last executing test programs:

8m56.657534308s ago: executing program 1 (id=475):
timer_create(0x0, 0x0, 0x0)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x110e22fff6)
unshare(0x20060400)
ioctl$PPPIOCGNPMODE(r0, 0xc008744c, &(0x7f0000000000)={0x21, 0x1})

8m55.258427215s ago: executing program 1 (id=482):
r0 = syz_open_dev$cec(&(0x7f0000000200), 0xffffffffffffffff, 0x4ae60)
ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f0000000040)={'\be \x00', 0x0, 0x5, 0x2, 0x0, 0xc, "00000000020000000000002100", '\x00', "0052008f", '\x00', ["fdfeffbf84a438dfc5d5c010", "0000000000000400", "0000efffffffffffbfff00", "000003cefd70f14003556000"]})
r1 = epoll_create(0x1ff)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000001c0)={0xe0000004})
ioctl$CEC_TRANSMIT(r0, 0xc0386105, &(0x7f0000000100)={0xfffffffffffffff7, 0xffffffffffffffff, 0x2, 0x9, 0x4, 0x7fff, "16b0bc450cfc47961ed5d8167d4f7865", 0x1, 0x52, 0x1, 0x49, 0x9, 0x9, 0xd})
ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f0000000140)={"4497acf4", 0xb, 0x5, 0x0, 0x3, 0x1000006, 'U\x00', "1575a859", "0725eade", '\'q6O', ["aabe8459c62224475793e8a7", "7f9ce2d2c4f439ff80e1d1c8", "fa0700f22b42a3023be516d1"]})

8m53.611839537s ago: executing program 1 (id=488):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x4e24, 0x6bb, @ipv4={'\x00', '\xff\xff', @empty}, 0x5}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000540), 0x3c)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000004c0)=@gcm_256={{0x303, 0x3a}, "56db7a2700f81000", "a8ef1a3a33071799b7bbebfa6dc371290d0e3808802000", "336819df", "4008000000008700"}, 0x38)
sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000580)="890000", 0x3}], 0x12}, 0x4040)

8m52.115007424s ago: executing program 1 (id=493):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x2204000, &(0x7f00000000c0), 0xfe, 0x566, &(0x7f0000000280)="$eJzs3c9vFFUcAPDvbFt+FaUkhKgH04SDGGRLW39g4gGPRokkesdNOzSkW5Z0t4RWEuEgFy+GmBgjifEP8O6R+A/4V5AoCTGk0YOXNbOdhaXdbUvZsmv380kG3puZ5c2bN9/He/t2swEMrPHsj0LEqxHxbRJxpOXYcOQHx9fOW310YybbkqjXP/sriSTf1zw/yf8ezTOvRMRvX0ecKmwst7q8Ml8ql9PFPD9RW7g6UV1eOX15oTSXzqVXpqanz74zPfX+e+9ufPH+ndX1zQv//PDpvY/OfnNi9ftfHhy9k8S5OJwfa63Hc7jZmhmP8fyejMS5dSdOdqGwfpL0+gLYkaE8zkci6wOOxFAe9cDe91VE1IEBlYh/GFDNcUBzbr/pPLi+92Z5Dz9cmwBtrH+y9t5IHGjMjQ6tJk/NjLI7MdaF8rMyfv3z7p1si+69DwGwpZu3IuLM8PBT/d/L0dL/7dyZbZyzvgz9H7w497Lxz1v724x/Co/HP9Fm/DPaJnZ3Yuv4LzzoQjEdZeO/D9qOfx8vWo0N5bmXGmO+keTS5XKa9W1ZN3kyRvZn+c3Wc86u3q93OtY6/su2rPzmWDC/jgfD69a7Zku10vPUudXDWxGvbTH+Tdq0f3Y/LmyzjOPp3dc7Hdu6/rur/nPEG23b/8lcJ9l8fXKi8TxMNJ+Kjf6+ffz3TuX3uv5Z+x/avP5jSet6bfXZy/jpwL9pp2PjSb5o+ozP/77k80Z6X77veqlWW5yM2Jd8snH/1JPXNvPN87P6nzzRPv43e/4PRsQX26z/7WO3O57aD+0/26b9D3Rs/w6JetLx0P2Pv/xx5/XP2v/tRupkvmc7/d8mV/pU4vnuHgAAAAAAAPSXQkQcjqRQfJwuFIrFtc93HItDhXKlWjt1qbJ0ZTYa35Udi5FCc6V7tOXzEJP552Gb+al1+emIOBoR3w0dbOSLM5XybK8rDwAAAAAAAAAAAAAAAAAAAH1itMP3/zN/DPX66oBd5ye/YXBtGf/d+KUnoC/5/x8Gl/iHwSX+YXCJfxhc4h8Gl/iHwSX+YXCJfwAAAAAAAAAAAAAAAAAAAAAAAAAAAOiqC+fPZ1t99dGNmSw/e215ab5y7fRsWp0vLizNFGcqi1eLc5XKXDktzlQWtvr3ypXK1cmpWLo+UUuT2kR1eeXiQmXpSu3i5YXSXHoxHXkhtQIAAAAAAAAAAAAAAAAAAID/l+ryynypXE4X92xiKPriMvZkIomI4d5fhsQuJHrdMwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAE/8FAAD//34rM9k=")
socket$packet(0x11, 0x3, 0x300)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x2a05004, 0x0)
chroot(&(0x7f0000000400)='./file0/file0\x00')
pivot_root(&(0x7f0000000140)='./file0/../file0\x00', 0x0)
bpf$MAP_CREATE(0x1900000000000000, 0x0, 0x48)

8m50.473578711s ago: executing program 1 (id=497):
ioperm(0x0, 0x2, 0x7e)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000000000)=[@in={0x2, 0x4e23, @private=0xa010100}], 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)

8m50.096364674s ago: executing program 1 (id=500):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000780)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(camellia)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r1 = accept$alg(r0, 0x0, 0x0)
write$binfmt_script(r1, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000051c0)=[{{0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000000140)=""/9, 0x9}], 0x1, 0x0, 0x0, 0x2000000}}], 0x1, 0xcb, 0x0)

8m48.676009486s ago: executing program 32 (id=500):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000780)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(camellia)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r1 = accept$alg(r0, 0x0, 0x0)
write$binfmt_script(r1, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000051c0)=[{{0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000000140)=""/9, 0x9}], 0x1, 0x0, 0x0, 0x2000000}}], 0x1, 0xcb, 0x0)

5m54.360704015s ago: executing program 0 (id=1217):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
chroot(&(0x7f0000000a40)='./file0\x00')
syz_open_dev$tty20(0xc, 0x4, 0x1)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)

5m53.827223547s ago: executing program 0 (id=1220):
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000068c000/0xc000)=nil, &(0x7f0000817000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
socket(0xa, 0x3, 0xff)
r0 = io_uring_setup(0x6, &(0x7f0000000040)={0x0, 0x12dc, 0xc000, 0x8, 0xc1})
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0x400017e)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)

5m53.081967074s ago: executing program 0 (id=1222):
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r1, 0xaf01, 0x0)
r2 = eventfd2(0xfffffffe, 0x1)
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, 0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000040)={0x0, r2})
close_range(r0, 0xffffffffffffffff, 0x0)

5m52.369739042s ago: executing program 0 (id=1226):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x23e9c9e, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
mount$fuse(0x0, &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x80000, 0x0)

5m51.681099221s ago: executing program 0 (id=1229):
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
r1 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000340)=ANY=[@ANYBLOB="12000000020000000800000002"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000400)=ANY=[@ANYRES32=r1, @ANYRES32=r0, @ANYBLOB='\a'], 0x10)
close(r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380))
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r1}, &(0x7f0000000080), &(0x7f00000002c0)=r0}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001540)={{r1}, &(0x7f00000014c0), &(0x7f0000001500)=r0}, 0x20)

5m50.932641916s ago: executing program 0 (id=1232):
r0 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r0, 0x8)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendto$inet(r1, &(0x7f00000002c0)="cc", 0x1, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000000)={0x0, 0x2}, 0x8)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f00000001c0)={0x0, 0x0, 0x3}, &(0x7f0000000300)=0x8)

5m49.795804277s ago: executing program 33 (id=1232):
r0 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r0, 0x8)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendto$inet(r1, &(0x7f00000002c0)="cc", 0x1, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000000)={0x0, 0x2}, 0x8)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f00000001c0)={0x0, 0x0, 0x3}, &(0x7f0000000300)=0x8)

3m39.458540958s ago: executing program 7 (id=1842):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xf}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x44}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000010c0)=@newtfilter={0x184, 0x2c, 0xd27, 0x70bd1e, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x4, 0xa}, {}, {0xfff2, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x154, 0x2, [@TCA_FLOWER_ACT={0x150, 0x3, [@m_bpf={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS={0xc, 0x4, [{0xa625, 0x9, 0x7, 0x3}]}, @TCA_ACT_BPF_PARMS={0x0, 0x2, {0x7, 0x9, 0x20000000, 0x9, 0x7}}, @TCA_ACT_BPF_OPS={0x4}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}, @m_csum={0xf8, 0x1, 0x0, 0x0, {{0x9}, {0x90, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x1, 0x800, 0x0, 0x7, 0x6}, 0x6b}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x8, 0x5, 0x20000000, 0x4804, 0xf}, 0x52}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x101, 0xfffffff1, 0x20000007, 0x10000, 0x8}, 0x67}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x1000, 0x3, 0x4, 0x10, 0x8}, 0x41}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x5, 0x6, 0x0, 0xffffff81, 0xfffffffb}, 0xa}}]}, {0xfffffffffffffffb, 0x6, "a798c476ada6bf50a9e0cd046f2ed191bee56201bca554993f58d7852e719d4e157f603968f4eebc52fff56c98601999bfefac9e7b9e85ba61fc"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3}}}}]}]}}]}, 0x184}, 0x1, 0x0, 0x0, 0x8848}, 0x4080)

3m37.704731122s ago: executing program 7 (id=1847):
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
r0 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r0, &(0x7f0000000040)={0x2a, 0x1, 0xfffffffe}, 0xc)
r1 = socket$qrtr(0x2a, 0x2, 0x0)
recvmmsg(r0, &(0x7f0000000ac0)=[{{0x0, 0xff2c, 0x0}, 0x1}], 0x40, 0x2, 0x0)
connect$qrtr(r1, &(0x7f0000000040)={0x2a, 0x1, 0x4000}, 0xc)
writev(r1, &(0x7f0000000340)=[{&(0x7f0000000080)="fb", 0x1}], 0x1)

3m35.748267127s ago: executing program 7 (id=1852):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r0, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000a80)="a28b7c", 0x3}], 0x1}, 0x4006041)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0xf, 0x4, 0x4, 0x16, 0x0, 0xffffffffffffffff, 0xfffffffd}, 0x50)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002e00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000180)=ANY=[@ANYRES32=r2, @ANYRES32=r3, @ANYBLOB="05"], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r2}, &(0x7f00000006c0), &(0x7f0000000700)=r1}, 0x20)
sendmsg$inet(r0, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1}, 0x3)

3m34.328501605s ago: executing program 7 (id=1861):
r0 = io_uring_setup(0x178e, &(0x7f0000000140)={0x0, 0x52c1, 0x8, 0xfffffffe, 0xc})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r2=>0x0})
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001800)={0x6, 0x3, &(0x7f00000006c0)=@framed, &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r2}, 0x80)
r4 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002d80)={r3, r2, 0x25, 0x8, @void}, 0x10)
bpf$LINK_DETACH(0x22, &(0x7f00000000c0)=r4, 0x4)
close_range(r0, 0xffffffffffffffff, 0x0)

3m33.437398166s ago: executing program 7 (id=1865):
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
madvise(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x16)
mprotect(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0)
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3})
ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, &(0x7f0000000140)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})

3m32.313617982s ago: executing program 7 (id=1869):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(aes))\x00'}, 0x52)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d05c164a534308", 0x10)
r1 = accept4(r0, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000004c00)=[{{0x0, 0x0, &(0x7f0000000240)}, 0x2ca998c3}], 0x4000032, 0x40000021, 0x0)
sendmsg$nl_generic(r1, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4051}, 0x20008001)
recvmsg$can_raw(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000340)=""/197, 0xc5}], 0x1}, 0x1)

3m16.879607754s ago: executing program 34 (id=1869):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(aes))\x00'}, 0x52)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d05c164a534308", 0x10)
r1 = accept4(r0, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000004c00)=[{{0x0, 0x0, &(0x7f0000000240)}, 0x2ca998c3}], 0x4000032, 0x40000021, 0x0)
sendmsg$nl_generic(r1, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4051}, 0x20008001)
recvmsg$can_raw(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000340)=""/197, 0xc5}], 0x1}, 0x1)

8.562163337s ago: executing program 4 (id=2713):
openat(0xffffffffffffffff, 0x0, 0x4000, 0xb4)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3}}, &(0x7f00000001c0)='syzkaller\x00'}, 0x80)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000500)={r0, r2, 0x25, 0x4, @val=@tcx={@void, @value=r0}}, 0x1c)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x8090}, 0x4000c00)
syz_emit_ethernet(0xe3f, &(0x7f0000001380)={@broadcast, @local, @void, {@ipv6={0x86dd, @gre_packet={0x3, 0x6, "e63de0", 0xe09, 0x2f, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, @mcast2, {[@srh={0x87, 0x0, 0x4, 0x0, 0x3, 0x70, 0x2}], {{0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x880b, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800, [], "711104"}, {0x1, 0x0, 0x1, 0x1}, {0x8, 0x88be, 0x1, {{0x4, 0x1, 0x7f, 0x1, 0x1, 0x3, 0x4, 0x6}, 0x1, {0xffff}}}, {0x8, 0x22eb, 0x0, {{0xc, 0x2, 0x1, 0x3, 0x0, 0x1, 0x6, 0x1}, 0x2, {0x8, 0xfbff, 0x3, 0x2, 0x0, 0x1, 0x1, 0x1}}}, {0x8, 0x6558, 0x2, "79cad861474498b026743fc62104258a67aabed7401d11b63e5fef2972fb0882d6126cf1d7bea0b042424c1034341ff1fe42653577556603affef6fbb4106bd0ae03a849874bd2ec87c1a2d919b85a5f5a0ee862869ace9262b0ca6d10248bba4d9ff174c2fe45845f5f5fc2da661c041fd8fe9909eb6fa425e6a10f0773a6ae21e4c43f4f2abc5e3c9cdbb9a9bc28f23e8e070d5c460d24647acf7f3e80b778278322e128818b8a748bdf150e897288caa30c33ffc3195c901d7f981c84f3859e065f1db5a7fe365d13b6835e36aa12d694a98a12c98d99e3da665a9f7e5893288ee262f532074066ee4619eef92cca2e2db994803f0d962ede643605326352e088cb5c61fbae83fa2c6ba1e5adecf0ee53a5034dcd6bf3a460a840817d6030b151b9f0ebe295bc6f73934e551c213f8cfbfddaa45cab1b005b54fcec3fa113569b9d37e8ae2fb8e40160086dbce035ef436b165b29fec63c261f2f4030eeb094e3e226fa4951e377e1251ad3a5c99d2aaadd5394fae878c8032378e58c51408a8e525f3afea702a3c6f78046dbe7e222c07e7c0ec76f0740dabf8f654266262ca0fc47023c5b5512565e817ccff7e010938abb0873d9848c5842c1996e18c9335245cd64b8c68d81c4cb0ac84e8509816608bebaa5b47fbbbca71825e710fba72bfbc829b5335f907c50e28d99806ba404fc97c14db98fa947b51b81c6224c5af6d9208d4923f07b78ac0c2555856037ede105f21756a7b71710af41e98416faec6de1b540c8be49b2751f27b5a0e58299f93ee1f4ba2d69f76d50d565a67cc5ef4fb818d69c7e42e0fcf7c8f7b4df587490e736355cbac6e1919d0c89fc5a00c8a4b35bf3da243b7bec413465ba555a52ba22440b008f43670a9815db27a0b0969bb51134aa2bba151458ac047e5082f0c3cab4a10157019ac1ac91b2ab95e6ca0a06c8e0b4f7c9e3b4d848bfa1c134140283e2d0cebd05dcc46fa60789458002074cba4df738e4eb1b1c27b57237a231eb4eb9d35deb7322d4d27d6efca6ee46a558e87603f01c967550d54eda4f8aae38580f36d997d960fc8e634511a7efc6e624194cd72d1a895dc3a4f34eecef662ad8e3a6a6b40efa10c89019da2366960a97acf04eb3ba6e9b6ee6ecfb5aaaa3767faa42daac98af0d149e8048c97364fcee71e834211caf105c4a0230d5aa7e83cff7266ccb5ca616012a2b4a946723d0f1e3e4b957e63282774af97aebada5cbf280c7e67f85e3bb6ebe95966ca71443a505dac76f02d6b560b5361bb49cad704011bd4fab860e1100974e17d5ec2027ac78e45ae55861a32f6972e79bd952e16530c6a7f01de813f409376f35a4163bfdcc33b4459e2bf6971470a5b4ef5d559b47a3c6c03b076400a979f6fdc6f590264d61d600b26ba21aae64511f676dc3b320587e43cbdb26da933b7406f086f63a946a8becee38e1785e5b25223a7982ef98f2d164855d4af631bdbd823e35348f91aa342778da04d91715235c896f55c43c6170096f6187c156f7e7a385a66c9f35dda26b28e8929aad1febecce70fbbd3c2a78dd68d1ca92226c4f8bcb839f11191b17e74409b23c57af8b82814929c209398c716ff7e2c460ce0f74d71b86803349852f32fa03e3235f7b1806a0532499bf07316770278bc65cb3e0a3eb668916ae3c918b8206d9f84c2d70497c075ee2d59f21c7eaffb0b865cce7637e053c580bebe36c0a29475ac48cca885f397f08cdc2f8aca9c40c733c11554a8a1267d0f1ce81d54f60100528c978ee8abf45c74eb8d79b741734cd5afa37ea71748b94d45048267fb46f9a34fda91bf309d80b622891c8b3a78780e8a0a52442c63d3c902ab54fa17a72aca4f560b32a84ed62ee96a7494dac824714bc11a22fc73e3b3f528ca0e5b25c0f30467152befe7bd50f757ccb2577f5dfbfc6dab3b495140a14579266c6946f8671583ff2f65c83b7bfcf25e155d1435532d3f2198be0d5b357ed46e00b65c8b05c29b9184e9a31c30ef51edf3f0ea2636b28ee7c028fc40dcee024e078cc718ef6315d5f27bb5eb0827a9938a284310543e095941a6dea439c2c86534a614aa93351798d2e7086043f8b70c62879e8ddf03033dfcb053e59d03dc5cf620a7a428ff0ad02bbcb24251f9d5490e750f75f1dfdb6991536382a223411393fa380a6b4f6d489cbd6a5513cc56e303974bda6096aa2c056f0d60bbfa8c6bdbf4bbcf7259c8f037ade0de0035066bdb3a223eca2a1bb564450d14f39ef4812ec685be79933247f66e3e896ba831d68c7bf4598833636f848f892e561fb63b4ad9dd65105e1015436a32d07db78ddf0b1bcc62d44f397742685ed2debe747ffe62ee958788e5d616e501d3723615ca767ccbbbf98ffaf5f84edd00f657a1e0771dabcc14f58f65e78c0cbef85ab49f6ab0aefdedd81fde0fe38d479c76abfa2eadfdbe191c562debddd7623cf0d9c7d350ec118b8a8289513afa4cf896fbd6aca0b9c47580937d432f09ffd6102a435f6eed0d6f66f93986945e1d361b128d797c149438d8d4732a073190dca43fbfb38ef5ce6739c59528e082fb03c1f31795a81ce8133d4f301f9d5f9a3ceb8547081cbbef8087ae71a16e1aeffaf8426b61dc4a74bb61b8f45168a181f07108abc2a2135b6e1d01e95f3f177bde702aa9d1c365979952c5229012103f40df3c4175c341ebef1aa06441a73e0be3291c77f6a23696a22a4a7c2f814e8dbc4933095ac6876fd158a318c29ac8c5d89b001425ac3dbec050a526d5e00c3df84e145437f67ba7c882a0babf38dcadf4718120f8b1b9161361c73f33d81f09448ed4c14742e340eb483deeebf9390ce1015eda7e3febf1d4272c177304572b2c4a74efd796d6f077046853963f6fd6dde85e21c02687cc70753cfbb54c7f5644efaeacb5cc8c68d242222619f8bb7b53a5096455c82989037ed2988c3150c6e3bade659f2435ebeb266b3bf06382fcae09387b77afc0e4ee8b57da3e63b06ce9c04150e071523c4496cb5a57c4eb43a531849c95faac8e9acb65aea6c9843b4825533e311d9dc63e437eda81ad72dc39cd4b08362182c445b81ae80222754e40e994e7b218e100c0bddfbec13c96321ca0da51dfd084f0f3139099870114347e0a718c8019f5b5f233c029b65f0e525dae896f3e155b8bf5e897e424f2194a5572408c3cc5148d555ce919a782aafdc7b90ed32435d86ad9d12e44d3fddcab42f6dbd54739fbd571df1d246640054d82ce2afbfd7362ebe6067a5fefa2ee68318277c8e27f24659490434cdf32841bdcf0d9cd5aa38a957528701df3f16ae86c3d6cecc541e9b513860823c3767e496def818b0658e8ab6c7e93be6afa53590cc85c97da54bd204bd7c4ee6e9c70e6880c4dbaccf5158b052909e5519955b7f7e4f1382b9bc913b860508e9f39b4880d3b4ce8e64df5b0f38d739e67d147bfb7bf145324f211134be439cc462d1260369354f6c3fc8dac6289b2311762be96a3255c9cf3e32be31e04fcffc8ae7ce2a498a4435ff5b19f18c756603bc69e5f2189efff327ff14aa6a64ce98b52fdfc7371fa373e735bb6a7afc9089ae6105746fac259a9aba5a9c37cf9e0ef9cc3a546531af17184f8bc3616f5f304628dfd8ba72262e2691b3b7e96c12998bc40e2d9c2a3707a9b9547d76bdf8714fe4bd8aaa1b211003de465edb3176c173cfe4bf9bb07db2cb133cdec4fad7b281aa1aa93e2cf6911ed496fbfd4d239eddad131416afa2cce62113d9588c37a3aede2c5c626a8f377496de7dd374f23de1d04a95d015957004524cc928af8ecbfe000a842db90ec0d1c39e0d76eb963f1eadde5c8f02a9c02e5d6ff9ea3ce682ff69a0c2077e435781638d2332dd419f5f2b663d837b1f297a061c6ae73a393b95cd9b517f7d6e560fdcbefe28791d81dbe92d82c7c922610c53446f2b18e5f1c00a13ee60859bc501f742c74875e8a3531182cf8114ca23a2eac98bd541670f1f3c131bfb7ef9b1b773afaf00640ac5212b4ebac150650783df50114167ae62ba206a6551a5ee0358f18ea94b0757719bffc0391b984e656e8a8ce370bf7eb59e3e84132d5905f152886a5acf97403cb2d682478cedeccdc84c93f662a24b1dccc3312c3b923dc9bf2d7b5cde8d5a2bccf09cfb6afe3f396f1eee3104d454315490570d6b9ee1e98fa0a3842aaaecc633e296e87d456a744f5c7966f6b2d146e5543dabe159804e0b00622d763923cf4a0ed12087e22a13a8da14e0b4d0335b35baaae48c97fed8e50c41a270f0232cd7dd4e6f064e0cd3356aecf7d561609b9556e5a9740cfb71831d8802b3c7dc48c2e70d7d24b0f2db8ddcbd6a626c865fcf3d7cb4254be40955601baadba53ef1f6ee665da63fb3f90dd1653b246667c72e061e6658c0448d079789ba750f0064919ae7a185f518d539135c09a6db9106d2a1732fe64132e91fc826c4b30fce7881d992ea45dd711d41dd4cccc92fc8866592af3cb9b21b135e7b037c62753bd6e1dbf0cd56739ae78213aaf11ad7feaa0f897a47178c0f4318b67cc9637a96c8013850f2bee951acfccb7e687f025d6e704d8bd41573d78848e55776b31a50aef3f868545a842667701fdababaaedcd2ae766b348b171a9fa98657e755a60e142b7f507af92107022a31d66a51febc212ce2627b29150fdd96d47862e26ca17e4874b375ac1dcc2acff217733f9949dcb162a914fb6707733e1bffef48a40be58a357aff3044755f1071cb03e414e0d3bf9240e6da1595c2d5cccf8db541e743b05c88e52f7a2251e14b07b4d25b00c16ea589482720ba1acd7cdba47e8f7fe5175571f444b064d4d3e954fc051a1eedb494f58d683e8f2891f08d4c30d4f4e9b2b34c708d1fb99ef2af8c44e311d7f6f74b4042734576f2d811bdf6f971489aa9d0c296df65f17dcda59aed89e22f3406864c7d4cc3dba335"}}}}}}}, 0x0)

8.061256166s ago: executing program 4 (id=2717):
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x2, 0x7fff7ffc}]})
close_range(r0, r0, 0x200000000000000)
syz_open_procfs$namespace(0x0, &(0x7f0000000300)='ns/net\x00')
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r1, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa)
r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000280)='ns/net\x00')
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000480)={@cgroup=<r3=>r2, 0x11, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0}, 0x40)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000640)={@cgroup=r3, 0x24, 0x0, 0xffff, &(0x7f0000000000)=[0x0], 0x40e8, 0x0, 0x0, 0x0, 0x0}, 0x40)

6.974784562s ago: executing program 4 (id=2720):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000002140)={0x2020, 0x0, <r1=>0x0, <r2=>0x0}, 0x2020)
syz_fuse_handle_req(r0, &(0x7f0000008400)="92756f43b31ffe542788ef586b7c5a344424e3acac2590be6bbe37adface4a8f2e534ffe76a83a93f0b3680a72fddfde83f96d01982384e8d689219cb9669b14dbaa1b799f82ea1fc926126a4163618e16d4f94143a4e0f27c44fcef3920a0b3805ed4e78098d8689cc7791bd86648070718d238664332948d87866c8d2590fc0f017f9853abd9ed60b99f1aa6ae2dbd24ab6dbcebdb055246815ace147cc50fa3b2861148fcda374d5b203e51d72c45e4dde3e9ee9a47ffe458baf7bb49035135a8194aa1f0a83fa2abed56398f90daff679634619453f533f22583a6e0a4dc09e9de46684d5e0136e229510f3702cf3a4cd0065d3e5d3c419e38a80b070ca55010e082a9c510fd18cc0b26bb5e8e459e747befbc5c6b60ace80bf41417b7b78cf57e5b3984f0cdddc615c5e0000454d3f4a196fb6d18aa629cf0b0245f95ba958d86dc175616f8cd3ac473057dc3a5ff7107973326350107f4468e7ecd48d689b82c12d22ae5f1858302a1b4cfde8fd347a99ddcde40d1c49d9b5099fbccf09e782212be4b2ce36a2bc3c9ee794abffe72a5501e6c4f3f7f68b74761ffd6620609224a3bf11f655dadb5c8a5813b02fb46830e9ac6825f5d0e89910352eb3a58c0dd82d094f94dd2c85666f684a8f437bbd0e66b9f4d366117b67a054d212c4fbc287848cb0578391335d5d616b14d99a2e3df8e8a152d5de99bcefcaab5bb5cc71f3ddd66b379c104648e190e0b28a180d3aecc5423575d4ba7dbf31215c717da7b87dd454b6efcd36c91aaa631127f5bd88723d221752f102bc0c7ac6c5c7a1ad6747af40d01b6d39eab7b0e1292b44683c586386ad00acf60fb8f9bac551a6eb5bab7317b5d89f64db10bd9018dfa6d65d93862e851afbc30fd70fe5f0de322462045177231852ca80e4e78da4fea0c79ba354333026c8bc77d308a8d256a19ec45d2088c196691d3f9aac28ded36004a65ee1ce49ba9599ceee84534bb61d02d04a6732f1e27d72962f74b59f3522bf844c5022986d55934e48b8681b7f5b7532391448caeef00315d28320a46d8bd7813544e1e4bf994e14a519c2654ff20b42bdb69c262897e28eca528f0999840b00ed8256597d27cfc20d71d5f40d0bbca759f7594c6034aa1e16a84ed152fad0fdc1c303a7f61225712714f823afc5ea241d482d3585759623af8c97ca6a84a2033b3d7314ea0ef7ba9b288b362a294c92c8b9736829c16f61c5a1ee04aca965d71162292274595ea62c9c2918e8279c99f5d2830c617c58211fd7452330184b9428d5ec1d5cd75ddcc6de3326fdc70e891104b3b013c30ffccfaf3308d9671b01f6b080a930dac2052c6f39817a662121d90d40d6a1facfb50bec7d408030b6d0ae3e744f3bcc327c35dc43cf86b743db78ff2e593b19923235ed6467f299b08718fe1840c16a748935dff941150fb08b30573b37bf9af5c86cc8d9e229a832e4ef25ec91f71120f2b3e9062485976c280a2d172386029e2f2a4801197fca0a13514edacf5ddbac5a62e8bb13dd1572657a821a8739297f72e29239d1cdddf3e30cbe9af3141f2275ee4ae85d86ec888fe9a6751f252057e95b8beb055e276439581afee93cd44f1e92f70e5f725451d3ab662918ffbb1269509fbd511e95a00ec717f9d60d643864abd6ad1cc4dd7f933379a6078a86c2158db8076e7b660366fca7b1c46d09d2c8e67a6494bfb4c2c6750e76593895b5e2b2bc78093840c3c4a807826bc2750a96b4e1dd5b82b492bb2215518c92064d1763c37132604e52e73fac3f4511f791753aeecfbb19816e0da7a1bfbea9eeaa0f256eaedcb119a61f7d0ea0f5cd4969d45cb014800f2c888d5c2217cf0f69a7507779883b57352bb8883cc584891950d6e792537074f4fc4337aa19b9bf60e18edd939d289fb4a6b7aa6c66da20774e249ca4f779d3c910b1a9a8e4c38af6adecc87d5481d181fd66023ffff246f4e2556b218fe8110acebe20b1675f1de6f265b6d1d8514a53522396bf0e2f2b153c498e48b36d16f8b9bd56f45d7f5b9397d7f1339117a176d0bad0b68e800682416d3e18fe2197c7f8dc20600feb95cc6ba86ad47f113e159bd4389e30eab2874bd27eebc56020c4dab9973b13f3e82aa62a7e0a151d73de48cb811e32be63ffd303f5a6ea6f097ed763fbf36c430821e451146de79922348354ce285af0997bf3c66e6ef02942e24b8f1ccdd542f09cfe65c0da0094c0b5fd26bbc061538b41e5ed2cbb390ee29b10a4b7a696009e1b5b86c44c0a561a257c15415feaeb1433ea275ed6e4b228503fe71ee5942665164faaed6697112206be0fe7863aebd4bbe951d5dea1da294dba0793196385f4d5141c9d6c4b0fa22b2e200cfb70b52aca31655e71e5a576ccb8ccb5b1364748aa981edbb81a813b1aebc67be1f7619e7e197622d981280429f6ca5145c5b3b05e6bace9191e5c58fbf140f71f594cbfd4db0e9f6923f1758ff9474a61a720a5d4f09c622c3ce3f5d0d3a1d191111168108f41f12b16e9eaf3617c353715cd35260560cbfd0555d51ce5c40bbdb7c95ceaeadadb8902974de50b0863348183864f5ea682e678286a06a6f396af29a7c7fb33a3579e25835963612f3c0d4cf369d85959a0adeda94d35824050e6fba7f83f90867583f713d7783323c7010e94c9be331f860db395dbde6face5bfdb616fcefa9c6b01f6963daa840a31ff554a458c0c50cb5e09f91f54f63234589decaf45bbfbaef0dcbff4ae6e65ca26a530261c491ef8eb9a855a1d7463391c9b66be96cf24c3c321ee5a5bdc857f60b582683c6ae1e3775b62a9f19ff8fa51380ca8a2a3c6de79012f5727ba12025e7e6723a23a81e067ca6e54c7b38ff64880d235d21e7ee5258953dcbf9e2a962f006ca4ffe870859242c850cbae4222b3b72c4f86934379ba2ead1dcde906241b994d95c88355af5a9a30ace9c933a6942f341ad221dd825846a8fd44c03e2eaa9311c26e15a1bd7cbba961a22ef23d7ebba0e34cec5ef09b1ce72814a97e33bd29f3d9ec80a4f45d1d29486accf15c11f1a800bd84918e7626f678275d7c7acb02cc0e6e34bb766ba6b75c3ad14fca9352e09c3b69390c045cfc842ff9ade8ca693c07fadc7047a946e6e570c3afc5b501c964103397f5ddadc2d59a048348dd42f07cfe31bc9b5ae453f5086bb41bba4c8a3e518e30b0855184b053f923025dd72ce1bcbf41231978b34a8547c71d7313992165078903c61d312b0d9469413c9fd97ccdf0ea270fb6c47ec8861a1c8d909eeace761b5a06ba46e25785ff87f867777abb237c6c980687991f1ed0157d58492260c712cec34c1fc0962103955db4d5090b6e8409cf3c3c79d0e691cf4fbc0b2251a016dcd456969cd32e5429533bf0d6f8bda84c05f0e2040de8b53bfb8676eec4b76c3df6f46b1e43732035dda577e75f640777f6ae90fd2f1af42ba462dac732019c599bfef01acd6a0d4d1796bcb8f58519d6f9ad9a3206704a94d472516b988141f44ecd2e6f28a49aa0c449db87972fc995a97379914546ea43143ea2cf779a9cbe81f111fe89129db3610492164ab2598eca7e60d9a6963d8ba03a86729db86e420fd96d61b8fb11edc2b339b57a740074ae5b775eaf60cd85dc934e604bf2b4bd58ee01205b4df57ac20ff8db45a05982b579643882407050c005102a2e71f1e56dc76dbf5331112e83e48bfb5cf2a78a893190d78426175c162ffaa7278a43b9932318fc17fb8cb0dfac610b1ad235b91f9cb7623b155117e07f7b876a3c37627aa31eafed141cc0c5491c4f621a66b6d837a144d78719c46511c04a093cf65fce9fabe5bd6d499eceb63538ece3cf19053550a239bf978c08c879f9954485a4e3e0d5bedb84b407ced85c4dfc4d75af116815992c29f0bc927c4a990c38ae4fcc9feb90fec1b1b555e04d010423010855394d5ccfc8ed21164190cd8f83be5debb70290c3547f07e4dc42814f1e001798e6ceee2558b0c6ff8c1759f90269ee226131116332b99ac8dd104c92088e1f91ace3198c0f59bfb75c4e4a697660eed43a29c831a552de37fce6dce96fa51b6e2111f3071a4e94422d15e102e5f67da7ca6cae6bed7743ebffacb8a811a143605791d17232181a517e872f71262c3c73668f0ef83aad498f67fa26bae698cf78f24c2dbecd399a190e6b8d0684e929f2e8083765eb2c67793a1adbb89d36b58bfb197cdc5f3c894ac9d886e8f3b0936fabd233c09de8fab8099f72a74d908ba5c5e4d39790b0bf9e45b710f5587b7c937c76690c5c5fce621a53a9fd03b0a4ee6d8d1abbe2ed561820a77f12a08cad0755540ab6dd1604b7c30a8652995ab80b85e919011de9438a4637eb0291124ed4b745e782cff98510cb03be79c2a81351abf276584d75cdd96b9c97e73eb71000b3ab7c3c19c2cab4497298fcb3052b5d4503d05e7f310318be6f848547b1a4f4db82caee190801478be28065036aa4d91f290c1f396343e73a5fe8bb5ccf0a317177ed1f77acda1a4a49dccfcab8d1b5d79f015f788b6d5e9f8228a8bcdc0696e6b19f5edffbcd7e9509c87fbe1f726b93bf8c6d8d37428763e142560c46c9e894f7317859000c25abc4f3691ebcd020171e0d4911b5d97a238109aedeb00b2eb475c1e7b45175f8aa85193b5c0f43b434c15de01610c4d022646cd6e3637f349a434a77f571ac1c5d698452d1b991e267f78dca5e592ecd31ccafcad84e4e98d134b4adc525b81bd6843428883023a6ea407201738c8bf16b541ff7280274a34d4cf14819f2dbae167ca0cae8471c495e006b45194ad91c4516f21cbb10e0d26fd5d734cd7725df5b3fbe92955f4a9bb3b9b813aeeff79d6ed5db92def19d060a208c3ec8c42c110786f1e1496c50a7249b03fc792764366894a35320b99d0bef9fd0b6a246c36a357c6b985dc83a37a8d9b8b9ad643dea94860cbe763bb73cc8422b69d4d12332242c8954075fb7117a6679638073617abcdb4619855b2036af160647f66b3531645a3bf047ae290d6ae2249f114e7a8464278bae1486022bcc7c37390c8d9a0efb0e1cfa0da8ef7a5e072f99a47ecc75e4e442880375193db49bb82ba34901286ca473ed5b63e4048db4dc455e74b3fdd2e7898ca3f4c3a02d435cde6141eea645055123a7dcf0d22057f8d425701afc55859f5147954e719d58c7486b1e02ac16cb799b77632c66bb78e6e52e11017c1736424fa4d433f1e19b4c881d23f0b2a12d5fae3ae24339088088d9b496ad97bd9f6e20a8597d1452a0c72dcf43dbbda8f18166585c06d21fbffe5fe7b55f71c9b9f1b34a02bd05ca63c7c1b1bebbb9dd24fb10291b04c665d45154dd28b85d821ce7e613119128996785e1006a8dabc4899b10d2671107d5a0658ed363b9d4b39d02f8cc5e350fbf0a31048adecd1f9e2ca749bd86f195eb48e9b4605f050de03d642940d79184618f7f88a9a0a4683ad84d6134e395305bc1d4d9d17cc334b97653529d6682a87a5fac80a6d46d6e72fc22e58be7b8f8617b3372ef2622110ab1ec448717118b257acffe55d18c7855e9e8710ad977a6792b2315a189eb4468c68641e9b60c0dab7016ac1ad63cd8004b6eca8fc88b1e4263acc00499255c16b11487a0af858075f9c892dc8044c4146e5a5677c4a2cb24bde5e078985020d4ab1e4c87492e76b7e6f4bbd71d84bab1885c9702849e70cf728776b1a94c2a8fb8c7ca01b6111ef6f2032a290949bfe473fe215273b8b5b3ad540f187490f63077dccbca6f62f0a7a66717c596cdef412f2560b10685ede967b3ee68b8c951959aeb1d7564c3b9d806b2ce858381393a79916b78f7e90beadae30ffc0b2b614380f1c2cc551a44565209db3516be379ef566ab00c673fd8aaeeecdcf1168c1960e9a477b9e13757498a44ff089351d1f27abf9fd76816f924504647d1247715ca861ebe624172c322146d66eb2b247f8ecb3e1b5ddca89b287c57510cec40fcf89d802cf4368a861af320e01e34f7a6177d4bc549181b5e87ecdfe02f78c9a59a3bf91ebb6364023ec06410e7b4476ec4e3685bfa3bfe9ef9ecc12dcd899abe0f3c7f16b4686801c0c0a949aa26bed57df56f2bc54ef19af7fcbc7b0d691075f42a4a67acf980b568acb2342f42249f7c1ee3527c13182b096064ecd250887a942d26f637e1c4041b139659d2462a68680bb04387a3b399e396b9fe74de10356125fa47d0a20827370cbf36a79b6fffade91c439dd6cfff4bbe0dd3efefb61c491ee32f935d62307cba369ac8c20f6fe3d4857ce6d240ece5e4d149f0587155a8350fcc18efae2ff11cdbe15218a82499a1996df8b5462ee170b284321e76bbe5c3f4158387644d95f087c598e3d46fbe27f63fa784bda239512113424045a2c5dbc6bc3662ca730a86d13cf8f6fe2743224ca7b535caf6b4701a7dae9cfad3d7290104bbba15b6a064ae6e909a099f75fbe47c9e654d8e3b8dc0f3dbffe829e6c56f7a241e565136812a857f59ab565a9991c6b1d8abcc94c6b33bba314f6e5060e657e4647f969a551dd6c51dfca0ff5d9e4f401fedbc2c927eb1ed95ef25f4e5accba4999322ba1539499310dd5875433a22835cfd42fd77fd4680b7fe767d7aa5c33acde04a65bd3a663fcde4c80e9f2af498f13bf9abbaa1c1265edc691e94abdcc92270c05811cd2a8104eb18efbfec9e4ba9ae5cde211b9b93082ce034b6cd5fbe9cfbac4f7e2404ef159766124f73017cc3600f3c81cd78db25fc3459629eaf20dfdb062c7e502aa69412381d847a9d254d5befc451cda3606f0bc8ae62e0aee928f9ed0b21d705a8d31b899e16445ee064563d32f7b6bb5ad197023cf528d9b329ec67815c6ddf27d2a6ffa7328bb993407cde3d166159fd49fe469254b84c2916daea8df9d69bef019f1351b9bce193e30278835b82ea5f60dc0bdd7f7452b7a820ae7cd6dc29d7ac6a6c1b6411711a96338b1e769146b2a385d282bfaae61b041166efafab2d89a4567b9460cc22d752f8e9aacaaa0db7c84879f5359662d55df6570d4214740851c74574ced733807cbb54571110410892394c3dea07bd4154d0e5689d57c3360207dac951f96a358e9c466a5c5113f3a632e184f57f075edef4dcc9721b963beb95df09dedf848260cbc1ebfdc7408218eaba6d2c51928cd37c4c0c9f321fbb0994a56947cfd9643056db5dbea60a241f8f004c932bc8e645b2ec2eb9bc4e9e2f4156293234d05e70cb26b8a370b0206c756bda6defc11c5eb386640f535a4ffb714168defc6d82f40d8f5ba8768537ead5773c53bd779ca899a2dd31c9138569ff5107c2fb12b804375c3b3dc9b828bfd550328adf358f71e86a0c49fb119f5ef9e06c13855cbfc7d1a62ca2ea655ed912a6dc7bb8b18656e8923fc7a1702ab36947d79384d681c31923e98cf40209f776bc2b219a7ccd139e756a905aa351e6eaae90770c8a193f96cd5c66e4d77a357985556e14333716d80204a5c390e0d76f4081afe917f99ad8a0976b3342f51854b374b4baa9a7f22124d2b82749446e30d9795acb9c3c3a305a6d273ac528e8e9c95c37a78e765fdda55982c2961fbc85a14fc095a78b4654ee6dfc3298749a639ab9c8e155af3a77f8a409ce174532a492ef550a140f774d77d732b3b4ca5bc41fa4488ce5957ce219b032ae1f585273748d81b19edcf3e6cb9a93ec24e41c6b3c472f9baf3ca46cb8b9a91df18acebe7d83bd4473750c4f26806da2f95b9ea48b342460af729ab15e9f033eda67feec645f985d4b9489cf6ceec1b100d007bf46c74be53c7ea17296f9c5b5cbae736491213c93b513009ebdecfcd60d46d7b86c6e3b5e288f2ba5867c07936e7bd1b00de52191eb8630ff82ccafb27a59295164751811bf74eff1e5e2abdf3c93bc5dc9814be83b2562477935e2fa30db7ebb6ec380170cf10c1f98f8c5eb71c730c2b31b55a1dd1c12a64802ab95b63c529e0a96cec8f38680221d6089926d8309796c79994d63b67bfb62f66b4a502f30ed12be41e896e88bc45a160a526fbd5f002e677322f116ec5740d7563cd23ee853c008b84998e38fdf158556e28a532573956e7c00f91f08ca245c295a3d5e003a99ea727f61d12893b435d4c8f2f5cce00c6a3091e2a47f290c07168975c53d7529b71d10faf42d2bac9db8d53669cf59c709c25e9e40b5feaed4c37dde8b84c4961c00712326fb6aaa06e80d766b40b72480f3971def61d1d129676df2478e778d899ed317426ec33e496d1fdd2ec27128f8faee92828e13da72d6aee8330a7988ea1cc8b64ec4d8b20990864c16c52c4be6d00b304b87d97bffdd9c66a740b517223089d9f3f414abedc53c768dab9220b980e6c18d5f20ba8994cc8886d7bdee213442f456d79fce1b1eb48fbf600a666c8ade24d118e6328251cf7b57a6285c650e019850f392b1c29aec5c8fc489a3819d60d5de377d4c11b8ee5625b7c02c5d50d2af3397006f2e2a41a06f039229eef5878ed91f9f6be7e988924dbaeb8455f616275e8698d93fb536e2c839b203aa69bceceddbf9c53f8addba53d50ca0f7a4729a42ac6eb757f1b408ad4a0147546173e62f7621eb18a9e1681510cceb48e0a30ab7a1bf71d56742d5f034f2d725e7ea68a011dbb100fa6eefe4ee093873de366d34f4240ca027a25c5b979c9ac47dd1dcb6ed82c4aee09dcc23cf329a8644f89b5cf00e5683934b1837574e9b39b31b1009f276e15aa040959fdf100838ca3f5ab17e45036668d06044e3a13f3a0a6f68579e50d5b0164f900d7bcfcde78396cf30f0b1dff76dc397ab1a5a44b207eb1eaaf73b945c575029ae2dce20724991e6550155ded6a42672609f2439c5aab4882b2ffaf7da787b71d05d15516bd68c6f1a9d79b675395845f24ee853f877e72c14b6c6702f7b8775ca1bfabbbcf4019f7bccf07f1c211531dfc66a7a1df79e92a20dd1cbe1b22e1209e7e3ecb9d3c2450fc22a57bfe09bd735f61c361cdac2488ae0adc7885edc0712655daaf535e1de96ccbe7869d531d8bf3db512fbd17c772332a3f8cf1e052ee0202eb99a36a0f8d7219888acbb57090cdaf3b28e1e62e8fc2ec237bdf18592a7afe4d8390dcb5e7fcc31bf4f797e6f5710070902265cc2e8c459b7da1451046abd6c8c5b02c0be2d2f505a65376266563ac7b59ef3b4e2570a6cb0bd94d46ad861317c743ce1de12bfa2295a98cdded4414d87a1580b1e4675bbdf73a22cac4a1d8d456d089e0b60cbfd16158f073bd1dac481db49fa5d8801d0fb0844b4afec1bab4e61fa0f381fa667880a1cd8163953be7b591cc9dfd7f91902370b783ae8a0f3c7cbefa7d229a37c00f523529e159b11d2e240629b64af2d11404773e991207a722c320221ce23baed7cbe40a440c5680814b122cfba9092fe03478f85adcbdeacb76d6cbf2491eafae98327b278e267821a0e1cd06ef90cb0328e246c19d8c63b9332291a89bc9f989effc675c79a870ac024756c6f5a7e32babd69625d61487ae7399490b70dd0fade7d70ad9b0757300a2dde77abaff4f63a0303853589d44efa968e10d36561f04408ad0cc227fc6b2f904cead189a0fcca9b2e6cbde5498652e0b3bc9d8b7921474403718feb5cc750dc70f5a9b1a0ae2c642015b6a1a8ab0572182b4e39e0c869cbdc60c9465f5d564d18ba2f5b3bc3e05a458744077430c5ea031ee02dd8f0a65d7dd8d90dd9b8717f77d202239a5778719423fb2aec7ca86eb07c39de65a34b988d65377a7473e9145f16d79593e96903330bbf3a8024fc15519d9baa0fae2018786f4b1846fca355ff0fccf65cccad1896309a5ccf2056dd542c929850cc91cd655962360fe316557ab3fb378328f77a07d9da24447d3fa2020b382ed2e808ec9529a01273434c64b0b7c35a06a019e4ab51cdc9c0f266ab25b6984338a0ba910d1060283b636c5d7e8a3f969c1ee1c99b54bba7ff3679fbeecbb70349f076480a867cc4ee4cacaea39c80f642533599486d2ffb77b8c9109a9d25fa0b06e58eca764f7d56469eb9547036bbea9d5c3d35b4c1fbc3d39a372c2b7ad184965cad3819c8928f1588d00949949c0c4c93d30ac7f6665247c0108bd89dff3aafe780ac66febfacc8c6a3cc387d09da6de700487a80e2c8d56df94d7ebd3e1d9e06411a6c5f7eb6da41c6f52997b5ad47ba985261103fdf12eb4a2828b248f652ef00b6abccab2eb161b878b9dbc0aa911405b6f67adda83c16187748d7b524ffe6381f489f432d592e6171bd9ccb2cd52f977143f57fbf2ab0b823d449ae55f02440972334344cda01837b93afa4f46a2fdefe27e92764cf9596780846de2e3b1ea83e62ee43b1c05aee675e25363504addfaa68e7c53ed685413f5ba951f120d0a646e474872c81e5a887464c19f8460ae814ffff24cb51dd2dca28d597ab2ea60949f8dbbe67f263e722fdb51bce4e328a19f5ff1218e1f63b8da6d40dbd5490964499b2522ea323310634893ead661407966207a66ab13adfcf1a725ed14339c46011c0e0401f2386b47cd9f902fdf84bc85e74d3ae7cc544e4d65670a554a537712c6ee9f75191631d2a4c4da06fc38423b1d5b828d7201235b2974164f52aa16bee70ee509250752f4fdd6b9f8d021943df8320682a6f80ff0d67ab7a4ceea807bd5b3b7b6380b0c7f0caa67b0208ba71317f0355a3b755af0e2c007186389438615df80b7b25104a733fc90625b62682198733c0f1625dfaa08cf81e3df043094b7b5a098b3b36f803b5b0f10a057bf814ae3579932c0a5f208985bab3d817f975283b8838ae5cb709be72b58df7425e059fdbf4e0ee51b3da01fe0b44963c1196baee5ec5909ad80d9d1660f3edd90374952a0bf8b3bece2c2f944593f4de7de5e05ded096b8f4f05d65dfc2e806f78220d84b3db564fb12f4e5e8f5eab316591f004e9374cce8e787263bc3827affe6793c130b8621d3bbb2a86fd87f070ea21718281ee7aec4bb3bb71af4bf5721cecd139c4be8c9df4ec8dfb09a5cf1d86a25d39faa9f064a997c214f334e4410917fc3b4d67ada8d87a38c0f86b02bf653dddaeb5b75b300f8bcfd792858bef8ab23e063421939c59212964c9ed5dd56e215db58cef53d31a966bb8ce4ed56287fecb3a85ba435e0b41b20ba1164b9c9f2c49fa0f7b17a89e0ec47eefe992d63ee29c8c0a1ece2664fee8edadd43636a54c48519b4fcf55b0d9103602b92441a5f85cf8c5e406d0f5815f8f37309934bd78fbc2acf0a03b051b4528db4f7c09de7d0aabafca3736b8259c818ca338ca6754e0747717c2794d664a1cacc1e9c52764a308e6df73d975638630b74cce6c49b1bac16454e96852c4f9d8ed118e86d2f1c8dc33bccd4a07be128db5e80f5684ddcc1158e744411acde590f902f0987cfb750bb5bfeed53bff076868986b566d7701f48ddfcacbd325c8d930bcef26713bf60585d5c991e2a6cc33ccbc27f7ddfba18f998497c2eb378cc8f2cc07a1b4f141c5e0fb6f52e18242e505bcf6dd20e33a469d056a0b4fd5e72d0da9d0bcce1e2f9e9dc7d1c7b6cb0f3604287eca", 0x2000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x90, 0x0, 0x0, {0x3, 0x0, 0x0, 0x0, 0x0, 0x10000, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x1000000, 0x0, 0x6000, 0x0, r2, 0x0, 0x800}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
write$FUSE_INIT(r0, &(0x7f0000000340)={0x50, 0x0, r1, {0x7, 0x2d, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, 0x50)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x0, 0x0)
ioctl$FIBMAP(r3, 0x401070cd, &(0x7f0000000040))

6.888525441s ago: executing program 6 (id=2722):
setgroups(0x0, 0x0)
r0 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
getgroups(0x1, &(0x7f0000000280)=[<r2=>0xee00])
setregid(r2, r2)
capset(&(0x7f0000000380)={0x20080522}, &(0x7f0000000040)={0x200000, 0x40200003, 0x0, 0x6, 0x7})
fchmodat(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0xffffffd3)

6.475182302s ago: executing program 4 (id=2724):
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
syz_usb_connect(0x3, 0x24, 0x0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000fff000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000006000/0x2000)=nil, &(0x7f000000d000/0x4000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ff3000/0x3000)=nil, &(0x7f0000ff6000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc8a2, 0xc000, 0x1, 0xf3})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@deltfilter={0xe, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x3}, {0x0, 0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x8010}, 0x0)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0xc, &(0x7f0000000100)=[{0x1, 0x36, 0x5, 0x537}, {0x27, 0x8, 0x9}, {0xe49, 0x2, 0xfa, 0x4}, {0x5b6, 0x8, 0x1, 0x2}, {0x2, 0xe, 0x80, 0x1000003}, {0x1ff, 0x5, 0x10, 0xf}, {0x2, 0x0, 0x1, 0x9}]})

6.447691575s ago: executing program 8 (id=2726):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000006000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc4c0000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000020000380100000800c00018006000100d10300000c000080080003400000000214000000110001"], 0xb0}, 0x1, 0x0, 0x0, 0x14}, 0x40)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, '\x00\x00'}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000001e0a010100000000000000000a0000060900020073797a31000000000900010073797a31"], 0x70}, 0x1, 0x0, 0x0, 0x4451099e661a63b1}, 0x0)

6.440791103s ago: executing program 6 (id=2727):
syz_usb_connect(0x2, 0x24, &(0x7f0000002040)=ANY=[@ANYBLOB="12010000fe76181004160780a6af011703010902120001000000000904"], 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000300), 0x10007, 0xbc03)
r1 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'dummy0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newqdisc={0x44, 0x24, 0xd0f, 0x70bd2b, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0x8}, {0xffff, 0xffff}, {0x0, 0xc}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xfff, 0x40, 0x172}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x3000c81c)
r3 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[@ANYBLOB="e03f030025"], 0x33fe0)
execve(0x0, &(0x7f00000005c0)={[&(0x7f0000000480)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01']}, 0x0)
ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r0, 0x80dc5521, &(0x7f0000000480)=""/142)

5.824050219s ago: executing program 5 (id=2729):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
r0 = landlock_create_ruleset(&(0x7f0000000180)={0x100}, 0x18, 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x200000, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r0, 0x1, &(0x7f0000000200)={0x100, r1}, 0x0)
close(r1)
umount2(&(0x7f00000002c0)='./file0\x00', 0x0)
close(r0)

5.731117468s ago: executing program 2 (id=2730):
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)=ANY=[@ANYBLOB="300000002d0001002abd70000000000008000000", @ANYRES32], 0x30}], 0x1}, 0x0)
r0 = openat$ptp0(0xffffffffffffff9c, 0x0, 0x481, 0x0)
dup(r0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$nl_route(0x10, 0x3, 0x0)
write$binfmt_misc(r2, &(0x7f0000000000), 0xfffffecc)
sched_setscheduler(0x0, 0x1, 0x0)
splice(r1, 0x0, r3, 0x0, 0x4ffe6, 0x0)

4.882581272s ago: executing program 8 (id=2731):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f000049e000/0x1000)=nil, 0x1000, 0x2000005)
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f00004b8000/0x1000)=nil, 0x1000, 0x10)
ptrace(0x10, r0)
wait4(r0, 0x0, 0x40000000, 0x0)
ptrace$poke(0x1, r0, &(0x7f0000000000), 0x7fffffffffffffff)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x2)

4.872746089s ago: executing program 5 (id=2732):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @multicast2}, 0x2, 0x0, 0x4}}, 0x2e)
r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002cbd7010fddbdf2505000000080009000200000008000c00a80a0000060001000500000008000b"], 0x3c}}, 0x20000034)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r4, &(0x7f0000000080)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x2, 0x0, 0x3, 0x4, {0xa, 0x4e24, 0x21f1, @local, 0xa493}}}, 0x32)

4.822388124s ago: executing program 3 (id=2733):
r0 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r0, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x0, 0x3}, 0x10)
r1 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000180)={0x42}, 0x10)
sendmsg$tipc(r1, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)
r2 = dup3(r0, r1, 0x0)
sendmsg$tipc(r0, &(0x7f0000000080)={0x0, 0xfffffffffffffe13, 0x0, 0x0, 0x0, 0x0, 0x4005}, 0x20048001)
setsockopt$TIPC_GROUP_LEAVE(r2, 0x10f, 0x88)

4.428944065s ago: executing program 4 (id=2734):
syz_usb_connect(0x2, 0x24, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r0 = syz_open_dev$dvb_dvr(&(0x7f0000000000), 0x0, 0x0)
ioctl$DVB_DVR_DMX_SET_BUFFER_SIZE(r0, 0x6f2d, 0x7fffffffffffffff)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
ioctl$DVB_DVR_DMX_SET_BUFFER_SIZE(r0, 0x6f2d, 0xcb)
prctl$PR_SCHED_CORE(0x3e, 0x4, 0x0, 0x1, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)

4.395140478s ago: executing program 2 (id=2735):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
close(0x3)

3.848590665s ago: executing program 3 (id=2736):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket(0x200000000000011, 0x2, 0xd)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'syz_tun\x00', <r2=>0x0})
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r3}, &(0x7f0000000840), &(0x7f0000000880)=r4}, 0x20)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000280)={r4, r2, 0x25, 0x0, @val=@tcx={@void, @value=r4}}, 0x1c)
syz_emit_ethernet(0x3e, &(0x7f0000000140)={@link_local={0x3, 0x80, 0xc2, 0x0, 0x0, 0x1}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @broadcast, @loopback}}}}}}, 0x0)
listen(r0, 0x0)

3.219728978s ago: executing program 2 (id=2737):
r0 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r1 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r2 = openat$binfmt(0xffffffffffffff9c, r1, 0x42, 0x1ff)
write$binfmt_elf64(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c4602010103fcffffffffffffff03003e005666d37500010000000000004000000000000000df012000040000000000000003003800010007000200010003000000000000000300000000010100ff"], 0x509)
close(r2)
r3 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
close(r3)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x401, 0x0)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

2.997209952s ago: executing program 5 (id=2738):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000600)=0x9, 0x4)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000600)=0x9, 0x4)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000000)=[@in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x26}}, @in={0x2, 0x4e21, @local}], 0x20)
sendmsg$AUDIT_SET(0xffffffffffffffff, 0x0, 0x8800)
listen(r1, 0x7)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000200)=[@in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x26}}], 0x10)
listen(r0, 0x7)

2.883808008s ago: executing program 6 (id=2739):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000000)=0xb6, 0x4)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
recvfrom(r1, 0x0, 0x0, 0x32, 0x0, 0x0)
syz_emit_ethernet(0x2e, &(0x7f0000000380)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x40, 0x100, @void}}}}}}}, 0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)

2.152474277s ago: executing program 3 (id=2740):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000080)=0x1, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000000)=0x2, 0x4)
setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f0000000400)=0x1, 0xa)
connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x22}}, 0x10)
sendto(r1, &(0x7f0000000540)="f6", 0x1, 0xd63a66976f7dfbe0, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x3f00000000000000)

2.060143374s ago: executing program 8 (id=2741):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0x5, 0x4, 0x2, 0x4}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB='\n'], 0x48)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000d80)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b705000000000000850000009400000095"], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b703000000000000850000007300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)

1.593258606s ago: executing program 2 (id=2742):
r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000200)={@cgroup=<r2=>r1, 0x6, 0x0, 0x50d6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}, 0x40)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000440)={r4, r2, 0x15, 0x0, @val=@netkit={@void, @value, @void, @void, r3}}, 0x1c)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000001c0)='./file1\x00', 0x3000046, &(0x7f0000000a00)={[{@jqfmt_vfsv0}, {@user_xattr}, {@inlinecrypt}, {@oldalloc}, {@data_err_ignore}, {@nojournal_checksum}, {@errors_remount}, {@mblk_io_submit}, {@noblock_validity}, {@noinit_itable}, {@nombcache}, {@norecovery}]}, 0x11, 0x56b, &(0x7f0000000440)="$eJzs3c1rHOUfAPDvbDbp6+/XFEpREQn0YKV20yS+VPBQj6LFgt7rkkxDyaZbspvSxILtwV68SBFELIgHb3r3WPwHvPgvFLRQpAQ9eInMZjbNy26ybTYv7X4+MOF5dmb3me/MfJ88s88uG0DPGsr+FCJejIivkogjEZHk64qRrxxa2m7h0Y3xbElicfHjv5LGdlm9+VrN5x3KKy9ExK9fRJwqrG+3Njc/Va5U0pm8Plyfvjpcm5s/fXm6PJlOpldGx8bOvjk2+s7bb3Ut1tcu/PPtR/feP/vliYVvfn5w9E4S5+Jwvm5lHFtwc2VlKIbyY9If59ZsONKFxvaSZLd3gKfSl+d5f2R9wJHoy7O+lR8P7OiuAdvs84hYBHpUIv+hRzXHAc17+y7dBz8zHr63dAO0Pv7i0nsjsb9xb3RwIVl1Z5Td7w52of2sjV/+vHsnW6J770MAbOrmrYg4Uyyu7/+SvP97emc62GZtG/o/2Dn3svHP6+vGPwOxnJv7G3/Xjn8Otcjdp7F5/hcedKGZtrLx37stx7/Lk1aDfXntf40xX39y6XIlzfq2/0fEyejfl9U3ms85u3B/sd26leO/bMnab44F8/14UNy3+jkT5Xp5KzGv9PBWxEstx7/J8vlPWpz/7Hhc6LCN4+ndV9qt2zz+7bX4Q8SrLc//4xmtZOP5yeHG9TDcvCrW+/v28d/atb/b8Wfn/+DG8Q8mK+dra0/exvf7/03brVsVf3R+/Q8knzTKA/lj18v1+sxIxEDy4frHRx8/t1lvbp/Ff/JE6/zf6Po/EBGfdhj/7WM/vdxR/Lt0/iee6Pw/eeH+B5991679zvq/Nxqlk/kjnfR/ne7gVo4dAAAAAAAA7DWFiDgcSaG0XC4USqWlz3cci4OFSrVWP3WpOntlIhrflR2M/kJzpvvIis9DjOSfh23WR9fUxyLiaER83XegUS+NVysTux08AAAAAAAAAAAAAAAAAAAA7BGH2nz/P/NH327vHbDt2v/kN/C82zT/u/FLT8Ce5P8/9C75D71L/kPvkv/Qu+Q/9C75D71L/kPvkv8AAAAAAAAAAAAAAAAAAAAAAAAAAADQVRfOn8+WxYVHN8az+sS1udmp6rXTE2ltqjQ9O14ar85cLU1Wq5OVtDRend7s9SrV6tWR0Zi9PlxPa/Xh2tz8xenq7JX6xcvT5cn0Ytq/I1EBAAAAAAAAAAAAAAAAAADAs6U2Nz9VrlTSGYXns/D7djdR3OrrFCNiDxwohdWF3e6ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCx/wIAAP//sIc3PA==")
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r5, 0x6, 0x23, &(0x7f0000000740)={&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x31}, &(0x7f0000000780)=0x40)

1.504709924s ago: executing program 5 (id=2743):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x11, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=<r1=>0x0)
fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x1})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r1, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0)
r2 = msgget$private(0x0, 0x193)
msgrcv(r2, 0x0, 0x0, 0x1, 0x3000)

1.487430576s ago: executing program 3 (id=2744):
open_tree(0xffffffffffffff9c, 0x0, 0x8000)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x51)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x81899, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000400)='./file0\x00', &(0x7f0000000700)='./file0/../file0\x00', 0x0, 0x219d88b, 0x0)
mount$bind(&(0x7f0000000140)='./file0/file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x10a78c0, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000d00)='./file0\x00', 0x2, &(0x7f00000001c0)={[{@minixdf}, {@noquota}, {@grpid}, {@noload}, {@delalloc}, {@mblk_io_submit}, {@commit}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x3}}, {@noinit_itable}, {@init_itable_val={'init_itable', 0x3d, 0x4}}]}, 0xfa, 0x477, &(0x7f0000001900)="$eJzs3M9vFFUcAPDvTH/w21bEHyBIFY3EHy0tP+TgRaMJB01M9IDxVNtCKgs1tCZCiFYPeDQk3o3/hfGkF6NeNPGqd0NCDBdQL2tmZwaWZbfd0m0X2M8nme57M6/73ndm3u6bebsbQM8ayf4kEVsj4o+IGMqztxYYyR+uX70w9c/VC1NJVKtv/53Uyl27emGqLFr+35Y8U60W+Q1N6r34XsRkpTJztsiPLZz+cGz+3PkXZ09Pnpw5OXNm4ujRQwf3DB6ZONyROLO4ru36ZG73zmPvXnpz6vil939O0sjjjoY4OmUk37tNPdPpyrpsW1066a/fsvfXm+lmZwLd1BcR2eEaqPX/oeiLTTe2DcXrn3e1ccCaqlar1SVelRerwH0siW63AOiO8o0+u/4tl3UaetwVrrySXwBlcV8vlnxLf6R5Yu9Aw/Xt1g7WPxIRxxf//TpbYo3uQwAA1Ps+G/+80Gz8l8YjeWIw+/NAMYcyHBEPRsT2iHgoInZExMMRtbKPRsRjK6y/cYbk9vFPevmOg2tDNv57uZjbunX8l5ZFhvuK3LZa/APJidnKzIFin+yPgQ0nZpOZ8SXq+OG1379sta1+/JctWf3lWLBox+X+hht005MLk6uJud6VzyJ29TeLP4lyGieJiJ0RsesO65h9rr/ltuXjX0Lrp21b9ZuIZ/PjvxgN8ZeSlvOT4y8dmTg8tjEqMwfGyrPidr/8dvGtVvWvKv4OyI7/5qbn/434h5ONEfPnzp+qzdfOr+jps64TF//8ouU1TRF/1r3aOf+PbSvO/8HkndqKwWLDx5MLC2fHIwaTN25fP3Hz2cp8WT6Lf/++5v1/e9zcE49HxO6I2BMRT2QXhUXbn4yIpyJi3xI74adXn/5gmfibHP/1mSvN4p9e7vhH/fFfeaLv1I/fLR//xohodfwP1VL7izXtvP6128DV7DsAAAC4V+SfgU/S0RvpNB0dzT/DvyM2p5W5+YXnT8x9dGY6n/cejoG0vNM1VHc/dLy4N1zmJxryB4v7xl/1barlR6fmKtPdDh563JYW/T/zV1+3WwesuQ7MowH3KP0fepf+D70p0f+hp+n/0Lua9f9PW5Ye/XZNGwOsK+//0Lva6P+L+UPrUQFwb/L+D71L/4ee1PK78emqvvK/7on/it8zvFvac/8nIr0rmnH/J/rb/jGLFSSqQ3n/z9ZsaFqm269MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnfF/AAAA//8Qi+Nc")

1.097616721s ago: executing program 6 (id=2745):
mknod$loop(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r1 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1})
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0xe6)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="17"], 0x50)
io_uring_enter(r1, 0x2219, 0x7721, 0x33, 0x0, 0x0)

1.076381262s ago: executing program 5 (id=2746):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
close(r0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000280)={0xa, 0x4e22, 0xd, @loopback, 0x6}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x23, @loopback, 0x23}, 0x1c)
sendto$inet(r0, &(0x7f0000000900)="2e552f5d9fd8b0d9627c4980f0d1ea2bf8f617a682acd2841acd878bd68344d4f50f83b0c51fa9025a01c95d4a068ec8b12d01010000a44c4505ba9a36f2cf4cc5e8308126d0a2c3b9d24e57c5011376b6263e2a1258eec1eb72bedea3eb5ccf73eb081b4c6d5faa998d7b795c057dd757d14200a8a6dbb3e59df96b77d16753ac4b32b94ffe6b5ee304d0428eb18056657c8c5c71c632be66cb26fe5c9abec7591ef3cb9b2a1133e9fa9bf0de6c378bed7b51cb8a07c343aabfda193349b91a5dc81a658cb61fbbfa51ef95abe03381ee2cb8d41da19ea8b96ec68ce17cf57da60f1d04acaf34a643db8d2d5ad2991f306b42744347a0c9e1fe2136b2b3da49032d3a57df1e236222cf6d6fe396aff8e5fe7fff5baa88789b783c12045e2c904a5d118369fdddc3e6e2f24bdbb26df92ac9bf4751c897a87c0223888e36ad14ba6e4d879ff464cac6f13a3a543e067d922e99c50f2fc6391e9c1c82b7195005eafdbb3374200c134cbd0f11739e8c19dd07140686242fea48caf3a1a93b86f35d77f258a2c9ce24cf321068551a584262d7a74a344e428c77c8af755e72904b0ca8a0bb359fb0", 0xffffff5d, 0x12, 0x0, 0x0)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)
io_uring_enter(0xffffffffffffffff, 0x2219, 0x7721, 0x16, 0x0, 0x0)
shutdown(r1, 0x2)

888.578295ms ago: executing program 3 (id=2747):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x180)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000002140)={0x2020, 0x0, <r1=>0x0}, 0x2020)
syz_fuse_handle_req(r0, &(0x7f0000004180)="92756f43b31ffe542788ef586b7c5a344424e3acac2590be6bbe37adface4a8f2e534ffe76a83a93f0b3680a72fddfde83f96d01982384e8d689219cb9669b14dbaa1b799f82ea1fc926126a4163618e16d4f94143a4e0f27c44fcef3920a0b3805ed4e78098d8689cc7791bd86648070718d238664332948d87866c8d2590fc0f017f9853abd9ed60b99f1aa6ae2dbd24ab6dbcebdb055246815ace147cc50fa3b2861148fcda374d5b203e51d72c45e4dde3e9ee9a47ffe458baf7bb49035135a8194aa1f0a83fa2abed56398f90daff679634619453f533f22583a6e0a4dc09e9de46684d5e0136e229510f3702cf3a4cd0065d3e5d3c419e38a80b070ca55010e082a9c510fd18cc0b26bb5e8e459e747befbc5c6b60ace80bf41417b7b78cf57e5b3984f0cdddc615c5e0000454d3f4a196fb6d18aa629cf0b0245f95ba958d86dc175616f8cd3ac473057dc3a5ff7107973326350107f4468e7ecd48d689b82c12d22ae5f1858302a1b4cfde8fd347a99ddcde40d1c49d9b5099fbccf09e782212be4b2ce36a2bc3c9ee794abffe72a5501e6c4f3f7f68b74761ffd6620609224a3bf11f655dadb5c8a5813b02fb46830e9ac6825f5d0e89910352eb3a58c0dd82d094f94dd2c85666f684a8f437bbd0e66b9f4d366117b67a054d212c4fbc287848cb0578391335d5d616b14d99a2e3df8e8a152d5de99bcefcaab5bb5cc71f3ddd66b379c104648e190e0b28a180d3aecc5423575d4ba7dbf31215c717da7b87dd454b6efcd36c91aaa631127f5bd88723d221752f102bc0c7ac6c5c7a1ad6747af40d01b6d39eab7b0e1292b44683c586386ad00acf60fb8f9bac551a6eb5bab7317b5d89f64db10bd9018dfa6d65d93862e851afbc30fd70fe5f0de322462045177231852ca80e4e78da4fea0c79ba354333026c8bc77d308a8d256a19ec45d2088c196691d3f9aac28ded36004a65ee1ce49ba9599ceee84534bb61d02d04a6732f1e27d72962f74b59f3522bf844c5022986d55934e48b8681b7f5b7532391448caeef00315d28320a46d8bd7813544e1e4bf994e14a519c2654ff20b42bdb69c262897e28eca528f0999840b00ed8256597d27cfc20d71d5f40d0bbca759f7594c6034aa1e16a84ed152fad0fdc1c303a7f61225712714f823afc5ea241d482d3585759623af8c97ca6a84a2033b3d7314ea0ef7ba9b288b362a294c92c8b9736829c16f61c5a1ee04aca965d71162292274595ea62c9c2918e8279c99f5d2830c617c58211fd7452330184b9428d5ec1d5cd75ddcc6de3326fdc70e891104b3b013c30ffccfaf3308d9671b01f6b080a930dac2052c6f39817a662121d90d40d6a1facfb50bec7d408030b6d0ae3e744f3bcc327c35dc43cf86b743db78ff2e593b19923235ed6467f299b08718fe1840c16a748935dff941150fb08b30573b37bf9af5c86cc8d9e229a832e4ef25ec91f71120f2b3e9062485976c280a2d172386029e2f2a4801197fca0a13514edacf5ddbac5a62e8bb13dd1572657a821a8739297f72e29239d1cdddf3e30cbe9af3141f2275ee4ae85d86ec888fe9a6751f252057e95b8beb055e276439581afee93cd44f1e92f70e5f725451d3ab662918ffbb1269509fbd511e95a00ec717f9d60d643864abd6ad1cc4dd7f933379a6078a86c2158db8076e7b660366fca7b1c46d09d2c8e67a6494bfb4c2c6750e76593895b5e2b2bc78093840c3c4a807826bc2750a96b4e1dd5b82b492bb2215518c92064d1763c37132604e52e73fac3f4511f791753aeecfbb19816e0da7a1bfbea9eeaa0f256eaedcb119a61f7d0ea0f5cd4969d45cb014800f2c888d5c2217cf0f69a7507779883b57352bb8883cc584891950d6e792537074f4fc4337aa19b9bf60e18edd939d289fb4a6b7aa6c66da20774e249ca4f779d3c910b1a9a8e4c38af6adecc87d5481d181fd66023ffff246f4e2556b218fe8110acebe20b1675f1de6f265b6d1d8514a53522396bf0e2f2b153c498e48b36d16f8b9bd56f45d7f5b9397d7f1339117a176d0bad0b68e800682416d3e18fe2197c7f8dc20600feb95cc6ba86ad47f113e159bd4389e30eab2874bd27eebc56020c4dab9973b13f3e82aa62a7e0a151d73de48cb811e32be63ffd303f5a6ea6f097ed763fbf36c430821e451146de79922348354ce285af0997bf3c66e6ef02942e24b8f1ccdd542f09cfe65c0da0094c0b5fd26bbc061538b41e5ed2cbb390ee29b10a4b7a696009e1b5b86c44c0a561a257c15415feaeb1433ea275ed6e4b228503fe71ee5942665164faaed6697112206be0fe7863aebd4bbe951d5dea1da294dba0793196385f4d5141c9d6c4b0fa22b2e200cfb70b52aca31655e71e5a576ccb8ccb5b1364748aa981edbb81a813b1aebc67be1f7619e7e197622d981280429f6ca5145c5b3b05e6bace9191e5c58fbf140f71f594cbfd4db0e9f6923f1758ff9464a61a720a5d4f09c622c3ce3f5d0d3a1d191111168108f41f12b16e9eaf3617c353715cd35260560cbfd0555d51ce5c40bbdb7c95ceaeadadb8902974de50b0863348183864f5ea682e678286a06a6f396af29a7c7fb33a3579e25835963612f3c0d4cf369d85959a0adeda94d35824050e6fba7f83f90867583f713d7783323c7010e94c9be331f860db395dbde6face5bfdb616fcefa9c6b01f6963daa840a31ff554a458c0c50cb5e09f91f54f63234589decaf45bbfbaef0dcbff4ae6e65ca26a530261c491ef8eb9a855a1d7463391c9b66be96cf24c3c321ee5a5bdc857f60b582683c6ae1e3775b62a9f19ff8fa51380ca8a2a3c6de79012f5727ba12025e7e6723a23a81e067ca6e54c7b38ff64880d235d21e7ee5258953dcbf9e2a962f006ca4ffe870859242c850cbae4222b3b72c4f86934379ba2ead1dcde906241b994d95c88355af5a9a30ace9c933a6942f341ad221dd825846a8fd44c03e2eaa9311c26e15a1bd7cbba961a22ef23d7ebba0e34cec5ef09b1ce72814a97e33bd29f3d9ec80a4f45d1d29486accf15c11f1a800bd84918e7626f678275d7c7acb02cc0e6e34bb766ba6b75c3ad14fca9352e09c3b69390c045cfc842ff9ade8ca693c07fadc7047a946e6e570c3afc5b501c964103397f5ddadc2d59a048348dd42f07cfe31bc9b5ae453f5086bb41bba4c8a3e518e30b0855184b053f923025dd72ce1bcbf41231978b34a8547c71d7313992165078903c61d312b0d9469413c9fd97ccdf0ea270fb6c47ec8861a1c8d909eeace761b5a06ba46e25785ff87f867777abb237c6c980687991f1ed0157d58492260c712cec34c1fc0962103955db4d5090b6e8409cf3c3c79d0e691cf4fbc0b2251a016dcd456969cd32e5429533bf0d6f8bda84c05f0e2040de8b53bfb8676eec4b76c3df6f46b1e43732035dda577e75f640777f6ae90fd2f1af42ba462dac732019c599bfef01acd6a0d4d1796bcb8f58519d6f9ad9a3206704a94d472516b988141f44ecd2e6f28a49aa0c449db87972fc995a97379914546ea43143ea2cf779a9cbe81f111fe89129db3610492164ab2598eca7e60d9a6963d8ba03a86729db86e420fd96d61b8fb11edc2b339b57a740074ae5b775eaf60cd85dc934e604bf2b4bd58ee01205b4df57ac20ff8db45a05982b579643882407050c005102a2e71f1e56dc76dbf5331112e83e48bfb5cf2a78a893190d78426175c162ffaa7278a43b9932318fc17fb8cb0dfac610b1ad235b91f9cb7623b155117e07f7b876a3c37627aa31eafed141cc0c5491c4f621a66b6d837a144d78719c46511c04a093cf65fce9fabe5bd6d499eceb63538ece3cf19053550a239bf978c08c879f9954485a4e3e0d5bedb84b407ced85c4dfc4d75af116815992c29f0bc927c4a990c38ae4fcc9feb90fec1b1b555e04d010423010855394d5ccfc8ed21164190cd8f83be5debb70290c3547f07e4dc42814f1e001798e6ceee2558b0c6ff8c1759f90269ee226131116332b99ac8dd104c92088e1f91ace3198c0f59bfb75c4e4a697660eed43a29c831a552de37fce6dce96fa51b6e2111f3071a4e94422d15e102e5f67da7ca6cae6bed7743ebffacb8a811a143605791d17232181a517e872f71262c3c73668f0ef83aad498f67fa26bae698cf78f24c2dbecd399a190e6b8d0684e929f2e8083765eb2c67793a1adbb89d36b58bfb197cdc5f3c894ac9d886e8f3b0936fabd233c09de8fab8099f72a74d908ba5c5e4d39790b0bf9e45b710f5587b7c937c76690c5c5fce621a53a9fd03b0a4ee6d8d1abbe2ed561820a77f12a08cad0755540ab6dd1604b7c30a8652995ab80b85e919011de9438a4637eb0291124ed4b745e782cff98510cb03be79c2a81351abf276584d75cdd96b9c97e73eb71000b3ab7c3c19c2cab4497298fcb3052b5d4503d05e7f310318be6f848547b1a4f4db82caee190801478be28065036aa4d91f290c1f396343e73a5fe8bb5ccf0a317177ed1f77acda1a4a49dccfcab8d1b5d79f015f788b6d5e9f8228a8bcdc0696e6b19f5edffbcd7e9509c87fbe1f726b93bf8c6d8d37428763e142560c46c9e894f7317859000c25abc4f3691ebcd020171e0d4911b5d97a238109aedeb00b2eb475c1e7b45175f8aa85193b5c0f43b434c15de01610c4d022646cd6e3637f349a434a77f571ac1c5d698452d1b991e267f78dca5e592ecd31ccafcad84e4e98d134b4adc525b81bd6843428883023a6ea407201738c8bf16b541ff7280274a34d4cf14819f2dbae167ca0cae8471c495e006b45194ad91c4516f21cbb10e0d26fd5d734cd7725df5b3fbe92955f4a9bb3b9b813aeeff79d6ed5db92def19d060a208c3ec8c42c110786f1e1496c50a7249b03fc792764366894a35320b99d0bef9fd0b6a246c36a357c6b985dc83a37a8d9b8b9ad643dea94860cbe763bb73cc8422b69d4d12332242c8954075fb7117a6679638073617abcdb4619855b2036af160647f66b3531645a3bf047ae290d6ae2249f114e7a8464278bae1486022bcc7c37390c8d9a0efb0e1cfa0da8ef7a5e072f99a47ecc75e4e442880375193db49bb82ba34901286ca473ed5b63e4048db4dc455e74b3fdd2e7898ca3f4c3a02d435cde6141eea645055123a7dcf0d22057f8d425701afc55859f5147954e719d58c7486b1e02ac16cb799b77632c66bb78e6e52e11017c1736424fa4d433f1e19b4c881d23f0b2a12d5fae3ae24339088088d9b496ad97bd9f6e20a8597d1452a0c72dcf43dbbda8f18166585c06d21fbffe5fe7b55f71c9b9f1b34a02bd05ca63c7c1b1bebbb9dd24fb10291b04c665d45154dd28b85d821ce7e613119128996785e1006a8dabc4899b10d2671107d5a0658ed363b9d4b39d02f8cc5e350fbf0a31048adecd1f9e2ca749bd86f195eb48e9b4605f050de03d642940d79184618f7f88a9a0a4683ad84d6134e395305bc1d4d9d17cc334b97653529d6682a87a5fac80a6d46d6e72fc22e58be7b8f8617b3372ef2622110ab1ec448717118b257acffe55d18c7855e9e8710ad977a6792b2315a189eb4468c68641e9b60c0dab7016ac1ad63cd8004b6eca8fc88b1e4263acc00499255c16b11487a0af858075f9c892dc8044c4146e5a5677c4a2cb24bde5e078985020d4ab1e4c87492e76b7e6f4bbd71d84bab1885c9702849e70cf728776b1a94c2a8fb8c7ca01b6111ef6f2032a290949bfe473fe215273b8b5b3ad540f187490f63077dccbca6f62f0a7a66717c596cdef412f2560b10685ede967b3ee68b8c951959aeb1d7564c3b9d80762ce858381393a79916b78f7e90beadae30ffc0b2b614380f1c2cc551a44565209db3516be379ef566ab00c673fd8aaeeecdcf1168c1960e9a477b9e13757498a44ff089351d1f27abf9fd76816f924504647d1247715ca861ebe624172c322146d66eb2b247f8ecb3e1b5ddca89b287c57510cec40fcf89d802cf4368a861af320e01e34f7a6177d4bc549181b5e87ecdfe02f78c9a59a3bf91ebb6364023ec06410e7b4476ec4e3685bfa3bfe9ef9ecc12dcd899abe0f3c7f16b4686801c0c0a949aa26bed57df56f2bc54ef19af7fcbc7b0d691075f42a4a67acf980b568acb2342f42249f7c1ee3527c13182b096064ecd250887a942d26f637e1c4041b139659d2462a68680bb04387a3b399e396b9fe74de10356125fa47d0a20827370cbf36a79b6fffade91c439dd6cfff4bbe0dd3efefb61c491ee32f935d62307cba369ac8c20f6fe3d4857ce6d240ece5e4d149f0587155a8350fcc18efae2ff11cdbe15218a82499a1996df8b5462ee170b284321e76bbe5c3f4158387644d95f087c598e3d46fbe27f63fa784bda239512113424045a2c5dbc6bc3662ca730a86d13cf8f6fe2743224ca7b535caf6b4701a7dae9cfad3d7290104bbba15b6a064ae6e909a099f75fbe47c9e654d8e3b8dc0f3dbffe829e6c56f7a241e565136812a857f59ab565a9991c6b1d8abcc94c6b33bba314f6e5060e657e4647f969a551dd6c51dfca0ff5d9e4f401fedbc2c927eb1ed95ef25f4e5accba4999322ba1539499310dd5875433a22835cfd42fd77fd4680b7fe767d7aa5c33acde04a65bd3a663fcde4c80e9f2af498f13bf9abbaa1c1265edc691e94abdcc92270c05811cd2a8104eb18efbfec9e4ba9ae5cde211b9b93082ce034b6cd5fbe9cfbac4f7e2404ef159766124f73017cc3600f3c81cd78db25fc3459629eaf20dfdb062c7e502aa69412381d847a9d254d5befc451cda3606f0bc8ae62e0aee928f9ed0b21d705a8d31b899e16445ee064563d32f7b6bb5ad197023cf528d9b329ec67815c6ddf27d2a6ffa7328bb993407cde3d166159fd49fe469254b84c2916daea8df9d69bef019f1351b9bce193e30278835b82ea5f60dc0bdd7f7452b7a820ae7cd6dc29d7ac6a6c1b6411711a96338b1e769146b2a385d282bfaae61b041166efafab2d89a4567b9460cc22d752f8e9aacaaa0db7c84879f5359662d55df6570d4214740851c74574ced733807cbb54571110410892394c3dea07bd4154d0e5689d57c3360207dac951f96a358e9c466a5c5113f3a632e184f57f075edef4dcc9721b963beb95df09dedf848260cbc1ebfdc7408218eaba6d2c51928cd37c4c0c9f321fbb0994a56947cfd9643056db5dbea60a241f8f004c932bc8e645b2ec2eb9bc4e9e2f4156293234d05e70cb26b8a370b0206c756bda6defc11c5eb386640f535a4ffb714168defc6d82f40d8f5ba8768537ead5773c53bd779ca899a2dd31c9138569ff5107c2fb12b804375c3b3dc9b828bfd550328adf358f71e86a0c49fb119f5ef9e06c13855cbfc7d1a62ca2ea655ed912a6dc7bb8b18656e8923fc7a1702ab36947d79384d681c31923e98cf40209f776bc2b219a7ccd139e756a905aa351e6eaae90770c8a193f96cd5c66e4d77a357985556e14333716d80204a5c390e0d76f4081afe917f99ad8a0976b3342f51854b374b4baa9a7f22124d2b82749446e30d9795acb9c3c3a305a6d273ac528e8e9c95c37a78e765fdda55982c2961fbc85a14fc095a78b4654ee6dfc3298749a639ab9c8e155af3a77f8a409ce174532a492ef550a140f774d77d732b3b4ca5bc41fa4488ce5957ce219b032ae1f585273748d81b19edcf3e6cb9a93ec24e41c6b3c472f9baf3ca46cb8b9a91df18acebe7d83bd4473750c4f26806da2f95b9ea48b342460af729ab15e9f033eda67feec645f985d4b9489cf6ceec1b100d007bf46c74be53c7ea17296f9c5b5cbae736491213c93b513009ebdecfcd60d46d7b86c6e3b5e288f2ba5867c07936e7bd1b00de52191eb8630ff82ccafb27a59295164751811bf74eff1e5e2abdf3c93bc5dc9814be83b2562477935e2fa30db7ebb6ec380170cf10c1f98f8c5eb71c730c2b31b55a1dd1c12a64802ab95b63c529e0a96cec8f38680221d6089926d8309796c79994d63b67bfb62f66b4a502f30ed12be41e896e88bc45a160a526fbd5f002e677322f116ec5740d7563cd23ee853c008b84998e38fdf158556e28a532573956e7c00f91f08ca245c295a3d5e003a99ea727f61d12893b435d4c8f2f5cce00c6a3091e2a47f290c07168975c53d7529b71d10faf42d2bac9db8d53669cf59c709c25e9e40b5feaed4c37dde8b84c4961c00712326fb6aaa06e80d766b40b72480f3971def61d1d129676df2478e778d899ed317426ec33e496d1fdd2ec27128f8faee92828e13da72d6aee8330a7988ea1cc8b64ec4d8b20990864c16c52c4be6d00b304b87d97bffdd9c66a740b517223089d9f3f414abedc53c768dab9220b980e6c18d5f20ba8994cc8886d7bdee213442f456d79fce1b1eb48fbf600a666c8ade24d118e6328251cf7b57a6285c650e019850f392b1c29aec5c8fc489a3819d60d5de377d4c11b8ee5625b7c02c5d50d2af3397006f2e2a41a06f039229eef5878ed91f9f6be7e988924dbaeb8455f616275e8698d93fb536e2c839b203aa69bceceddbf9c53f8addba53d50ca0f7a4729a42ac6eb757f1b408ad4a0147546173e62f7621eb18a9e1681510cceb48e0a30ab7a1bf71d56742d5f034f2d725e7ea68a011dbb100fa6eefe4ee093873de366d34f4240ca027a25c5b979c9ac47dd1dcb6ed82c4aee09dcc23cf329a8644f89b5cf00e5683934b1837574e9b39b31b1009f276e15aa040959fdf100838ca3f5ab17e45036668d06044e3a13f3a0a6f68579e50d5b0164f900d7bcfcde78396cf30f0b1dff76dc397ab1a5a44b207eb1eaaf73b945c575029ae2dce20724991e6550155ded6a42672609f2439c5aab4882b2ffaf7da787b71d05d15516bd68c6f1a9d79b675395845f24ee853f877e72c14b6c6702f7b8775ca1bfabbbcf4019f7bccf07f1c211531dfc66a7a1df79e92a20dd1cbe1b22e1209e7e3ecb9d3c2450fc22a57bfe09bd735f61c361cdac2488ae0adc7885edc0712655daaf535e1de96ccbe7869d531d8bf3db512fbd17c772332a3f8cf1e052ee0202eb99a36a0f8d7219888acbb57090cdaf3b28e1e62e8fc2ec237bdf18592a7afe4d8390dcb5e7fcc31bf4f797e6f5710070902265cc2e8c459b7da1451046abd6c8c5b02c0be2d2f505a65376266563ac7b59ef3b4e2570a6cb0bd94d46ad861317c743ce1de12bfa2295a98cdded4414d87a1580b1e4675bbdf73a22cac4a1d8d456d089e0b60cbfd16158f073bd1dac481db49fa5d8801d0fb0844b4afec1bab4e61fa0f381fa667880a1cd8163953be7b591cc9dfd7f91902370b783ae8a0f3c7cbefa7d229a37c00f523529e159b11d2e240629b64af2d11404773e991207a722c320221ce23baed7cbe40a440c5680814b122cfba9092fe03478f85adcbdeacb76d6cbf2491eafae98327b278e267821a0e1cd06ef90cb0328e246c19d8c63b9332291a89bc9f989effc675c79a870ac024756c6f5a7e32babd69625d61487ae7399490b70dd0fade7d70ad9b0757300a2dde77abaff4f63a0303853589d44efa968e10d36561f04408ad0cc227fc6b2f904cead189a0fcca9b2e6cbde5498652e0b3bc9d8b7921474403718feb5cc750dc70f5a9b1a0ae2c642015b6a1a8ab0572182b4e39e0c869cbdc60c9465f5d564d18ba2f5b3bc3e05a458744077430c5ea031ee02dd8f0a65d7dd8d90dd9b8717f77d202239a5778719423fb2aec7ca86eb07c39de65a34b988d65377a7473e9145f16d79593e96903330bbf3a8024fc15519d9baa0fae2018786f4b1846fca355ff0fccf65cccad1896309a5ccf2056dd542c929850cc91cd655962360fe316557ab3fb378328f77a07d9da24447d3fa2020b382ed2e808ec9529a01273434c64b0b7c35a06a019e4ab51cdc9c0f266ab25b6984338a0ba910d1060283b636c5d7e8a3f969c1ee1c99b54bba7ff3679fbeecbb70349f076480a867cc4ee4cacaea39c80f642533599486d2ffb77b8c9109a9d25fa0b06e58eca764f7d56469eb9547036bbea9d5c3d35b4c1fbc3d39a372c2b7ad184965cad3819c8928f1588d00949949c0c4c93d30ac7f6665247c0108bd89dff3aafe780ac66febfacc8c6a3cc387d09da6de700487a80e2c8d56df94d7ebd3e1d9e06411a6c5f7eb6da41c6f52997b5ad47ba985261103fdf12eb4a2828b248f652ef00b6abccab2eb161b878b9dbc0aa911405b6f67adda83c16187748d7b524ffe6381f489f432d592e6171bd9ccb2cd52f977143f57fbf2ab0b823d449ae55f02440972334344cda01837b93afa4f46a2fdefe27e92764cf9596780846de2e3b1ea83e62ee43b1c05aee675e25363504addfaa68e7c53ed685413f5ba951f120d0a646e474872c81e5a887464c19f8460ae814ffff24cb51dd2dca28d597ab2ea60949f8dbbe67f263e722fdb51bce4e328a19f5ff1218e1f63b8da6d40dbd5490964499b2522ea323310634893ead661407966207a66ab13adfcf1a725ed14339c46011c0e0401f2386b47cd9f902fdf84bc85e74d3ae7cc544e4d65670a554a537712c6ee9f75191631d2a4c4da06fc38423b1d5b828d7201235b2974164f52aa16bee70ee509250752f4fdd6b9f8d021943df8320682a6f80ff0d67ab7a4ceea807bd5b3b7b6380b0c7f0caa67b0208ba71317f0355a3b755af0e2c007186389438615df80b7b25104a733fc90625b62682198733c0f1625dfaa08cf81e3df043094b7b5a098b3b36f803b5b0f10a057bf814ae3579932c0a5f208985bab3d817f975283b8838ae5cb709be72b58df7425e059fdbf4e0ee51b3da01fe0b44963c1196baee5ec5909ad80d9d1660f3edd90374952a0bf8b3bece2c2f944593f4de7de5e05ded096b8f4f05d65dfc2e806f78220d84b3db564fb12f4e5e8f5eab316591f004e9374cce8e787263bc3827affe6793c130b8621d3bbb2a86fd87f070ea21718281ee7aec4bb3bb71af4bf5721cecd139c4be8c9df4ec8dfb09a5cf1d86a25d39faa9f064a997c214f334e4410917fc3b4d67ada8d87a38c0f86b02bf653dddaeb5b75b300f8bcfd792858bef8ab23e063421939c59212964c9ed5dd56e215db58cef53d31a966bb8ce4ed56287fecb3a85ba435e0b41b20ba1164b9c9f2c49fa0f7b17a89e0ec47eefe992d63ee29c8c0a1ece2664fee8edadd43636a54c48519b4fcf55b0d9103602b92441a5f85cf8c5e406d0f5815f8f37309934bd78fbc2acf0a03b051b4528db4f7c09de7d0aabafca3736b8259c818ca338ca6754e0747717c2794d664a1cacc1e9c52764a308e6df73d975638630b74cce6c49b1bac16454e96852c4f9d8ed118e86d2f1c8dc33bccd4a07be128db5e80f5684ddcc1158e744411acde590f902f0987cfb750bb5bfeed53bff076868986b566d7701f48ddfcacbd325c8d930bcef26713bf60585d5c991e2a6cc33ccbc27f7ddfba18f998497c2eb378cc8f2cc07a1b4f141c5e0fb6f52e18242e505bcf6dd20e33a469d056a0b4fd5e72d0da9d0bcce1e2f9e9dc7d1c7b6cb0f3604287eca", 0x2000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x90, 0x0, 0xffffffffffffffff, {0xffffffffffffffff, 0x2, 0x101, 0x0, 0x0, 0x10000000, {0x40, 0xd08, 0x0, 0x100, 0x0, 0x0, 0x7, 0x0, 0x122, 0x6000, 0x10000, 0x0, 0x0, 0x902}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
write$FUSE_INIT(r0, &(0x7f0000000440)={0x50, 0x0, r1, {0x7, 0x29, 0x0, 0x0, 0x0, 0x2, 0xfffffffd, 0x2, 0x0, 0x0, 0x0, 0x1}}, 0x50)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x0, 0x3)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
ioctl$TIOCGPTPEER(r2, 0x40140921, 0x200000000005)

851.902632ms ago: executing program 8 (id=2748):
r0 = epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff0000/0xd000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000fec000/0x14000)=nil, &(0x7f0000fe9000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r2 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1})
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="16"], 0x50)
io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)={0x20000014})

756.912611ms ago: executing program 2 (id=2749):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000680)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x130}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x6c}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000340)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x4c, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x20, 0x3, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, '\x00\x00'}]}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x7}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x74}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000001e0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c000380180000800c000180060001"], 0x70}, 0x1, 0x0, 0x0, 0x4451099e661a63b1}, 0x0)

527.874889ms ago: executing program 6 (id=2750):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000240)=0x9, 0x4)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000240)=0x9, 0x4)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
setsockopt$sock_int(r1, 0x1, 0x31, &(0x7f0000001600), 0x4)
r2 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r2, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001500add427323b472545b4560a117fffffff81000e220e227f000008925aa80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1)

468.551635ms ago: executing program 8 (id=2751):
r0 = io_uring_setup(0x1d48, &(0x7f0000000100)={0x0, 0xb140, 0x8, 0x8, 0x196})
pipe(&(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4)
setsockopt$inet_tcp_int(r2, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r2, &(0x7f0000000300)={0x2, 0x0, @remote}, 0x10)
sendto$inet(r2, &(0x7f0000000200)="e1", 0xfea8, 0x0, 0x0, 0x0)
splice(r2, 0x0, r1, 0x0, 0xfea8, 0xa)
close_range(r0, 0xffffffffffffffff, 0x0)

432.486276ms ago: executing program 3 (id=2752):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa}, 0x94)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1007f}, 0x94)
pwrite64(0xffffffffffffffff, &(0x7f0000000140)='2', 0xfdef, 0xfecc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r0 = io_uring_setup(0x899, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1c, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="2ff000fea0"], 0x0, 0xb, 0x0, 0x0, 0x41100, 0x6e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)

296.497931ms ago: executing program 4 (id=2753):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f000049e000/0x1000)=nil, 0x1000, 0x2000005)
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f00004b8000/0x1000)=nil, 0x1000, 0x10)
ptrace(0x10, r0)
wait4(r0, 0x0, 0x40000000, 0x0)
ptrace$poke(0x1, r0, &(0x7f0000000000), 0x7fffffffffffffff)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x2)

278.948259ms ago: executing program 2 (id=2754):
r0 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000200), 0x4)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)={0x9c, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0x14, 0x4, @ipv4={'\x00', '\xff\xff', @private=0xa010102}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x4}]}, 0x9c}, 0x1, 0x0, 0x0, 0x4000841}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)={0x14, 0x2, 0x1, 0x5, 0x0, 0x0, {0x3, 0x0, 0x3}}, 0x14}, 0x1, 0x0, 0x0, 0x20044892}, 0x4040050)
sendmsg$IPCTNL_MSG_CT_GET_DYING(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x14, 0x6, 0x1, 0x301, 0x0, 0x0, {0xa, 0x0, 0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x2404c031}, 0x20000000)

167.008043ms ago: executing program 6 (id=2755):
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
syz_usb_connect(0x3, 0x24, 0x0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000fff000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000006000/0x2000)=nil, &(0x7f000000d000/0x4000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ff3000/0x3000)=nil, &(0x7f0000ff6000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc8a2, 0xc000, 0x1, 0xf3})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@deltfilter={0xe, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x3}, {0x0, 0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x8010}, 0x0)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0xc, &(0x7f0000000100)=[{0x1, 0x36, 0x5, 0x537}, {0x27, 0x8, 0x9}, {0xe49, 0x2, 0xfa, 0x4}, {0x5b6, 0x8, 0x1, 0x2}, {0x2, 0xe, 0x80, 0x1000003}, {0x1ff, 0x5, 0x10, 0xf}, {0x2, 0x0, 0x1, 0x9}]})

110.122342ms ago: executing program 8 (id=2756):
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='mnt\x00', 0x4, &(0x7f0000000000), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000640)='mnt/encrypted_dir\x00', 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000680)='mnt/encrypted_dir\x00', 0x800, 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f00000006c0)=@v2={0x2, @aes256, 0x0, '\x00', @a})
chdir(&(0x7f00000002c0)='mnt/encrypted_dir\x00')
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x42)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r1, 0x8004587d, &(0x7f0000000080)={@desc={0x1, 0x0, @desc2}})
unlink(&(0x7f00000000c0)='./file0\x00')

0s ago: executing program 5 (id=2757):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20040040)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000100)={<r0=>0xffffffffffffffff}, 0x800)
r1 = timerfd_create(0x0, 0x0)
timerfd_settime(r1, 0x3, &(0x7f0000000080)={{}, {0x77359400}}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0), 0x8004, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
clock_adjtime(0x0, &(0x7f0000000280)={0xc979, 0x1, 0xbf, 0x8, 0x8, 0x1, 0x0, 0x4, 0xf27, 0x80000000, 0x6, 0x3ff, 0x8a8, 0x6, 0x5, 0x413, 0x69, 0x2, 0x6, 0x6, 0x10000, 0x168, 0x2cbf, 0x7, 0xe, 0x5})

kernel console output (not intermixed with test programs):

onfig 0 descriptor??
[  453.108609][T10090] EXT4-fs (loop7): Block reservation details
[  453.149044][T10090] EXT4-fs (loop7): i_reserved_data_blocks=11
[  453.213603][T10090] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 65537 with max blocks 1 with error 28
[  453.307476][ T9802] EXT4-fs warning (device loop7): ext4_evict_inode:195: inode #15: comm syz-executor: data will be lost
[  453.547525][T11017] loop2: detected capacity change from 0 to 2048
[  453.664592][T10127] plantronics 0003:047F:FFFF.001C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  453.665619][T11017] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  454.276415][ T5640] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  455.250136][T11043] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue
[  455.269385][T11043] syzkaller0: entered promiscuous mode
[  455.292597][T11043] syzkaller0: entered allmulticast mode
[  455.659241][T10115] usb 5-1: reset high-speed USB device number 18 using dummy_hcd
[  455.764042][T11040] orangefs_mount: mount request failed with -4
[  455.869532][T11047] netlink: 'syz.3.1601': attribute type 1 has an invalid length.
[  456.391505][T11058] loop5: detected capacity change from 0 to 512
[  456.515730][T11058] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  456.543253][T11058] ext4 filesystem being mounted at /148/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  456.866063][ T5776] usb 5-1: USB disconnect, device number 18
[  457.118667][T10090] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  457.165074][T11074] netlink: 'syz.3.1610': attribute type 11 has an invalid length.
[  457.224853][T11074] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1610'.
[  457.233826][T11078] netlink: 'syz.3.1610': attribute type 11 has an invalid length.
[  457.310923][T11078] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1610'.
[  457.527687][ T7295] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  457.589629][ T5776] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  457.763037][T11082] loop6: detected capacity change from 0 to 128
[  457.799357][ T5776] usb 5-1: Using ep0 maxpacket: 8
[  457.837987][ T5776] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  457.891369][ T5776] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  457.959634][ T5776] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  457.988265][ T5776] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  458.022089][ T5776] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  458.048808][T11082] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  458.098092][T11082] hpfs: filesystem error: improperly stopped
[  458.106791][ T5776] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  458.122666][ T5776] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  458.123741][T11082] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  458.222074][T11082] hpfs: You really don't want any checks? You are crazy...
[  458.279358][T11082] hpfs: hpfs_map_sector(): read error
[  458.295221][T11082] hpfs: code page support is disabled
[  458.306757][T11082] hpfs: hpfs_map_4sectors(): unaligned read
[  458.349714][T11082] hpfs: hpfs_map_4sectors(): unaligned read
[  458.367400][T11082] hpfs: filesystem error: unable to find root dir
[  458.453878][T11092] netlink: 'syz.2.1618': attribute type 1 has an invalid length.
[  458.498841][ T5776] usb 5-1: GET_CAPABILITIES returned 0
[  458.526199][ T5776] usbtmc 5-1:16.0: can't read capabilities
[  458.765713][T10147] usb 5-1: USB disconnect, device number 19
[  458.885754][T11099] bond2: (slave geneve2): making interface the new active one
[  458.906371][T11099] bond2: (slave geneve2): Enslaving as an active interface with an up link
[  459.327815][T11108] syz_tun: entered allmulticast mode
[  459.448762][T11108] dvmrp8: entered allmulticast mode
[  459.504814][T11106] syz_tun: left allmulticast mode
[  459.738383][T11117] loop2: detected capacity change from 0 to 512
[  459.904858][T11124] gretap0: entered promiscuous mode
[  459.986264][T11124] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1631'.
[  459.992708][T11117] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  460.001828][T11124] gretap0: left promiscuous mode
[  460.135165][T11117] ext4 filesystem being mounted at /307/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  460.984112][ T5640] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  464.108963][    T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!!
[  466.239732][T10147] usb 3-1: new low-speed USB device number 12 using dummy_hcd
[  466.421084][T10147] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  466.439881][T10126] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  466.460066][T10147] usb 3-1: config 0 has no interface number 0
[  466.480768][T10147] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  466.513609][T10147] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  466.546960][T10147] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  466.575812][T10147] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  466.620158][T10126] usb 5-1: Using ep0 maxpacket: 32
[  466.627838][T10147] usb 3-1: config 0 descriptor??
[  466.656047][T10126] usb 5-1: config 0 has no interfaces?
[  466.664301][T11206] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  466.697726][T10126] usb 5-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00
[  466.745058][T10126] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  466.778767][T10147] iowarrior 3-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  466.817613][T10126] usb 5-1: config 0 descriptor??
[  467.067169][T10126] usb 3-1: USB disconnect, device number 12
[  467.240995][T10147] usb 5-1: USB disconnect, device number 20
[  468.703133][T11213] loop5: detected capacity change from 0 to 65536
[  468.764677][T11213] XFS (loop5): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  468.967944][T11213] XFS (loop5): Ending clean mount
[  469.964573][ T9821] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  470.051699][T11238] netlink: 'syz.7.1670': attribute type 1 has an invalid length.
[  470.127311][ T7295] XFS (loop5): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  470.189474][ T9821] usb 7-1: Using ep0 maxpacket: 16
[  470.234199][ T9821] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  470.250448][ T9821] usb 7-1: config 0 has no interfaces?
[  470.275343][ T9821] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  470.293289][ T9821] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  470.306345][T11240] bond2: (slave bridge1): making interface the new active one
[  470.350418][T11240] bond2: (slave bridge1): Enslaving as an active interface with an up link
[  470.389555][ T9821] usb 7-1: config 0 descriptor??
[  470.931304][T10127] usb 7-1: USB disconnect, device number 11
[  471.830153][T11264] fuse: fd is not a fuse device
[  472.420810][   T30] audit: type=1326 audit(1780061939.846:650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11258 comm="syz.7.1678" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7710d9ce59 code=0x7fc00000
[  474.645901][T11326] loop4: detected capacity change from 0 to 128
[  474.727850][T11326] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  474.879415][T11326] ext4 filesystem being mounted at /270/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  475.393005][T11337] loop6: detected capacity change from 0 to 512
[  475.469898][T11337] EXT4-fs (loop6): invalid journal inode
[  475.498115][T11337] EXT4-fs (loop6): can't get journal size
[  475.594482][T11337] EXT4-fs (loop6): 1 truncate cleaned up
[  475.625209][   T30] audit: type=1800 audit(1780061943.056:651): pid=11326 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1702" name="file1" dev="loop4" ino=12 res=0 errno=0
[  475.646421][T11337] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  476.036917][ T5634] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  476.188265][ T7310] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  477.066115][   T30] audit: type=1804 audit(1780061944.496:652): pid=11364 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.1716" name="/newroot/169/file0" dev="tmpfs" ino=921 res=1 errno=0
[  477.497842][T11366] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  477.688814][T11371] pimreg: entered allmulticast mode
[  477.765633][T11371] pimreg: left allmulticast mode
[  478.471719][T11384] loop4: detected capacity change from 0 to 4096
[  478.482653][T11388] loop7: detected capacity change from 0 to 512
[  478.559983][T11388] EXT4-fs (loop7): invalid journal inode
[  478.579314][T11388] EXT4-fs (loop7): can't get journal size
[  478.636885][T11388] EXT4-fs (loop7): 1 truncate cleaned up
[  478.689219][T11388] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  478.874536][ T9802] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  481.300923][T11423] loop6: detected capacity change from 0 to 4096
[  481.377051][T11430] loop5: detected capacity change from 0 to 128
[  481.434220][T11433] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  481.515806][T11430] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  481.599042][T11430] ext4 filesystem being mounted at /171/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  482.431086][T10147] IPVS: starting estimator thread 0...
[  482.440611][T11445] all: renamed from bridge_slave_1 (while UP)
[  482.580212][T11448] IPVS: using max 23 ests per chain, 55200 per kthread
[  482.782525][T11452] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1746'.
[  482.820604][T11452] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1746'.
[  482.861994][ T7295] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  483.302877][T11464] netlink: 212348 bytes leftover after parsing attributes in process `syz.6.1753'.
[  483.996296][T11478] netlink: 212348 bytes leftover after parsing attributes in process `syz.7.1757'.
[  485.393008][T11503] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1766'.
[  485.420715][T11503] netlink: 'syz.4.1766': attribute type 7 has an invalid length.
[  485.440420][T11503] netlink: 'syz.4.1766': attribute type 8 has an invalid length.
[  485.456359][T11503] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1766'.
[  486.643112][T11532] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1778'.
[  487.210653][T10147] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  487.449110][T10147] usb 6-1: Using ep0 maxpacket: 8
[  487.471170][T10147] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  487.511666][T10147] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  487.564552][T10147] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  487.598283][T10147] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  487.615674][T10147] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  487.655571][T10147] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  487.690759][T10147] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  488.003244][T10147] usb 6-1: usb_control_msg returned -32
[  488.022034][T10147] usbtmc 6-1:16.0: can't read capabilities
[  488.144420][T10091] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  488.420482][T11537] usbtmc 6-1:16.0: usb_control_msg returned -71
[  488.421682][T10115] usb 6-1: USB disconnect, device number 14
[  490.068947][    T0] NOHZ tick-stop error: local softirq work is pending, handler #06!!!
[  490.239401][T10115] usb 6-1: new low-speed USB device number 15 using dummy_hcd
[  490.466008][T10115] usb 6-1: config 0 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  490.509595][T10115] usb 6-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid maxpacket 1024, setting to 8
[  490.585872][T10115] usb 6-1: config 0 interface 0 altsetting 8 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  490.616809][T10115] usb 6-1: config 0 interface 0 has no altsetting 0
[  490.626335][T10115] usb 6-1: New USB device found, idVendor=1770, idProduct=ff00, bcdDevice= 0.00
[  490.639215][T10115] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  490.709589][T11587] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1795'.
[  490.719072][T10115] usb 6-1: config 0 descriptor??
[  490.755266][T11591] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1795'.
[  490.769273][T11576] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  491.460699][T10115] gt683r_led 0003:1770:FF00.001D: unknown main item tag 0x0
[  491.494792][T10115] gt683r_led 0003:1770:FF00.001D: unknown main item tag 0x0
[  491.507415][T10115] gt683r_led 0003:1770:FF00.001D: unknown main item tag 0x0
[  491.600144][T10115] gt683r_led 0003:1770:FF00.001D: unknown main item tag 0x0
[  491.659984][T11600] loop4: detected capacity change from 0 to 16
[  491.669115][T10115] gt683r_led 0003:1770:FF00.001D: unknown main item tag 0x0
[  491.678967][T10115] gt683r_led 0003:1770:FF00.001D: unknown main item tag 0x0
[  491.713715][T11600] erofs (device loop4): mounted with root inode @ nid 36.
[  491.812517][T10115] gt683r_led 0003:1770:FF00.001D: unknown main item tag 0x0
[  491.858322][T10115] gt683r_led 0003:1770:FF00.001D: unknown global tag 0xd
[  491.881233][T10115] gt683r_led 0003:1770:FF00.001D: item 0 1 1 13 parsing failed
[  491.995366][T10115] gt683r_led 0003:1770:FF00.001D: hid parsing failed
[  492.013476][T10115] gt683r_led 0003:1770:FF00.001D: probe with driver gt683r_led failed with error -22
[  492.194653][T10115] usb 6-1: USB disconnect, device number 15
[  492.339513][T11604] netlink: 'syz.7.1801': attribute type 4 has an invalid length.
[  492.678368][T11609] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1803'.
[  492.827020][T11609] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1803'.
[  492.890825][T11609] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1803'.
[  493.630175][T10147] usb 7-1: new full-speed USB device number 12 using dummy_hcd
[  493.663500][T10126] Process accounting resumed
[  493.822198][T10147] usb 7-1: config 0 has an invalid interface number: 41 but max is 0
[  493.860169][T10147] usb 7-1: config 0 has no interface number 0
[  493.908716][T10147] usb 7-1: config 0 interface 41 has no altsetting 0
[  493.938338][T10147] usb 7-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  493.977804][T10147] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  494.021169][T10147] usb 7-1: Product: syz
[  494.037183][T10147] usb 7-1: Manufacturer: syz
[  494.070235][T10147] usb 7-1: SerialNumber: syz
[  494.108804][T10147] usb 7-1: config 0 descriptor??
[  494.226984][T11611] loop5: detected capacity change from 0 to 32768
[  494.310995][T11611] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1804 (11611)
[  494.687885][T11638] loop4: detected capacity change from 0 to 128
[  494.713176][T11611] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  494.760280][T11611] BTRFS info (device loop5): using sha256 checksum algorithm
[  494.787738][T11638] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[  494.894901][T11638] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  495.014689][T10147] CoreChips 7-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0
[  495.115274][T11611] BTRFS info (device loop5): rebuilding free space tree
[  495.342678][T11611] BTRFS info (device loop5): disabling free space tree
[  495.351205][T11611] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  495.452824][T11611] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  495.568636][T10147] CoreChips 7-1:0.41 (unnamed net_device) (uninitialized): Failed to send software reset:ffffffb9
[  495.675229][T10147] CoreChips 7-1:0.41 (unnamed net_device) (uninitialized): Failed to reset PHY: -71
[  495.745213][T10147] CoreChips 7-1:0.41: probe with driver CoreChips failed with error -71
[  495.808365][T11611] BTRFS info (device loop5): setting nodatasum
[  495.847795][T10147] usb 7-1: USB disconnect, device number 12
[  495.877117][T11611] BTRFS info (device loop5): setting nodatacow
[  495.932226][T11611] BTRFS info (device loop5): turning off barriers
[  495.962669][T11611] BTRFS info (device loop5): force clearing of disk cache
[  496.430356][T11662] loop7: detected capacity change from 0 to 256
[  496.446808][ T7295] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  497.013507][T11662] coredump: 206(syz.7.1819): Core dump to core aborted: cannot preserve file permissions
[  498.454833][T11710] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1827'.
[  499.956944][T10115] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  499.967939][T11730] loop5: detected capacity change from 0 to 32768
[  499.976365][T11730] btrfs: Deprecated parameter 'usebackuproot'
[  499.982524][T11730] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  499.999421][T11730] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1836 (11730)
[  500.023194][T11730] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  500.033573][T11730] BTRFS info (device loop5): using crc32c checksum algorithm
[  500.166898][ T3345] BTRFS warning (device loop5): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[  500.252922][T10115] usb 7-1: Using ep0 maxpacket: 16
[  500.281458][T11730] BTRFS error (device loop5): failed to load root extent
[  500.290321][T11730] BTRFS warning (device loop5): try to load backup roots slot 1
[  500.299371][ T3345] BTRFS warning (device loop5): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[  500.366814][T11730] BTRFS warning (device loop5): couldn't read tree root
[  500.376921][T11730] BTRFS warning (device loop5): try to load backup roots slot 2
[  500.378227][T10115] usb 7-1: New USB device found, idVendor=041e, idProduct=4018, bcdDevice=ed.b4
[  500.387369][ T3345] BTRFS error (device loop5): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  500.476795][T10115] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  500.496622][T11730] BTRFS warning (device loop5): couldn't read tree root
[  500.505676][T11730] BTRFS warning (device loop5): try to load backup roots slot 3
[  500.523193][T11730] BTRFS info (device loop5): rebuilding free space tree
[  500.525782][T10115] usb 7-1: Product: syz
[  500.572022][T11730] BTRFS info (device loop5): checking UUID tree
[  500.579382][T11730] BTRFS info (device loop5): enabling ssd optimizations
[  500.586424][T11730] BTRFS info (device loop5): turning on async discard
[  500.593476][T11730] BTRFS info (device loop5): enabling free space tree
[  500.600645][T11730] BTRFS info (device loop5): force clearing of disk cache
[  500.607803][T11730] BTRFS info (device loop5): trying to use backup root at mount time
[  500.619022][T11730] BTRFS info (device loop5): force zlib compression, level 3
[  500.634180][T10115] usb 7-1: Manufacturer: syz
[  500.692318][T10115] usb 7-1: SerialNumber: syz
[  500.771166][T10115] usb 7-1: config 0 descriptor??
[  500.782357][T11759] binder: 11749:11759 ioctl c0306201 200000000480 returned -14
[  500.816384][T10115] gspca_main: spca508-2.14.0 probing 041e:4018
[  500.937715][ T1310] ieee802154 phy0 wpan0: encryption failed: -22
[  500.946404][ T1310] ieee802154 phy1 wpan1: encryption failed: -22
[  501.093253][T10115] gspca_spca508: reg_read err -32
[  501.120477][T10115] gspca_spca508: reg_read err -32
[  501.144671][T10115] gspca_spca508: reg_read err -32
[  501.170389][T10115] gspca_spca508: reg_read err -32
[  501.194612][T10115] gspca_spca508: reg_read err -32
[  501.336035][ T7295] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  501.414845][T10115] gspca_spca508: reg write: error -71
[  501.438595][T10115] spca508 7-1:0.0: probe with driver spca508 failed with error -71
[  501.527840][T10115] usb 7-1: USB disconnect, device number 13
[  506.906020][T11820] capability: warning: `syz.2.1862' uses 32-bit capabilities (legacy support in use)
[  507.101778][T11823] netlink: 3 bytes leftover after parsing attributes in process `syz.6.1858'.
[  508.014185][ T5641] Bluetooth: hci5: Malformed MSFT vendor event: 0x02
[  508.260542][T11834] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  508.599405][T11844] netlink: 'syz.4.1867': attribute type 2 has an invalid length.
[  508.669071][T11844] netlink: 'syz.4.1867': attribute type 2 has an invalid length.
[  509.070443][T11847] loop2: detected capacity change from 0 to 4096
[  509.270105][T11855] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  510.541965][   T30] audit: type=1326 audit(1780061977.966:653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11860 comm="syz.2.1874" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc09559ce59 code=0x0
[  511.197350][T11859] loop5: detected capacity change from 0 to 131072
[  511.214947][T11859] F2FS-fs (loop5): invalid crc value
[  511.462550][T11859] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  511.522220][T11859] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4
[  511.850064][T11859] F2FS-fs (loop5): Stopped filesystem due to reason: 0
[  512.255831][T11875] overlayfs: failed to clone upperpath
[  513.084034][T11882] xt_hashlimit: size too large, truncated to 1048576
[  513.221710][T11886] ¾x9ÿ: renamed from bridge_slave_0
[  514.331245][T11897] loop5: detected capacity change from 0 to 128
[  514.376922][T11897] EXT4-fs: Ignoring removed nomblk_io_submit option
[  514.439700][T11897] EXT4-fs (loop5): Test dummy encryption mode enabled
[  514.518456][T11897] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  514.580958][T11897] ext4 filesystem being mounted at /190/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  515.174190][ T7295] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  516.123999][T11920] loop4: detected capacity change from 0 to 512
[  516.183914][T11920] EXT4-fs: Invalid want_extra_isize 1969
[  516.262239][T11912] loop6: detected capacity change from 0 to 4125
[  516.448007][T11912] NILFS (loop6): broken superblock, retrying with spare superblock (blocksize = 1024)
[  516.687244][T11912] NILFS (loop6): broken superblock, retrying with spare superblock (blocksize = 4096)
[  516.773808][T11912] NILFS (loop6): mounting unchecked fs
[  516.915148][T11912] NILFS (loop6): invalid segment: Checksum error in segment payload
[  517.088591][T11912] NILFS (loop6): unable to fall back to spare super block
[  517.243093][T11912] NILFS (loop6): error -22 while searching super root
[  517.320848][T11926] loop4: detected capacity change from 0 to 4096
[  517.663220][T11926] ntfs3(loop4): ino=19, mi_enum_attr
[  517.700463][T11926] ntfs3(loop4): Mark volume as dirty due to NTFS errors
[  518.082898][T11933] fuse: Bad value for 'fd'
[  519.287211][ T6217] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  520.398467][T11952] netlink: 140 bytes leftover after parsing attributes in process `syz.2.1902'.
[  521.009282][T11961] loop5: detected capacity change from 0 to 512
[  521.196530][T11961] EXT4-fs error (device loop5): ext4_orphan_get:1397: inode #15: comm syz.5.1905: iget: bad i_size value: 38620345925642
[  521.212961][T11961] loop5: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[  521.219537][    C1] EXT4-fs (loop5): error count since last fsck: 1
[  521.222492][T11961] EXT4-fs error (device loop5): ext4_orphan_get:1400: comm syz.5.1905: couldn't read orphan inode 15 (err -117)
[  521.230335][    C1] EXT4-fs (loop5): initial error at time 1780061988: ext4_orphan_get:1397: inode 15
[  521.260880][    C1] EXT4-fs (loop5): last error at time 1780061988: ext4_orphan_get:1397: inode 15
[  521.313757][T11961] loop5: lost filesystem error report for type 5 error -117
[  521.327989][T11961] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  521.693117][T11967] EXT4-fs (loop5): shut down requested (1)
[  522.189886][ T7295] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  525.789732][ T5646] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  525.813092][ T5646] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  525.829505][ T5646] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  525.846890][ T5646] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  525.857614][ T5646] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  527.950061][T10126] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  527.979283][ T5646] Bluetooth: hci6: command tx timeout
[  528.141436][T10126] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  528.153150][T12067] netlink: 212344 bytes leftover after parsing attributes in process `syz.6.1926'.
[  528.196998][T10126] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  528.250891][T10126] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  528.310154][T10126] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  528.353816][T10126] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  528.426700][T10126] usb 6-1: config 0 descriptor??
[  528.679197][T10121] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  528.796445][ T9058] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  528.852884][T10121] usb 5-1: Using ep0 maxpacket: 16
[  528.863323][T12082] netlink: 16150 bytes leftover after parsing attributes in process `syz.3.1929'.
[  528.885539][T10121] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  528.928826][T10121] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  528.954984][T10121] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  528.992707][T10121] usb 5-1: Product: syz
[  528.997998][T10126] plantronics 0003:047F:FFFF.001E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  529.033400][T10121] usb 5-1: Manufacturer: syz
[  529.044740][T10121] usb 5-1: SerialNumber: syz
[  529.075432][T10121] usb 5-1: config 0 descriptor??
[  529.117619][T10121] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  529.186160][T10121] em28xx 5-1:0.0: DVB interface 0 found: bulk
[  529.377115][T10147] usb 6-1: USB disconnect, device number 16
[  529.965482][T10121] em28xx 5-1:0.0: unknown em28xx chip ID (0)
[  530.009474][ T9058] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  530.059979][ T5646] Bluetooth: hci6: command tx timeout
[  530.320684][T10127] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  530.491350][T10127] usb 7-1: Using ep0 maxpacket: 8
[  530.541303][T10127] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  530.593777][T10127] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  530.644626][T10127] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  530.675209][T10127] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  530.697850][T10127] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  530.737027][T10127] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  530.748945][T10121] em28xx 5-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  530.767079][T10127] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  530.793856][T10121] em28xx 5-1:0.0: board has no eeprom
[  530.914107][ T9058] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  530.964790][T10121] em28xx 5-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  531.002702][T10121] em28xx 5-1:0.0: dvb set to bulk mode.
[  531.039534][T10126] em28xx 5-1:0.0: Binding DVB extension
[  531.089860][T10121] usb 5-1: USB disconnect, device number 21
[  531.111288][T10127] usb 7-1: usb_control_msg returned -32
[  531.154176][T10127] usbtmc 7-1:16.0: can't read capabilities
[  531.165774][T10121] em28xx 5-1:0.0: Disconnecting em28xx
[  531.388471][ T9058] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  531.626908][T10126] em28xx 5-1:0.0: Registering input extension
[  531.720138][T10121] em28xx 5-1:0.0: Closing input extension
[  532.108469][T12109] usbtmc 7-1:16.0: usb_control_msg returned -32
[  532.139399][ T5646] Bluetooth: hci6: command tx timeout
[  532.340907][T10127] usb 7-1: USB disconnect, device number 14
[  533.274447][T10121] em28xx 5-1:0.0: Freeing device
[  533.606644][ T9058] bridge_slave_1: left allmulticast mode
[  533.650507][ T9058] bridge_slave_1: left promiscuous mode
[  533.679430][ T9058] bridge0: port 2(bridge_slave_1) entered disabled state
[  533.745232][ T9058] bridge_slave_0: left allmulticast mode
[  533.766010][ T9058] bridge_slave_0: left promiscuous mode
[  533.803403][ T9058] bridge0: port 1(bridge_slave_0) entered disabled state
[  534.024900][T12106] loop4: detected capacity change from 0 to 32768
[  534.210770][ T5646] Bluetooth: hci6: command tx timeout
[  534.215390][T12106] XFS (loop4): Mounting V5 Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  534.464985][T12106] XFS (loop4): Ending clean mount
[  534.796015][ T9058] bond1 (unregistering): (slave geneve2): Releasing active interface
[  534.810784][   T30] audit: type=1800 audit(1780062002.236:654): pid=12106 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1939" name="file1" dev="loop4" ino=6150 res=0 errno=0
[  535.017716][T12106] XFS (loop4): User initiated shutdown received.
[  535.056976][T12106] XFS (loop4): Log I/O Error (0x6) detected at xfs_fs_goingdown+0x139/0x1a0 (fs/xfs/xfs_fsops.c:465).  Shutting down filesystem.
[  535.114926][ T9058] bond2 (unregistering): (slave bridge1): Releasing active interface
[  535.129825][T12106] XFS (loop4): Please unmount the filesystem and rectify the problem(s)
[  535.548586][ T5634] XFS (loop4): Unmounting Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  535.574847][ T9058] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  535.656293][ T9058] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  535.726268][ T9058] bond0 (unregistering): Released all slaves
[  535.848790][ T9058] bond1 (unregistering): Released all slaves
[  535.975285][ T9058] bond2 (unregistering): Released all slaves
[  536.124710][T12166] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1957'.
[  536.591138][T12034] bridge0: port 1(bridge_slave_0) entered blocking state
[  536.619976][T12034] bridge0: port 1(bridge_slave_0) entered disabled state
[  536.629358][T10121] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  536.652631][T12034] bridge_slave_0: entered allmulticast mode
[  536.721854][T12034] bridge_slave_0: entered promiscuous mode
[  536.820436][T10121] usb 7-1: Using ep0 maxpacket: 32
[  536.845776][T10121] usb 7-1: config 0 has an invalid interface number: 67 but max is 0
[  536.846314][T12034] bridge0: port 2(bridge_slave_1) entered blocking state
[  536.906226][T10121] usb 7-1: config 0 has no interface number 0
[  536.916304][   T30] audit: type=1326 audit(1780062004.336:655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12180 comm="syz.4.1962" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7faf5c99ce59 code=0x0
[  536.932175][T12034] bridge0: port 2(bridge_slave_1) entered disabled state
[  536.971767][T10121] usb 7-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  537.012769][T10121] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  537.024545][T12034] bridge_slave_1: entered allmulticast mode
[  537.043546][T10121] usb 7-1: Product: syz
[  537.070002][T12034] bridge_slave_1: entered promiscuous mode
[  537.070735][T10121] usb 7-1: Manufacturer: syz
[  537.139081][T10121] usb 7-1: SerialNumber: syz
[  537.200147][T10121] usb 7-1: config 0 descriptor??
[  537.664822][T10121] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  537.720578][T10121] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  537.903276][T12186] uprobe: syz.3.1963:12186 failed to unregister, leaking uprobe
[  537.916408][T12034] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  538.026257][ T9058] hsr_slave_0: left promiscuous mode
[  538.075329][ T9058] hsr_slave_1: left promiscuous mode
[  538.093418][ T9058] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  538.124522][ T9058] batman_adv: batadv0: Removing interface: batadv_slave_0
[  538.168283][ T9058] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  538.207431][T10121] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  538.231707][ T9058] batman_adv: batadv0: Removing interface: batadv_slave_1
[  538.242019][T12186] uprobe: syz.3.1963:12186 failed to unregister, leaking uprobe
[  538.273449][T10121] smsc95xx 7-1:0.67: probe with driver smsc95xx failed with error -71
[  538.344455][T10121] usb 7-1: USB disconnect, device number 15
[  538.385611][ T9058] veth1_macvtap: left promiscuous mode
[  538.408721][T12201] netlink: 'syz.5.1968': attribute type 1 has an invalid length.
[  538.431321][ T9058] veth0_macvtap: left promiscuous mode
[  538.461646][ T9058] veth1_vlan: left promiscuous mode
[  538.468695][T12201] netlink: 'syz.5.1968': attribute type 4 has an invalid length.
[  538.487258][ T9058] veth0_vlan: left promiscuous mode
[  538.506841][T12201] netlink: 9462 bytes leftover after parsing attributes in process `syz.5.1968'.
[  539.309128][T10121] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  539.509694][T10121] usb 5-1: Using ep0 maxpacket: 8
[  539.558785][T10121] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  539.609059][T10121] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  539.707743][T10121] usb 5-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  539.727739][T10121] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  539.782950][T10121] usb 5-1: Product: syz
[  539.807953][T10121] usb 5-1: Manufacturer: syz
[  539.838606][T10121] usb 5-1: SerialNumber: syz
[  540.197317][T12223] loop6: detected capacity change from 0 to 32768
[  540.205940][T12223] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.1974 (12223)
[  540.243376][T12223] BTRFS info (device loop6): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  540.253693][T12223] BTRFS info (device loop6): using sha256 checksum algorithm
[  540.268248][T10121] usb 5-1: config 0 descriptor??
[  540.513651][T12223] BTRFS info (device loop6): rebuilding free space tree
[  540.557034][T12223] BTRFS info (device loop6): allowing degraded mounts
[  540.564046][T12223] BTRFS info (device loop6): enabling ssd optimizations
[  540.571237][T12223] BTRFS info (device loop6): using spread ssd allocation scheme
[  540.580442][T12223] BTRFS info (device loop6): turning on async discard
[  540.587234][T12223] BTRFS info (device loop6): enabling free space tree
[  540.594064][T12223] BTRFS info (device loop6): force clearing of disk cache
[  540.601301][T12223] BTRFS info (device loop6): enabling auto defrag
[  541.265015][   T36] BTRFS info (device loop6 state M): qgroup scan completed (inconsistency flag cleared)
[  541.492526][ T7310] BTRFS info (device loop6): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  541.998120][T12254] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1978'.
[  542.045908][T12254] netlink: 'syz.2.1978': attribute type 7 has an invalid length.
[  542.096034][T12254] netlink: 'syz.2.1978': attribute type 8 has an invalid length.
[  542.173185][T12254] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1978'.
[  542.715267][ T9821] usb 5-1: USB disconnect, device number 22
[  543.124743][ T9058] team0 (unregistering): Port device team_slave_1 removed
[  543.384306][ T9058] team0 (unregistering): Port device team_slave_0 removed
[  544.870488][T12034] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  544.968561][T12268] uprobe: syz.4.1981:12268 failed to unregister, leaking uprobe
[  545.072156][ T5289] 8021q: adding VLAN 0 to HW filter on device eth9
[  545.113142][T12268] uprobe: syz.4.1981:12268 failed to unregister, leaking uprobe
[  545.209221][ T9821] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  545.332730][T12034] team0: Port device team_slave_0 added
[  545.393153][T12034] team0: Port device team_slave_1 added
[  545.439257][ T9821] usb 6-1: Using ep0 maxpacket: 32
[  545.497691][ T9821] usb 6-1: config 0 has an invalid interface number: 67 but max is 0
[  545.509786][ T9821] usb 6-1: config 0 has no interface number 0
[  545.576555][ T9821] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  545.577663][T12034] batman_adv: batadv0: Adding interface: batadv_slave_0
[  545.623875][ T9821] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  545.649191][T12034] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  545.688225][ T9821] usb 6-1: Product: syz
[  545.692461][ T9821] usb 6-1: Manufacturer: syz
[  545.717591][ T9821] usb 6-1: SerialNumber: syz
[  545.784520][T12034] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  545.793187][ T9821] usb 6-1: config 0 descriptor??
[  545.864967][T12034] batman_adv: batadv0: Adding interface: batadv_slave_1
[  545.882829][T12034] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  545.935090][T12034] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  545.954839][T12290] overlayfs: failed to clone upperpath
[  546.035200][ T9058] IPVS: stop unused estimator thread 0...
[  546.079040][T10121] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  546.233810][T12034] hsr_slave_0: entered promiscuous mode
[  546.276261][T10121] usb 7-1: unable to get BOS descriptor or descriptor too short
[  546.285994][T12034] hsr_slave_1: entered promiscuous mode
[  546.320869][T10121] usb 7-1: unable to read config index 0 descriptor/start: -71
[  546.343911][ T9821] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  546.344439][T12296] nftables ruleset with unbound set
[  546.367917][T10121] usb 7-1: can't read configurations, error -71
[  546.388315][ T9821] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  546.874040][ T9821] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  546.922351][ T9821] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -71
[  546.994995][ T9821] usb 6-1: USB disconnect, device number 17
[  547.269596][T12310] loop6: detected capacity change from 0 to 2048
[  547.324254][T12310] NILFS (loop6): broken superblock, retrying with spare superblock (blocksize = 1024)
[  547.438820][ T5897] udevd[5897]: incorrect nilfs2 checksum on /dev/loop6
[  547.488589][T12321] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  548.478401][T12034] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  548.511591][T12034] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  548.597734][T12034] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  548.742241][T12034] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  548.766744][T12034] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  548.909919][T12034] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  548.950408][T12034] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  548.992098][T12034] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  549.039980][T12299] loop4: detected capacity change from 0 to 4096
[  549.101623][T12299] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024)
[  549.127371][ T9821] hid-generic 0006:0004:0009.001F: unknown main item tag 0x0
[  549.178420][ T9821] hid-generic 0006:0004:0009.001F: unknown main item tag 0x0
[  549.185865][T12299] NILFS (loop4): invalid segment: Checksum error in segment payload
[  549.185926][T12299] NILFS (loop4): unable to fall back to spare super block
[  549.243013][ T5289] 8021q: adding VLAN 0 to HW filter on device eth10
[  549.244613][ T9821] hid-generic 0006:0004:0009.001F: unknown main item tag 0x0
[  549.274525][T12299] NILFS (loop4): error -22 while searching super root
[  549.279333][ T9821] hid-generic 0006:0004:0009.001F: unknown main item tag 0x0
[  549.318376][ T9821] hid-generic 0006:0004:0009.001F: unknown main item tag 0x0
[  549.357764][ T9821] hid-generic 0006:0004:0009.001F: unknown main item tag 0x0
[  549.396532][ T9821] hid-generic 0006:0004:0009.001F: unknown main item tag 0x0
[  549.437731][ T9821] hid-generic 0006:0004:0009.001F: unknown main item tag 0x0
[  549.471443][ T9821] hid-generic 0006:0004:0009.001F: unknown main item tag 0x0
[  549.493831][ T9821] hid-generic 0006:0004:0009.001F: unknown main item tag 0x0
[  549.584048][ T9821] hid-generic 0006:0004:0009.001F: hidraw0: VIRTUAL HID v0.04 Device [syz1] on syz0
[  549.608704][T12034] 8021q: adding VLAN 0 to HW filter on device bond0
[  549.738395][T12366] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2009'.
[  549.790506][T12034] 8021q: adding VLAN 0 to HW filter on device team0
[  549.873080][T12081] bridge0: port 1(bridge_slave_0) entered blocking state
[  549.880341][T12081] bridge0: port 1(bridge_slave_0) entered forwarding state
[  549.898930][    T0] NOHZ tick-stop error: local softirq work is pending, handler #84!!!
[  549.958927][    T0] NOHZ tick-stop error: local softirq work is pending, handler #284!!!
[  550.023778][T12081] bridge0: port 2(bridge_slave_1) entered blocking state
[  550.031131][T12081] bridge0: port 2(bridge_slave_1) entered forwarding state
[  550.093068][T12367] fido_id[12367]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  550.305136][ T1039] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  550.678929][    T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!!
[  550.994203][T12382] loop4: detected capacity change from 0 to 2048
[  551.111844][T12382] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024)
[  551.387668][T12389] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  551.814001][   T30] audit: type=1800 audit(1780062019.246:656): pid=12394 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2014" name="bus" dev="loop4" ino=18 res=0 errno=0
[  551.913586][ T9819] usb 7-1: new high-speed USB device number 18 using dummy_hcd
[  552.129371][ T9819] usb 7-1: Using ep0 maxpacket: 32
[  552.155521][ T9819] usb 7-1: config index 0 descriptor too short (expected 29220, got 36)
[  552.193802][ T9819] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  552.247108][ T9819] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81
[  552.302297][ T9819] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  552.356006][ T9819] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  552.386120][ T9819] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  552.470264][ T9819] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  552.499301][ T9819] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  552.621860][ T9819] usb 7-1: config 0 descriptor??
[  552.972816][ T9819] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 18 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  553.205901][ T9819] usb 7-1: USB disconnect, device number 18
[  553.292601][ T9819] usblp0: removed
[  553.681052][ T9819] usb 7-1: new high-speed USB device number 19 using dummy_hcd
[  553.881695][ T9819] usb 7-1: Using ep0 maxpacket: 32
[  553.928783][ T9819] usb 7-1: config index 0 descriptor too short (expected 29220, got 36)
[  554.008703][ T9819] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  554.054812][ T9819] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81
[  554.112389][ T9819] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  554.124338][ T9819] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  554.136610][ T9819] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  554.170804][ T9819] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  554.223641][ T9819] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  554.307653][ T9819] usb 7-1: config 0 descriptor??
[  554.763107][ T5289] 8021q: adding VLAN 0 to HW filter on device eth11
[  554.909108][    T0] NOHZ tick-stop error: local softirq work is pending, handler #104!!!
[  554.998956][    T0] NOHZ tick-stop error: local softirq work is pending, handler #06!!!
[  555.068943][    T0] NOHZ tick-stop error: local softirq work is pending, handler #104!!!
[  555.165711][T12434] loop5: detected capacity change from 0 to 40427
[  555.221083][T12434] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  555.229051][T12434] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  555.240896][T12434] F2FS-fs (loop5): invalid crc value
[  555.402048][T12434] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  555.430721][T12434] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  555.437910][T12434] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  555.477831][T12440] loop4: detected capacity change from 0 to 512
[  555.528665][ T9819] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 19 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  555.704763][   T30] audit: type=1800 audit(1780062023.136:657): pid=12434 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2029" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop5" ino=10 res=0 errno=0
[  555.754012][ T9819] usb 7-1: USB disconnect, device number 19
[  555.771091][ T9819] usblp0: removed
[  555.830222][T12440] EXT4-fs error (device loop4): ext4_expand_extra_isize_ea:2810: inode #11: comm syz.4.2030: corrupted xattr block 95: invalid header
[  555.852484][T12440] loop4: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117
[  555.861455][    C1] EXT4-fs (loop4): error count since last fsck: 1
[  555.878890][    C1] EXT4-fs (loop4): initial error at time 1780062023: ext4_expand_extra_isize_ea:2810: inode 11
[  555.892354][    C1] EXT4-fs (loop4): last error at time 1780062023: ext4_expand_extra_isize_ea:2810: inode 11
[  555.928209][T12440] EXT4-fs error (device loop4): ext4_validate_block_bitmap:431: comm syz.4.2030: bg 0: block 7: invalid block bitmap
[  555.947249][T12440] loop4: lost filesystem error report for type 5 error -117
[  555.947802][T12440] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6679: Corrupt filesystem
[  556.143040][T12440] loop4: lost filesystem error report for type 5 error -117
[  556.199195][T12440] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2972: inode #11: comm syz.4.2030: corrupted xattr block 95: invalid header
[  556.345070][T12440] loop4: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117
[  556.464018][T12440] EXT4-fs warning (device loop4): ext4_evict_inode:287: xattr delete (err -117)
[  556.556921][T12440] EXT4-fs (loop4): 1 orphan inode deleted
[  556.638721][T12440] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  556.733508][T12034] 8021q: adding VLAN 0 to HW filter on device batadv0
[  557.116483][ T5634] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  558.778825][T12488] lo: Caught tx_queue_len zero misconfig
[  558.816611][T12488] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  559.242633][T12034] veth0_vlan: entered promiscuous mode
[  559.315062][T12492] loop5: detected capacity change from 0 to 4096
[  559.357745][T12492] ntfs3(loop5): Different NTFS sector size (4096) and media sector size (512).
[  559.375641][T12034] veth1_vlan: entered promiscuous mode
[  559.641331][T12034] veth0_macvtap: entered promiscuous mode
[  559.650672][T12492] ntfs3(loop5): Mark volume as dirty due to NTFS errors
[  559.707887][T12492] ntfs3(loop5): Failed to initialize $Extend/$Reparse.
[  559.728345][T12034] veth1_macvtap: entered promiscuous mode
[  559.897629][T12034] batman_adv: batadv0: Interface activated: batadv_slave_0
[  559.995479][ T5289] 8021q: adding VLAN 0 to HW filter on device eth12
[  560.085058][T12034] batman_adv: batadv0: Interface activated: batadv_slave_1
[  560.196750][T12081] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  560.252192][T12492] ntfs3(loop5): ino=1e, mi_enum_attr
[  560.268329][T12081] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  560.280951][T12492] ntfs3(loop5): ino=1e, mi_enum_attr
[  560.340017][T12081] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  560.420548][T12081] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  560.457524][T12492] ntfs3(loop5): ino=1e, mi_enum_attr
[  560.997571][T12081] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  561.048338][T12081] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  561.309328][ T1039] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  561.355043][ T1039] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  561.743216][T12524] loop6: detected capacity change from 0 to 2048
[  561.864723][T12524] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  562.372037][ T1310] ieee802154 phy0 wpan0: encryption failed: -22
[  562.385475][ T1310] ieee802154 phy1 wpan1: encryption failed: -22
[  563.528187][T12560] loop8: detected capacity change from 0 to 128
[  563.702462][T12558] 9pnet: p9_errstr2errno: server reported unknown error Àñ'IÓ$íÛ·
[  564.461337][T12575] loop6: detected capacity change from 0 to 128
[  564.506643][T12575] FAT-fs (loop6): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  564.599853][T12575] FAT-fs (loop6): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  565.795311][T12601] cgroup: fork rejected by pids controller in /syz6
[  566.776034][T12610] loop8: detected capacity change from 0 to 2048
[  566.880857][T12610]  loop8: p2 < > p3 p4
[  567.032481][T12610] loop8: p3 start 65535 is beyond EOD, truncated
[  567.071063][T12610] loop8: p4 size 8192 extends beyond EOD, truncated
[  567.805184][T12081] netdevsim netdevsim6 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  568.348785][ T5897] udevd[5897]: inotify_add_watch(7, /dev/loop8p2, 10) failed: No such file or directory
[  568.360140][ T6538] udevd[6538]: inotify_add_watch(7, /dev/loop8p4, 10) failed: No such file or directory
[  568.657847][T12081] netdevsim netdevsim6 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  569.317706][T12636] loop8: detected capacity change from 0 to 512
[  569.395161][T12081] netdevsim netdevsim6 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  569.577094][T12636] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  569.685647][T12636] ext4 filesystem being mounted at /7/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  570.056280][T12081] netdevsim netdevsim6 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  570.082190][ T5641] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  570.105767][ T5641] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  570.116626][ T5641] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  570.128764][ T5641] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  570.142692][ T5641] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  570.943813][   T30] audit: type=1800 audit(1780062038.376:658): pid=12654 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.8.2090" name="file1" dev="loop8" ino=15 res=0 errno=0
[  571.745211][T12034] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  572.209202][ T5646] Bluetooth: hci3: command tx timeout
[  572.721655][T12081] bridge_slave_1: left allmulticast mode
[  572.757966][T12081] bridge_slave_1: left promiscuous mode
[  572.797421][T12081] bridge0: port 2(bridge_slave_1) entered disabled state
[  572.905519][T12081] ¾x9ÿ: left allmulticast mode
[  572.940688][T12081] ¾x9ÿ: left promiscuous mode
[  572.968277][T12081] bridge0: port 1(
1¾x9ÿ) entered disabled state
[  574.296134][ T5646] Bluetooth: hci3: command tx timeout
[  574.786373][T12081] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  574.831282][T12081] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  574.873379][T12081] bond0 (unregistering): Released all slaves
[  575.076476][T12081] : left promiscuous mode
[  576.092729][ T5289] 8021q: adding VLAN 0 to HW filter on device eth13
[  576.268292][T12081] tipc: Disabling bearer <udp:s>
[  576.298237][T12081] tipc: Left network mode
[  576.369106][ T5646] Bluetooth: hci3: command tx timeout
[  577.219895][T12727] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2111'.
[  577.331829][T12727] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2111'.
[  577.883263][T12735] netlink: 264 bytes leftover after parsing attributes in process `syz.4.2114'.
[  577.943894][T12735] netlink: 264 bytes leftover after parsing attributes in process `syz.4.2114'.
[  578.526817][ T5646] Bluetooth: hci3: command tx timeout
[  579.547864][T12081] hsr_slave_0: left promiscuous mode
[  579.604895][T12081] hsr_slave_1: left promiscuous mode
[  579.676142][T12081] batman_adv: batadv0: Removing interface: batadv_slave_0
[  579.748401][T12081] batman_adv: batadv0: Removing interface: batadv_slave_1
[  580.141999][T12757] loop5: detected capacity change from 0 to 1024
[  580.183233][T12757] EXT4-fs: Ignoring removed oldalloc option
[  580.234523][T12757] EXT4-fs: Ignoring removed bh option
[  580.273469][T12757] EXT4-fs (loop5): bad geometry: bigalloc file system with non-zero first_data_block
[  580.273469][T12757] 
[  580.346305][T12761] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2121'.
[  580.525865][T12749] overlayfs: upper fs does not support tmpfile.
[  581.533878][ T1121] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  583.201920][T12793] fuse: Bad value for 'fd'
[  583.678745][T12081] team0 (unregistering): Port device team_slave_1 removed
[  584.020122][T12081] team0 (unregistering): Port device team_slave_0 removed
[  585.490065][T12821] netlink: 12 bytes leftover after parsing attributes in process `syz.8.2141'.
[  585.737301][    C1] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  585.750053][    C1] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  586.164977][T12838] netlink: 64 bytes leftover after parsing attributes in process `syz.5.2144'.
[  586.554958][T12834] bridge_slave_0: left allmulticast mode
[  586.581746][T12834] bridge_slave_0: left promiscuous mode
[  586.635154][T12834] bridge0: port 1(bridge_slave_0) entered disabled state
[  586.806432][T12834] bridge_slave_1: left allmulticast mode
[  586.824010][T12834] bridge_slave_1: left promiscuous mode
[  586.844431][T12834] bridge0: port 2(bridge_slave_1) entered disabled state
[  586.927971][T12834] bond0: (slave bond_slave_0): Releasing backup interface
[  587.022116][T12834] bond0: (slave bond_slave_1): Releasing backup interface
[  587.128251][T12834] team_slave_0: left allmulticast mode
[  587.204438][T12834] team0: Port device team_slave_0 removed
[  587.256034][T12834] team_slave_1: left allmulticast mode
[  587.337108][T12860] netlink: 24 bytes leftover after parsing attributes in process `syz.8.2149'.
[  587.377496][T12834] team0: Port device team_slave_1 removed
[  587.412894][T12834] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  587.420427][T12834] batman_adv: batadv0: Removing interface: batadv_slave_0
[  587.468157][T12834] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  587.475804][T12834] batman_adv: batadv0: Removing interface: batadv_slave_1
[  587.504256][T12834] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  587.653133][T12838] team0: Mode "" not found
[  588.517404][T12650] bridge0: port 1(bridge_slave_0) entered blocking state
[  588.625072][T12650] bridge0: port 1(bridge_slave_0) entered disabled state
[  588.664572][T12650] bridge_slave_0: entered allmulticast mode
[  588.709296][T12650] bridge_slave_0: entered promiscuous mode
[  588.741851][T12650] bridge0: port 2(bridge_slave_1) entered blocking state
[  588.765183][T12650] bridge0: port 2(bridge_slave_1) entered disabled state
[  588.811467][T12650] bridge_slave_1: entered allmulticast mode
[  588.846992][T12650] bridge_slave_1: entered promiscuous mode
[  588.868972][T12884] l2tp_ppp: sess 2/0: no socket in recv
[  589.098603][T12650] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  589.179416][T12650] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  589.476339][T12650] team0: Port device team_slave_0 added
[  589.535511][T12650] team0: Port device team_slave_1 added
[  589.805165][T12650] batman_adv: batadv0: Adding interface: batadv_slave_0
[  589.824976][T12650] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  590.006266][T12650] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  590.257680][T12917] loop5: detected capacity change from 0 to 1024
[  590.269599][T12917] EXT4-fs (loop5): can't mount with journal_async_commit, fs mounted w/o journal
[  590.437897][T12920] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2166'.
[  591.048497][T12650] batman_adv: batadv0: Adding interface: batadv_slave_1
[  591.133424][T12650] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  591.256355][T12650] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  591.761553][T12650] hsr_slave_0: entered promiscuous mode
[  591.801041][T12650] hsr_slave_1: entered promiscuous mode
[  591.825316][T12650] debugfs: 'hsr0' already exists in 'hsr'
[  591.831507][T12650] Cannot create hsr debugfs directory
[  593.711114][T12971] overlayfs: failed to clone upperpath
[  594.342114][T12983] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2182'.
[  595.692423][T13008] fuse: fd is not a fuse device
[  596.927736][T12650] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  597.004645][T12650] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  597.037954][T12650] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  597.522197][T13038] ref_ctr increment failed for inode: 0x91c offset: 0x7 ref_ctr_offset: 0x80002 of mm: 0xffff888044413100
[  597.649944][T12650] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  597.673128][T12650] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  597.751551][T12650] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  597.807988][T12650] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  597.980221][T12650] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  599.698669][T12650] 8021q: adding VLAN 0 to HW filter on device bond0
[  599.903153][T12650] 8021q: adding VLAN 0 to HW filter on device team0
[  599.971700][ T9058] bridge0: port 1(bridge_slave_0) entered blocking state
[  599.981201][ T9058] bridge0: port 1(bridge_slave_0) entered forwarding state
[  600.036320][ T9058] bridge0: port 2(bridge_slave_1) entered blocking state
[  600.045807][ T9058] bridge0: port 2(bridge_slave_1) entered forwarding state
[  600.706586][T13092] fuse: fd is not a fuse device
[  602.014213][T13094] loop5: detected capacity change from 0 to 131072
[  603.888134][T13130] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2219'.
[  604.778634][T13139] loop4: detected capacity change from 0 to 512
[  604.841767][T13139] EXT4-fs (loop4): Test dummy encryption mode enabled
[  604.870942][T12650] 8021q: adding VLAN 0 to HW filter on device batadv0
[  604.910300][T13139] EXT4-fs error (device loop4): ext4_orphan_get:1397: inode #15: comm syz.4.2223: inode has both inline data and extents flags
[  604.963627][T13139] loop4: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[  604.980414][    C1] EXT4-fs (loop4): error count since last fsck: 1
[  605.000805][    C1] EXT4-fs (loop4): initial error at time 1780062072: ext4_orphan_get:1397: inode 15
[  605.013819][    C1] EXT4-fs (loop4): last error at time 1780062072: ext4_orphan_get:1397: inode 15
[  605.061187][T13139] EXT4-fs error (device loop4): ext4_orphan_get:1400: comm syz.4.2223: couldn't read orphan inode 15 (err -117)
[  605.125873][T13139] loop4: lost filesystem error report for type 5 error -117
[  605.128403][T13139] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  605.328496][   T30] audit: type=1804 audit(1780062072.756:659): pid=13139 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.2223" name="/newroot/358/file1/bus" dev="loop4" ino=18 res=1 errno=0
[  605.743630][ T5634] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  605.918578][T13171] fuse: fd is not a fuse device
[  606.051810][T13174] loop4: detected capacity change from 0 to 1024
[  606.179942][T13174] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  606.611500][T13182] loop5: detected capacity change from 0 to 40427
[  606.627343][T13182] F2FS-fs (loop5): Invalid log blocks per segment (1)
[  606.634544][T13182] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  606.643374][T13182] F2FS-fs (loop5): Image doesn't support compression
[  606.650173][T13182] F2FS-fs (loop5): build fault injection rate: 690
[  606.656810][T13182] F2FS-fs (loop5): build fault injection type: 0x35f7
[  606.664920][T13182] F2FS-fs (loop5): invalid crc value
[  606.767408][T13182] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  606.785510][T13182] F2FS-fs (loop5): Start checkpoint disabled!
[  606.805770][T13182] F2FS-fs (loop5): f2fs_disable_checkpoint() finish, err:0
[  606.838981][T13182] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  606.846229][T13182] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  606.972838][T12650] veth0_vlan: entered promiscuous mode
[  607.191723][T12650] veth1_vlan: entered promiscuous mode
[  607.310541][ T6234] kworker/u8:21: attempt to access beyond end of device
[  607.310541][ T6234] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  607.331498][T12650] veth0_macvtap: entered promiscuous mode
[  607.385108][T12650] veth1_macvtap: entered promiscuous mode
[  607.395401][ T6234] CPU: 1 UID: 0 PID: 6234 Comm: kworker/u8:21 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  607.395461][ T6234] Tainted: [L]=SOFTLOCKUP
[  607.395474][ T6234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  607.395499][ T6234] Workqueue: writeback wb_workfn (flush-7:5)
[  607.395575][ T6234] Call Trace:
[  607.395587][ T6234]  <TASK>
[  607.395601][ T6234]  dump_stack_lvl+0x100/0x190
[  607.395644][ T6234]  f2fs_stop_checkpoint+0x600/0x9b0
[  607.395694][ T6234]  ? srso_alias_return_thunk+0x5/0xfbef5
[  607.395742][ T6234]  ? errseq_set+0xe3/0x150
[  607.395800][ T6234]  ? errseq_set+0xe3/0x150
[  607.395857][ T6234]  f2fs_write_end_io+0xf59/0x1340
[  607.395910][ T6234]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  607.395963][ T6234]  ? srso_alias_return_thunk+0x5/0xfbef5
[  607.396022][ T6234]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  607.396068][ T6234]  bio_endio+0x78f/0x8f0
[  607.396117][ T6234]  submit_bio_noacct+0x64c/0x2000
[  607.396190][ T6234]  f2fs_submit_write_bio+0x135/0x340
[  607.396237][ T6234]  __submit_merged_bio+0x331/0x780
[  607.396294][ T6234]  __submit_merged_write_cond+0x3fe/0x510
[  607.396354][ T6234]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  607.396415][ T6234]  ? __pfx___might_resched+0x10/0x10
[  607.396466][ T6234]  ? srso_alias_return_thunk+0x5/0xfbef5
[  607.396525][ T6234]  f2fs_write_cache_pages+0x20e9/0x2630
[  607.396617][ T6234]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  607.396685][ T6234]  ? srso_alias_return_thunk+0x5/0xfbef5
[  607.396738][ T6234]  ? srso_alias_return_thunk+0x5/0xfbef5
[  607.396784][ T6234]  ? find_held_lock+0x2b/0x80
[  607.396841][ T6234]  ? nr_blockdev_pages+0xde/0x120
[  607.396897][ T6234]  ? nr_blockdev_pages+0xde/0x120
[  607.396949][ T6234]  ? srso_alias_return_thunk+0x5/0xfbef5
[  607.397021][ T6234]  ? si_meminfo+0x118/0x230
[  607.397060][ T6234]  ? srso_alias_return_thunk+0x5/0xfbef5
[  607.397108][ T6234]  ? srso_alias_return_thunk+0x5/0xfbef5
[  607.397230][ T6234]  ? find_held_lock+0x2b/0x80
[  607.397289][ T6234]  ? srso_alias_return_thunk+0x5/0xfbef5
[  607.397352][ T6234]  ? rcu_is_watching+0x12/0xc0
[  607.397415][ T6234]  f2fs_write_data_pages+0x799/0x16d0
[  607.397469][ T6234]  ? srso_alias_return_thunk+0x5/0xfbef5
[  607.397515][ T6234]  ? trace_f2fs_writepages.constprop.0+0x75/0x230
[  607.397590][ T6234]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  607.397656][ T6234]  ? srso_alias_return_thunk+0x5/0xfbef5
[  607.397713][ T6234]  ? srso_alias_return_thunk+0x5/0xfbef5
[  607.397761][ T6234]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  607.397821][ T6234]  do_writepages+0x278/0x600
[  607.397895][ T6234]  ? __pfx_do_writepages+0x10/0x10
[  607.397960][ T6234]  ? srso_alias_return_thunk+0x5/0xfbef5
[  607.398015][ T6234]  __writeback_single_inode+0x164/0x1350
[  607.398077][ T6234]  ? find_held_lock+0x2b/0x80
[  607.398139][ T6234]  ? srso_alias_return_thunk+0x5/0xfbef5
[  607.398194][ T6234]  ? __pfx___writeback_single_inode+0x10/0x10
[  607.398255][ T6234]  ? srso_alias_return_thunk+0x5/0xfbef5
[  607.398302][ T6234]  ? do_raw_spin_unlock+0x145/0x1e0
[  607.398355][ T6234]  ? srso_alias_return_thunk+0x5/0xfbef5
[  607.398412][ T6234]  writeback_sb_inodes+0x766/0x1c60
[  607.398498][ T6234]  ? srso_alias_return_thunk+0x5/0xfbef5
[  607.398547][ T6234]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  607.398608][ T6234]  ? unwind_next_frame+0x3be/0x2090
[  607.398660][ T6234]  ? srso_alias_return_thunk+0x5/0xfbef5
[  607.398785][ T6234]  ? srso_alias_return_thunk+0x5/0xfbef5
[  607.398831][ T6234]  ? rcu_is_watching+0x12/0xc0
[  607.398882][ T6234]  ? srso_alias_return_thunk+0x5/0xfbef5
[  607.398927][ T6234]  ? queue_io+0x287/0x540
[  607.398985][ T6234]  wb_writeback+0x1bf/0xb90
[  607.399062][ T6234]  ? __pfx_wb_writeback+0x10/0x10
[  607.399138][ T6234]  ? srso_alias_return_thunk+0x5/0xfbef5
[  607.399184][ T6234]  ? mark_held_locks+0x40/0x70
[  607.399227][ T6234]  ? _raw_spin_unlock_irq+0x23/0x50
[  607.399288][ T6234]  wb_workfn+0x14f/0xc00
[  607.399355][ T6234]  ? srso_alias_return_thunk+0x5/0xfbef5
[  607.399401][ T6234]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  607.399459][ T6234]  ? __pfx_wb_workfn+0x10/0x10
[  607.399526][ T6234]  ? srso_alias_return_thunk+0x5/0xfbef5
[  607.399577][ T6234]  ? srso_alias_return_thunk+0x5/0xfbef5
[  607.399635][ T6234]  ? srso_alias_return_thunk+0x5/0xfbef5
[  607.399681][ T6234]  ? rcu_is_watching+0x12/0xc0
[  607.399801][ T6234]  ? srso_alias_return_thunk+0x5/0xfbef5
[  607.399859][ T6234]  process_one_work+0xa0e/0x1980
[  607.399937][ T6234]  ? __pfx_process_one_work+0x10/0x10
[  607.399980][ T6234]  ? srso_alias_return_thunk+0x5/0xfbef5
[  607.400050][ T6234]  ? srso_alias_return_thunk+0x5/0xfbef5
[  607.400106][ T6234]  worker_thread+0x5ef/0xe50
[  607.400168][ T6234]  ? __pfx_worker_thread+0x10/0x10
[  607.400216][ T6234]  ? kthread+0x13a/0x450
[  607.400253][ T6234]  ? __pfx_worker_thread+0x10/0x10
[  607.400296][ T6234]  kthread+0x370/0x450
[  607.400335][ T6234]  ? __pfx_kthread+0x10/0x10
[  607.400380][ T6234]  ret_from_fork+0x72b/0xd50
[  607.400428][ T6234]  ? __pfx_ret_from_fork+0x10/0x10
[  607.400474][ T6234]  ? srso_alias_return_thunk+0x5/0xfbef5
[  607.400521][ T6234]  ? __switch_to+0x800/0x1100
[  607.400574][ T6234]  ? __switch_to_asm+0x39/0x70
[  607.400624][ T6234]  ? __pfx_kthread+0x10/0x10
[  607.400669][ T6234]  ret_from_fork_asm+0x1a/0x30
[  607.400758][ T6234]  </TASK>
[  607.400772][ T6234] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  607.567423][T12650] batman_adv: batadv0: Interface activated: batadv_slave_0
[  608.004999][T12650] batman_adv: batadv0: Interface activated: batadv_slave_1
[  608.131474][   T13] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  608.141314][ T5634] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  608.178831][   T13] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  608.187731][   T13] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  608.307311][   T13] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  608.598341][T13207] netlink: 'syz.4.2240': attribute type 1 has an invalid length.
[  609.157059][T13210] 8021q: adding VLAN 0 to HW filter on device bond3
[  609.230616][T13210] bond2: (slave bond3): making interface the new active one
[  609.261639][T13210] bond2: (slave bond3): Enslaving as an active interface with an up link
[  609.383184][T13211] bond2: (slave gretap1): Enslaving as a backup interface with an up link
[  609.527299][ T6220] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  609.567106][ T6220] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  609.796141][T13226] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2248'.
[  609.858625][T13200] loop8: detected capacity change from 0 to 32768
[  610.064535][T13200] XFS (loop8): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a
[  610.343548][T13200] XFS (loop8): Ending clean mount
[  610.561785][ T6234] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  610.590928][ T6234] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  611.032835][T12034] XFS (loop8): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a
[  612.970774][ T6220] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  613.208226][T13263] loop8: detected capacity change from 0 to 32768
[  614.788484][   T30] audit: type=1326 audit(1780062082.216:660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13277 comm="syz.8.2260" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9341b9ce59 code=0x7fc00000
[  614.845890][   T30] audit: type=1326 audit(1780062082.216:661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13277 comm="syz.8.2260" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9341b9ce59 code=0x7fc00000
[  615.421012][   T30] audit: type=1326 audit(1780062082.856:662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13277 comm="syz.8.2260" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f9341b96bd7 code=0x7fc00000
[  616.076916][T13288] netlink: 12 bytes leftover after parsing attributes in process `syz.8.2265'.
[  617.229486][T13297] netlink: 2036 bytes leftover after parsing attributes in process `syz.5.2267'.
[  617.240583][T13297] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2267'.
[  619.399910][T13315] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2273'.
[  620.083797][T13288] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  620.318997][T10125] usb 6-1: new low-speed USB device number 18 using dummy_hcd
[  620.541490][T10125] usb 6-1: config 0 has an invalid interface number: 55 but max is 0
[  620.566309][T10125] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  620.594756][T10125] usb 6-1: config 0 has no interface number 0
[  620.616783][T10125] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  620.648169][T10125] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  620.684154][T10125] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  620.713278][T10125] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  620.735300][T10125] usb 6-1: config 0 descriptor??
[  620.747542][T13319] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  620.795247][T10125] ldusb 6-1:0.55: Interrupt in endpoint not found
[  621.019414][T10115] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  621.102602][T10125] usb 6-1: USB disconnect, device number 18
[  621.219075][T10115] usb 9-1: Using ep0 maxpacket: 16
[  621.323971][T10115] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  621.351338][T10115] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  621.381201][T10115] usb 9-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.00
[  621.406710][T10115] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  621.432499][T10115] usb 9-1: config 0 descriptor??
[  621.678213][T13354] netlink: 'syz.3.2287': attribute type 5 has an invalid length.
[  621.694573][T13354] netlink: 1132 bytes leftover after parsing attributes in process `syz.3.2287'.
[  621.745701][T13354] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2287'.
[  622.079420][T10115] usbhid 9-1:0.0: can't add hid device: -71
[  622.089945][T10115] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  622.124680][T10115] usb 9-1: USB disconnect, device number 2
[  623.410258][T13377] lo speed is unknown, defaulting to 1000
[  623.416531][T13377] lo speed is unknown, defaulting to 1000
[  623.430525][T13377] lo speed is unknown, defaulting to 1000
[  623.441140][T13377] smbdirect: ib_dev[syz2]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000
[  623.459007][T13377] smbdirect: ib_dev[syz2]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6
[  623.481406][T13377] smbdirect: ib_dev[syz2]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008
[  623.497926][T13377] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  623.517055][T13377] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  623.568604][T13377] lo speed is unknown, defaulting to 1000
[  623.603089][T13377] lo speed is unknown, defaulting to 1000
[  623.615237][T13377] lo speed is unknown, defaulting to 1000
[  623.671376][T13377] lo speed is unknown, defaulting to 1000
[  623.680189][T13377] lo speed is unknown, defaulting to 1000
[  623.687536][T13377] lo speed is unknown, defaulting to 1000
[  623.812632][ T1310] ieee802154 phy0 wpan0: encryption failed: -22
[  623.878542][ T1310] ieee802154 phy1 wpan1: encryption failed: -22
[  624.816382][T13386] netlink: 16 bytes leftover after parsing attributes in process `syz.8.2299'.
[  624.890892][T13380] smbdirect: ib_dev[syz2] renamed to [syz0]
[  624.913016][T13388] loop6: detected capacity change from 0 to 512
[  624.951454][T13388] EXT4-fs (loop6): 1 truncate cleaned up
[  625.032908][T13361] atm:do_vcc_ioctl: ATM_SETSC is obsolete; used by syz.4.2290:13361
[  625.107681][T13388] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  625.227734][T13393] netlink: 'syz.2.2301': attribute type 4 has an invalid length.
[  625.301794][T13393] netlink: 'syz.2.2301': attribute type 4 has an invalid length.
[  625.387278][T13378] kexec: Could not allocate control_code_buffer
[  625.532905][T12650] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  627.348383][T13421] batman_adv: batadv0: Adding interface: dummy0
[  627.404847][T13421] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  627.563957][T13421] batman_adv: batadv0: Interface activated: dummy0
[  628.080178][T13422] batadv0: mtu less than device minimum
[  628.123663][T13422] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  628.139660][T13422] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  628.152228][T13422] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  628.164248][T13422] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  628.176357][T13422] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  628.188614][T13422] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  628.200701][T13422] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  628.212736][T13422] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  633.663361][T13469] loop6: detected capacity change from 0 to 16
[  633.782412][T13469] erofs (device loop6): mounted with root inode @ nid 36.
[  635.225006][T13490] lo speed is unknown, defaulting to 1000
[  635.545841][T13506] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2343'.
[  635.634382][T13506] netlink: 12 bytes leftover after parsing attributes in process `syz.8.2343'.
[  637.014968][T13530] 9pnet: p9_errstr2errno: server reported unknown error 0x000000
[  637.886138][T13543] loop5: detected capacity change from 0 to 512
[  638.104348][T13543] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  638.220131][T13543] ext4 filesystem being mounted at /292/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  638.586085][T13560] loop8: detected capacity change from 0 to 128
[  638.619304][T13560] UDF-fs: error (device loop8): udf_read_tagged: read failed, block=256, location=256
[  638.643181][T13560] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  639.636454][ T7295] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  641.062416][T10130] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  641.271092][T10130] usb 9-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69
[  641.322960][T10130] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  641.382115][T10130] usb 9-1: Product: syz
[  641.422289][T10130] usb 9-1: Manufacturer: syz
[  641.453352][T10130] usb 9-1: SerialNumber: syz
[  641.517474][T10130] usb 9-1: config 0 descriptor??
[  641.555630][T10130] hub 9-1:0.0: bad descriptor, ignoring hub
[  641.604002][T10130] hub 9-1:0.0: probe with driver hub failed with error -5
[  641.697087][T13594] fuse: fd is not a fuse device
[  641.796377][T10130] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in warm state.
[  641.893604][T10130] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  641.968806][T10130] dvbdev: DVB: registering new adapter (Pinnacle PCTV Hybrid Stick Solo)
[  642.075875][T10130] usb 9-1: media controller created
[  642.391412][T10130] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  642.624495][T13568] loop4: detected capacity change from 0 to 256
[  642.727657][T13605] bond3: entered allmulticast mode
[  642.955234][T13609] macvlan2: entered promiscuous mode
[  642.975497][T13568] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x204dac4c, utbl_chksum : 0xe619d30d)
[  643.013183][T13609] macvlan2: entered allmulticast mode
[  643.117728][T13609] bond3: (slave macvlan2): Opening slave failed
[  643.438186][T10130] DVB: Unable to find symbol dib7000p_attach()
[  643.473665][T10130] dvb-usb: no frontend was attached by 'Pinnacle PCTV Hybrid Stick Solo'
[  643.911626][T10130] rc_core: IR keymap rc-dib0700-rc5 not found
[  643.953106][T10130] Registered IR keymap rc-empty
[  643.983991][T10130] dvb-usb: could not initialize remote control.
[  644.000953][T12080] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  644.029010][T10130] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully initialized and connected.
[  644.155984][T10130] usb 9-1: USB disconnect, device number 3
[  644.311547][T13624] loop8: detected capacity change from 0 to 64
[  644.633717][T10130] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully deinitialized and disconnected.
[  645.375162][T13639] loop4: detected capacity change from 0 to 1024
[  645.384646][T13641] fuse: fd is not a fuse device
[  645.572592][T13639] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  645.858006][T13639] EXT4-fs (loop4): shut down requested (0)
[  646.963119][   T30] audit: type=1800 audit(1780062114.386:663): pid=13669 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.2400" name="bus" dev="tmpfs" ino=343 res=0 errno=0
[  647.055535][ T5634] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  647.821865][T13679] netlink: 'syz.4.2405': attribute type 1 has an invalid length.
[  648.007826][T13679] 8021q: adding VLAN 0 to HW filter on device bond4
[  648.034547][T13682] bond4: (slave gretap2): making interface the new active one
[  648.048596][T13682] bond4: (slave gretap2): Enslaving as an active interface with an up link
[  648.425805][T13689] bridge0: port 3(syz_tun) entered blocking state
[  648.471987][T13689] bridge0: port 3(syz_tun) entered disabled state
[  648.489372][T13689] syz_tun: entered allmulticast mode
[  648.516772][T13689] syz_tun: entered promiscuous mode
[  648.534347][T13689] bridge0: port 3(syz_tun) entered blocking state
[  648.549003][T13689] bridge0: port 3(syz_tun) entered forwarding state
[  648.584134][T13667] loop5: detected capacity change from 0 to 32768
[  648.759370][ T5776] usb 7-1: new high-speed USB device number 20 using dummy_hcd
[  648.990463][ T5776] usb 7-1: Using ep0 maxpacket: 16
[  649.082572][ T5776] usb 7-1: config 0 has no interfaces?
[  649.088213][ T5776] usb 7-1: New USB device found, idVendor=0457, idProduct=07da, bcdDevice= 0.00
[  649.138264][ T5776] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  649.155981][ T5776] usb 7-1: config 0 descriptor??
[  649.204937][T10115] lo speed is unknown, defaulting to 1000
[  650.264566][T13728] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  650.291549][T13728] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  651.114103][T13737] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  651.364238][T13737] batman_adv: batadv0: Removing interface: batadv_slave_0
[  651.499905][T13705] Bluetooth: hci6: command 0x0406 tx timeout
[  651.669054][T13742] erspan0: entered promiscuous mode
[  651.694005][T10130] usb 7-1: USB disconnect, device number 20
[  651.793097][T13742] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2426'.
[  653.109971][T10130] usb 6-1: new full-speed USB device number 19 using dummy_hcd
[  653.307324][T13770] fuse: fd is not a fuse device
[  653.334012][T10130] usb 6-1: unable to get BOS descriptor or descriptor too short
[  653.378496][T10130] usb 6-1: not running at top speed; connect to a high speed hub
[  653.434347][T10130] usb 6-1: config 14 has an invalid interface number: 57 but max is 1
[  653.479028][T10130] usb 6-1: config 14 has an invalid interface number: 228 but max is 1
[  653.497238][T10130] usb 6-1: config 14 has no interface number 0
[  653.510846][T13772] loop4: detected capacity change from 0 to 512
[  653.531652][T10130] usb 6-1: config 14 has no interface number 1
[  653.590144][T10130] usb 6-1: config 14 interface 228 altsetting 5 has a duplicate endpoint with address 0x8, skipping
[  653.634311][T10130] usb 6-1: config 14 interface 228 altsetting 5 has an endpoint descriptor with address 0xD1, changing to 0x81
[  653.703931][T10130] usb 6-1: config 14 interface 228 altsetting 5 endpoint 0x81 has invalid maxpacket 62089, setting to 64
[  653.735522][T10130] usb 6-1: config 14 interface 228 altsetting 5 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  653.737825][T13772] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  653.763026][T10130] usb 6-1: config 14 interface 57 has no altsetting 0
[  653.770681][T10130] usb 6-1: config 14 interface 228 has no altsetting 0
[  653.781611][T10130] usb 6-1: New USB device found, idVendor=0694, idProduct=0001, bcdDevice=78.13
[  653.796573][T10130] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  653.805629][T10130] usb 6-1: Product: syz
[  653.811365][T10130] usb 6-1: Manufacturer: syz
[  653.816149][T10130] usb 6-1: SerialNumber: syz
[  653.822323][T13773] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  653.925475][T13772] ext4 filesystem being mounted at /383/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  653.951708][T13773] block device autoloading is deprecated and will be removed.
[  654.320801][T10130] legousbtower 6-1:14.57: interrupt endpoints not found
[  654.718665][T10130] legousbtower 6-1:14.228: LEGO USB Tower firmware version is 228.166 build 40507
[  654.727857][T13786] loop6: detected capacity change from 0 to 256
[  654.737607][ T5634] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  654.777400][T10130] legousbtower 6-1:14.228: LEGO USB Tower #-160 now attached to major 180 minor 0
[  654.862678][T13786] exFAT-fs (loop6): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x196362d4, utbl_chksum : 0xe619d30d)
[  655.409744][T13786] exFAT-fs (loop6): valid_size(150994954) is greater than size(10)
[  655.543436][   T30] audit: type=1800 audit(1780062122.976:664): pid=13786 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.2443" name="file1" dev="loop6" ino=1048652 res=0 errno=0
[  655.724411][T10130] usb 6-1: USB disconnect, device number 19
[  655.860962][T10130] legousbtower 6-1:14.228: LEGO USB Tower #-160 now disconnected
[  656.515040][T13805] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2449'.
[  658.703742][T13820] bridge0: port 2(bridge_slave_1) entered disabled state
[  658.711799][T13820] bridge0: port 1(bridge_slave_0) entered disabled state
[  659.657752][T13820] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  659.804849][T13820] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  660.398641][T13834] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[  660.439621][T13834] net_ratelimit: 11 callbacks suppressed
[  660.439677][T13834] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  660.563769][T13835] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  660.616079][T10089] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  660.707896][T13855] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2465'.
[  660.948966][T13851] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  660.956768][T13851] batadv0: mtu less than device minimum
[  661.016349][T13851] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  661.034796][T13851] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  661.049235][T13851] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  661.063229][T13851] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  661.077263][T13851] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  661.091144][T13851] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  661.104925][T13851] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  661.229525][T13851] batadv_slave_1: entered promiscuous mode
[  661.524623][T10089] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  661.566767][T10089] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  661.755458][T10089] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  665.246333][   T30] audit: type=1804 audit(1780062132.676:665): pid=13911 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.2484" name="/newroot/33/file1" dev="tmpfs" ino=194 res=1 errno=0
[  665.429124][   T30] audit: type=1326 audit(1780062132.836:666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13914 comm="syz.5.2486" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f800279ce59 code=0x0
[  666.016762][T13919] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2488'.
[  666.094791][T13928] loop6: detected capacity change from 0 to 512
[  666.149355][T13928] EXT4-fs: Ignoring removed orlov option
[  666.213721][T13928] EXT4-fs: Ignoring removed mblk_io_submit option
[  666.322960][T13928] EXT4-fs error (device loop6): ext4_iget_extra_inode:5127: inode #15: comm syz.6.2489: corrupted in-inode xattr: e_value size too large
[  666.441193][T13928] loop6: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[  666.443127][T13928] EXT4-fs error (device loop6): ext4_orphan_get:1400: comm syz.6.2489: couldn't read orphan inode 15 (err -117)
[  666.453200][    C0] EXT4-fs (loop6): error count since last fsck: 1
[  666.453239][    C0] EXT4-fs (loop6): initial error at time 1780062133: ext4_iget_extra_inode:5127: inode 15
[  666.453296][    C0] EXT4-fs (loop6): last error at time 1780062133: ext4_iget_extra_inode:5127: inode 15
[  666.701906][T13928] loop6: lost filesystem error report for type 5 error -117
[  666.709606][T13928] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  666.911042][T13908] kexec: Could not allocate control_code_buffer
[  668.851455][T12650] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  669.199854][T13959] fuse: fd is not a fuse device
[  669.355573][T13961] lo speed is unknown, defaulting to 1000
[  672.984425][T14018] netlink: 24 bytes leftover after parsing attributes in process `syz.8.2515'.
[  675.025298][ T1121] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  675.073251][T14044] erspan0: entered promiscuous mode
[  675.167131][T14044] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2523'.
[  675.224232][T14046] xt_hashlimit: max too large, truncated to 1048576
[  676.928481][T14079] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2535'.
[  677.143149][ T6232] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  677.156601][T14079] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2535'.
[  677.190609][T10091] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  677.238381][T10091] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  677.288095][T10091] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  678.887040][T14106] lo speed is unknown, defaulting to 1000
[  680.301599][T14103] kexec: Could not allocate control_code_buffer
[  680.549837][T10127] usb 7-1: new high-speed USB device number 21 using dummy_hcd
[  680.686744][T14133] netlink: 'syz.5.2555': attribute type 10 has an invalid length.
[  680.721899][T10127] usb 7-1: Using ep0 maxpacket: 32
[  680.740856][T10127] usb 7-1: unable to get BOS descriptor or descriptor too short
[  680.748853][T14135] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2555'.
[  680.790531][T10127] usb 7-1: config 14 has an invalid interface number: 57 but max is 1
[  680.818989][T10127] usb 7-1: config 14 has an invalid interface number: 228 but max is 1
[  680.845090][T14133] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  680.862586][T10127] usb 7-1: config 14 has no interface number 0
[  680.881538][T10127] usb 7-1: config 14 has no interface number 1
[  680.909055][T10127] usb 7-1: config 14 interface 228 altsetting 5 has a duplicate endpoint with address 0x8, skipping
[  680.921615][T14135] bond0: (slave bridge0): Releasing backup interface
[  680.934741][T10127] usb 7-1: config 14 interface 228 altsetting 5 has an endpoint descriptor with address 0xD1, changing to 0x81
[  680.965535][T10127] usb 7-1: config 14 interface 228 altsetting 5 endpoint 0x81 has an invalid bInterval 109, changing to 10
[  680.991495][T10127] usb 7-1: config 14 interface 228 altsetting 5 endpoint 0x81 has invalid maxpacket 57993, setting to 1024
[  681.017893][T10127] usb 7-1: config 14 interface 228 altsetting 5 endpoint 0x9 has an invalid bInterval 122, changing to 10
[  681.070763][T10127] usb 7-1: config 14 interface 228 altsetting 5 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  681.104521][T10127] usb 7-1: config 14 interface 57 has no altsetting 0
[  681.123912][T10127] usb 7-1: config 14 interface 228 has no altsetting 0
[  681.141210][T10127] usb 7-1: New USB device found, idVendor=0694, idProduct=0001, bcdDevice=78.13
[  681.157234][T10127] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  681.182860][T10127] usb 7-1: Product: syz
[  681.192730][T10127] usb 7-1: Manufacturer: syz
[  681.203792][T10127] usb 7-1: SerialNumber: syz
[  681.688754][T10127] legousbtower 7-1:14.57: interrupt endpoints not found
[  682.093413][T10127] legousbtower 7-1:14.228: LEGO USB Tower firmware version is 228.166 build 40507
[  682.145508][T10127] legousbtower 7-1:14.228: LEGO USB Tower #-160 now attached to major 180 minor 0
[  682.365552][T14157] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2563'.
[  683.126046][    C0] usb 7-1: tower_interrupt_in_callback: usb_submit_urb failed (-1)
[  683.141707][ T5776] usb 7-1: USB disconnect, device number 21
[  683.275833][ T5776] legousbtower 7-1:14.228: LEGO USB Tower #-160 now disconnected
[  683.562596][T14170] loop5: detected capacity change from 0 to 2048
[  683.855868][T14170] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  685.193419][T14185] loop6: detected capacity change from 0 to 1024
[  685.239166][ T7295] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  685.268608][ T1310] ieee802154 phy0 wpan0: encryption failed: -22
[  685.278125][ T1310] ieee802154 phy1 wpan1: encryption failed: -22
[  685.297419][T14185] hfsplus: failed to load catalog file
[  685.434723][T14187] team0: Port device team_slave_0 removed
[  687.747041][T14222] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2591'.
[  687.797177][T14222] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  687.862823][T14173] kexec: Could not allocate control_code_buffer
[  687.955103][T14222] batman_adv: batadv0: Removing interface: batadv_slave_1
[  688.303209][ T3487] kernel write not supported for file /input/mice (pid: 3487 comm: kworker/1:2)
[  689.305761][T14239] netlink: 'syz.8.2586': attribute type 30 has an invalid length.
[  689.356292][T14239] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2586'.
[  689.439215][T14245] netlink: 'syz.8.2586': attribute type 30 has an invalid length.
[  689.497042][T14245] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2586'.
[  690.180449][T10127] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  690.371273][T10127] usb 6-1: Using ep0 maxpacket: 8
[  690.398036][T10127] usb 6-1: too many endpoints for config 0 interface 0 altsetting 255: 137, using maximum allowed: 30
[  690.484548][T10127] usb 6-1: config 0 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 137
[  690.552190][T10127] usb 6-1: config 0 interface 0 has no altsetting 0
[  690.581428][T10127] usb 6-1: New USB device found, idVendor=0079, idProduct=0011, bcdDevice= 0.00
[  690.621484][T10127] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  690.675885][T10127] usb 6-1: config 0 descriptor??
[  690.900137][T14265] loop6: detected capacity change from 0 to 256
[  691.020302][T14265] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0x389acbd6, utbl_chksum : 0xe619d30d)
[  691.143282][T10127] hid_parser_main: 7 callbacks suppressed
[  691.143315][T10127] dragonrise 0003:0079:0011.0020: unknown main item tag 0x0
[  691.203531][T10127] dragonrise 0003:0079:0011.0020: unknown main item tag 0x0
[  691.252015][T10127] dragonrise 0003:0079:0011.0020: unknown main item tag 0x0
[  691.292897][T10127] dragonrise 0003:0079:0011.0020: unknown main item tag 0x0
[  691.342037][T10127] dragonrise 0003:0079:0011.0020: unknown main item tag 0x0
[  691.392494][T10127] dragonrise 0003:0079:0011.0020: unknown main item tag 0x0
[  691.444630][T10127] dragonrise 0003:0079:0011.0020: reserved main item tag 0xe
[  691.490358][T10127] dragonrise 0003:0079:0011.0020: unknown main item tag 0x0
[  691.532032][T10127] dragonrise 0003:0079:0011.0020: unknown main item tag 0x0
[  691.571098][T10127] dragonrise 0003:0079:0011.0020: unknown main item tag 0x0
[  691.612586][T10127] dragonrise 0003:0079:0011.0020: unknown main item tag 0x0
[  691.743569][T10127] dragonrise 0003:0079:0011.0020: hidraw0: USB HID v0.20 Device [HID 0079:0011] on usb-dummy_hcd.5-1/input0
[  691.864622][T10127] usb 6-1: USB disconnect, device number 20
[  692.449296][T13705] Bluetooth: hci3: command 0x0406 tx timeout
[  692.515254][T14276] fido_id[14276]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[  693.175215][T10127] usb 7-1: new high-speed USB device number 22 using dummy_hcd
[  693.529125][T10127] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  693.606791][T10127] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  693.691951][T10127] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  693.734044][T14312] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2609'.
[  693.754434][T10127] usb 7-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  693.793739][T10127] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  693.829751][T10127] usb 7-1: Product: syz
[  693.847242][T10127] usb 7-1: Manufacturer: syz
[  693.847341][T14315] VFS: Lookup of 'syz0' in fuse fuse would have caused loop
[  693.873454][T10127] usb 7-1: SerialNumber: syz
[  693.905012][T14312] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2609'.
[  693.915762][T10127] usb 7-1: config 0 descriptor??
[  694.185861][T10127] adutux 7-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0
[  694.694110][T10127] usb 7-1: USB disconnect, device number 22
[  695.521410][T14335] netlink: 'syz.2.2616': attribute type 10 has an invalid length.
[  695.565903][ T5646] Bluetooth: hci0: unexpected subevent 0x0e length: 30 > 15
[  695.574728][ T5646] Bluetooth: hci0: Unable to find connection for dst 00:00:00:00:00:00 sid 0x00
[  695.574825][T14338] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2616'.
[  695.601311][T14338] bridge_slave_1: left allmulticast mode
[  695.668028][T14338] bridge_slave_1: left promiscuous mode
[  695.722803][T14338] bridge0: port 2(bridge_slave_1) entered disabled state
[  696.204451][T14350] 9p: Bad value for 'wfdno'
[  696.844368][T14358] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2626'.
[  698.689338][T14346] loop5: detected capacity change from 0 to 131072
[  698.948983][T14346] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  698.983812][T14346] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  700.938719][T14410] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2644'.
[  704.488128][T14440] loop4: detected capacity change from 0 to 2048
[  704.960622][T14440] loop4: detected capacity change from 0 to 1024
[  705.008866][T14440] hfsplus: failed to load extents file
[  705.946094][T14471] fuse: fd is not a fuse device
[  706.051458][T10094] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  706.625040][T10147] libceph: connect (1)[c::]:6789 error -101
[  706.633279][T10147] libceph: mon0 (1)[c::]:6789 connect error
[  706.774912][T14483] ceph: No mds server is up or the cluster is laggy
[  706.923297][T10147] libceph: connect (1)[c::]:6789 error -101
[  706.958606][T10147] libceph: mon0 (1)[c::]:6789 connect error
[  707.423434][T14510] fuse: fd is not a fuse device
[  707.881697][T14524] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  707.892195][T14524] batadv_slave_0: entered promiscuous mode
[  708.188791][T14528] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2687'.
[  710.400433][   T30] audit: type=1326 audit(1780062177.826:667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14555 comm="syz.6.2698" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f061af9ce59 code=0x7ffc0000
[  710.516216][   T30] audit: type=1326 audit(1780062177.826:668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14555 comm="syz.6.2698" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f061af9ce59 code=0x7ffc0000
[  710.629211][T14559] netlink: 24 bytes leftover after parsing attributes in process `syz.8.2699'.
[  710.653718][   T30] audit: type=1326 audit(1780062177.866:669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14555 comm="syz.6.2698" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f061af9ce59 code=0x7ffc0000
[  710.792736][   T30] audit: type=1326 audit(1780062177.866:670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14555 comm="syz.6.2698" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f061af9ce59 code=0x7ffc0000
[  710.853771][   T30] audit: type=1326 audit(1780062177.866:671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14555 comm="syz.6.2698" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=0 arch=c000003e syscall=443 compat=0 ip=0x7f061af9ce59 code=0x7ffc0000
[  711.062852][   T30] audit: type=1326 audit(1780062177.866:672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14555 comm="syz.6.2698" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f061af9ce59 code=0x7ffc0000
[  711.121307][T14570] netlink: 'syz.3.2703': attribute type 1 has an invalid length.
[  711.135020][   T30] audit: type=1326 audit(1780062177.866:673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14555 comm="syz.6.2698" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=0 arch=c000003e syscall=31 compat=0 ip=0x7f061af9ce59 code=0x7ffc0000
[  711.168243][   T30] audit: type=1326 audit(1780062177.866:674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14555 comm="syz.6.2698" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f061af9ce59 code=0x7ffc0000
[  711.202796][   T30] audit: type=1326 audit(1780062177.866:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14555 comm="syz.6.2698" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f061af9ce59 code=0x7ffc0000
[  711.233910][   T30] audit: type=1326 audit(1780062177.866:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14555 comm="syz.6.2698" exe="/root/ci-upstream-kasan-badwrites-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f061af9ce59 code=0x7ffc0000
[  711.245607][T14575] loop6: detected capacity change from 0 to 512
[  711.374253][T14575] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  711.404486][T14575] EXT4-fs error (device loop6): ext4_orphan_get:1423: comm syz.6.2704: bad orphan inode 131083
[  711.416262][T14570] bond2: entered promiscuous mode
[  711.418650][T14570] 8021q: adding VLAN 0 to HW filter on device bond2
[  711.430581][T14575] loop6: lost filesystem error report for type 5 error -117
[  711.442658][    C1] EXT4-fs (loop6): error count since last fsck: 1
[  711.458759][    C1] EXT4-fs (loop6): initial error at time 1780062178: ext4_orphan_get:1423
[  711.467327][    C1] EXT4-fs (loop6): last error at time 1780062178: ext4_orphan_get:1423
[  711.490405][T14575] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  711.719837][T10127] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  711.758010][    C1] af_packet: tpacket_rcv: packet too big, clamped from 1 to 4294967272. macoff=96
[  711.786076][T14579] bond2: (slave bridge2): making interface the new active one
[  711.806826][T14579] bridge2: entered promiscuous mode
[  711.827163][T14579] bond2: (slave bridge2): Enslaving as an active interface with an up link
[  711.934443][T12650] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  711.979500][T10127] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  712.002236][T10127] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  712.015142][T10127] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  712.024502][T10127] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  712.035821][T10127] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  712.061183][T10127] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  712.080617][T10127] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  712.112150][T10127] usb 6-1: Product: syz
[  712.130182][T10127] usb 6-1: Manufacturer: syz
[  712.168109][T10127] cdc_wdm 6-1:1.0: skipping garbage
[  712.186998][T10127] cdc_wdm 6-1:1.0: skipping garbage
[  712.335498][T10127] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  712.380932][T10127] cdc_wdm 6-1:1.0: Unknown control protocol
[  712.433181][T10127] usb 6-1: USB disconnect, device number 21
[  714.844012][T14634] netlink: 28 bytes leftover after parsing attributes in process `syz.8.2726'.
[  714.862647][T10127] usb 7-1: new full-speed USB device number 23 using dummy_hcd
[  715.026442][T14636] raw_sendmsg: syz.3.2728 forgot to set AF_INET. Fix it!
[  715.071354][T10127] usb 7-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  715.114342][T10127] usb 7-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  715.167966][T10127] usb 7-1: Product: syz
[  715.195897][T10127] usb 7-1: Manufacturer: syz
[  715.222423][T10127] usb 7-1: SerialNumber: syz
[  715.350425][T10127] usb 7-1: config 0 descriptor??
[  715.374180][T14642] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2730'.
[  715.955066][T14626] netlink: 212892 bytes leftover after parsing attributes in process `syz.6.2727'.
[  716.555925][T14649] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2732'.
[  716.593093][T10127] usb 7-1: USB disconnect, device number 23
[  717.712148][T14657] syz.4.2734: vmalloc error: size 9223372036854775807, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1
[  718.155923][T14657] CPU: 0 UID: 0 PID: 14657 Comm: syz.4.2734 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  718.155986][T14657] Tainted: [L]=SOFTLOCKUP
[  718.156000][T14657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  718.156023][T14657] Call Trace:
[  718.156034][T14657]  <TASK>
[  718.156048][T14657]  dump_stack_lvl+0x100/0x190
[  718.156096][T14657]  warn_alloc.cold+0x95/0x1c1
[  718.156140][T14657]  ? __pfx_warn_alloc+0x10/0x10
[  718.156202][T14657]  ? __lock_acquire+0xd73/0x2630
[  718.156270][T14657]  __vmalloc_node_range_noprof+0x136c/0x1630
[  718.156315][T14657]  ? srso_alias_return_thunk+0x5/0xfbef5
[  718.156380][T14657]  ? srso_alias_return_thunk+0x5/0xfbef5
[  718.156427][T14657]  ? rcu_is_watching+0x12/0xc0
[  718.156483][T14657]  ? srso_alias_return_thunk+0x5/0xfbef5
[  718.156531][T14657]  ? trace_contention_end+0x122/0x170
[  718.156581][T14657]  ? dvb_dvr_do_ioctl+0x15d/0x270
[  718.156617][T14657]  ? srso_alias_return_thunk+0x5/0xfbef5
[  718.156668][T14657]  ? dvb_dvr_do_ioctl+0x7e/0x270
[  718.156702][T14657]  ? find_held_lock+0x2b/0x80
[  718.156761][T14657]  ? tomoyo_path_number_perm+0x28f/0x580
[  718.156816][T14657]  ? tomoyo_path_number_perm+0x28f/0x580
[  718.156861][T14657]  ? srso_alias_return_thunk+0x5/0xfbef5
[  718.156913][T14657]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  718.156957][T14657]  ? __pfx___mutex_lock+0x10/0x10
[  718.157023][T14657]  ? srso_alias_return_thunk+0x5/0xfbef5
[  718.157078][T14657]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  718.157126][T14657]  ? futex_wait+0x11e/0x370
[  718.157196][T14657]  ? dvb_dvr_do_ioctl+0x15d/0x270
[  718.157232][T14657]  __vmalloc_node_noprof+0xad/0xf0
[  718.157272][T14657]  ? dvb_dvr_do_ioctl+0x15d/0x270
[  718.157314][T14657]  dvb_dvr_do_ioctl+0x15d/0x270
[  718.157367][T14657]  dvb_usercopy+0x167/0x340
[  718.157456][T14657]  ? __pfx_dvb_dvr_do_ioctl+0x10/0x10
[  718.157496][T14657]  ? __pfx_dvb_usercopy+0x10/0x10
[  718.157579][T14657]  ? srso_alias_return_thunk+0x5/0xfbef5
[  718.157627][T14657]  ? __fget_files+0x21f/0x3d0
[  718.157678][T14657]  dvb_dvr_ioctl+0x29/0x40
[  718.157712][T14657]  ? __pfx_dvb_dvr_ioctl+0x10/0x10
[  718.157750][T14657]  __x64_sys_ioctl+0x18e/0x210
[  718.157814][T14657]  do_syscall_64+0x115/0x870
[  718.157882][T14657]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  718.157923][T14657] RIP: 0033:0x7faf5c99ce59
[  718.157955][T14657] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  718.157995][T14657] RSP: 002b:00007faf5d8f4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  718.158032][T14657] RAX: ffffffffffffffda RBX: 00007faf5cc15fa0 RCX: 00007faf5c99ce59
[  718.158058][T14657] RDX: 7fffffffffffffff RSI: 0000000000006f2d RDI: 0000000000000003
[  718.158083][T14657] RBP: 00007faf5ca32d6f R08: 0000000000000000 R09: 0000000000000000
[  718.158108][T14657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  718.158132][T14657] R13: 00007faf5cc16038 R14: 00007faf5cc15fa0 R15: 00007ffebf458088
[  718.158186][T14657]  </TASK>
[  718.829259][T14657] Mem-Info:
[  718.901456][T14657] active_anon:32550 inactive_anon:0 isolated_anon:0
[  718.901456][T14657]  active_file:17695 inactive_file:46828 isolated_file:0
[  718.901456][T14657]  unevictable:768 dirty:443 writeback:0
[  718.901456][T14657]  slab_reclaimable:11237 slab_unreclaimable:107071
[  718.901456][T14657]  mapped:35977 shmem:25036 pagetables:1817
[  718.901456][T14657]  sec_pagetables:0 bounce:0
[  718.901456][T14657]  kernel_misc_reclaimable:0
[  718.901456][T14657]  free:1241719 free_pcp:17953 free_cma:0
[  719.361297][T14657] Node 0 active_anon:107696kB inactive_anon:0kB active_file:70780kB inactive_file:187108kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:143908kB dirty:1776kB writeback:0kB shmem:76164kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:2048kB kernel_stack:14536kB pagetables:6776kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB
[  719.403105][T14657] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:132kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB
[  719.443453][T14657] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  719.481545][T14657] lowmem_reserve[]: 0 2477 2479 2479 2479
[  719.487555][T14657] Node 0 DMA32 free:1030052kB boost:0kB min:34060kB low:42572kB high:51084kB reserved_highatomic:0KB free_highatomic:0KB active_anon:107496kB inactive_anon:0kB active_file:70780kB inactive_file:187108kB unevictable:1536kB writepending:1776kB zspages:0kB present:3129332kB managed:2537408kB mlocked:0kB bounce:0kB free_pcp:69084kB local_pcp:52332kB free_cma:0kB
[  719.533457][T14657] lowmem_reserve[]: 0 0 1 1 1
[  719.538368][T14657] Node 0 Normal free:12kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1108kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[  719.619377][T14657] lowmem_reserve[]: 0 0 0 0 0
[  719.659138][T14657] Node 1 Normal free:3942780kB boost:0kB min:55828kB low:69784kB high:83740kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:6144kB local_pcp:0kB free_cma:0kB
[  719.819401][T14657] lowmem_reserve[]: 0 0 0 0 0
[  719.826087][T14657] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  719.902126][T14657] Node 0 DMA32: 4477*4kB (UME) 3768*8kB (UME) 1856*16kB (UME) 419*32kB (UME) 180*64kB (UME) 231*128kB (UME) 116*256kB (UM) 77*512kB (UM) 47*1024kB (UM) 9*2048kB (UE) 186*4096kB (UM) = 1029780kB
[  719.940934][T14657] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB
[  719.954039][T14657] Node 1 Normal: 3*4kB (U) 4*8kB (UM) 5*16kB (UM) 10*32kB (UM) 5*64kB (UM) 5*128kB (UM) 6*256kB (UM) 3*512kB (UM) 2*1024kB (UM) 4*2048kB (UM) 959*4096kB (M) = 3942780kB
[  719.977313][T14657] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  719.992200][T14657] Node 0 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB
[  720.053453][T14657] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  720.095525][T14690] fuse: fd is not a fuse device
[  720.102428][T14657] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[  720.176094][T14657] 83920 total pagecache pages
[  720.198668][T14657] 0 pages in swap cache
[  720.221483][T14657] Free swap  = 124996kB
[  720.242709][T14657] Total swap = 124996kB
[  720.266589][T14657] 2097051 pages RAM
[  720.296861][T14657] 0 pages HighMem/MovableOnly
[  720.320853][T14657] 430807 pages reserved
[  720.333036][T14696] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2749'.
[  720.354162][T14657] 0 pages cma reserved
[  720.376950][T14696] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2749'.
[  720.990063][T14713] loop8: detected capacity change from 0 to 128
[  721.079083][T14713] EXT4-fs (loop8): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  721.167593][T14713] ext4 filesystem being mounted at /123/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  721.363432][T14713] EXT4-fs (loop8): shut down requested (1)
[  826.378787][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  826.385774][    C0] rcu: 	(detected by 0, t=10502 jiffies, g=107837, q=456 ncpus=2)
[  826.393597][    C0] rcu: All QSes seen, last rcu_preempt kthread activity 10500 (4295019809-4295009309), jiffies_till_next_fqs=1, root ->qsmask 0x0
[  826.406992][    C0] rcu: rcu_preempt kthread starved for 10500 jiffies! g107837 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[  826.418311][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  826.428462][    C0] rcu: RCU grace-period kthread stack dump:
[  826.434367][    C0] task:rcu_preempt     state:R  running task     stack:28216 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00080000
[  826.447966][    C0] Call Trace:
[  826.451344][    C0]  <TASK>
[  826.454290][    C0]  __schedule+0x1295/0x67a0
[  826.458926][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  826.464623][    C0]  ? __pfx___schedule+0x10/0x10
[  826.469525][    C0]  ? find_held_lock+0x2b/0x80
[  826.474247][    C0]  ? schedule+0x2bf/0x390
[  826.478599][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  826.484303][    C0]  schedule+0xdd/0x390
[  826.488403][    C0]  schedule_timeout+0x127/0x280
[  826.493289][    C0]  ? __pfx_schedule_timeout+0x10/0x10
[  826.498694][    C0]  ? __pfx_process_timeout+0x10/0x10
[  826.504066][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  826.509740][    C0]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  826.515849][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  826.521694][    C0]  ? prepare_to_swait_event+0xdf/0x4a0
[  826.527187][    C0]  rcu_gp_fqs_loop+0x1a9/0x900
[  826.531968][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  826.537628][    C0]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  826.542970][    C0]  ? __pfx_rcu_gp_init+0x10/0x10
[  826.547935][    C0]  ? __pfx_rcu_gp_cleanup+0x10/0x10
[  826.553161][    C0]  ? rcu_gp_init+0xd90/0x1480
[  826.557899][    C0]  rcu_gp_kthread+0x179/0x230
[  826.562606][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  826.567824][    C0]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  826.573753][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  826.579594][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  826.585258][    C0]  ? __kthread_parkme+0x18c/0x230
[  826.590332][    C0]  ? kthread+0x13a/0x450
[  826.594593][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  826.599930][    C0]  kthread+0x370/0x450
[  826.604288][    C0]  ? __pfx_kthread+0x10/0x10
[  826.608988][    C0]  ret_from_fork+0x72b/0xd50
[  826.613613][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  826.619216][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  826.624875][    C0]  ? __switch_to+0x800/0x1100
[  826.629603][    C0]  ? __switch_to_asm+0x39/0x70
[  826.634394][    C0]  ? __pfx_kthread+0x10/0x10
[  826.639012][    C0]  ret_from_fork_asm+0x1a/0x30
[  826.643884][    C0]  </TASK>
[  826.646907][    C0] rcu: Stack dump where RCU GP kthread last ran:
[  826.653430][    C0] Sending NMI from CPU 0 to CPUs 1:
[  826.659012][    C1] NMI backtrace for cpu 1
[  826.659038][    C1] CPU: 1 UID: 0 PID: 14721 Comm: syz.5.2757 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  826.659083][    C1] Tainted: [L]=SOFTLOCKUP
[  826.659095][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  826.659115][    C1] RIP: 0010:__sanitizer_cov_trace_pc+0xf/0x70
[  826.659157][    C1] Code: 00 00 00 5b e9 72 71 ef 02 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 65 8b 05 25 40 01 12 48 8b 34 24 <65> 48 8b 15 01 40 01 12 a9 00 01 ff 00 74 1b f6 c4 01 74 07 a9 00
[  826.659189][    C1] RSP: 0018:ffffc90000a08e38 EFLAGS: 00000002
[  826.659215][    C1] RAX: 0000000080010002 RBX: ffff88807b4cf300 RCX: ffffffff81f44941
[  826.659237][    C1] RDX: 0000000000000001 RSI: ffffffff81f44963 RDI: ffff88802f225d00
[  826.659259][    C1] RBP: ffff8880b8528600 R08: 0000000000000001 R09: 0000000000000000
[  826.659286][    C1] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000
[  826.659306][    C1] R13: ffff8880b85284c0 R14: 0000000000000001 R15: 0000000000000000
[  826.659329][    C1] FS:  00007f80009f66c0(0000) GS:ffff888124484000(0000) knlGS:0000000000000000
[  826.659359][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  826.659381][    C1] CR2: 00007f80009f5ff8 CR3: 0000000064d48000 CR4: 0000000000350ef0
[  826.659402][    C1] Call Trace:
[  826.659414][    C1]  <IRQ>
[  826.659425][    C1]  __remove_hrtimer+0xe3/0x440
[  826.659478][    C1]  __hrtimer_run_queues+0x359/0xa00
[  826.659535][    C1]  hrtimer_interrupt+0x3e5/0x940
[  826.659596][    C1]  __sysvec_apic_timer_interrupt+0x10b/0x460
[  826.659643][    C1]  sysvec_apic_timer_interrupt+0x9e/0xc0
[  826.659693][    C1]  </IRQ>
[  826.659704][    C1]  <TASK>
[  826.659715][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  826.659753][    C1] RIP: 0010:_raw_spin_unlock_irqrestore+0x31/0x80
[  826.659801][    C1] Code: f5 53 48 8b 74 24 10 48 89 fb 48 83 c7 18 e8 26 8e 59 f6 48 89 df e8 fe dd 59 f6 f7 c5 00 02 00 00 75 23 9c 58 f6 c4 02 75 37 <bf> 01 00 00 00 e8 f5 a9 49 f6 65 8b 05 3e ed 7e 08 85 c0 74 16 5b
[  826.659834][    C1] RSP: 0018:ffffc9000616fb28 EFLAGS: 00000246
[  826.659858][    C1] RAX: 0000000000000002 RBX: ffffffff9b198118 RCX: 0000000000000000
[  826.659879][    C1] RDX: 0000000000000000 RSI: ffffffff8df1b96f RDI: ffffffff8c1c4400
[  826.659900][    C1] RBP: 0000000000000286 R08: 0000000000000001 R09: 0000000000000000
[  826.659920][    C1] R10: 0000000000000001 R11: 0000000000000000 R12: ffffffff9b197e80
[  826.659940][    C1] R13: 0000000000000005 R14: ffffc9000616fc80 R15: 7fffffffffffffff
[  826.659978][    C1]  __do_adjtimex+0x892/0xe70
[  826.660018][    C1]  ? __pfx___do_adjtimex+0x10/0x10
[  826.660053][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  826.660093][    C1]  ? lockdep_hardirqs_on+0x78/0x100
[  826.660154][    C1]  do_adjtimex+0xa0/0x370
[  826.660194][    C1]  ? __pfx_do_adjtimex+0x10/0x10
[  826.660231][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  826.660293][    C1]  ? __pfx_posix_clock_realtime_adj+0x10/0x10
[  826.660339][    C1]  __do_sys_clock_adjtime+0x177/0x290
[  826.660385][    C1]  ? __pfx___do_sys_clock_adjtime+0x10/0x10
[  826.660449][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  826.660488][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  826.660531][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  826.660570][    C1]  ? rcu_is_watching+0x12/0xc0
[  826.660617][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  826.660660][    C1]  do_syscall_64+0x115/0x870
[  826.660713][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  826.660747][    C1] RIP: 0033:0x7f800279ce59
[  826.660772][    C1] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  826.660805][    C1] RSP: 002b:00007f80009f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000131
[  826.660834][    C1] RAX: ffffffffffffffda RBX: 00007f8002a16090 RCX: 00007f800279ce59
[  826.660856][    C1] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000000
[  826.660876][    C1] RBP: 00007f8002832d6f R08: 0000000000000000 R09: 0000000000000000
[  826.660897][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  826.660916][    C1] R13: 00007f8002a16128 R14: 00007f8002a16090 R15: 00007ffe11375f18
[  826.660952][    C1]  </TASK>
[  970.045589][    C0] watchdog: BUG: soft lockup - CPU#0 stuck for 246s! [kworker/u8:29:10094]
[  970.045626][    C0] Modules linked in:
[  970.045643][    C0] irq event stamp: 1208006
[  970.045656][    C0] hardirqs last  enabled at (1208005): [<ffffffff8b87e77d>] irqentry_exit+0x24d/0x970
[  970.045731][    C0] hardirqs last disabled at (1208006): [<ffffffff8b87d35e>] sysvec_apic_timer_interrupt+0xe/0xc0
[  970.045793][    C0] softirqs last  enabled at (1208004): [<ffffffff81c81812>] __irq_exit_rcu+0x162/0x210
[  970.045857][    C0] softirqs last disabled at (1207941): [<ffffffff81c81812>] __irq_exit_rcu+0x162/0x210
[  970.045927][    C0] CPU: 0 UID: 0 PID: 10094 Comm: kworker/u8:29 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  970.045979][    C0] Tainted: [L]=SOFTLOCKUP
[  970.045993][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  970.046017][    C0] Workqueue: events_unbound toggle_allocation_gate
[  970.046070][    C0] RIP: 0010:__sanitizer_cov_trace_const_cmp4+0x8/0x20
[  970.046112][    C0] Code: bf 03 00 00 00 e9 58 fe ff ff 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 0c 24 <89> f2 89 fe bf 05 00 00 00 e9 2a fe ff ff 66 2e 0f 1f 84 00 00 00
[  970.046149][    C0] RSP: 0018:ffffc9000485f868 EFLAGS: 00000202
[  970.046176][    C0] RAX: 0000000000000001 RBX: 0000000000000001 RCX: ffffffff81fbfbfd
[  970.046200][    C0] RDX: ffff888033ec1f00 RSI: 0000000000000001 RDI: 0000000000000000
[  970.046224][    C0] RBP: ffff8880b85410c0 R08: 0000000000000005 R09: 0000000000000000
[  970.046247][    C0] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000003
[  970.046269][    C0] R13: ffffed10170a8219 R14: 0000000000000001 R15: ffff8880b843c740
[  970.046296][    C0] FS:  0000000000000000(0000) GS:ffff888124384000(0000) knlGS:0000000000000000
[  970.046329][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  970.046354][    C0] CR2: 00007fed0ba2a000 CR3: 000000000e596000 CR4: 0000000000350ef0
[  970.046378][    C0] Call Trace:
[  970.046389][    C0]  <TASK>
[  970.046401][    C0]  smp_call_function_many_cond+0x5ad/0x1700
[  970.046451][    C0]  ? __pfx_do_sync_core+0x10/0x10
[  970.046512][    C0]  ? __pfx_smp_call_function_many_cond+0x10/0x10
[  970.046554][    C0]  ? __pfx_text_poke_memcpy+0x10/0x10
[  970.046614][    C0]  ? __pfx___text_poke+0x10/0x10
[  970.046666][    C0]  ? __pfx_do_sync_core+0x10/0x10
[  970.046716][    C0]  on_each_cpu_cond_mask+0x40/0x90
[  970.046759][    C0]  ? kmem_cache_alloc_from_sheaf_noprof+0x39/0x190
[  970.046817][    C0]  smp_text_poke_batch_finish+0x337/0xc60
[  970.046889][    C0]  ? __pfx_smp_text_poke_batch_finish+0x10/0x10
[  970.046953][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  970.047000][    C0]  ? arch_jump_label_transform_queue+0xc0/0x120
[  970.047060][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  970.047110][    C0]  ? find_held_lock+0x2b/0x80
[  970.047179][    C0]  arch_jump_label_transform_apply+0x1c/0x30
[  970.047239][    C0]  jump_label_update+0x37a/0x550
[  970.047303][    C0]  static_key_enable_cpuslocked+0x1bc/0x270
[  970.047366][    C0]  static_key_enable+0x1a/0x20
[  970.047423][    C0]  toggle_allocation_gate+0xfe/0x2d0
[  970.047478][    C0]  ? __pfx_toggle_allocation_gate+0x10/0x10
[  970.047534][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  970.047583][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  970.047628][    C0]  ? rcu_is_watching+0x12/0xc0
[  970.047680][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  970.047734][    C0]  process_one_work+0xa0e/0x1980
[  970.047800][    C0]  ? __pfx_process_one_work+0x10/0x10
[  970.047845][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  970.047902][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  970.047955][    C0]  worker_thread+0x5ef/0xe50
[  970.048012][    C0]  ? __pfx_worker_thread+0x10/0x10
[  970.048058][    C0]  ? kthread+0x13a/0x450
[  970.048095][    C0]  ? __pfx_worker_thread+0x10/0x10
[  970.048136][    C0]  kthread+0x370/0x450
[  970.048173][    C0]  ? __pfx_kthread+0x10/0x10
[  970.048215][    C0]  ret_from_fork+0x72b/0xd50
[  970.048260][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  970.048305][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  970.048350][    C0]  ? __switch_to+0x800/0x1100
[  970.048402][    C0]  ? __switch_to_asm+0x39/0x70
[  970.048448][    C0]  ? __pfx_kthread+0x10/0x10
[  970.048490][    C0]  ret_from_fork_asm+0x1a/0x30
[  970.048563][    C0]  </TASK>
[  970.048577][    C0] Sending NMI from CPU 0 to CPUs 1:
[  970.463961][    C1] NMI backtrace for cpu 1
[  970.463987][    C1] CPU: 1 UID: 0 PID: 14721 Comm: syz.5.2757 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  970.464034][    C1] Tainted: [L]=SOFTLOCKUP
[  970.464046][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  970.464065][    C1] RIP: 0010:check_preemption_disabled+0x23/0xe0
[  970.464128][    C1] Code: 90 90 90 90 90 90 90 41 54 55 53 48 83 ec 08 65 8b 1d 25 c6 81 08 65 f7 05 16 c6 81 08 ff ff ff 7f 74 0f 48 83 c4 08 89 d8 5b <5d> 41 5c e9 e0 46 88 f5 9c 58 f6 c4 02 74 ea 65 4c 8b 25 de c5 81
[  970.464160][    C1] RSP: 0018:ffffc90000a08ce8 EFLAGS: 00000092
[  970.464186][    C1] RAX: 0000000000000001 RBX: ffffffff9b397338 RCX: 1ffff1100a4aafc2
[  970.464208][    C1] RDX: 0000000000000000 RSI: ffffffff8e00ca7e RDI: ffffffff8c1c4400
[  970.464229][    C1] RBP: ffffffff850110d1 R08: 0000000000000001 R09: fffff5200014119a
[  970.464250][    C1] R10: 0000000000000016 R11: 0000000000000001 R12: ffff88802f225d00
[  970.464271][    C1] R13: ffff88807b4cf300 R14: 0000000000000006 R15: 1ffff920001411b0
[  970.464296][    C1] FS:  00007f80009f66c0(0000) GS:ffff888124484000(0000) knlGS:0000000000000000
[  970.464325][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  970.464347][    C1] CR2: 00007f80009f5ff8 CR3: 0000000064d48000 CR4: 0000000000350ef0
[  970.464368][    C1] Call Trace:
[  970.464380][    C1]  <IRQ>
[  970.464390][    C1]  ? debug_object_activate+0x331/0x490
[  970.464436][    C1]  lock_release+0x9a/0x310
[  970.464478][    C1]  _raw_spin_unlock_irqrestore+0x1a/0x80
[  970.464524][    C1]  debug_object_activate+0x331/0x490
[  970.464569][    C1]  ? __pfx_debug_object_activate+0x10/0x10
[  970.464615][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  970.464656][    C1]  ? do_raw_spin_lock+0x128/0x260
[  970.464700][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  970.464744][    C1]  enqueue_hrtimer+0x75/0x2f0
[  970.464791][    C1]  __hrtimer_run_queues+0x73d/0xa00
[  970.464852][    C1]  hrtimer_interrupt+0x3e5/0x940
[  970.464913][    C1]  __sysvec_apic_timer_interrupt+0x10b/0x460
[  970.464959][    C1]  sysvec_apic_timer_interrupt+0x9e/0xc0
[  970.465006][    C1]  </IRQ>
[  970.465017][    C1]  <TASK>
[  970.465028][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  970.465065][    C1] RIP: 0010:_raw_spin_unlock_irqrestore+0x31/0x80
[  970.465112][    C1] Code: f5 53 48 8b 74 24 10 48 89 fb 48 83 c7 18 e8 26 8e 59 f6 48 89 df e8 fe dd 59 f6 f7 c5 00 02 00 00 75 23 9c 58 f6 c4 02 75 37 <bf> 01 00 00 00 e8 f5 a9 49 f6 65 8b 05 3e ed 7e 08 85 c0 74 16 5b
[  970.465144][    C1] RSP: 0018:ffffc9000616fb28 EFLAGS: 00000246
[  970.465168][    C1] RAX: 0000000000000002 RBX: ffffffff9b198118 RCX: 0000000000000000
[  970.465189][    C1] RDX: 0000000000000000 RSI: ffffffff8df1b96f RDI: ffffffff8c1c4400
[  970.465210][    C1] RBP: 0000000000000286 R08: 0000000000000001 R09: 0000000000000000
[  970.465230][    C1] R10: 0000000000000001 R11: 0000000000000000 R12: ffffffff9b197e80
[  970.465250][    C1] R13: 0000000000000005 R14: ffffc9000616fc80 R15: 7fffffffffffffff
[  970.465285][    C1]  __do_adjtimex+0x892/0xe70
[  970.465326][    C1]  ? __pfx___do_adjtimex+0x10/0x10
[  970.465361][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  970.465400][    C1]  ? lockdep_hardirqs_on+0x78/0x100
[  970.465461][    C1]  do_adjtimex+0xa0/0x370
[  970.465500][    C1]  ? __pfx_do_adjtimex+0x10/0x10
[  970.465537][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  970.465594][    C1]  ? __pfx_posix_clock_realtime_adj+0x10/0x10
[  970.465639][    C1]  __do_sys_clock_adjtime+0x177/0x290
[  970.465683][    C1]  ? __pfx___do_sys_clock_adjtime+0x10/0x10
[  970.465747][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  970.465786][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  970.465833][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  970.465872][    C1]  ? rcu_is_watching+0x12/0xc0
[  970.465916][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[  970.465960][    C1]  do_syscall_64+0x115/0x870
[  970.466011][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  970.466045][    C1] RIP: 0033:0x7f800279ce59
[  970.466070][    C1] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  970.466102][    C1] RSP: 002b:00007f80009f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000131
[  970.466131][    C1] RAX: ffffffffffffffda RBX: 00007f8002a16090 RCX: 00007f800279ce59
[  970.466152][    C1] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000000
[  970.466172][    C1] RBP: 00007f8002832d6f R08: 0000000000000000 R09: 0000000000000000
[  970.466192][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  970.466212][    C1] R13: 00007f8002a16128 R14: 00007f8002a16090 R15: 00007ffe11375f18
[  970.466248][    C1]  </TASK>
[  970.919099][    C0] Kernel panic - not syncing: softlockup: hung tasks
[  970.925819][    C0] CPU: 0 UID: 0 PID: 10094 Comm: kworker/u8:29 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  970.937061][    C0] Tainted: [L]=SOFTLOCKUP
[  970.941388][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  970.951572][    C0] Workqueue: events_unbound toggle_allocation_gate
[  970.958116][    C0] Call Trace:
[  970.961396][    C0]  <IRQ>
[  970.964240][    C0]  dump_stack_lvl+0x100/0x190
[  970.968937][    C0]  vpanic+0x552/0x970
[  970.972969][    C0]  ? __pfx_vpanic+0x10/0x10
[  970.977572][    C0]  ? __entry_text_end+0x1020b5/0x1020b9
[  970.983146][    C0]  ? do_raw_spin_unlock+0x145/0x1e0
[  970.988383][    C0]  panic+0xd1/0xe0
[  970.992121][    C0]  ? __pfx_panic+0x10/0x10
[  970.996551][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  971.002215][    C0]  ? __pfx_printk_trigger_flush+0x10/0x10
[  971.008066][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  971.013740][    C0]  ? wq_watchdog_touch+0xec/0x1a0
[  971.018807][    C0]  ? watchdog_timer_fn.cold+0x5/0x25
[  971.024125][    C0]  ? watchdog_timer_fn+0x702/0x7a0
[  971.029261][    C0]  watchdog_timer_fn.cold+0x16/0x25
[  971.034567][    C0]  ? __pfx_watchdog_timer_fn+0x10/0x10
[  971.040052][    C0]  __hrtimer_run_queues+0x142/0xa00
[  971.045476][    C0]  hrtimer_interrupt+0x3e5/0x940
[  971.050478][    C0]  __sysvec_apic_timer_interrupt+0x10b/0x460
[  971.056492][    C0]  sysvec_apic_timer_interrupt+0x9e/0xc0
[  971.062163][    C0]  </IRQ>
[  971.065099][    C0]  <TASK>
[  971.068033][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  971.074034][    C0] RIP: 0010:__sanitizer_cov_trace_const_cmp4+0x8/0x20
[  971.080858][    C0] Code: bf 03 00 00 00 e9 58 fe ff ff 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 0c 24 <89> f2 89 fe bf 05 00 00 00 e9 2a fe ff ff 66 2e 0f 1f 84 00 00 00
[  971.100578][    C0] RSP: 0018:ffffc9000485f868 EFLAGS: 00000202
[  971.106756][    C0] RAX: 0000000000000001 RBX: 0000000000000001 RCX: ffffffff81fbfbfd
[  971.114738][    C0] RDX: ffff888033ec1f00 RSI: 0000000000000001 RDI: 0000000000000000
[  971.122849][    C0] RBP: ffff8880b85410c0 R08: 0000000000000005 R09: 0000000000000000
[  971.130843][    C0] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000003
[  971.138848][    C0] R13: ffffed10170a8219 R14: 0000000000000001 R15: ffff8880b843c740
[  971.146860][    C0]  ? smp_call_function_many_cond+0x5ad/0x1700
[  971.152972][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  971.158640][    C0]  smp_call_function_many_cond+0x5ad/0x1700
[  971.164568][    C0]  ? __pfx_do_sync_core+0x10/0x10
[  971.169645][    C0]  ? __pfx_smp_call_function_many_cond+0x10/0x10
[  971.176038][    C0]  ? __pfx_text_poke_memcpy+0x10/0x10
[  971.181455][    C0]  ? __pfx___text_poke+0x10/0x10
[  971.186444][    C0]  ? __pfx_do_sync_core+0x10/0x10
[  971.191537][    C0]  on_each_cpu_cond_mask+0x40/0x90
[  971.196801][    C0]  ? kmem_cache_alloc_from_sheaf_noprof+0x39/0x190
[  971.203511][    C0]  smp_text_poke_batch_finish+0x337/0xc60
[  971.209465][    C0]  ? __pfx_smp_text_poke_batch_finish+0x10/0x10
[  971.215750][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  971.221497][    C0]  ? arch_jump_label_transform_queue+0xc0/0x120
[  971.227904][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  971.233763][    C0]  ? find_held_lock+0x2b/0x80
[  971.238587][    C0]  arch_jump_label_transform_apply+0x1c/0x30
[  971.244615][    C0]  jump_label_update+0x37a/0x550
[  971.249687][    C0]  static_key_enable_cpuslocked+0x1bc/0x270
[  971.255708][    C0]  static_key_enable+0x1a/0x20
[  971.260601][    C0]  toggle_allocation_gate+0xfe/0x2d0
[  971.266308][    C0]  ? __pfx_toggle_allocation_gate+0x10/0x10
[  971.272362][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  971.278052][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  971.283719][    C0]  ? rcu_is_watching+0x12/0xc0
[  971.288527][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  971.294239][    C0]  process_one_work+0xa0e/0x1980
[  971.299232][    C0]  ? __pfx_process_one_work+0x10/0x10
[  971.304625][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  971.310301][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  971.315982][    C0]  worker_thread+0x5ef/0xe50
[  971.320623][    C0]  ? __pfx_worker_thread+0x10/0x10
[  971.325796][    C0]  ? kthread+0x13a/0x450
[  971.330063][    C0]  ? __pfx_worker_thread+0x10/0x10
[  971.335225][    C0]  kthread+0x370/0x450
[  971.339317][    C0]  ? __pfx_kthread+0x10/0x10
[  971.343930][    C0]  ret_from_fork+0x72b/0xd50
[  971.348560][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  971.353699][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  971.359362][    C0]  ? __switch_to+0x800/0x1100
[  971.364248][    C0]  ? __switch_to_asm+0x39/0x70
[  971.369042][    C0]  ? __pfx_kthread+0x10/0x10
[  971.373655][    C0]  ret_from_fork_asm+0x1a/0x30
[  971.378495][    C0]  </TASK>
[  972.567988][    C0] Shutting down cpus with NMI
[  972.572950][    C0] Kernel Offset: disabled
[  972.577299][    C0] Rebooting in 86400 seconds..