 89 df e8 68 d5 e7 ff e9 b0 fe ff ff e8 6e 3b a2 ff 0f 0b e8 67 3b a2 ff <0f> 0b e8 60 3b a2 ff 0f 0b e8 59 3b a2 ff 0f 0b e8 52 3b a2 ff 0f
[  714.792191][ T7869] RSP: 0018:ffffc9000ca57ca0 EFLAGS: 00010293
[  714.798361][ T7869] RAX: ffffffff81cf3ae9 RBX: 0000000000000000 RCX: ffff888112f01440
[  714.806617][ T7869] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  714.819693][ T7869] RBP: ffffc9000ca57cf0 R08: ffff888137733b2f R09: 1ffff11026ee6765
[  714.827911][ T7869] R10: dffffc0000000000 R11: ffffed1026ee6766 R12: 0000000000000000
[  714.836211][ T7869] R13: 1ffff11026ee6765 R14: ffff888137733b28 R15: 0000000000003801
[  714.844514][ T7869] FS:  0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  714.853728][ T7869] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  714.860429][ T7869] CR2: 00007f0f37157ef0 CR3: 000000011008b000 CR4: 00000000003506b0
[  714.868890][ T7869] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  714.877442][ T7869] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  714.885728][ T7869] Kernel panic - not syncing: Fatal exception
[  714.892201][ T7869] Kernel Offset: disabled
[  714.896516][ T7869] Rebooting in 86400 seconds..