last executing test programs:

4.7283021s ago: executing program 3 (id=941):
syz_read_part_table(0x5e8, &(0x7f0000000640)="$eJzs3DuIXFUYB/D/vXPn7gw+Jt02FgtpfIARrBQXbSJJJz4aeytZES3EajdopWhtekGMQkhjZaEgQbSzFAKpraxkWQxH7mtmCCLorqDh9yvO4zsf3zl3zm3vhP+3skpKlfyY5Nes2iFaX5qN66/Np8ydodtN8uoYeuXaxecv771QjUupUiU56kfJTr3epb049E32xsjXTT661qa+q/pRMv+yTdPllqQ7ztXl1nEf7NvjrnxTnekPwT/RfFOGK2zzU/+mHFSz7vJ38vHL3fRchhfpQjZX3V1ye0b7X9+/eeXZNP1ey+EcyTyLbnb4wX3liTFvnlJKqXN4fpjvPjVLHnrmwlvbxerZlDwd76tp6VzmW3kZXr1lcnCnbcbok9/fPsyVxTDpKpVxXCX96M1bLz7en6QL1NmuCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAf8TDbz/6bT1Nnuvbat1e+jz1JrVOfl/2o18y67pSnX7/6/s3V++939Z5dz9HbwwF789Qf8txKaXrb3zYT5shOj/9/gd36vaLT7/rnmuRk028Sn44//NxmQ5ya+zfeXqd8vru8pFPHvuL2iflT8O/9W19+rMDAAAAAAAAAAAAAAAAAABw77iRy3sv1bl9kqq666v07a/7F0kp02JZjIP26md9v9OuE6f/BFh/mr96IKVabMp0OaU0XZflv/JI/A1/BAAA//9PhFMJ")
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000280)='./file0\x00', 0x2800000, &(0x7f0000000140)={[{@debug}, {@delalloc}, {@resuid}, {@nodioread_nolock}, {@errors_continue}, {@data_err_ignore}, {@nodiscard}, {@barrier}]}, 0x1, 0xbc8, &(0x7f0000002380)="$eJzs3M9rHNcdAPDvjH7alrtyKaXuxSql2FC6ll1kalOoXVx66aHQXgsW8soIrX8gqTiSdVgl/0BIcg7kEkhiEnyIz74kkGsuiXONySFggmIlEEKiMPtDWku7+mGtNIr8+cDTvDdvZt73q5F23oPdDeC5NZT9SCOOR8SVJKJQ359GRG+11h9RqR23tDg/9u3i/FgSy8v/+SqJJCKeLM6PNa6V1LdH6o3+iPj470n88qX1407Pzk2OlsulqXr79Mz1W6enZ+f+NHF99FrpWunGmXN/GTk7cm74/EjHcv3u84v3v/ndP7+ofP/2D3e/fvXNJC7GQL2vOY961js2FEMrv5Nm3REx2oHr7wdd9Xya80y6Nzkp3eWgAABoK22aw/06CtEVq5O3QnzwSa7BAQAAAB2x3BWxDAAAABxwifU/AAAAHHCN9wE8WZwfa5R835Gwtx5fiojBWv5L9VLr6Y5KddsfPRFx+EkSzR9rTWqn7dhQRDz67Px7WYkWn0PebZWFiPhNq/ufVPMfrH8Sem3+aUQMd2D8oTXtn1P+Fzswft75A/B8enCp9iBb//xLV+Y/0eL5193i2fUs8n7+NeZ/S+vmf6v5d7WZ//17i2Pceev12+36svz/ev8f7zZKNn623VFS2/B4IeK33a3yT1byT9rkf2WLYxR+vF1q15d3/stvRJyM1vk3JBt/P9Hp8Ylyabj2s+UYCx+NvNNu/Lzzz+7/4Tb5b3D/+7N9t566Uvsv9fnf5cv32vVtnn/6ZW/y32qtt77nhdGZmakzEb3Jv9bvP7txvo1jGtfI8j/1+43//1v9/WevCZX630aW+UJ9m7VfXDPm3+7eeX+j/LO1X573/+r2739138tbHOMPH75yql1f8/o3K9n4j5LaWhgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGtKIGIgkLUZEUq2nabEYcSQifhWH0/LN6Zk/jt/8/42rWV/EYPSk4xPl0nBEFGrtJGufqdZX22fXtP8cEcci4rXCoWq7OHazfDXv5AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFhxJCIGIkmLEZFGxFIhTYvFvKMCAAAAOm4w7wAAAACAXWf9DwAAAAef9T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC77NiJBw+TiKhcOFQtmd56X0+ukQG7Lc07ACA3XXkHAOSmO+8AgNxsc41vugAHULJJf3/bnr6OxwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/nXy+IOHSURULhyqlkxvva+n5Rkn9jA6YDeleQcA5KZro87uvYsD2HvP/C9+tLNxAHuv9RofeJ4km/T3rx5Tebqnb9diAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGD/GaiWJC1GRFqtp2mxGHE0IgajJxmfKJeGI+IXEfFpoacva/flHTQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdNz07NzlaLpemnqWS7Ox0FRWVpkqyP8KoVfJ+ZQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA/Ts3OTo+VyaWo670gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAvE3Pzk2OlsulqS1U7m3n4KZK3jkCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJCfnwIAAP//198NMw==")
chdir(&(0x7f00000001c0)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x82400, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="12000000040000000400000005"], 0x50)
r2 = bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000280)={@map=r1, 0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
r3 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
setsockopt$sock_int(r3, 0x1, 0x2e, &(0x7f0000000040)=0x201, 0x4)
r4 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000100)={0x2017be01})
truncate(&(0x7f0000000040)='./file0\x00', 0x1b1c)
ioctl$FS_IOC_ENABLE_VERITY(r0, 0x40806685, &(0x7f0000000a80)={0x1, 0x2, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$FS_IOC_READ_VERITY_METADATA(r0, 0xc0286687, &(0x7f0000000d00)={0x1, 0x5, 0xf8, &(0x7f00000002c0)=""/248})
ioctl$BTRFS_IOC_GET_DEV_STATS(r2, 0xc4089434, &(0x7f0000000000)={<r5=>0x0, 0x4, 0x0, [0x77f, 0x1ff, 0x1, 0x1, 0x4], [0x5, 0x2, 0x2, 0x8, 0x9, 0x7, 0x2400000000000000, 0x336, 0xffffffffffff29ed, 0x2, 0x6, 0xfffffffffffff001, 0x4, 0xfffffffffffffff8, 0x4, 0x3, 0x3, 0x7, 0x8, 0xa, 0x28, 0x6, 0x9, 0x9898, 0x0, 0x0, 0x8622, 0xb86, 0x2, 0x1, 0xa, 0x6, 0x6, 0x9, 0x0, 0x2, 0xf, 0x2, 0x12d4, 0x9b81, 0x8000000000000000, 0x5, 0x8, 0x1, 0x7fffffffffffffff, 0x9, 0xfffffffffffff2a9, 0x6, 0x32e3, 0x4, 0x5, 0xf, 0x3, 0x58b9800, 0xf705, 0xffffffffffffff8e, 0xfffffffffffffff8, 0x9, 0x100000001, 0x10001, 0x5, 0x59, 0x1ff, 0xffffffffffffffff, 0x0, 0x8, 0x6, 0x6b, 0xd, 0x2, 0x5, 0x9, 0x8000000000000000, 0x2, 0xa, 0x2754, 0x8, 0x0, 0x3, 0x5, 0x7, 0x8, 0x3, 0x4, 0x8, 0x4, 0x7fffffffffffffff, 0x34, 0x2, 0x3, 0x9, 0x40, 0x9, 0x4, 0x8, 0x800, 0x800, 0x9, 0x9, 0x8ffe, 0x7fffffffffffffff, 0x6, 0x5, 0x5, 0x1, 0x6, 0x5, 0x0, 0x2, 0x9, 0x4, 0x8000000000000007, 0x101, 0xffffffffffffffff, 0x5, 0x4, 0x7, 0x8, 0xff, 0x8, 0x7]})
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000000c40)={0x0, 0x0, {0x0, @usage, <r6=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000001040)={0x1c, 0x1, {0xff83, @usage=0x9, r5, 0x0, 0xffffffffffffc139, 0x6, 0x3, 0x6, 0xdc, @struct={0x7, 0x4}, 0x1b6, 0x5, [0xab2, 0x38, 0x3, 0x5, 0x0, 0x4]}, {0x7, @struct={0x1, 0xd}, r6, 0x4, 0x81, 0xd, 0xb, 0x7, 0x0, @struct={0x80, 0x6}, 0x5, 0xffff8000, [0x4ace, 0xfffffffffffffa9c, 0x6, 0x3, 0x43, 0x3]}, {0x82, @usage=0x6, 0x0, 0xfd7, 0xffffffff, 0x4, 0x0, 0x4, 0x4aa, @struct={0x2, 0x5}, 0xc9ab, 0xfffffff9, [0x3, 0x3ff, 0xd8b, 0x8, 0x1, 0x5]}, {0xff, 0x9, 0xd7}})

4.446896042s ago: executing program 1 (id=945):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r1=>0x0})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xf, &(0x7f0000000780)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="0000000000000000b7020000140000dab7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000010000008500000084000000b70000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000c40)={r3, r1, 0x25, 0x0, @void}, 0x10)
syz_emit_ethernet(0xd81, &(0x7f0000000c80)=ANY=[], 0x0)

4.431184933s ago: executing program 1 (id=946):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x42001, 0x0)
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
write$cgroup_int(r2, &(0x7f0000000540), 0xfffffdd8)
madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r3 = fcntl$dupfd(r0, 0x0, r1)
ioctl$TCFLSH(r3, 0x400455c8, 0x0)
ioctl$TCFLSH(r0, 0x400455c8, 0x0)
r4 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
r5 = dup(r4)
bind$bt_hci(r5, 0x0, 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000140)={0x0, 0x4000040, 0xfffffff9, 0x7fff, 0x16, "0062ba7d82000000000000000000f7ffffff00"})
r7 = syz_open_pts(r6, 0xc0000)
ioctl$TIOCSTI(r7, 0x5412, &(0x7f0000000100)=0x12)

4.370355003s ago: executing program 3 (id=947):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = gettid()
sched_setscheduler(r1, 0x2, &(0x7f0000000040)=0x556e34e5)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x10, &(0x7f00000008c0)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000000000000850000001c00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x680f0936988f8ccd, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000001280), r7)
sendmsg$IEEE802154_LLSEC_GETPARAMS(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, r8, 0x1, 0x70bd25, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x6000855}, 0x4004)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="5000000010008105e9c51c000000000000000000", @ANYRES32=r5, @ANYBLOB="01000000000000002800128009000100766c616e000000001800028006000100000000000c0002000c0000000d00000008000500", @ANYRES64=r3], 0x50}, 0x1, 0x0, 0x0, 0x80}, 0x0)
r9 = socket$packet(0x11, 0x2, 0x300)
sendto$packet(r9, 0x0, 0x0, 0x0, &(0x7f0000000180)={0x11, 0x9, r5, 0x1, 0x12, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x41}}, 0x14)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000a00)={r2, 0x5, 0xe, 0x0, &(0x7f0000000a80)="9520588da012f38592e7fc9d582e", 0x0, 0x3a, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

4.318366144s ago: executing program 3 (id=948):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x3, 0x13, &(0x7f0000000580)=ANY=[@ANYBLOB="5802000086770000000000000000002020702500000000002020207b1a00fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000004000000850000000600000018010000786c6c25000000000020202050db3f7679ec3e24ae52ce89c7626802c45ad78e9e7005fc3d978c7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001cb5cb7c9500010000000000a82c3f81063cb1530f8cda3137773d369ff2211ab1867866539bb203093f035bcc6babc7ee56ede617c6a21b9cd1d87f50f3d853c03fcc0b6102a9d580991db3ca95c73befc4c8ab00"/256], 0x0, 0x5, 0x0, 0x0, 0x41000, 0xc}, 0x94)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x13, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000f9ffff170100002420702500000000002020207b1af8ff00000000bfa100000000000007010000f8ff7fffb702000008000000b7030000000000228500000094"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x11}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r0, 0x0, 0xfffffffffffffd5f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x1800040, &(0x7f00000001c0)={[{@barrier}, {@nodioread_nolock}, {@noquota}, {@barrier}, {@block_validity}, {@nodioread_nolock}, {@nodelalloc}, {@resuid}, {@errors_remount}]}, 0x1, 0x59c, &(0x7f0000001f80)="$eJzs3U9oHGUbAPBnZrNN/+T70g++Dz6lh6JChdJN0j9aPbVXsVDoQfCiYbMNJZtsySbahIDpvYg9iEov9aYHj4oHD+LFo1cvimeh2KDQ9KArm51N03S3bmI2W7O/H0z2fWdm93nfmX3e7AwzTAB962j9TxrxVERcTCKGNywbiGzh0cZ6qytLxfsrS8UkarVLvySRRMS9laVic/0kez0UEcsR8f+I+CYfcTxd/8h9zUJ1YXFqvFwuzWb1kbnpqyPVhcUTV6bHJ0uTpZlTL7505uzpM2MnxzY2935tYy2/tb7e+PHmuze+e+X2zU8/O7JcfH88iXMxlC3b2I+d1Ngm+Ti3af7pbgTroaTXDWBbclme11PpfzEcuSzrW6ltHBwGd6V5QBfVBiNq6zYUgT6QSHroU83fAfXj3+a0m78/7pxvHIDU466uLBXfiWb8gca5idi/dmxy8NfkoSOT+vHm4d1sKHvS8vWIGB0YePT7n2Tfv+0b3YkG0lVfn2/sqEf3f7o+/kSL8Weoee70b2qOf6vZ+LfaIn6uzfh3scMYv7/+00dt418fjKdbxk/W4yct4qcR8WaH8W+99uXZdstqH0cci9bxm5LHnx8euXylXBpt/G0Z46tjR15u3/+Ig23iN87Z7l9ryMb+78valHbY/y++/fyZ5cfEf/7Zx+//Vtv/QES812H8/9z75NV2y+5cT+7WfwVsdf8nkY/bHcZ/4dzRH7Kis4YAAAAAAAAAALCD0rVr2ZK0sF5O00KhcQ/vf+NgWq5U545frszPTDSueTsc+bR5pdVwo57U62PZ9bjN+slN9VO5LGDuwFq9UKyUJ3rcdwAAAAAAAAAAAAAAAAAAAHhSHNp0//9vubX7/zc/rhrYq9o/8hvY6+Q/9K+H8z/pWTuA3ef/P/StmvyH/iX/oX/Jf+hf8h/6l/yH/iX/oX/JfwAAAAAAAAAAAAAAAAAAAAAAAAAA6IqLFy7Up9r9laVivT4xsDA/VXnrxESpOlWYni8WipXZq4XJSmWyXCoUK9N/9XlJpXJ1NGbmr43MlapzI9WFxTemK/MzzWeKlvJd7xEAAAAAAAAAAAAAAAAAAAD88wytTUlaiMg36mlaKET8KyIOJ5FcvlIujUbEvyPi+1x+sF4f63WjAQAAAAAAAAAAAAAAAAAAYI+pLixOjZfLpdnuFQayUF0M0XlhYCsrR8Tyzjaj/olbflc+24A93nR7o5B7Mr6HT36hh4MSAAAAAAAAAAAAAAAAAAD0qQc3/Xb6jj+62yAAAAAAAAAAAAAAAAAAAADoS+nPSUTUp2PDzw1tXrovWc2tvUbE27cufXBtfG5udqw+/+76/LkPs/kne9F+oFPNPE0jop7HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAPVhcWp8XK5NLvNwmAH6/S6jwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADb8WcAAAD//y4WzlE=")
socket$tipc(0x1e, 0x2, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
syz_mount_image$exfat(&(0x7f0000000000), &(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x10000, &(0x7f0000000140)=ANY=[@ANYBLOB='dmask=00000000000000000000000,dmask=00000000000000000000006,errors=remount-ro,iocharset=cp932,fmask=00000000000000000000001,namecase=1,iocharset=iso8859-14,namecase=1,namecase=1,uid=', @ANYRESHEX=0x0, @ANYBLOB="000056f05a783d1835f92aa062f83cdd5ae339dc4f5a92564d2df5a6adee808aaf6aab7cf44e197f8e3d7050c4e8cc445981117c447071b44d3348512f5ddcbc027b631a636aa0748414b6e5cc6cbe9a6e6547d9d481b0257e9f4da6eed8d5e5c84f3bb8ecbf5c16beb0588dc9046eeb1e9e3dce3d1e3f40a9327a86868d4def88fae1e2"], 0x1, 0x1534, &(0x7f0000000680)="$eJzs3AucjdX6OPDnWWu9Y0jaTXIZ1lrPy04uiySJJMklSZIkyS0haZIjCYkht6QhCcllSC5DSC4Tk8b9fr8kJEmTJLnllqz/Z2L+6tT5d87vdPL7H8/389mfWc+s/az3eeeZvffa72y+7TS4esMaVeoTEfxb8MKXRACIBYD+AHANAAQAUDaubFzmfHaJif/eQdif6+GUy10Bu5y4/1c27v+Vjft/ZeP+X9m4/1c27v+Vjft/ZeP+M3Yl2zg1/7V8u3JvfP3/Ssav//9FMkqO/nJ1yes7A8T8sync////4b+Ry/3/rxX8M3fi/v9X+8PtFvf/ShV7uQtg/wvw4/9KkO0fznD/r2zcf8auZL+8FhwLl/969F99g8h/8m8gvseFn/LlP89/eP6MMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxthf4LS/RAFA1vhy18UYY4wxxhhjjLE/j892uStgjDHGGGOMMcbYfx6CAAkKAoiBbBAL2SEHCICYrPlrIQ6ug9xwPeSBvJAP8kM8FICCoMGABYIQCkFhiMINUARuhKJQDIpDCXBQEkrBTVAaboYycAuUhVuhHNwG5aEC3A4V4Q6oBHdCZbgLqsDdUBWqQXWoAfdATbgXasF9UBvuhzrwANSFB6EePAT14WFoAI9AQ3gUGsFj0BiaQFNoBs3/R/kvQjd4CbpDD0iEntALXobe0Af6Qj/oD6/AAHgVBsJrkASDYDC8DkPgDRgKb8IwGA4j4C0YCW/DKBgNY2AsJMM4GA/vwAR4FybCJJgMUyAFpsI0eA+mwwyYCe/DLPgAZsMcmAvzIBU+hPmwANLgI1gIH0M6LILFsASWwjJYDitgJayC1bAG1sI6WA8bYCNsgs2wBbbCNtgOn8AO+BR2wi7YDZ/BHvj8X8w/9Xf5nREQUKBAhQpjMAZjMRZzYA7MiTkxF+bCCEYwDuMwN+bGPJgH82E+jMd4LIgF0aBBQsJCWAijGMUiWASLYlEsjsXRocNSWApL481YBstgWSyL5bAclscKWAErYkWshJWwMlbGKlgFq2JVrI7V8R68B3tiLayFtbE21sE6WZensD7WxwbYABtiQ2yEjbAxNsam2BSbY3NsgS2wJbbE1tga22AbbIttMQETsB22w/bYHjtgB+yIHbETdsLO2AW7ZLyYDfAlfAl7YFXRE3thL+yNSdn6Yj/sh6/gAHwVX8XXMAkH4WB8HV/HN3AonsRh54fjCByBlcTbOApHI4mxmIzJOB7H4wScgBNxEk7CKZiCU3EaTsPpOANn4Ps4Cz/AD3AOXgUAqZiK83EBpmEaLsRTmI6LcDEuwaW4DJfiClyJK3A1rsHVuA7X4QbcgJtwE27BLbgNt+EnqADwU9yFuzAJ9+Ae3It7cR/uw/24HzMwAw/gATyIB/EQHsLDeBiP4FE8hkfxBJ7Ak3gKT+NpPItn8Rw+H/91g0+KrUoCkUkJJWJEjIgVsSKHyCFyipwil8glIiIi4kScyC1yizwij8gn8ol4ES8KioLCCCNIhJnPFCIqoqKIKCKKiqKiuCgunHCilCglSovSoowoI8qKW0U5cZsoLyqIVq6iqCgqidausrhLVBFVRFVRTVQXNUQNUVPUFLVELVFb1BZ1RB1RVzwo6ome2BcfFpmdaSgGYSMxGBuLJkJefIZqIYZiS9FKtBZPiuE4DNuKFi5BPCPaiVHYXvxNjMbnREcxFjuJF0Rn0UV0FS+KbqKl6y56iInYU/QSU7C36CP6in5iOlYT7+Os7NXFayJJDBKDxetiHr4hhoo3xTAxXIwQb4mR4m0xSowWY8RYkSzGifHiHTFBvCsmiklispgiUsRUMU28J6aLGWKmeF/MEh+I2WKOmCvmiVTxoZgvFog08ZFYKD4W6WKRWCyWiKVimVguVoiVYpVYLdaItWKdWC82iI1ik9gstoitYpvYLj4RO8SnYqfYJXaLz8Qe8bnYK74Q+8SXYr/4SmSIr8UB8Y04KL4Vh8R34rD4XhwRR8UxcVycED+Ik+KUOC3OiLPiR3FO/CTOCy9AohRSSiUDGSOzyViZXeaQV8mcMsh6/pdx8jqZW14v88i8Mp/ML+NlAVlQammklSRDWUgWllF5gywib5RFZTFZXJaQTpaUpeRNsrS8WZaRt8iy8lZZTt4my8sK8nZZUd4hK8k7JUQuHKOqrCaryxryHpkI98pa8j5ZW94v68gHZF35oKwnH5L15cOygXxENpSPykbyMdlYNpFNZTPZXD4uW8gnZEvZSraWT8o28inZVj4tE+Qzsp30F39FnpMd5fOyk3xBdpZdZFf5kzwvvewue0joCbKXfFn2ln1kX9lP9pevyAHyVTlQviaT5CA5WL4uh8g35FD5phwmh8sR8i05Ur4tR8nRcowcK5PlODleviMnyHflRDlJTpZTZIqcKvteXGmmlH+Y/87v5A/8+egb5Ea5SW6WW+RWuU1ul5/IHXKH3Cl3yt1yt9wj98i9cq/cJ/fJ/XK/zJAZ8oA8IA/Kg/KQPCQPy8PyiDwqz8jj8oT8QZ6Up+QpeUaelWfluYs/A1CohJJKqUDFqGwqVmVXOdRVKqe6WuVS16iIulbFqetUbnW9yqPyqnwqv4pXBVRBpZVRVpEKVSFVWEXVDXjxF0YVVyWUUyVVKXXTv5KviqgbVVFV7Ff5WfUl/oP6mqvmqoVqoVqqlqq1aq3aqDaqrWqrElSCaqfaqfaqveqgOqiOqqPqpDqpzqqz6qq6qm6qm+quuqtElah6qZdVb9VH9VX9VH/1isg8h4FqoEpSSWqwGqyGqCFqqBqqhqlhaoQaoUaqkWqUGqXGqDEqWSWr8Wq8mqAmqIlqopqsJqsUlaKmqWlqupquZqqZapaapWar2WqumqtSVaqar+arNJWmFqqFKl0tUovUErVELVPL1Aq1Qq1Sq9QatUatU+tUutqoNqrNarPaqraq7Wq72qF2qJ1qp9qtdqs9ao/aq/aqfWqf2q/2qwyVoQ6oA+qgOqgyz+GwOqyOqCPqmDqmTqgT6qQ6qU6r0+qsOqvOqXPqvDqfue0LRCACFaggJogJYoPYIEeQI8gZ5AxyBbmCSBAJ4oK4IHdwfZAnyBvkC/IH8UGBoGCgAxPYQFxsejS4ISgS3BgUDYoFxYMSgQtKBqWCm4LSwc1BmeCWoGxwa1AuuC0oH1QIbg8qBncElYI7g8rBXUGV4O6galAtqB7UCO4Jagb3BrWC+4Lawf1BneCBoG7wYFAveCioHzwcNAgeCRoGjwaNgseCxkGToGnQLGj+p67v/cm8T7juuodO1D11L/2y7q376L66n+6vX9ED9Kt6oH5NJ+lBerB+XQ/Rb+ih+k09TA/XI/RbeqR+W4/So/UYPVYn63F6vH5HT9Dv6ol6kp6sp+gUPVVP0+/p6XqGnqnf17P0B3q2nqPn6nk6VX+o5+sFOk1/pBfqj3W6XqQX6yV6qV6ml+sVeqVepVfrNXqtXqfX6w16o96kN+steqveprfrT/QO/aneqXfp3fozvUd/rvfqL/Q+/aXer7/SGfprfUB/ow/qb/Uh/Z0+rL/XR/RRXUYf1yf0D/qkPqVP6zP6rP5Rn9M/6fPaZ27uM1/ejTLKxJgYE2tiTQ6Tw+Q0OU0uk8tETMTEmTiT2+Q2eUwek8/kM/Em3hQ0BU0mMmQKmUImaqKmiCliipqiprgpbpxxppQpZUqb0qaMKWPKmrKmnClnypvy5nZzu7nD3GHuNHeau8xd5m5zt6lmqpkapoapaWqaWqaWqW1qmzqmjqlr6pp6pp6pb+qbBqaBaWgamkamkWlsGpumpqlpbpqbFqaFaWlamtamtWlj2pi2pq1JMAmmnWln2pv2poPpYDqajqaT6WQ6m86mq+lqupluprvpbhJNoullepneprfpa/qa/qa/GWAGmIFmoEkySWawGWyGmCFmqBlqhpnhZkTmRtW8bUaZ0WaMGWuSTbIZb8abCWaCmWgmmslmskkxKWaamWamm+lmpplpZplZZraZbeaauSbVpJr5Zr5JM2lmoVlo0k26WWwWm6VmqVlulpuVZqVZbVabtbDWrDfrzUaz0Ww2m81Ws9VsN9vNDrPD7DQ7zW6z2+wxe8xes9fsM/vMfrPfZJgMc8AcMAfNQXPIHDKHzWFzxBwxx8wxc8KcMCfNSXPanDZnTd6Lr5fexNrsNoe9yua0V9tc9hr793E+m9/G2wK2oNU2j837q9hYa4vaYra4LWGdLWlL2Zt+E5e3FezttqK9w1ayd9rKv4lr2nttLXufrW3vtzXsPb+K69gHbF37qK2HCGCb2Aa2mW1oH7WN7GO2sW1im9pmto19yra1T9sE+4xtZ5/9TTzfLrAr7Sq72q6xO+0ue9qesQftt/as/dF2tz1sf/uKHWBftQPtazbJDvpNPMK+ZUfat+0oO9qOsWN/E0+2U2yKnWqn2ffsdDvjN3Gq/dDOsml2tp1j59p5P8eZNaXZj+xC+7FNtwEstkvsUrvMLrcr/m+tS+w6u95usDvsp3az3WK32m12e9ZG2O6yu+1ndo/93B6w39h99ku73x6yGfbrn+PM8ztkv7OH7ff2iD1qj9nj9oT9QWVlZ577cfuTPW+9BUICkqQooBjKRrGUnXLQVZSTrqZcdA1F6FqKo+soN11PeSgv5aP8FE8FqCBpMmSJKKRCVJiidANllVecSpCjklSKbqLSdDOVoVuoLN1K5eg2Kk8V6HaqSHdQJbqTKtNdVIXupqpUjapTDbqHatK9VIvuo9p0P9WhB6guPUj16CGqTw9TA3qEGtKj1Igeo8bUhJpSM2pOj1MLeoJaUitqTU9SG3qK2tLTlEDPUDt6ltrT36gDPUcd6XnqRC9QZ+pCXelF6kYvUXfqQYnUk3rRy9Sb+lBf6kf96RUaQK/SQHqNkmgQDabXaQi9QUPpTRpGw2kEvUUj6W0aRaNpDI2lZBpH4+kdmkDv0kSaRJNpCqXQVJpG79F0mkEz6X2aRR/QbJpDc2kepdKHNJ8WUBp9RAvpY0qnRbSYltBSWkbLaQWtpFW0mtbQWlpH62kDbaRNtJm20FbaRtvpE9pBn9JO2kW76TPaQ5/TXvqC9tGXtJ++ogz6mg7QN3SQvqVD9J3vQd/TETpKx+g4naAf6CSdotN0hs7Sj3SOfqLz5AlCDEUoQxUGYUyYLYwNs4c5wqvCnOHVYa7wmjASXhvGhdeFucPrwzxh3jBfmD+MDwuEBUMdmtCGFIZhobBwGA1vCIuEN4ZFw2Jh8bBE6MKSYanwprB0eHNYJrwlLBveGpYLbwvLhxXCR++vGN4RVgrvDCuHd4VVwrvDqmG1sHpYI7wnrBneG9YK7wtrh/eHZcIHwrrhg2G98KGwfvhw2CB8JGwYPho2Ch8LG4dNwqZhs7B5+HjYInwibBm2CluHV4VtwqfCtuHTYUL4TNgufPbn+QcWZM0/+Zv5xLBn2Ct8OXw59P4+OTc6L5oa/TA6P7ogmhb9KLow+nE0Pboouji6JLo0uiy6PLoiujK6Kro6uia6Nrouuj66Iep9jWzg0AknnXKBi3HZXKzL7nK4q1xOd7XL5a5xEXeti3PXudzuepfH5XX5XH4X7wq4gk4746wjF7pCrrCLuhtcEXejK+qKueKuhHOupCvlmrnmrrlr4Z5wLV0r19o96Z50T7mn3NPuafeMa+eede3d31wH95zr6J53z7sXXGfXxXV1L7publyuC4/JRNfL9XK9XW/X1/V1/V1/N8ANcAPdQJfkkpx0g90QN8QNdUPdMDfMjXAj3Eg30o1yo9wYN8Ylu2Q33o13E9wEN9FNdJPdZJfiUtw0N81Nd9NdpRkXjjLbzXZz3VyX6lLdfJe5Z0xzC91Cl+7S3WK32C11S91yt9ytdCvdarfarXVr3Xq33m10G91mt9ltdVvddrfd7XA73E5/zYVF3R631+11+9w+t9995TLc1+6A+8YddN+6Q+47d9h97464o+6YO+5OuB/cSXfKnXZn3Fn3ozvnfnLnnXfJkXGR8ZF3IhMi70YmRiZFJkemRFIiUyPTIu9FpkdmRGZG3o/MinwQmR2ZE5kbmRdJjXwYmR9ZEEmLfBRZGPk4kh5ZFFkcWRJZGlkW8b7A5tAX8oV91N/gi/gbfVFfzBf3JbzzJX0pf5MvfaHudO9v9eX8bb68r5AN/GO+sW/im/pmvrl/3LfwT/iWvpVv7Z/0bfxTvq1/2if4Z3w7/6xv7//mO/jnfEf/vO/kX/CdfRff1b/ou/mXfHffwyf6nr6Xf9n39n18X9/P9/ev+AH+VT/Qv+aT/CA/2L/uh/g3/FD/ph/mh/sRMW/5kVlvkWGsT/bj/Hj/jp/g3/UT/SQ/2U/xKX6qn+bf89P9DD/Tv+9n+Q/8bD/Hz/XzfKr/0M/3C3ya/8gv9B/7dL8o66KxX+5X+JV+lV/t1/i1fp1f7zf4jX6T3+y3+K1+m9/uP/E7/Kd+p9/ld/vP/B7/ud/rv/D7/Jd+v//KZ/iv/QH/jT/ov/WH/Hf+sP/eH/FH/TF/3J/wP/iT/pQ/7c/4s/5Hf87/5M/zv1ljjDHGGPunjLs0FL+euXA5v+fv5Ihf3LkXAFy9JX/GL+czd5Rr81wY9xHxsZlfn+nR6eGsW9WqiYmJF++bLiEoPAcg6y9BmX7+6MHFeBG0hqcgAVpB6d+tv4/ocpb+YP3orQA5fpGTWVBWfGn9LwAw8XfWf/zJEfPLhafj/h/rzwEoWvhSTna4FC+C1j9fX2kFZf5B/Xlb/EH92b9MBmj5i5yccCm+VH8peAKehYRf3ZMxxhhjjDHGGLugj7i9Q9b7z6xPfP7e+/N4dSknG1yK/+j9OWOMMcYYY4wxxi6/57p0ffrxhIRWHf71QeX/UdY/PWgE/6mVefC7A+8Bsr6jAODfXBAgcyD/yrPY9JccK+niQ+fvp5ae8QH872jlnzG4zE9MjDHGGGOMsT/dpU3/r7+vLldBjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcbYFeiv+O/ELvc5MsYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY5fb/wkAAP//Czn2iw==")
openat$incfs(0xffffffffffffff9c, &(0x7f0000000a40)='.pending_reads\x00', 0x842, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108)
r1 = socket(0x1e, 0x4, 0x0)
getsockopt$TIPC_DEST_DROPPABLE(r1, 0x10f, 0x81, 0x0, &(0x7f0000000080))
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0xd, &(0x7f0000000f80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000001007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000009e00000095"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
getpid()
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x7)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x4480, &(0x7f00000003c0)=ANY=[@ANYBLOB="0096397bb229f118b1f6c334ff95e9d57079d2a61ef7526c03c3a0d9cd515719956a0e5922340c97beade3e691744c236c61868da817036b0bab4516cc735ee856ef073c7b0b540347b358404ebe8e0c22e3a8a3caad47889d996a07d6988b211450783f4fdfbb8ae60572ea3bb70fb29560525b"], 0x83, 0x22e, &(0x7f0000000940)="$eJzs2r+LHGUYB/BnzguJFy674i8SEF+0UJsht7VFDk1AXFA0K0RBMvFmddlx99hZDlbEXKWtf4K1WNoJktLmQPwLLOyuuTKFOJLb87IJJyJiNujn08wD73zheXmHl6eY/Ze//HjYr/N+MY2VLIuVS7Ebt7Nox0r8YTdeeuHaD8+8fe3d1ze73ctvpXRl8+pGJ6V07tnv3/v0m+duTc++8+25707HXvv9/YPOL3tP7Z3f/+3qR4M6Deo0Gk9TkW6Mx9PiRlWmrUE9zFN6syqLukyDUV1O7lnvV+Pt7VkqRlvra9uTsq5TMZqlYTlL03GaTmap+LAYjFKe52l9Lfgnel/fbpo4aE5dj6ZpHv0qzt6K9Z+jFdljKXv8Uvbk9ezp3ez8QdO0lt0q/wrn//+2cKmfiai+2Ont9ObP+fqrP8YgqijjYrTi17jzmRyZ11de616+mA614/Pq5lH+5qneI4f5zf5RfiNa0T45vzHPp8X8Tu90rC3mO9GKJ07Od07Mn4kXn1/I59GKnz6IcVSxFXeyd/OfbaT0yhvd+/IXDt8DAPivydOx9r3zz3x+y/M/W5/nj+erv54P75uvVuPC6nL3TkQ9+2RYVFU5URwXq/FQtKFQLLFY9s3Eg3D30JfdCQAAAAAAAAAAAH/Hg/idcNl7BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHm6/BwAA//+HytTx")
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000b, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
syz_clone3(&(0x7f000000dd80)={0xa00400, 0x0, 0x0, 0x0, {0x13}, 0x0, 0x0, 0x0, 0x0}, 0x58)
nanosleep(&(0x7f0000000000)={0x77359400}, 0x0)
syz_clone3(&(0x7f000000dd80)={0xa04400, 0x0, 0x0, 0x0, {0x12}, 0x0, 0x0, 0x0, 0x0}, 0x58)
socket$inet_tcp(0x2, 0x1, 0x0)

3.880052329s ago: executing program 4 (id=949):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
unshare(0x400)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40e41, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'syzkaller1\x00', 0xc201})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = dup(r2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
write$tun(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="001c86dd0700100000001400000060ecb7000fc83c00fe800000000000000000000000005daaff020000000000000000000000000001", @ANYRESOCT], 0xffe)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, 0x0, 0x0)

3.879717329s ago: executing program 4 (id=950):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000)={0x1, 0x4}, 0x4)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x2}, 0x4)
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYRESOCT=r0, @ANYRES32=r2, @ANYRES32=r3, @ANYRESDEC=r2, @ANYRESOCT=0x0, @ANYRESHEX=r1], 0x48}, 0x1, 0x0, 0x0, 0x4600}, 0xff79280d5b531ca1)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x301880, 0x20d)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x5c}}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="1f00000000000000000000000010"], 0x48)
clock_gettime(0x0, &(0x7f00000002c0)={<r6=>0x0, <r7=>0x0})
pselect6(0x40, &(0x7f0000000180)={0x9, 0x4, 0xd, 0x8, 0x7fff, 0xffffffff, 0x3ff}, &(0x7f0000000200)={0x7, 0x5, 0x5, 0x7ff, 0x8000, 0x2, 0x8, 0x9}, 0x0, &(0x7f0000000340)={r6, r7+60000000}, &(0x7f00000003c0)={&(0x7f0000000380), 0x8})
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, r9)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r8)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r10, @ANYBLOB="796100000000000000007e000000080003002cd3479855eb0a9d9be015fd13561cbe70c71374d43ec45a87bff181acf04afdfce6bbd3e8a4c9240b470851a7d09bce7fbfd92b7cc82a2833b28def980b587ffd34650827634816efe7407baed235a431009f2d20075b5f3bd58273e0ba773183af4305e30501bb45d3f9b7dac5b6d2e7d4064e503f63257006497bf1876c1995845b204f6b82c1926bb03b749db3f51135db3cb9139cc62b1e0830d83a6dac0d677238062267d4b74802c2e098", @ANYRES32=0x0, @ANYBLOB], 0x1c}}, 0x4000054)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000300)={'ip6tnl0\x00', &(0x7f00000002c0)=@ethtool_wolinfo={0x5, 0x2, 0xff, "dc461208fbd4"}})

3.194745446s ago: executing program 3 (id=952):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0)
syz_usb_connect(0x3, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000d44ebb40ec188832cf690102030109021b00010000000009040000010e01000009050503"], 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x40300, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_NMI(r2, 0xae9a)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x23c}}, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x7f, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x401, 0x0, 0x7, 0x0, 0x5, 0x8, 0x2, 0xffffffffffffffff], 0x0, 0x200})
ioctl$KVM_TRANSLATE(0xffffffffffffffff, 0xc018ae85, &(0x7f0000000040)={0x200000, 0xf000, 0x70, 0x3, 0x4})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
keyctl$clear(0x11, 0xfffffffffffffffd)
timer_create(0x3, 0x0, &(0x7f0000000300))
setrlimit(0xf, &(0x7f0000000000)={0x2, 0x439eda03})
timer_settime(0x0, 0x42a28f29afc7695a, &(0x7f000006b000)={{0x77359400}, {0x0, 0x3938700}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
socket(0x10, 0x3, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2.956037729s ago: executing program 4 (id=953):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000980)={[{@grpjquota}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1}}, {@i_version}, {@norecovery}, {@discard}, {@sb={'sb', 0x3d, 0x2}}, {@noload}, {@usrquota}, {@noauto_da_alloc}]}, 0xfe, 0x54d, &(0x7f0000000400)="$eJzs3d9rW1UcAPDvTdv96nQdjKE+SGEPTubStfXHBB/mo+hwoO8ztHdlNFlGk461Dtwe3IsvMgQRB+If4LuPw3/Av2KggyGj6IMvkZvedNmatFmXrZn5fOC259x703NPzv2enpOTkACG1mT2oxDxakR8m0Qcajs2GvnByfXz1h5cm8u2JBqNz/5KIsn3tc5P8t/jeeaViPjt64gThc3l1lZWF0vlcrqU56fqlctTtZXVkxcrpYV0Ib00Mzt7+p3Zmfffe7dvdX3z3D8/fHrno9PfHFv7/pd7h28lcSYO5sfa6/EUrrdnJmMyf07G4sxjJ073obBBkuz2BbAjI3mcj0XWBxyKkTzqgf+/ryKiAQypRPzDkGqNA1pz+z7Ng18Y9z9cnwBtrv/o+msjsa85NzqwljwyM8rmuxN9KD8r49c/b9/Ktujf6xAA27p+IyJOjY5u7v+SvP/buVM9nPN4Gfo/eH7uZOOftzqNfwob45/oMP4Z7xC7O7F9/Bfu9aGYrrLx3wcdx78bi1YTI3nupeaYbyy5cLGcZn3byxFxPMb2Zvmt1nNOr91tdDvWPv7Ltqz81lgwv457o3sffcx8qV56mjq3u38j4rWO499ko/2TDu2fPR/neizjaHr79W7Htq//s9X4OeKNju3/cEUr2Xp9cqp5P0y17orN/r559Pdu5e92/bP2P7B1/SeS9vXa2pOX8dO+f9Nux3Z6/+9JPm+m9+T7rpbq9aXpiD3JJ5v3zzx8bCvfOj+r//FjW/d/ne7//RHxRY/1v3nkZtdTB6H955+o/Z88cffjL3/sVn5v7f92M3U839NL/9frBT7NcwcAAAAAAACDphARByMpFDfShUKxuP7+jiNxoFCu1uonLlSXL81H87OyEzFWaK10j7e9H2I6fz9sKz/zWH42Ig5HxHcj+5v54ly1PL/blQcAAAAAAAAAAAAAAAAAAIABMd7l8/+ZP0Z2++qAZ85XfsPw2jb++/FNT8BA8v8fhpf4h+El/mF4iX8YXuIfhpf4h+El/mF4iX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoq3Nnz2ZbY+3BtbksP39lZXmxeuXkfFpbLFaW54pz1aXLxYVqdaGcFueqle3+XrlavTw9E8tXp+pprT5VW1k9X6kuX6qfv1gpLaTn07HnUisAAAAAAAAAAAAAAAAAAAB4sdRWVhdL5XK6JCGxo8ToYFyGRJ8Tu90zAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBD/wUAAP//y284sw==")
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000500)=@gettclass={0x24, 0x2a, 0x1, 0x70bd2b, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x7, 0xfff1}, {0x9, 0x5}, {0xa, 0x6}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000050}, 0x2000c8d1)
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[], 0x48)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
syz_mount_image$vfat(&(0x7f00000005c0), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="73686f72746e616d653d6c6f7765722c636865636b3d7374726963742c6e6f6e756d7461696c3d302c726f6469722c757466383d312c696f636861727365743d63703433372c757466383d312c756e695f786c6174653d302c757466383d312c6e6f6e756d7461696c3d302c73686f72746e616d653d6d697865642c636f6465706167653d313235302c757466383d302c73686f72746e616d653d6d697865642c757466383d302c73686f72746e616d653d6d697865642c002e781c628171dbd0b848bd227a710ed569eeab84fb1950f82200ab887fe644e7fb85b02e4aae3f1ae0a36f639902642ab649068cfe43db32164676c9fa130a8e69f0a55181fc24aea12bfd4b8882ae4454db5444745ec3188e05c73679c77c0767c9ea433e694900153b72"], 0x1, 0x38c, &(0x7f00000015c0)="$eJzs3U+IW8UfAPBv+pLdTeHX3cMPioISvQm69A8eFA9byhaKuaiEVg9isFuUzVrYYHB7aLpexKPgUUHwIh704KFnERTx5sGrVbQqHrS3gsWRJC/Ja5PdrtRtXfx8DuWb78y8mXmdTd6+R2ZfuJ5Wz1Ti7NWrV2JurhTlpeNLca0UC5HF0MWYNDMlBwDsDddSit/TwCiZTYnGSndoaADALul9/qduMfP659vVTz79AWDPy3//r25XZ24y9eMTvX/P7d64AIDdM3H//8Fx2f2Dx/yFR/3lqQ8EAIC95Zlnn3vyWD3i6WptLmLtjU6j04jHx+XHzsbL0YqVOBTzcT1icKGQUjr9ff/FiZP15UO1Wq0bPy1EIyLe6zQi1rqdxuBK4VjWbz8bh2M+FvL2+dVGSik78Ul9+XCtLyIudvv9x1qp06jE/rz/b/fHShyJWvx/on3EyfrykVp+gMbasH03YnN836I3/sWYj69fjHPRijPVU5HS8LKmvnzhcK12PNVvaN9pzMaZ0VmYcgcEAAAAAAAAAAAAAAAAAAAAAABuw2JtZGG0/00a79+zuDilvL8/zqB9vj/Q5mB/oDSbIqXfXnuk8WY22KtnuD/QzfvzdBrl2Hd3pw4AAAAAAAAAAAAAAAAAAAD/Gu2NmWi2Wivr7Y3zq8Wgu97e2BcRvcwrX370WTUm69wiKOd9FIpqeer8ajNlw8opu6FOHmS9zoeZDy+NRlysMzuaxdRh9IrbM1vU+d8DP7wzztyXDY/857hOFtMnmN00jGFQiYi1AxFRjRgVVcZT3vKMHc2DI7c4q5dTSlsd58Lzk62iFFH++/9x2wepF3xx5aV7jrYPPtrPfJoGHnp4/tTlt9//ZbXZ6vXc0/pgZr19Pa0289fTF9tKqbxFp1lh/ZTyc1gqroTydkPdvDHTzL759fS9b321s5mmYubVKXWywXQ+Xm9vlPKflH7RzCDo5W5qVW2dzCLOL0XxOJUpi//2gqmL7eC7S81LF777eafHKbxJjDfqqP7T7z8AAAAAAAAAAAAAAAAAAMBY4bviufzLvpXtWj32VB7M7e7oAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODOGP/9/0KwOZHZSfBHNyaLZlfW2xEH7vY0AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4j/srAAD//x9pY8c=")
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
connect$unix(0xffffffffffffffff, &(0x7f0000000040)=@file={0x0, './file1\x00'}, 0x6e)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x200000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x67, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs={0x1, 0x0, 0xffffffff}, 0x6e)
socket$inet(0x2, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)

2.932652238s ago: executing program 4 (id=954):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000)={0x1, 0x4}, 0x4)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x2}, 0x4)
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYRESOCT=r0, @ANYRES32=r2, @ANYRES32=r3, @ANYRESDEC=r2, @ANYRESOCT=0x0, @ANYRESHEX=r1], 0x48}, 0x1, 0x0, 0x0, 0x4600}, 0xff79280d5b531ca1)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x301880, 0x20d)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x5c}}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="1f00000000000000000000000010"], 0x48)
clock_gettime(0x0, &(0x7f00000002c0)={<r6=>0x0, <r7=>0x0})
pselect6(0x40, &(0x7f0000000180)={0x9, 0x4, 0xd, 0x8, 0x7fff, 0xffffffff, 0x3ff}, &(0x7f0000000200)={0x7, 0x5, 0x5, 0x7ff, 0x8000, 0x2, 0x8, 0x9}, 0x0, &(0x7f0000000340)={r6, r7+60000000}, &(0x7f00000003c0)={&(0x7f0000000380), 0x8})
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, r9)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r8)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000300)={'ip6tnl0\x00', &(0x7f00000002c0)=@ethtool_wolinfo={0x5, 0x2, 0xff, "dc461208fbd4"}})
socket$nl_audit(0x10, 0x3, 0x9)

2.248327256s ago: executing program 0 (id=956):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r1=>0x0})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xf, &(0x7f0000000780)=ANY=[@ANYBLOB="18000000020000000000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7020000140000dab7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000010000008500000084000000b70000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000c40)={r3, r1, 0x25, 0x0, @void}, 0x10)
syz_emit_ethernet(0xd81, &(0x7f0000000c80)=ANY=[], 0x0)

2.248182116s ago: executing program 0 (id=957):
r0 = syz_open_dev$evdev(&(0x7f0000000100), 0x2, 0x401)
ioctl$EVIOCSREP(r0, 0x40084503, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
connect$tipc(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'})
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x871ac4b30833d133}, 0x0)
r6 = fsopen(&(0x7f0000000140)='binder\x00', 0x0)
fsmount(r6, 0x0, 0x0)
r7 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) (fail_nth: 1)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r7)
ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f0000000400)={0x0, 0x1, 0x4, 0x16, 0xa8, &(0x7f0000000000)="c56953723dd02f83b5dc1ad4ff3ec8e85022bec6fc058c33920044c9588d2cc972a0e06f437b0ef6f65a9faeae1c99dc695c7e51cbb0957a40b7cce9c00352320a147dcf093d45c6de7cd12beff8bf8d668545bdae8c41ab0bc141fb5eee1387f3b4cba8de8d243f44e49d319850d28681b1c044f6402097dd08b4a800a552be1aa838820c9509594d25b86bf5dff2b176927717a96a8966b3bea926e3b76b3069716bf36bf40d68a629a47910d29d4dd265ddf8c995fe058261951d2f6f3d7b6921d5a32f8e5c27a0d8fbfbf321d41cf1ae304f62d84e489dc8ffa6229b0999c0771a7ead019dabd75973ad11a2535eb83d075a0069ac9358aaf67a2942cc350f9ad75b80fb9ad690353179a767ddee05d8bf0d3d3b0e4ccf7a2c241876e351039d36e204ac9dd0282b07139e4398a889fbd9933127b20470aa48a11c96eb3753cd3d55a8fa9b97912441a4a45454d43172f9de9115cb2134611399bb75b67a86dfaac5dd4a36ecd48c4922c31bbb6b57f5232454cb8ec63925ef21644a1752020bd687e2cb52874da0a3ec3af3ac9b267adaddf8557c6696ce17796e33223af7338b44c23cf0d15a246cc1a80192108e3d6daa7f6319eb6f660ad04d8ec3d8566d108340ba8481b0f5a1a0471dd69f8badb37cf688e13c90f5e2149f1943289513b878a31eea169c3503c2beb529b07d82744f590984819590e59b7d57e7217116db3984157bece1bd25137ecdcb9834fbd5ba30e656a8994de50b75e23a095ec4acf7f7b02cc14d13f69b79cf2fb3119b1b5c565d437480ace7f6d4cae95d101d24643a727545c0110388c7acdc30508085e637a5747c8393d50e44edc41a3d85e536aec19880fe4e3512d7835d079d45a6a7ca6a7ec8ec1955a1aff0e52e0c376567a063c28520d8d49d3efe2781af815da2377745933f198964ef8c26b7b0a349e31a3d1c5be268fa07722ec189bf3cf039d103e8fc939b1fcaafbc8885c559e54c37a3a25ed00c98a3211f15448a16b106c46151628a649ea24599dcf048c430c01200e22e614961d7f391cababb0d2b61e32c859dd5455be67a29e69222e975e04367722aab3a0af66e1aa5ba864f0ea5cf831afd4d77da5583bc4934ba0a9e05498c0ef7819449d92d4aff2cb78e140fcf46f9c9894db919378369f02a2b19c85ef3091bcef359f9982828a19b177825cee606cdf0b78c2cca94e1eccb28db05e1d27b05b1b40c7d7622dbc9f3fd932371bc0d67fb2a734e89bbd560a5d327aa53683aa6f4f32cf4e548986e29e5cb968f52673330697af0342a367a4eecd6069dd20fd7b880be2db844605829a981dbf8e65f50bcf602b57c29a847696a02ce8407efbd89ddbde2e66b27e07ae87e3a17c669db83bf2efced38721750609e93d117e89e022d51d896f134026a22a228168e6779fd79c3cf0b16cbc1"})
ioctl$EVIOCGKEYCODE_V2(r0, 0x80284504, &(0x7f0000000000)=""/187)

2.247893806s ago: executing program 2 (id=958):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = gettid()
sched_setscheduler(r1, 0x2, &(0x7f0000000040)=0x556e34e5)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x10, &(0x7f00000008c0)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000000000000850000001c00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x680f0936988f8ccd, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={0x0, 0x18}}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000001280), r6)
sendmsg$IEEE802154_LLSEC_GETPARAMS(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, r7, 0x1, 0x70bd25, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x6000855}, 0x4004)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="5000000010008105e9c51c000000000000000000", @ANYRES32=r4, @ANYBLOB="01000000000000002800128009000100766c616e000000001800028006000100000000000c0002000c0000000d00000008000500", @ANYRES64=r3], 0x50}, 0x1, 0x0, 0x0, 0x80}, 0x0)
r8 = socket$packet(0x11, 0x2, 0x300)
sendto$packet(r8, 0x0, 0x0, 0x0, &(0x7f0000000180)={0x11, 0x9, r4, 0x1, 0x12, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x41}}, 0x14)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000a00)={r2, 0x5, 0xe, 0x0, &(0x7f0000000a80)="9520588da012f38592e7fc9d582e", 0x0, 0x3a, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

2.202982067s ago: executing program 2 (id=959):
sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20044804}, 0x40040)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)=ANY=[@ANYBLOB='@\x00', @ANYBLOB="0100000000000000000039"], 0x40}}, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x248, 0x9b99}, 0x37, [0xfffffff8, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x4, 0x25cd, 0x1, 0xb4, 0xa, 0xa2b9, 0x6, 0x7, 0xe4, 0x6, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x1, 0x8, 0xd, 0x0, 0x12a3, 0x6, 0x1, 0x2, 0x6, 0x7, 0x81, 0x8a, 0x79, 0x2, 0x8, 0x0, 0x91, 0x4, 0x4, 0x16, 0x8, 0x5, 0x401, 0xfffffff5, 0x405, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x2, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x9, 0x4], [0x9, 0x3, 0x6, 0x9, 0x4, 0xc66, 0xa8a9, 0x20000073, 0x8e, 0xd50, 0x7, 0x5, 0x2, 0x809, 0x4, 0xa7, 0x1000, 0x0, 0x200b398, 0x400080, 0x1, 0x4, 0x1c, 0x7, 0x1, 0x2, 0x3, 0x8, 0xffffff7f, 0x400, 0x6, 0xc7c, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00060, 0x5, 0x6, 0x2, 0x1, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x1, 0x1cb, 0x1, 0x80000004, 0x6, 0x438, 0x2, 0x9, 0x95, 0x7fffffff, 0x4, 0xfffffff9, 0x1, 0x1000, 0xfffff801, 0x5], [0x2, 0xfffffffe, 0xffff, 0xc, 0x2, 0x2e6bf783, 0x80000001, 0x5, 0x5, 0x491, 0x8d3, 0x9, 0x8, 0x3fc, 0x2, 0x400, 0x41, 0x6, 0xee4b, 0x2000004, 0x1, 0x8000003, 0x4e, 0x9, 0x3, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x10000a, 0x2, 0x400, 0x3e55, 0x4005, 0xd3, 0x8, 0x97f7, 0x3, 0xd, 0x7, 0x601, 0x101, 0xdd80, 0x60a0, 0x7f, 0x9d26, 0x10000, 0x1, 0x2, 0x8922, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0x6, 0x10000, 0xfffffffd, 0x5, 0x1], [0xa772, 0x6, 0x5, 0x1afa, 0xbfc, 0x8, 0x5, 0x7f, 0x55, 0x40, 0xff, 0x1005, 0x1, 0x7, 0x1e, 0x9, 0x81, 0x3, 0x9d82, 0xd, 0xfffffff7, 0x8, 0x140f2, 0x5396, 0x3, 0x6, 0x80008001, 0x7777, 0x1, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x100009, 0xc, 0xffffffff, 0x3, 0x1ff, 0x2000803, 0xffffffff, 0x10000, 0x0, 0x8004, 0x7fff, 0x3, 0x6, 0xf, 0xe, 0x1, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x6, 0x8, 0x14000, 0x1, 0x9]}, 0x45c)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0xfffffffffffffffe, 0x40000000000180, 0x2, 0x6, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0x7, 0x4, 0x5, 0x4, 0x8], 0x25000, 0x304})
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x31}}, 0x2, 0x0, 0x4}}, 0x2e)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = dup(r4)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x50, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

1.984616689s ago: executing program 4 (id=960):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x8408f, &(0x7f0000000140), 0x43, 0x462, &(0x7f0000002080)="$eJzs3LtvHEUYAPBv93zOG5sQHnkADgFh8bBjJ0AKGhBIFCBRUITS2E4U4sQoNhKJIggIhRJFoqFClEj8BRQIGgRUSDQU0KNIKdIkQUJatHe7sX25u9jO2Rd8v5+09sw+bua72bmb3fE6gJ41lP9IIrZHxJ8RMVDPLt1hqP7r+tXzkzeunp9Mqgubr109P1mmy+O21TJZMpxGpJ8msbdJuXNnz52cmJmZPlPkR+dPvTc6d/bcsydOTRyfPj59evzIkcOHxl54fvy5hiP3968mzrxO1/Z8OLtv92tvX3pj8uild375Ninjb4ijQ4babXwiyzpcXHftWJRO+rpYEVakEhF5c1Vr/X8gKrHQeAPx6iddrRywprIsy7a13nwhAzawJJa758ni8wLYGMov+vz6t1zWaehxV7jyUv0CKI/7erHUt/RFWuxTbbi+7aShiDh64Z+v8iVWdh9i5/drVCcAYGP7IR//PNNs/JfGA4v2u6eYGxqMiHvzwUdE3BcRuyLi/ojavg9GxEMrLL9xkuTW8U96OSK+/GNV0d1ePv57sZjbWjr+K0d/MVgpcjtq8VeTYydmpg8W78lwVDfl+bE2Zfz4yu+fN6yqlInF4798ycsvx4JFPS73bVp68NTE/MSdxl268nHEnr5m8Sc3ZwKSiNgdEXtavcjm9mWceOqbfa22tYq/upzKd2CeKfs64sl6+1+IhvhLSfv5ydHNMTN9cLQ8K271628X32xV/lD+3rVt/7WVt//Wpuf/zfgHk8XztXMrL+PiX5+1vKZZ7fnfn7xVS5eTwR9MzM+fGYvoT16vV3rx+vGFY8t8uX8e//CB5v1/Zyy8E3sjIj+JH46IRyLi0aLu+yPisYg40Cb+n19+/N3lx5+ue/tPraj9FxL90bimeaJy8qfvlhQ62C7+Zu1/uJYaLtYs5/OvTXVuZFl2B2czAAAA/P+kEbE9knTkZjpNR0bqfy+/K7amM7Nz808fm33/9FT9GYHBqKblna6BRfdDx4rL+jI/3pA/VNw3/qKypZYfmZydmep28NDjtrXo/7m/K92uHbDmPK8FvUv/h96l/0Pv0v+hdzXp/1u6UQ9g/TX7/v+oC/UA1l9D/zftBz3E9T/0Lv0felff7Z/hBzaeuS3R/uH9VSf+Lf6BQOdfWeJuSER6V1RDYo0S3f5kAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6Iz/AgAA///k0OKE")
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
fsopen(0x0, 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x2f)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = dup(r4)
syz_emit_ethernet(0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="bbbbbbbbbbbbc59a1b746cda86dd6003000000002cfe00000000000000000000000000000000fe8000000000000000000000000000aa"], 0x0) (fail_nth: 2)
write$UHID_INPUT(r5, &(0x7f0000001040)={0xfc, {"a2e3ad09edfc09f91b25090987f70e06d038e7ff7fc6e5539b303d0e8b089b07323068090890e0879b0a0ac6e70a9b3361959b4b9a240d5b0af3988f7ef319520100ffe8d178708c523c921b1b5b35070d074a0936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2d8160f94e35f2d2d12913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516259e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc1943cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)

1.89882359s ago: executing program 2 (id=961):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x181002, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f00000001c0)={0x0, 0xffffef7b, 0x0, 0xb2, 0x10, "1b09000040000000000000e678000000001000"})
r1 = syz_open_pts(r0, 0x20800)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100)=0x44)

1.495982914s ago: executing program 0 (id=962):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x3, 0x13, &(0x7f0000000580)=ANY=[@ANYBLOB="5802000086770000000000000000002020702500000000002020207b1a00fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000004000000850000000600000018010000786c6c25000000000020202050db3f7679ec3e24ae52ce89c7626802c45ad78e9e7005fc3d978c7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001cb5cb7c9500010000000000a82c3f81063cb1530f8cda3137773d369ff2211ab1867866539bb203093f035bcc6babc7ee56ede617c6a21b9cd1d87f50f3d853c03fcc0b6102a9d580991db3ca95c73befc4c8ab00"/256], 0x0, 0x5, 0x0, 0x0, 0x41000, 0xc}, 0x94)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x13, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000f9ffff170100002420702500000000002020207b1af8ff00000000bfa100000000000007010000f8ff7fffb702000008000000b7030000000000228500000094"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x11}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r0, 0x0, 0xfffffffffffffd5f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x1800040, &(0x7f00000001c0)={[{@barrier}, {@nodioread_nolock}, {@noquota}, {@barrier}, {@block_validity}, {@nodioread_nolock}, {@nodelalloc}, {@resuid}, {@errors_remount}]}, 0x1, 0x59c, &(0x7f0000001f80)="$eJzs3U9oHGUbAPBnZrNN/+T70g++Dz6lh6JChdJN0j9aPbVXsVDoQfCiYbMNJZtsySbahIDpvYg9iEov9aYHj4oHD+LFo1cvimeh2KDQ9KArm51N03S3bmI2W7O/H0z2fWdm93nfmX3e7AwzTAB962j9TxrxVERcTCKGNywbiGzh0cZ6qytLxfsrS8UkarVLvySRRMS9laVic/0kez0UEcsR8f+I+CYfcTxd/8h9zUJ1YXFqvFwuzWb1kbnpqyPVhcUTV6bHJ0uTpZlTL7505uzpM2MnxzY2935tYy2/tb7e+PHmuze+e+X2zU8/O7JcfH88iXMxlC3b2I+d1Ngm+Ti3af7pbgTroaTXDWBbclme11PpfzEcuSzrW6ltHBwGd6V5QBfVBiNq6zYUgT6QSHroU83fAfXj3+a0m78/7pxvHIDU466uLBXfiWb8gca5idi/dmxy8NfkoSOT+vHm4d1sKHvS8vWIGB0YePT7n2Tfv+0b3YkG0lVfn2/sqEf3f7o+/kSL8Weoee70b2qOf6vZ+LfaIn6uzfh3scMYv7/+00dt418fjKdbxk/W4yct4qcR8WaH8W+99uXZdstqH0cci9bxm5LHnx8euXylXBpt/G0Z46tjR15u3/+Ig23iN87Z7l9ryMb+78valHbY/y++/fyZ5cfEf/7Zx+//Vtv/QES812H8/9z75NV2y+5cT+7WfwVsdf8nkY/bHcZ/4dzRH7Kis4YAAAAAAAAAALCD0rVr2ZK0sF5O00KhcQ/vf+NgWq5U545frszPTDSueTsc+bR5pdVwo57U62PZ9bjN+slN9VO5LGDuwFq9UKyUJ3rcdwAAAAAAAAAAAAAAAAAAAHhSHNp0//9vubX7/zc/rhrYq9o/8hvY6+Q/9K+H8z/pWTuA3ef/P/StmvyH/iX/oX/Jf+hf8h/6l/yH/iX/oX/JfwAAAAAAAAAAAAAAAAAAAAAAAAAA6IqLFy7Up9r9laVivT4xsDA/VXnrxESpOlWYni8WipXZq4XJSmWyXCoUK9N/9XlJpXJ1NGbmr43MlapzI9WFxTemK/MzzWeKlvJd7xEAAAAAAAAAAAAAAAAAAAD88wytTUlaiMg36mlaKET8KyIOJ5FcvlIujUbEvyPi+1x+sF4f63WjAQAAAAAAAAAAAAAAAAAAYI+pLixOjZfLpdnuFQayUF0M0XlhYCsrR8Tyzjaj/olbflc+24A93nR7o5B7Mr6HT36hh4MSAAAAAAAAAAAAAAAAAAD0qQc3/Xb6jj+62yAAAAAAAAAAAAAAAAAAAADoS+nPSUTUp2PDzw1tXrovWc2tvUbE27cufXBtfG5udqw+/+76/LkPs/kne9F+oFPNPE0jop7HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAPVhcWp8XK5NLvNwmAH6/S6jwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADb8WcAAAD//y4WzlE=")
socket$tipc(0x1e, 0x2, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
syz_mount_image$exfat(&(0x7f0000000000), &(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x10000, &(0x7f0000000140)=ANY=[@ANYBLOB='dmask=00000000000000000000000,dmask=00000000000000000000006,errors=remount-ro,iocharset=cp932,fmask=00000000000000000000001,namecase=1,iocharset=iso8859-14,namecase=1,namecase=1,uid=', @ANYRESHEX=0x0, @ANYBLOB="000056f05a783d1835f92aa062f83cdd5ae339dc4f5a92564d2df5a6adee808aaf6aab7cf44e197f8e3d7050c4e8cc445981117c447071b44d3348512f5ddcbc027b631a636aa0748414b6e5cc6cbe9a6e6547d9d481b0257e9f4da6eed8d5e5c84f3bb8ecbf5c16beb0588dc9046eeb1e9e3dce3d1e3f40a9327a86868d4def88fae1e2"], 0x1, 0x1534, &(0x7f0000000680)="$eJzs3AucjdX6OPDnWWu9Y0jaTXIZ1lrPy04uiySJJMklSZIkyS0haZIjCYkht6QhCcllSC5DSC4Tk8b9fr8kJEmTJLnllqz/Z2L+6tT5d87vdPL7H8/389mfWc+s/az3eeeZvffa72y+7TS4esMaVeoTEfxb8MKXRACIBYD+AHANAAQAUDaubFzmfHaJif/eQdif6+GUy10Bu5y4/1c27v+Vjft/ZeP+X9m4/1c27v+Vjft/ZeP+M3Yl2zg1/7V8u3JvfP3/Ssav//9FMkqO/nJ1yes7A8T8sync////4b+Ry/3/rxX8M3fi/v9X+8PtFvf/ShV7uQtg/wvw4/9KkO0fznD/r2zcf8auZL+8FhwLl/969F99g8h/8m8gvseFn/LlP89/eP6MMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxthf4LS/RAFA1vhy18UYY4wxxhhjjLE/j892uStgjDHGGGOMMcbYfx6CAAkKAoiBbBAL2SEHCICYrPlrIQ6ug9xwPeSBvJAP8kM8FICCoMGABYIQCkFhiMINUARuhKJQDIpDCXBQEkrBTVAaboYycAuUhVuhHNwG5aEC3A4V4Q6oBHdCZbgLqsDdUBWqQXWoAfdATbgXasF9UBvuhzrwANSFB6EePAT14WFoAI9AQ3gUGsFj0BiaQFNoBs3/R/kvQjd4CbpDD0iEntALXobe0Af6Qj/oD6/AAHgVBsJrkASDYDC8DkPgDRgKb8IwGA4j4C0YCW/DKBgNY2AsJMM4GA/vwAR4FybCJJgMUyAFpsI0eA+mwwyYCe/DLPgAZsMcmAvzIBU+hPmwANLgI1gIH0M6LILFsASWwjJYDitgJayC1bAG1sI6WA8bYCNsgs2wBbbCNtgOn8AO+BR2wi7YDZ/BHvj8X8w/9Xf5nREQUKBAhQpjMAZjMRZzYA7MiTkxF+bCCEYwDuMwN+bGPJgH82E+jMd4LIgF0aBBQsJCWAijGMUiWASLYlEsjsXRocNSWApL481YBstgWSyL5bAclscKWAErYkWshJWwMlbGKlgFq2JVrI7V8R68B3tiLayFtbE21sE6WZensD7WxwbYABtiQ2yEjbAxNsam2BSbY3NsgS2wJbbE1tga22AbbIttMQETsB22w/bYHjtgB+yIHbETdsLO2AW7ZLyYDfAlfAl7YFXRE3thL+yNSdn6Yj/sh6/gAHwVX8XXMAkH4WB8HV/HN3AonsRh54fjCByBlcTbOApHI4mxmIzJOB7H4wScgBNxEk7CKZiCU3EaTsPpOANn4Ps4Cz/AD3AOXgUAqZiK83EBpmEaLsRTmI6LcDEuwaW4DJfiClyJK3A1rsHVuA7X4QbcgJtwE27BLbgNt+EnqADwU9yFuzAJ9+Ae3It7cR/uw/24HzMwAw/gATyIB/EQHsLDeBiP4FE8hkfxBJ7Ak3gKT+NpPItn8Rw+H/91g0+KrUoCkUkJJWJEjIgVsSKHyCFyipwil8glIiIi4kScyC1yizwij8gn8ol4ES8KioLCCCNIhJnPFCIqoqKIKCKKiqKiuCgunHCilCglSovSoowoI8qKW0U5cZsoLyqIVq6iqCgqidausrhLVBFVRFVRTVQXNUQNUVPUFLVELVFb1BZ1RB1RVzwo6ome2BcfFpmdaSgGYSMxGBuLJkJefIZqIYZiS9FKtBZPiuE4DNuKFi5BPCPaiVHYXvxNjMbnREcxFjuJF0Rn0UV0FS+KbqKl6y56iInYU/QSU7C36CP6in5iOlYT7+Os7NXFayJJDBKDxetiHr4hhoo3xTAxXIwQb4mR4m0xSowWY8RYkSzGifHiHTFBvCsmiklispgiUsRUMU28J6aLGWKmeF/MEh+I2WKOmCvmiVTxoZgvFog08ZFYKD4W6WKRWCyWiKVimVguVoiVYpVYLdaItWKdWC82iI1ik9gstoitYpvYLj4RO8SnYqfYJXaLz8Qe8bnYK74Q+8SXYr/4SmSIr8UB8Y04KL4Vh8R34rD4XhwRR8UxcVycED+Ik+KUOC3OiLPiR3FO/CTOCy9AohRSSiUDGSOzyViZXeaQV8mcMsh6/pdx8jqZW14v88i8Mp/ML+NlAVlQammklSRDWUgWllF5gywib5RFZTFZXJaQTpaUpeRNsrS8WZaRt8iy8lZZTt4my8sK8nZZUd4hK8k7JUQuHKOqrCaryxryHpkI98pa8j5ZW94v68gHZF35oKwnH5L15cOygXxENpSPykbyMdlYNpFNZTPZXD4uW8gnZEvZSraWT8o28inZVj4tE+Qzsp30F39FnpMd5fOyk3xBdpZdZFf5kzwvvewue0joCbKXfFn2ln1kX9lP9pevyAHyVTlQviaT5CA5WL4uh8g35FD5phwmh8sR8i05Ur4tR8nRcowcK5PlODleviMnyHflRDlJTpZTZIqcKvteXGmmlH+Y/87v5A/8+egb5Ea5SW6WW+RWuU1ul5/IHXKH3Cl3yt1yt9wj98i9cq/cJ/fJ/XK/zJAZ8oA8IA/Kg/KQPCQPy8PyiDwqz8jj8oT8QZ6Up+QpeUaelWfluYs/A1CohJJKqUDFqGwqVmVXOdRVKqe6WuVS16iIulbFqetUbnW9yqPyqnwqv4pXBVRBpZVRVpEKVSFVWEXVDXjxF0YVVyWUUyVVKXXTv5KviqgbVVFV7Ff5WfUl/oP6mqvmqoVqoVqqlqq1aq3aqDaqrWqrElSCaqfaqfaqveqgOqiOqqPqpDqpzqqz6qq6qm6qm+quuqtElah6qZdVb9VH9VX9VH/1isg8h4FqoEpSSWqwGqyGqCFqqBqqhqlhaoQaoUaqkWqUGqXGqDEqWSWr8Wq8mqAmqIlqopqsJqsUlaKmqWlqupquZqqZapaapWar2WqumqtSVaqar+arNJWmFqqFKl0tUovUErVELVPL1Aq1Qq1Sq9QatUatU+tUutqoNqrNarPaqraq7Wq72qF2qJ1qp9qtdqs9ao/aq/aqfWqf2q/2qwyVoQ6oA+qgOqgyz+GwOqyOqCPqmDqmTqgT6qQ6qU6r0+qsOqvOqXPqvDqfue0LRCACFaggJogJYoPYIEeQI8gZ5AxyBbmCSBAJ4oK4IHdwfZAnyBvkC/IH8UGBoGCgAxPYQFxsejS4ISgS3BgUDYoFxYMSgQtKBqWCm4LSwc1BmeCWoGxwa1AuuC0oH1QIbg8qBncElYI7g8rBXUGV4O6galAtqB7UCO4Jagb3BrWC+4Lawf1BneCBoG7wYFAveCioHzwcNAgeCRoGjwaNgseCxkGToGnQLGj+p67v/cm8T7juuodO1D11L/2y7q376L66n+6vX9ED9Kt6oH5NJ+lBerB+XQ/Rb+ih+k09TA/XI/RbeqR+W4/So/UYPVYn63F6vH5HT9Dv6ol6kp6sp+gUPVVP0+/p6XqGnqnf17P0B3q2nqPn6nk6VX+o5+sFOk1/pBfqj3W6XqQX6yV6qV6ml+sVeqVepVfrNXqtXqfX6w16o96kN+steqveprfrT/QO/aneqXfp3fozvUd/rvfqL/Q+/aXer7/SGfprfUB/ow/qb/Uh/Z0+rL/XR/RRXUYf1yf0D/qkPqVP6zP6rP5Rn9M/6fPaZ27uM1/ejTLKxJgYE2tiTQ6Tw+Q0OU0uk8tETMTEmTiT2+Q2eUwek8/kM/Em3hQ0BU0mMmQKmUImaqKmiCliipqiprgpbpxxppQpZUqb0qaMKWPKmrKmnClnypvy5nZzu7nD3GHuNHeau8xd5m5zt6lmqpkapoapaWqaWqaWqW1qmzqmjqlr6pp6pp6pb+qbBqaBaWgamkamkWlsGpumpqlpbpqbFqaFaWlamtamtWlj2pi2pq1JMAmmnWln2pv2poPpYDqajqaT6WQ6m86mq+lqupluprvpbhJNoullepneprfpa/qa/qa/GWAGmIFmoEkySWawGWyGmCFmqBlqhpnhZkTmRtW8bUaZ0WaMGWuSTbIZb8abCWaCmWgmmslmskkxKWaamWamm+lmpplpZplZZraZbeaauSbVpJr5Zr5JM2lmoVlo0k26WWwWm6VmqVlulpuVZqVZbVabtbDWrDfrzUaz0Ww2m81Ws9VsN9vNDrPD7DQ7zW6z2+wxe8xes9fsM/vMfrPfZJgMc8AcMAfNQXPIHDKHzWFzxBwxx8wxc8KcMCfNSXPanDZnTd6Lr5fexNrsNoe9yua0V9tc9hr793E+m9/G2wK2oNU2j837q9hYa4vaYra4LWGdLWlL2Zt+E5e3FezttqK9w1ayd9rKv4lr2nttLXufrW3vtzXsPb+K69gHbF37qK2HCGCb2Aa2mW1oH7WN7GO2sW1im9pmto19yra1T9sE+4xtZ5/9TTzfLrAr7Sq72q6xO+0ue9qesQftt/as/dF2tz1sf/uKHWBftQPtazbJDvpNPMK+ZUfat+0oO9qOsWN/E0+2U2yKnWqn2ffsdDvjN3Gq/dDOsml2tp1j59p5P8eZNaXZj+xC+7FNtwEstkvsUrvMLrcr/m+tS+w6u95usDvsp3az3WK32m12e9ZG2O6yu+1ndo/93B6w39h99ku73x6yGfbrn+PM8ztkv7OH7ff2iD1qj9nj9oT9QWVlZ577cfuTPW+9BUICkqQooBjKRrGUnXLQVZSTrqZcdA1F6FqKo+soN11PeSgv5aP8FE8FqCBpMmSJKKRCVJiidANllVecSpCjklSKbqLSdDOVoVuoLN1K5eg2Kk8V6HaqSHdQJbqTKtNdVIXupqpUjapTDbqHatK9VIvuo9p0P9WhB6guPUj16CGqTw9TA3qEGtKj1Igeo8bUhJpSM2pOj1MLeoJaUitqTU9SG3qK2tLTlEDPUDt6ltrT36gDPUcd6XnqRC9QZ+pCXelF6kYvUXfqQYnUk3rRy9Sb+lBf6kf96RUaQK/SQHqNkmgQDabXaQi9QUPpTRpGw2kEvUUj6W0aRaNpDI2lZBpH4+kdmkDv0kSaRJNpCqXQVJpG79F0mkEz6X2aRR/QbJpDc2kepdKHNJ8WUBp9RAvpY0qnRbSYltBSWkbLaQWtpFW0mtbQWlpH62kDbaRNtJm20FbaRtvpE9pBn9JO2kW76TPaQ5/TXvqC9tGXtJ++ogz6mg7QN3SQvqVD9J3vQd/TETpKx+g4naAf6CSdotN0hs7Sj3SOfqLz5AlCDEUoQxUGYUyYLYwNs4c5wqvCnOHVYa7wmjASXhvGhdeFucPrwzxh3jBfmD+MDwuEBUMdmtCGFIZhobBwGA1vCIuEN4ZFw2Jh8bBE6MKSYanwprB0eHNYJrwlLBveGpYLbwvLhxXCR++vGN4RVgrvDCuHd4VVwrvDqmG1sHpYI7wnrBneG9YK7wtrh/eHZcIHwrrhg2G98KGwfvhw2CB8JGwYPho2Ch8LG4dNwqZhs7B5+HjYInwibBm2CluHV4VtwqfCtuHTYUL4TNgufPbn+QcWZM0/+Zv5xLBn2Ct8OXw59P4+OTc6L5oa/TA6P7ogmhb9KLow+nE0Pboouji6JLo0uiy6PLoiujK6Kro6uia6Nrouuj66Iep9jWzg0AknnXKBi3HZXKzL7nK4q1xOd7XL5a5xEXeti3PXudzuepfH5XX5XH4X7wq4gk4746wjF7pCrrCLuhtcEXejK+qKueKuhHOupCvlmrnmrrlr4Z5wLV0r19o96Z50T7mn3NPuafeMa+eede3d31wH95zr6J53z7sXXGfXxXV1L7publyuC4/JRNfL9XK9XW/X1/V1/V1/N8ANcAPdQJfkkpx0g90QN8QNdUPdMDfMjXAj3Eg30o1yo9wYN8Ylu2Q33o13E9wEN9FNdJPdZJfiUtw0N81Nd9NdpRkXjjLbzXZz3VyX6lLdfJe5Z0xzC91Cl+7S3WK32C11S91yt9ytdCvdarfarXVr3Xq33m10G91mt9ltdVvddrfd7XA73E5/zYVF3R631+11+9w+t9995TLc1+6A+8YddN+6Q+47d9h97464o+6YO+5OuB/cSXfKnXZn3Fn3ozvnfnLnnXfJkXGR8ZF3IhMi70YmRiZFJkemRFIiUyPTIu9FpkdmRGZG3o/MinwQmR2ZE5kbmRdJjXwYmR9ZEEmLfBRZGPk4kh5ZFFkcWRJZGlkW8b7A5tAX8oV91N/gi/gbfVFfzBf3JbzzJX0pf5MvfaHudO9v9eX8bb68r5AN/GO+sW/im/pmvrl/3LfwT/iWvpVv7Z/0bfxTvq1/2if4Z3w7/6xv7//mO/jnfEf/vO/kX/CdfRff1b/ou/mXfHffwyf6nr6Xf9n39n18X9/P9/ev+AH+VT/Qv+aT/CA/2L/uh/g3/FD/ph/mh/sRMW/5kVlvkWGsT/bj/Hj/jp/g3/UT/SQ/2U/xKX6qn+bf89P9DD/Tv+9n+Q/8bD/Hz/XzfKr/0M/3C3ya/8gv9B/7dL8o66KxX+5X+JV+lV/t1/i1fp1f7zf4jX6T3+y3+K1+m9/uP/E7/Kd+p9/ld/vP/B7/ud/rv/D7/Jd+v//KZ/iv/QH/jT/ov/WH/Hf+sP/eH/FH/TF/3J/wP/iT/pQ/7c/4s/5Hf87/5M/zv1ljjDHGGPunjLs0FL+euXA5v+fv5Ihf3LkXAFy9JX/GL+czd5Rr81wY9xHxsZlfn+nR6eGsW9WqiYmJF++bLiEoPAcg6y9BmX7+6MHFeBG0hqcgAVpB6d+tv4/ocpb+YP3orQA5fpGTWVBWfGn9LwAw8XfWf/zJEfPLhafj/h/rzwEoWvhSTna4FC+C1j9fX2kFZf5B/Xlb/EH92b9MBmj5i5yccCm+VH8peAKehYRf3ZMxxhhjjDHGGLugj7i9Q9b7z6xPfP7e+/N4dSknG1yK/+j9OWOMMcYYY4wxxi6/57p0ffrxhIRWHf71QeX/UdY/PWgE/6mVefC7A+8Bsr6jAODfXBAgcyD/yrPY9JccK+niQ+fvp5ae8QH872jlnzG4zE9MjDHGGGOMsT/dpU3/r7+vLldBjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcbYFeiv+O/ELvc5MsYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY5fb/wkAAP//Czn2iw==")
openat$incfs(0xffffffffffffff9c, &(0x7f0000000a40)='.pending_reads\x00', 0x842, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108)
r1 = socket(0x1e, 0x4, 0x0)
getsockopt$TIPC_DEST_DROPPABLE(r1, 0x10f, 0x81, 0x0, &(0x7f0000000080))
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0xd, &(0x7f0000000f80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000001007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000009e00000095"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
getpid()
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x7)
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x4480, &(0x7f00000003c0)=ANY=[@ANYBLOB="0096397bb229f118b1f6c334ff95e9d57079d2a61ef7526c03c3a0d9cd515719956a0e5922340c97beade3e691744c236c61868da817036b0bab4516cc735ee856ef073c7b0b540347b358404ebe8e0c22e3a8a3caad47889d996a07d6988b211450783f4fdfbb8ae60572ea3bb70fb29560525b"], 0x83, 0x22e, &(0x7f0000000940)="$eJzs2r+LHGUYB/BnzguJFy674i8SEF+0UJsht7VFDk1AXFA0K0RBMvFmddlx99hZDlbEXKWtf4K1WNoJktLmQPwLLOyuuTKFOJLb87IJJyJiNujn08wD73zheXmHl6eY/Ze//HjYr/N+MY2VLIuVS7Ebt7Nox0r8YTdeeuHaD8+8fe3d1ze73ctvpXRl8+pGJ6V07tnv3/v0m+duTc++8+25707HXvv9/YPOL3tP7Z3f/+3qR4M6Deo0Gk9TkW6Mx9PiRlWmrUE9zFN6syqLukyDUV1O7lnvV+Pt7VkqRlvra9uTsq5TMZqlYTlL03GaTmap+LAYjFKe52l9Lfgnel/fbpo4aE5dj6ZpHv0qzt6K9Z+jFdljKXv8Uvbk9ezp3ez8QdO0lt0q/wrn//+2cKmfiai+2Ont9ObP+fqrP8YgqijjYrTi17jzmRyZ11de616+mA614/Pq5lH+5qneI4f5zf5RfiNa0T45vzHPp8X8Tu90rC3mO9GKJ07Od07Mn4kXn1/I59GKnz6IcVSxFXeyd/OfbaT0yhvd+/IXDt8DAPivydOx9r3zz3x+y/M/W5/nj+erv54P75uvVuPC6nL3TkQ9+2RYVFU5URwXq/FQtKFQLLFY9s3Eg3D30JfdCQAAAAAAAAAAAH/Hg/idcNl7BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHm6/BwAA//+HytTx")
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000b, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
syz_clone3(&(0x7f000000dd80)={0xa00400, 0x0, 0x0, 0x0, {0x13}, 0x0, 0x0, 0x0, 0x0}, 0x58)
nanosleep(&(0x7f0000000000)={0x77359400}, 0x0)
syz_clone3(&(0x7f000000dd80)={0xa04400, 0x0, 0x0, 0x0, {0x12}, 0x0, 0x0, 0x0, 0x0}, 0x58)
socket$inet_tcp(0x2, 0x1, 0x0)

1.402407815s ago: executing program 1 (id=963):
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000007c0)=[@text32={0x20, 0x0}], 0x1, 0x9, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1.312342816s ago: executing program 2 (id=964):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000980)={[{@grpjquota}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1}}, {@i_version}, {@norecovery}, {@discard}, {@sb={'sb', 0x3d, 0x2}}, {@noload}, {@usrquota}, {@noauto_da_alloc}]}, 0xfe, 0x54d, &(0x7f0000000400)="$eJzs3d9rW1UcAPDvTdv96nQdjKE+SGEPTubStfXHBB/mo+hwoO8ztHdlNFlGk461Dtwe3IsvMgQRB+If4LuPw3/Av2KggyGj6IMvkZvedNmatFmXrZn5fOC259x703NPzv2enpOTkACG1mT2oxDxakR8m0Qcajs2GvnByfXz1h5cm8u2JBqNz/5KIsn3tc5P8t/jeeaViPjt64gThc3l1lZWF0vlcrqU56fqlctTtZXVkxcrpYV0Ib00Mzt7+p3Zmfffe7dvdX3z3D8/fHrno9PfHFv7/pd7h28lcSYO5sfa6/EUrrdnJmMyf07G4sxjJ073obBBkuz2BbAjI3mcj0XWBxyKkTzqgf+/ryKiAQypRPzDkGqNA1pz+z7Ng18Y9z9cnwBtrv/o+msjsa85NzqwljwyM8rmuxN9KD8r49c/b9/Ktujf6xAA27p+IyJOjY5u7v+SvP/buVM9nPN4Gfo/eH7uZOOftzqNfwob45/oMP4Z7xC7O7F9/Bfu9aGYrrLx3wcdx78bi1YTI3nupeaYbyy5cLGcZn3byxFxPMb2Zvmt1nNOr91tdDvWPv7Ltqz81lgwv457o3sffcx8qV56mjq3u38j4rWO499ko/2TDu2fPR/neizjaHr79W7Htq//s9X4OeKNju3/cEUr2Xp9cqp5P0y17orN/r559Pdu5e92/bP2P7B1/SeS9vXa2pOX8dO+f9Nux3Z6/+9JPm+m9+T7rpbq9aXpiD3JJ5v3zzx8bCvfOj+r//FjW/d/ne7//RHxRY/1v3nkZtdTB6H955+o/Z88cffjL3/sVn5v7f92M3U839NL/9frBT7NcwcAAAAAAACDphARByMpFDfShUKxuP7+jiNxoFCu1uonLlSXL81H87OyEzFWaK10j7e9H2I6fz9sKz/zWH42Ig5HxHcj+5v54ly1PL/blQcAAAAAAAAAAAAAAAAAAIABMd7l8/+ZP0Z2++qAZ85XfsPw2jb++/FNT8BA8v8fhpf4h+El/mF4iX8YXuIfhpf4h+El/mF4iX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoq3Nnz2ZbY+3BtbksP39lZXmxeuXkfFpbLFaW54pz1aXLxYVqdaGcFueqle3+XrlavTw9E8tXp+pprT5VW1k9X6kuX6qfv1gpLaTn07HnUisAAAAAAAAAAAAAAAAAAAB4sdRWVhdL5XK6JCGxo8ToYFyGRJ8Tu90zAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBD/wUAAP//y284sw==")
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000500)=@gettclass={0x24, 0x2a, 0x1, 0x70bd2b, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x7, 0xfff1}, {0x9, 0x5}, {0xa, 0x6}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000050}, 0x2000c8d1)
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[], 0x48)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
syz_mount_image$vfat(&(0x7f00000005c0), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="73686f72746e616d653d6c6f7765722c636865636b3d7374726963742c6e6f6e756d7461696c3d302c726f6469722c757466383d312c696f636861727365743d63703433372c757466383d312c756e695f786c6174653d302c757466383d312c6e6f6e756d7461696c3d302c73686f72746e616d653d6d697865642c636f6465706167653d313235302c757466383d302c73686f72746e616d653d6d697865642c757466383d302c73686f72746e616d653d6d697865642c002e781c628171dbd0b848bd227a710ed569eeab84fb1950f82200ab887fe644e7fb85b02e4aae3f1ae0a36f639902642ab649068cfe43db32164676c9fa130a8e69f0a55181fc24aea12bfd4b8882ae4454db5444745ec3188e05c73679c77c0767c9ea433e694900153b72"], 0x1, 0x38c, &(0x7f00000015c0)="$eJzs3U+IW8UfAPBv+pLdTeHX3cMPioISvQm69A8eFA9byhaKuaiEVg9isFuUzVrYYHB7aLpexKPgUUHwIh704KFnERTx5sGrVbQqHrS3gsWRJC/Ja5PdrtRtXfx8DuWb78y8mXmdTd6+R2ZfuJ5Wz1Ti7NWrV2JurhTlpeNLca0UC5HF0MWYNDMlBwDsDddSit/TwCiZTYnGSndoaADALul9/qduMfP659vVTz79AWDPy3//r25XZ24y9eMTvX/P7d64AIDdM3H//8Fx2f2Dx/yFR/3lqQ8EAIC95Zlnn3vyWD3i6WptLmLtjU6j04jHx+XHzsbL0YqVOBTzcT1icKGQUjr9ff/FiZP15UO1Wq0bPy1EIyLe6zQi1rqdxuBK4VjWbz8bh2M+FvL2+dVGSik78Ul9+XCtLyIudvv9x1qp06jE/rz/b/fHShyJWvx/on3EyfrykVp+gMbasH03YnN836I3/sWYj69fjHPRijPVU5HS8LKmvnzhcK12PNVvaN9pzMaZ0VmYcgcEAAAAAAAAAAAAAAAAAAAAAABuw2JtZGG0/00a79+zuDilvL8/zqB9vj/Q5mB/oDSbIqXfXnuk8WY22KtnuD/QzfvzdBrl2Hd3pw4AAAAAAAAAAAAAAAAAAAD/Gu2NmWi2Wivr7Y3zq8Wgu97e2BcRvcwrX370WTUm69wiKOd9FIpqeer8ajNlw8opu6FOHmS9zoeZDy+NRlysMzuaxdRh9IrbM1vU+d8DP7wzztyXDY/857hOFtMnmN00jGFQiYi1AxFRjRgVVcZT3vKMHc2DI7c4q5dTSlsd58Lzk62iFFH++/9x2wepF3xx5aV7jrYPPtrPfJoGHnp4/tTlt9//ZbXZ6vXc0/pgZr19Pa0289fTF9tKqbxFp1lh/ZTyc1gqroTydkPdvDHTzL759fS9b321s5mmYubVKXWywXQ+Xm9vlPKflH7RzCDo5W5qVW2dzCLOL0XxOJUpi//2gqmL7eC7S81LF777eafHKbxJjDfqqP7T7z8AAAAAAAAAAAAAAAAAAMBY4bviufzLvpXtWj32VB7M7e7oAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODOGP/9/0KwOZHZSfBHNyaLZlfW2xEH7vY0AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4j/srAAD//x9pY8c=")
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
connect$unix(0xffffffffffffffff, &(0x7f0000000040)=@file={0x0, './file1\x00'}, 0x6e)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x200000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x67, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs={0x1, 0x0, 0xffffffff}, 0x6e)
socket$inet(0x2, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)

1.161555148s ago: executing program 3 (id=965):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000980)={[{@grpjquota}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1}}, {@i_version}, {@norecovery}, {@discard}, {@sb={'sb', 0x3d, 0x2}}, {@noload}, {@usrquota}, {@noauto_da_alloc}]}, 0xfe, 0x54d, &(0x7f0000000400)="$eJzs3d9rW1UcAPDvTdv96nQdjKE+SGEPTubStfXHBB/mo+hwoO8ztHdlNFlGk461Dtwe3IsvMgQRB+If4LuPw3/Av2KggyGj6IMvkZvedNmatFmXrZn5fOC259x703NPzv2enpOTkACG1mT2oxDxakR8m0Qcajs2GvnByfXz1h5cm8u2JBqNz/5KIsn3tc5P8t/jeeaViPjt64gThc3l1lZWF0vlcrqU56fqlctTtZXVkxcrpYV0Ib00Mzt7+p3Zmfffe7dvdX3z3D8/fHrno9PfHFv7/pd7h28lcSYO5sfa6/EUrrdnJmMyf07G4sxjJ073obBBkuz2BbAjI3mcj0XWBxyKkTzqgf+/ryKiAQypRPzDkGqNA1pz+z7Ng18Y9z9cnwBtrv/o+msjsa85NzqwljwyM8rmuxN9KD8r49c/b9/Ktujf6xAA27p+IyJOjY5u7v+SvP/buVM9nPN4Gfo/eH7uZOOftzqNfwob45/oMP4Z7xC7O7F9/Bfu9aGYrrLx3wcdx78bi1YTI3nupeaYbyy5cLGcZn3byxFxPMb2Zvmt1nNOr91tdDvWPv7Ltqz81lgwv457o3sffcx8qV56mjq3u38j4rWO499ko/2TDu2fPR/neizjaHr79W7Htq//s9X4OeKNju3/cEUr2Xp9cqp5P0y17orN/r559Pdu5e92/bP2P7B1/SeS9vXa2pOX8dO+f9Nux3Z6/+9JPm+m9+T7rpbq9aXpiD3JJ5v3zzx8bCvfOj+r//FjW/d/ne7//RHxRY/1v3nkZtdTB6H955+o/Z88cffjL3/sVn5v7f92M3U839NL/9frBT7NcwcAAAAAAACDphARByMpFDfShUKxuP7+jiNxoFCu1uonLlSXL81H87OyEzFWaK10j7e9H2I6fz9sKz/zWH42Ig5HxHcj+5v54ly1PL/blQcAAAAAAAAAAAAAAAAAAIABMd7l8/+ZP0Z2++qAZ85XfsPw2jb++/FNT8BA8v8fhpf4h+El/mF4iX8YXuIfhpf4h+El/mF4iX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoq3Nnz2ZbY+3BtbksP39lZXmxeuXkfFpbLFaW54pz1aXLxYVqdaGcFueqle3+XrlavTw9E8tXp+pprT5VW1k9X6kuX6qfv1gpLaTn07HnUisAAAAAAAAAAAAAAAAAAAB4sdRWVhdL5XK6JCGxo8ToYFyGRJ8Tu90zAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBD/wUAAP//y284sw==")
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000500)=@gettclass={0x24, 0x2a, 0x1, 0x70bd2b, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x7, 0xfff1}, {0x9, 0x5}, {0xa, 0x6}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000050}, 0x2000c8d1)
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[], 0x48)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
syz_mount_image$vfat(&(0x7f00000005c0), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="73686f72746e616d653d6c6f7765722c636865636b3d7374726963742c6e6f6e756d7461696c3d302c726f6469722c757466383d312c696f636861727365743d63703433372c757466383d312c756e695f786c6174653d302c757466383d312c6e6f6e756d7461696c3d302c73686f72746e616d653d6d697865642c636f6465706167653d313235302c757466383d302c73686f72746e616d653d6d697865642c757466383d302c73686f72746e616d653d6d697865642c002e781c628171dbd0b848bd227a710ed569eeab84fb1950f82200ab887fe644e7fb85b02e4aae3f1ae0a36f639902642ab649068cfe43db32164676c9fa130a8e69f0a55181fc24aea12bfd4b8882ae4454db5444745ec3188e05c73679c77c0767c9ea433e694900153b72"], 0x1, 0x38c, &(0x7f00000015c0)="$eJzs3U+IW8UfAPBv+pLdTeHX3cMPioISvQm69A8eFA9byhaKuaiEVg9isFuUzVrYYHB7aLpexKPgUUHwIh704KFnERTx5sGrVbQqHrS3gsWRJC/Ja5PdrtRtXfx8DuWb78y8mXmdTd6+R2ZfuJ5Wz1Ti7NWrV2JurhTlpeNLca0UC5HF0MWYNDMlBwDsDddSit/TwCiZTYnGSndoaADALul9/qduMfP659vVTz79AWDPy3//r25XZ24y9eMTvX/P7d64AIDdM3H//8Fx2f2Dx/yFR/3lqQ8EAIC95Zlnn3vyWD3i6WptLmLtjU6j04jHx+XHzsbL0YqVOBTzcT1icKGQUjr9ff/FiZP15UO1Wq0bPy1EIyLe6zQi1rqdxuBK4VjWbz8bh2M+FvL2+dVGSik78Ul9+XCtLyIudvv9x1qp06jE/rz/b/fHShyJWvx/on3EyfrykVp+gMbasH03YnN836I3/sWYj69fjHPRijPVU5HS8LKmvnzhcK12PNVvaN9pzMaZ0VmYcgcEAAAAAAAAAAAAAAAAAAAAAABuw2JtZGG0/00a79+zuDilvL8/zqB9vj/Q5mB/oDSbIqXfXnuk8WY22KtnuD/QzfvzdBrl2Hd3pw4AAAAAAAAAAAAAAAAAAAD/Gu2NmWi2Wivr7Y3zq8Wgu97e2BcRvcwrX370WTUm69wiKOd9FIpqeer8ajNlw8opu6FOHmS9zoeZDy+NRlysMzuaxdRh9IrbM1vU+d8DP7wzztyXDY/857hOFtMnmN00jGFQiYi1AxFRjRgVVcZT3vKMHc2DI7c4q5dTSlsd58Lzk62iFFH++/9x2wepF3xx5aV7jrYPPtrPfJoGHnp4/tTlt9//ZbXZ6vXc0/pgZr19Pa0289fTF9tKqbxFp1lh/ZTyc1gqroTydkPdvDHTzL759fS9b321s5mmYubVKXWywXQ+Xm9vlPKflH7RzCDo5W5qVW2dzCLOL0XxOJUpi//2gqmL7eC7S81LF777eafHKbxJjDfqqP7T7z8AAAAAAAAAAAAAAAAAAMBY4bviufzLvpXtWj32VB7M7e7oAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODOGP/9/0KwOZHZSfBHNyaLZlfW2xEH7vY0AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4j/srAAD//x9pY8c=")
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
connect$unix(0xffffffffffffffff, &(0x7f0000000040)=@file={0x0, './file1\x00'}, 0x6e)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x200000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x67, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs={0x1, 0x0, 0xffffffff}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x4000172, 0x0)
recvmmsg(r1, &(0x7f0000001340)=[{{&(0x7f0000000cc0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev}}}, 0x80, &(0x7f0000000e00)=[{&(0x7f0000000d40)=""/21, 0x15}, {&(0x7f0000000f40)=""/103, 0x67}], 0x2, &(0x7f0000000e40)=""/110, 0x6e}, 0xfffffffd}, {{&(0x7f0000000a40)=@isdn, 0x80, &(0x7f0000000c80)=[{&(0x7f0000000ac0)=""/61, 0x3d}, {&(0x7f0000000b00)=""/91, 0x5b}, {&(0x7f0000000b80)=""/52, 0x34}, {&(0x7f0000000bc0)=""/188, 0xbc}], 0x4}, 0x5}, {{&(0x7f0000000d80)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @mcast1}}, 0x80, &(0x7f0000001240)=[{&(0x7f0000000fc0)=""/176, 0xb0}, {&(0x7f0000001080)=""/210, 0xd2}, {&(0x7f0000001180)=""/162, 0xa2}], 0x3, &(0x7f0000001280)=""/145, 0x91}, 0xffff}], 0x3, 0x2, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f00000000c0)=0xfffffffffffffffe)
socket$inet(0x2, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)

987.776719ms ago: executing program 4 (id=966):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x42001, 0x0)
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
write$cgroup_int(r2, &(0x7f0000000540), 0xfffffdd8)
madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r3 = fcntl$dupfd(r0, 0x0, r1)
ioctl$TCFLSH(r3, 0x400455c8, 0x0)
ioctl$TCFLSH(r0, 0x400455c8, 0x0)
r4 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
r5 = dup(r4)
bind$bt_hci(r5, 0x0, 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
write$binfmt_aout(r6, &(0x7f0000000180)=ANY=[], 0xff2e)
r7 = syz_open_pts(r6, 0xc0000)
ioctl$TIOCSTI(r7, 0x5412, &(0x7f0000000100)=0x12)

901.037401ms ago: executing program 2 (id=967):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x94, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @private1={0xfc, 0x1, '\x00', 0x1}}}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}]}, 0x94}, 0x1, 0x0, 0x0, 0x4041}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vxcan1\x00'})
sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={0x54, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_NAT_SRC={0x4}]}, 0x54}, 0x1, 0x0, 0x0, 0x24000800}, 0x0)

813.239852ms ago: executing program 2 (id=968):
bpf$BPF_PROG_DETACH(0x9, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000280)='./file0\x00', 0x2800000, &(0x7f0000000500)={[{@debug}, {@delalloc}, {@inlinecrypt}, {@discard}, {@errors_continue}, {@errors_continue}, {@delalloc}, {@barrier}]}, 0x1, 0xbc8, &(0x7f0000002380)="$eJzs3M9rHNcdAPDvjH7alrtyKaXuxSql2FC6ll1kalOoXVx66aHQXgsW8soIrX8gqTiSdVgl/0BIcg7kEkhiEnyIz74kkGsuiXONySFggmIlEEKiMPtDWku7+mGtNIr8+cDTvDdvZt73q5F23oPdDeC5NZT9SCOOR8SVJKJQ359GRG+11h9RqR23tDg/9u3i/FgSy8v/+SqJJCKeLM6PNa6V1LdH6o3+iPj470n88qX1407Pzk2OlsulqXr79Mz1W6enZ+f+NHF99FrpWunGmXN/GTk7cm74/EjHcv3u84v3v/ndP7+ofP/2D3e/fvXNJC7GQL2vOY961js2FEMrv5Nm3REx2oHr7wdd9Xya80y6Nzkp3eWgAABoK22aw/06CtEVq5O3QnzwSa7BAQAAAB2x3BWxDAAAABxwifU/AAAAHHCN9wE8WZwfa5R835Gwtx5fiojBWv5L9VLr6Y5KddsfPRFx+EkSzR9rTWqn7dhQRDz67Px7WYkWn0PebZWFiPhNq/ufVPMfrH8Sem3+aUQMd2D8oTXtn1P+Fzswft75A/B8enCp9iBb//xLV+Y/0eL5193i2fUs8n7+NeZ/S+vmf6v5d7WZ//17i2Pceev12+36svz/ev8f7zZKNn623VFS2/B4IeK33a3yT1byT9rkf2WLYxR+vF1q15d3/stvRJyM1vk3JBt/P9Hp8Ylyabj2s+UYCx+NvNNu/Lzzz+7/4Tb5b3D/+7N9t566Uvsv9fnf5cv32vVtnn/6ZW/y32qtt77nhdGZmakzEb3Jv9bvP7txvo1jGtfI8j/1+43//1v9/WevCZX630aW+UJ9m7VfXDPm3+7eeX+j/LO1X573/+r2739138tbHOMPH75yql1f8/o3K9n4j5LaWhgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGtKIGIgkLUZEUq2nabEYcSQifhWH0/LN6Zk/jt/8/42rWV/EYPSk4xPl0nBEFGrtJGufqdZX22fXtP8cEcci4rXCoWq7OHazfDXv5AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFhxJCIGIkmLEZFGxFIhTYvFvKMCAAAAOm4w7wAAAACAXWf9DwAAAAef9T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC77NiJBw+TiKhcOFQtmd56X0+ukQG7Lc07ACA3XXkHAOSmO+8AgNxsc41vugAHULJJf3/bnr6OxwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/nXy+IOHSURULhyqlkxvva+n5Rkn9jA6YDeleQcA5KZro87uvYsD2HvP/C9+tLNxAHuv9RofeJ4km/T3rx5Tebqnb9diAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGD/GaiWJC1GRFqtp2mxGHE0IgajJxmfKJeGI+IXEfFpoacva/flHTQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdNz07NzlaLpemnqWS7Ox0FRWVpkqyP8KoVfJ+ZQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA/Ts3OTo+VyaWo670gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAvE3Pzk2OlsulqS1U7m3n4KZK3jkCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJCfnwIAAP//198NMw==")
pipe2$9p(0x0, 0x80)
write$P9_RRENAME(0xffffffffffffffff, &(0x7f00000001c0)={0x7, 0x15, 0x2}, 0x7)
open(&(0x7f0000000040)='./file1\x00', 0x48a7e, 0x20)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e23, @rand_addr=0x64010102}, 0x10)
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=<r1=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r1, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
shutdown(0xffffffffffffffff, 0x0)
r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
read$FUSE(r2, &(0x7f0000006b40)={0x2020}, 0x2020)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000))
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_mreqn(r3, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @local}, 0xc)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.kill\x00', 0x275a, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r4, 0x0)
getsockopt$inet_buf(r3, 0x0, 0x29, &(0x7f0000000000)=""/145, &(0x7f0000695ffc)=0x24b)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x4000000000000, 0x40, &(0x7f00000006c0)=@raw={'raw\x00', 0x4001, 0x3, 0x3e8, 0x158, 0x0, 0x148, 0x158, 0x148, 0x350, 0x240, 0x240, 0x350, 0x240, 0x7fffffe, 0x0, {[{{@ip={@private=0xa010102, @local, 0x0, 0x0, 'ip6gretap0\x00', 'nicvf0\x00', {}, {}, 0x88, 0x3, 0x10}, 0x0, 0xf8, 0x158, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'wg1\x00', {0x0, 0x0, 0x1ff, 0x100000, 0x0, 0xed, 0x10000007}}}, @common=@unspec=@connmark={{0x30}, {0xfffffff9, 0x8}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, 0x85d, 0xb, [0x10, 0x31, 0x1e, 0x32, 0x2b, 0x25, 0x3f, 0x17, 0x19, 0x22, 0x2c, 0x3d, 0x7, 0x3f, 0x1e, 0x31], 0x0, 0x2, 0x2}}}, {{@ip={@rand_addr=0x64010101, @local, 0xff, 0x0, 'tunl0\x00', 'lo\x00', {0xff}, {}, 0x2e, 0x3, 0x4}, 0x0, 0x190, 0x1f8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x8, 0x9, 0x1, 0x1, 'syz1\x00', 0x2}}, @inet=@rpfilter={{0x28}, {0x8}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0xfff, 0x7e, 0x1c, 'netbios-ns\x00', 'syz0\x00', {0x3}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x448)
syz_emit_ethernet(0x180, &(0x7f0000000140)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x10}, @void, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x172, 0x2, 0x0, 0x0, 0x84, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0xe}}, "dd9dec79219eb5499325e16c96335bc5ff0e043319357749084ca9d0ae1378f4e88112a2f7c10fce523b9007773fd2b2bd0ebaf19ca7dd6513adbccd2e5c35fb3baff587585840f2530c6f4d025f118440ac22a8b34da7b5e1e873bd429686be3ef84439e05fc0fefedb8b897b09445a9e10cf24aec2ff3ca6a86d94df0c4a928ed904dcfb02e6c6c591dd0689c7cb9b55dfb3cd89d80eb18dc06415d313b4ea240a65eff4b941ac018e8f81de044239960271333255291b5fbfdcf8db25e175640f36986b859aeb3370ca17e6a20aeeb5c5d27eb097fc1eab796a7ff8fcbe119bbe4be2c8a5c588db191c59bea20bfe4edf9c5453e59f610d3bd1d6eb49b02e464aee0480187c5717936add1347b08cdf5b056adb941708e8a0498900419e98b75658c6dd00f88eebf8c9aaee2e38c80eafcf6ca08ea305da9c7050948ef78a1457a2e9338812d543cc5cdb71521f4113829551efe915e4d6773f2d285c"}}}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MTU={0x8, 0x4, 0x44}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
ftruncate(r7, 0x2000009)

696.278403ms ago: executing program 1 (id=969):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = gettid()
sched_setscheduler(r1, 0x2, &(0x7f0000000040)=0x556e34e5)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x10, &(0x7f00000008c0)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000000000000850000001c00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x680f0936988f8ccd, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={0x0, 0x18}}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000001280), r6)
sendmsg$IEEE802154_LLSEC_GETPARAMS(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, r7, 0x1, 0x70bd25, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x6000855}, 0x4004)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="5000000010008105e9c51c000000000000000000", @ANYRES32=r4, @ANYBLOB="01000000000000002800128009000100766c616e000000001800028006000100000000000c0002000c0000000d00000008000500", @ANYRES64=r3], 0x50}, 0x1, 0x0, 0x0, 0x80}, 0x0)
r8 = socket$packet(0x11, 0x2, 0x300)
sendto$packet(r8, 0x0, 0x0, 0x0, &(0x7f0000000180)={0x11, 0x9, r4, 0x1, 0x12, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x41}}, 0x14)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000a00)={r2, 0x5, 0xe, 0x0, &(0x7f0000000a80)="9520588da012f38592e7fc9d582e", 0x0, 0x3a, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

529.710124ms ago: executing program 0 (id=970):
setxattr$trusted_overlay_upper(&(0x7f0000000000)='./file1\x00', 0x0, 0x0, 0x841, 0x0)
pipe2(&(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
r1 = syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x30000c6, &(0x7f0000000080)={[{@auto_da_alloc}, {@mblk_io_submit}]}, 0x1, 0x569, &(0x7f0000000a00)="$eJzs3d1rm9UfAPDvkzZ7//3WwRgqIgUvnMyla+vLBC/mtQ4Gej9D+6yMpsto0rHWgduFu5bhnQPxXrz2UvwHvPBvGOhgyCiCeBN50idZ2iZtuqUvms8HnnK+z0vPOXlyTs7JSUgAQ2s8+1OIeDkivkoiTkZEkh8bjfzg+Np5q0/vzGRbEo3GJ38kzfOyuPW/Wtcdz4OXIuLnLyPOFTbnW1temS9XKuliHk/UF25O1JZXzl9fKM+lc+mNqenpi+9MT73/3rsDq+ubV7KCjOTRqQdJXIoTedRZjxdwtzMYj/H8MSnGpQ0nTg4gs4Mk6br3hz0vBzszkrfzYmR9wMkYyVs98N/3RUQ0gCGV7Lj9/1rcnZIAe6s1DmjN7Qc0D/7XePLh2gRoc/1H194biSPNudGx1WTdzCib744NIP8sjx9/f/gg22Jw70MAbOvuvYi4MDq6uf9L8v7v+V3o45yNeej/YO/8lI1/3uo2/im0xz/RZfxzvEvbfR7bt//C4wFk01M2/vug6/i3vWg1NpJH/2uO+YrJteuVNOvb/h8RZ6N4OIu3Ws+5uPqo0etY5/gv27L8W2PBvByPRw+vv2a2XC+/SJ07PbkX8UrX8W/Svv/J2v1ft8STPR5X+szjTPrwtV7Htq//7mp8F/FG1/v/rLrJ1uuTE83nw0TrWbHZn/fP/NIr//2uf3b/j21d/7Gkc722tvM8vj3ydxrt9eT11tU/+n/+H0o+baYP5ftul+v1xcmIQ8nH7f2F1v6pZ9e24tb5Wf3Pvr51/5d06f+ORsRnfdb//unvX+117CDc/9mu9789u91w/3eeePTR59/0yr+//u/tZupsvqef/q/fAr7IYwcAAAAAAAAHTSEiTkRSKLXThUKptPb5jtNxrFCp1urnrlWXbsxG87uyY1EstFa6T3Z8HmIyXzFsxVMb4umIOBURX48cbcalmWpldr8rDwAAAAAAAAAAAAAAAAAAAAfE8R7f/8/8NrLfpQN2nZ/8huG1bfsfxC89AQeS138YXto/DK++2n9x98sB7D2v/zC8tH8YXto/DC/tH4aX9g8AAAAAAAAAAAAAAAAAAAAAAAAAAAADdeXy5WxrrD69M5PFs7eWl+art87PprX50sLSTGmmunizNFetzlXS0kx1Ybv/V6lWb05OxdLtiXpaq0/UlleuLlSXbtSvXl8oz6VXU78iBgAAAAAAAAAAAAAAAAAAAJvVllfmy5VKuigxxIm/Go3G814+ut+Fl9iVxH73TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwzD8BAAD//1hdMq0=")
r2 = creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x93)
renameat2(0xffffffffffffff9c, &(0x7f0000000380)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x2)
fcntl$setpipe(r0, 0x407, 0x7)
write$FUSE_INIT(r0, 0x0, 0x0)
vmsplice(r0, 0x0, 0x0, 0x0)
socket(0x1e, 0x4, 0x0)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xffffffff7ffffffd]}, 0x0, 0x8)
r3 = gettid()
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$int_in(r4, 0x5452, &(0x7f0000b28000)=0x3)
fcntl$setsig(r4, 0xa, 0x12)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0x7, 0x4, 0x18, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x9, &(0x7f0000000100)=ANY=[@ANYBLOB="18000093a4e6f1c79a758814b988fb564312207583aa7e62e33555af1d37000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000078850000001b"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x52)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000300)={r6}, 0xc)
poll(&(0x7f0000b2c000)=[{r5}], 0x2c, 0xffffffffffbffff8)
dup2(r4, r5)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r7=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x47f2, 0x1})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r7, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
fcntl$setown(r4, 0x8, r3)
tkill(r3, 0x13)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
unshare(0x22020600)
fcntl$setpipe(r0, 0x407, 0x2000000)

528.981204ms ago: executing program 1 (id=971):
timer_create(0x7, &(0x7f0000000080)={0x0, 0x11, 0x2}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
clock_gettime(0x4, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x77359400}}, &(0x7f0000000100))
io_setup(0x8, 0x0)

471.684285ms ago: executing program 1 (id=972):
r0 = socket(0x10, 0x80003, 0x0)
write(r0, &(0x7f0000000000)="240000001a005f0214f9f407000904000a000000fe0000000000000008000f00fd000000", 0x85)
syz_genetlink_get_family_id$devlink(&(0x7f0000000300), r0) (fail_nth: 13)

156.664639ms ago: executing program 3 (id=973):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x42001, 0x0)
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
write$cgroup_int(r2, &(0x7f0000000540), 0xfffffdd8)
madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r3 = fcntl$dupfd(r0, 0x0, r1)
ioctl$TCFLSH(r3, 0x400455c8, 0x0)
ioctl$TCFLSH(r0, 0x400455c8, 0x0)
r4 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
r5 = dup(r4)
bind$bt_hci(r5, 0x0, 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000140)={0x0, 0x4000040, 0xfffffff9, 0x7fff, 0x16, "0062ba7d82000000000000000000f7ffffff00"})
r7 = syz_open_pts(r6, 0xc0000)
ioctl$TIOCSTI(r7, 0x5412, &(0x7f0000000100)=0x12)

67.73702ms ago: executing program 0 (id=974):
ioctl$TCSETAF(0xffffffffffffffff, 0x5408, &(0x7f0000000080)={0x49db, 0x0, 0xfff9, 0xbfff, 0x15, "ec28a144f13d7607"})
write$binfmt_aout(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[], 0xff2e)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f00000001c0)={0x0, 0xffffef7b, 0x0, 0xb2, 0x10, "1b09000040000000000000e678000000001000"})
r0 = syz_open_pts(0xffffffffffffffff, 0x20800)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000100)=0x44)

0s ago: executing program 0 (id=975):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0)
syz_usb_connect(0x3, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000d44ebb40ec188832cf690102030109021b00010000000009040000010e01000009050503"], 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x40300, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_NMI(r2, 0xae9a)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x23c}}, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x7f, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x401, 0x0, 0x7, 0x0, 0x5, 0x8, 0x2, 0xffffffffffffffff], 0x0, 0x200})
ioctl$KVM_TRANSLATE(0xffffffffffffffff, 0xc018ae85, &(0x7f0000000040)={0x200000, 0xf000, 0x70, 0x3, 0x4})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
keyctl$clear(0x11, 0xfffffffffffffffd)
timer_create(0x3, 0x0, &(0x7f0000000300))
setrlimit(0xf, &(0x7f0000000000)={0x2, 0x439eda03})
timer_settime(0x0, 0x42a28f29afc7695a, &(0x7f000006b000)={{0x77359400}, {0x0, 0x3938700}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

kernel console output (not intermixed with test programs):

o 9
[  103.987155][  T310] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x8E has invalid maxpacket 34108, setting to 1024
[  104.009460][  T310] usb 3-1: New USB device found, idVendor=0763, idProduct=0150, bcdDevice= 0.40
[  104.027445][  T310] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  104.036260][  T310] usb 3-1: Product: syz
[  104.040452][  T310] usb 3-1: Manufacturer: syz
[  104.055741][  T310] usb 3-1: SerialNumber: syz
[  104.061573][ T1974] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  104.731090][  T310] usb 3-1: MIDIStreaming interface descriptor not found
[  104.759714][  T310] usb 3-1: USB disconnect, device number 4
[  104.998409][  T320] udevd[320]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  105.719982][ T2056] FAULT_INJECTION: forcing a failure.
[  105.719982][ T2056] name failslab, interval 1, probability 0, space 0, times 0
[  105.746893][ T2056] CPU: 0 PID: 2056 Comm: syz.2.434 Not tainted syzkaller #0
[  105.754303][ T2056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  105.764379][ T2056] Call Trace:
[  105.767671][ T2056]  <TASK>
[  105.770613][ T2056]  __dump_stack+0x21/0x24
[  105.774961][ T2056]  dump_stack_lvl+0x110/0x170
[  105.779661][ T2056]  ? __cfi_dump_stack_lvl+0x8/0x8
[  105.784706][ T2056]  ? __cfi_avc_has_perm_noaudit+0x10/0x10
[  105.790457][ T2056]  dump_stack+0x15/0x24
[  105.794630][ T2056]  should_fail_ex+0x3d4/0x520
[  105.799319][ T2056]  __should_failslab+0xac/0xf0
[  105.804095][ T2056]  ? kvmalloc_node+0x28a/0x460
[  105.808877][ T2056]  should_failslab+0x9/0x20
[  105.813398][ T2056]  __kmem_cache_alloc_node+0x3d/0x2c0
[  105.818797][ T2056]  ? kvmalloc_node+0x28a/0x460
[  105.823579][ T2056]  __kmalloc_node+0xa1/0x1e0
[  105.828206][ T2056]  kvmalloc_node+0x28a/0x460
[  105.832840][ T2056]  ? __cfi_kvmalloc_node+0x10/0x10
[  105.837976][ T2056]  ? security_capable+0x99/0xc0
[  105.842877][ T2056]  __se_sys_setgroups+0xef/0x400
[  105.847849][ T2056]  ? debug_smp_processor_id+0x17/0x20
[  105.853270][ T2056]  __x64_sys_setgroups+0x5b/0x70
[  105.858251][ T2056]  x64_sys_call+0x3ee/0x9a0
[  105.862787][ T2056]  do_syscall_64+0x4c/0xa0
[  105.867230][ T2056]  ? clear_bhb_loop+0x30/0x80
[  105.871934][ T2056]  ? clear_bhb_loop+0x30/0x80
[  105.876641][ T2056]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  105.882553][ T2056] RIP: 0033:0x7f48af99cdd9
[  105.886997][ T2056] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  105.906716][ T2056] RSP: 002b:00007f48b08f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000074
[  105.915163][ T2056] RAX: ffffffffffffffda RBX: 00007f48afc15fa0 RCX: 00007f48af99cdd9
[  105.923148][ T2056] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  105.931143][ T2056] RBP: 00007f48b08f6090 R08: 0000000000000000 R09: 0000000000000000
[  105.939146][ T2056] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  105.947205][ T2056] R13: 00007f48afc16038 R14: 00007f48afc15fa0 R15: 00007fff78af8438
[  105.955191][ T2056]  </TASK>
[  105.997712][ T2061] loop3: detected capacity change from 0 to 256
[  106.018419][ T2061] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x9059ffb0, utbl_chksum : 0xe619d30d)
[  106.076570][ T2067] fuse: Bad value for 'fd'
[  106.096032][   T40] usb 2-1: skipping empty audio interface (v1)
[  106.200758][   T40] snd-usb-audio: probe of 2-1:1.0 failed with error -22
[  106.217061][ T2073] fuse: Unknown parameter 'grou00000000000000000000'
[  106.220878][   T40] usb 2-1: USB disconnect, device number 5
[  106.230898][  T313] udevd[313]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  107.341264][ T2089] FAULT_INJECTION: forcing a failure.
[  107.341264][ T2089] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  107.355742][ T2089] CPU: 1 PID: 2089 Comm: syz.2.444 Not tainted syzkaller #0
[  107.363055][ T2089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  107.373127][ T2089] Call Trace:
[  107.376412][ T2089]  <TASK>
[  107.379348][ T2089]  __dump_stack+0x21/0x24
[  107.383715][ T2089]  dump_stack_lvl+0x110/0x170
[  107.388416][ T2089]  ? __cfi_dump_stack_lvl+0x8/0x8
[  107.393473][ T2089]  dump_stack+0x15/0x24
[  107.397651][ T2089]  should_fail_ex+0x3d4/0x520
[  107.402349][ T2089]  should_fail+0xb/0x10
[  107.406518][ T2089]  should_fail_usercopy+0x1a/0x20
[  107.411560][ T2089]  _copy_to_user+0x1e/0x90
[  107.416025][ T2089]  simple_read_from_buffer+0xe9/0x160
[  107.421510][ T2089]  proc_fail_nth_read+0x1a6/0x220
[  107.426554][ T2089]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  107.432133][ T2089]  ? security_file_permission+0x94/0xb0
[  107.437709][ T2089]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  107.443357][ T2089]  vfs_read+0x27a/0x910
[  107.447544][ T2089]  ? __cfi_vfs_read+0x10/0x10
[  107.452244][ T2089]  ? __kasan_check_write+0x14/0x20
[  107.457382][ T2089]  ? mutex_lock+0x93/0x1b0
[  107.461813][ T2089]  ? __cfi_mutex_lock+0x10/0x10
[  107.466688][ T2089]  ? __fdget_pos+0x2cd/0x380
[  107.471305][ T2089]  ? ksys_read+0x71/0x250
[  107.475660][ T2089]  ksys_read+0x149/0x250
[  107.479918][ T2089]  ? __cfi_ksys_read+0x10/0x10
[  107.484693][ T2089]  ? fput+0x154/0x1a0
[  107.488709][ T2089]  ? debug_smp_processor_id+0x17/0x20
[  107.494109][ T2089]  __x64_sys_read+0x7b/0x90
[  107.498635][ T2089]  x64_sys_call+0x2f/0x9a0
[  107.503075][ T2089]  do_syscall_64+0x4c/0xa0
[  107.507509][ T2089]  ? clear_bhb_loop+0x30/0x80
[  107.512214][ T2089]  ? clear_bhb_loop+0x30/0x80
[  107.516922][ T2089]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  107.522919][ T2089] RIP: 0033:0x7f48af95d60e
[  107.527356][ T2089] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  107.546970][ T2089] RSP: 002b:00007f48b08f5fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  107.555405][ T2089] RAX: ffffffffffffffda RBX: 00007f48b08f66c0 RCX: 00007f48af95d60e
[  107.563385][ T2089] RDX: 000000000000000f RSI: 00007f48b08f60a0 RDI: 0000000000000004
[  107.571373][ T2089] RBP: 00007f48b08f6090 R08: 0000000000000000 R09: 0000000000000000
[  107.579366][ T2089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  107.587436][ T2089] R13: 00007f48afc16038 R14: 00007f48afc15fa0 R15: 00007fff78af8438
[  107.595420][ T2089]  </TASK>
[  107.651369][   T28] audit: type=1400 audit(1778538542.020:301): avc:  denied  { checkpoint_restore } for  pid=2095 comm="syz.2.447" capability=40  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  107.716368][   T40] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  107.907114][ T2116] netlink: 4 bytes leftover after parsing attributes in process `syz.1.452'.
[  107.926093][   T40] usb 4-1: Using ep0 maxpacket: 32
[  107.935185][   T40] usb 4-1: config 0 has an invalid interface number: 2 but max is 0
[  107.944087][   T40] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  107.954394][   T40] usb 4-1: config 0 has no interface number 0
[  107.962609][   T40] usb 4-1: New USB device found, idVendor=086a, idProduct=0003, bcdDevice=f0.3f
[  107.972029][   T40] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  107.980222][   T40] usb 4-1: Product: syz
[  107.984631][   T40] usb 4-1: Manufacturer: syz
[  107.989307][   T40] usb 4-1: SerialNumber: syz
[  107.997260][   T40] usb 4-1: config 0 descriptor??
[  108.220425][   T40] snd-usb-audio: probe of 4-1:0.2 failed with error -2
[  108.234107][  T313] udevd[313]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.2/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  108.289492][ T2122] loop0: detected capacity change from 0 to 256
[  108.299910][ T2122] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x9059ffb0, utbl_chksum : 0xe619d30d)
[  108.385688][ T2125] fuse: Bad value for 'fd'
[  108.440255][   T28] audit: type=1400 audit(1778538542.759:302): avc:  denied  { name_bind } for  pid=2078 comm="syz.3.442" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[  109.375212][ T2132] loop2: detected capacity change from 0 to 1024
[  109.475935][ T2132] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  109.488540][ T2132] ext4 filesystem being mounted at /95/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  109.565201][   T40] usb 4-1: USB disconnect, device number 7
[  109.639490][ T2151] loop0: detected capacity change from 0 to 512
[  109.671092][ T2151] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  109.680158][ T2151] ext4 filesystem being mounted at /83/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  109.848894][ T2161] EXT4-fs error (device loop0): ext4_empty_dir:3136: inode #12: comm syz.0.461: invalid size
[  109.870525][ T2161] EXT4-fs (loop0): Remounting filesystem read-only
[  110.297956][  T292] EXT4-fs (loop2): unmounting filesystem.
[  110.358846][ T2163] FAULT_INJECTION: forcing a failure.
[  110.358846][ T2163] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  110.394470][ T2163] CPU: 1 PID: 2163 Comm: syz.2.462 Not tainted syzkaller #0
[  110.401975][ T2163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  110.412063][ T2163] Call Trace:
[  110.415373][ T2163]  <TASK>
[  110.418306][ T2163]  __dump_stack+0x21/0x24
[  110.422651][ T2163]  dump_stack_lvl+0x110/0x170
[  110.427330][ T2163]  ? __cfi_dump_stack_lvl+0x8/0x8
[  110.432362][ T2163]  ? kernel_wait4+0x22a/0x2a0
[  110.437066][ T2163]  dump_stack+0x15/0x24
[  110.441231][ T2163]  should_fail_ex+0x3d4/0x520
[  110.445920][ T2163]  should_fail+0xb/0x10
[  110.450112][ T2163]  should_fail_usercopy+0x1a/0x20
[  110.455164][ T2163]  _copy_to_user+0x1e/0x90
[  110.459597][ T2163]  __x64_sys_wait4+0x18f/0x230
[  110.464367][ T2163]  ? __cfi___x64_sys_wait4+0x10/0x10
[  110.469666][ T2163]  ? __cfi_ksys_write+0x10/0x10
[  110.474528][ T2163]  ? fpregs_assert_state_consistent+0xb1/0xe0
[  110.480611][ T2163]  x64_sys_call+0x927/0x9a0
[  110.485120][ T2163]  do_syscall_64+0x4c/0xa0
[  110.489539][ T2163]  ? clear_bhb_loop+0x30/0x80
[  110.494225][ T2163]  ? clear_bhb_loop+0x30/0x80
[  110.498913][ T2163]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  110.504817][ T2163] RIP: 0033:0x7f48af99cdd9
[  110.509270][ T2163] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  110.528888][ T2163] RSP: 002b:00007f48b08f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000003d
[  110.537306][ T2163] RAX: ffffffffffffffda RBX: 00007f48afc15fa0 RCX: 00007f48af99cdd9
[  110.545291][ T2163] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000
[  110.553293][ T2163] RBP: 00007f48b08f6090 R08: 0000000000000000 R09: 0000000000000000
[  110.561285][ T2163] R10: 0000200000000300 R11: 0000000000000246 R12: 0000000000000001
[  110.569268][ T2163] R13: 00007f48afc16038 R14: 00007f48afc15fa0 R15: 00007fff78af8438
[  110.577251][ T2163]  </TASK>
[  110.598814][  T288] EXT4-fs (loop0): unmounting filesystem.
[  110.743920][ T2169] loop2: detected capacity change from 0 to 256
[  110.761571][ T2169] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x9059ffb0, utbl_chksum : 0xe619d30d)
[  110.950215][ T2184] fuse: Bad value for 'fd'
[  111.947943][ T2193] netlink: 20 bytes leftover after parsing attributes in process `syz.4.469'.
[  111.999310][ T2200] FAULT_INJECTION: forcing a failure.
[  111.999310][ T2200] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  112.023242][   T28] audit: type=1326 audit(1778538546.109:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2192 comm="syz.1.471" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c86b9cdd9 code=0x7ffc0000
[  112.068886][ T2200] CPU: 0 PID: 2200 Comm: syz.3.470 Not tainted syzkaller #0
[  112.076216][ T2200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  112.086291][ T2200] Call Trace:
[  112.089590][ T2200]  <TASK>
[  112.092531][ T2200]  __dump_stack+0x21/0x24
[  112.096883][ T2200]  dump_stack_lvl+0x110/0x170
[  112.101594][ T2200]  ? __cfi_dump_stack_lvl+0x8/0x8
[  112.106651][ T2200]  dump_stack+0x15/0x24
[  112.110824][ T2200]  should_fail_ex+0x3d4/0x520
[  112.115551][ T2200]  should_fail+0xb/0x10
[  112.119740][ T2200]  should_fail_usercopy+0x1a/0x20
[  112.124799][ T2200]  _copy_to_user+0x1e/0x90
[  112.129252][ T2200]  simple_read_from_buffer+0xe9/0x160
[  112.135083][ T2200]  proc_fail_nth_read+0x1a6/0x220
[  112.140131][ T2200]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  112.140187][   T28] audit: type=1326 audit(1778538546.128:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2192 comm="syz.1.471" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=322 compat=0 ip=0x7f8c86b9cdd9 code=0x7ffc0000
[  112.145695][ T2200]  ? security_file_permission+0x94/0xb0
[  112.175837][ T2200]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  112.181402][ T2200]  vfs_read+0x27a/0x910
[  112.185585][ T2200]  ? __cfi_vfs_read+0x10/0x10
[  112.190290][ T2200]  ? __kasan_check_write+0x14/0x20
[  112.195429][ T2200]  ? mutex_lock+0x93/0x1b0
[  112.199866][ T2200]  ? __cfi_mutex_lock+0x10/0x10
[  112.204736][ T2200]  ? __fdget_pos+0x2cd/0x380
[  112.209356][ T2200]  ? ksys_read+0x71/0x250
[  112.213703][ T2200]  ksys_read+0x149/0x250
[  112.217982][ T2200]  ? __cfi_ksys_read+0x10/0x10
[  112.222760][ T2200]  ? debug_smp_processor_id+0x17/0x20
[  112.228152][ T2200]  __x64_sys_read+0x7b/0x90
[  112.232706][ T2200]  x64_sys_call+0x2f/0x9a0
[  112.237158][ T2200]  do_syscall_64+0x4c/0xa0
[  112.241608][ T2200]  ? clear_bhb_loop+0x30/0x80
[  112.246319][ T2200]  ? clear_bhb_loop+0x30/0x80
[  112.247186][   T28] audit: type=1326 audit(1778538546.128:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2192 comm="syz.1.471" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c86b9cdd9 code=0x7ffc0000
[  112.251033][ T2200]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  112.281508][ T2200] RIP: 0033:0x7fc77ed5d60e
[  112.284249][ T2205] loop2: detected capacity change from 0 to 512
[  112.285948][ T2200] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  112.285968][ T2200] RSP: 002b:00007fc77fd03fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  112.320250][ T2200] RAX: ffffffffffffffda RBX: 00007fc77fd046c0 RCX: 00007fc77ed5d60e
[  112.328237][ T2200] RDX: 000000000000000f RSI: 00007fc77fd040a0 RDI: 0000000000000006
[  112.336220][ T2200] RBP: 00007fc77fd04090 R08: 0000000000000000 R09: 0000000000000000
[  112.344241][ T2200] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  112.352226][ T2200] R13: 00007fc77f016128 R14: 00007fc77f016090 R15: 00007fffde0ca028
[  112.360207][ T2200]  </TASK>
[  112.363738][   T28] audit: type=1326 audit(1778538546.128:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2192 comm="syz.1.471" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f8c86b9cdd9 code=0x7ffc0000
[  112.388462][   T28] audit: type=1326 audit(1778538546.128:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2192 comm="syz.1.471" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c86b9cdd9 code=0x7ffc0000
[  112.413640][   T28] audit: type=1326 audit(1778538546.128:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2192 comm="syz.1.471" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8c86b9cdd9 code=0x7ffc0000
[  112.444798][   T28] audit: type=1326 audit(1778538546.428:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2192 comm="syz.1.471" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c86b9cdd9 code=0x7ffc0000
[  112.469761][   T28] audit: type=1326 audit(1778538546.428:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2192 comm="syz.1.471" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c86b9cdd9 code=0x7ffc0000
[  112.497860][ T2210] loop0: detected capacity change from 0 to 1024
[  112.524383][ T2217] loop1: detected capacity change from 0 to 256
[  112.532410][ T2205] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  112.544793][ T2210] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  112.552853][ T2205] ext4 filesystem being mounted at /99/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  112.586293][ T2210] ext4 filesystem being mounted at /85/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  112.603092][ T2217] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x9059ffb0, utbl_chksum : 0xe619d30d)
[  113.569032][ T2234] EXT4-fs error (device loop2): ext4_empty_dir:3136: inode #12: comm syz.2.473: invalid size
[  113.681336][ T2234] EXT4-fs (loop2): Remounting filesystem read-only
[  113.800307][  T292] EXT4-fs (loop2): unmounting filesystem.
[  113.874723][  T288] EXT4-fs (loop0): unmounting filesystem.
[  114.081600][ T2259] loop2: detected capacity change from 0 to 256
[  114.107969][ T2259] FAT-fs (loop2): Directory bread(block 64) failed
[  114.118731][ T2259] FAT-fs (loop2): Directory bread(block 65) failed
[  114.127542][ T2259] FAT-fs (loop2): Directory bread(block 66) failed
[  114.134393][ T2259] FAT-fs (loop2): Directory bread(block 67) failed
[  114.141906][ T2259] FAT-fs (loop2): Directory bread(block 68) failed
[  114.150277][ T2259] FAT-fs (loop2): Directory bread(block 69) failed
[  114.157360][ T2259] FAT-fs (loop2): Directory bread(block 70) failed
[  114.164302][ T2259] FAT-fs (loop2): Directory bread(block 71) failed
[  114.171403][ T2259] FAT-fs (loop2): Directory bread(block 72) failed
[  114.177986][ T2259] FAT-fs (loop2): Directory bread(block 73) failed
[  114.223516][ T2259] process 'syz.2.486' launched './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  114.244520][ T2265] 8021q: VLANs not supported on ip_vti0
[  114.339702][ T2268] Driver unsupported XDP return value 0 on prog  (id 77) dev N/A, expect packet loss!
[  114.789481][ T2245] loop3: detected capacity change from 0 to 131072
[  114.810014][ T2245] F2FS-fs (loop3): invalid crc value
[  114.828512][ T2245] F2FS-fs (loop3): Found nat_bits in checkpoint
[  114.927522][ T2245] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=80000000, run fsck to fix.
[  114.956479][ T2245] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  115.030776][ T2272] loop1: detected capacity change from 0 to 131072
[  115.042927][ T2272] F2FS-fs (loop1): Wrong CP boundary, start(512) end(1536) blocks(0)
[  115.051031][ T2272] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  115.062043][ T2272] F2FS-fs (loop1): invalid crc value
[  115.070530][ T1833] kworker/u4:23: attempt to access beyond end of device
[  115.070530][ T1833] loop2: rw=1, sector=1224, nr_sectors = 256 limit=256
[  115.087574][ T1833] kworker/u4:23: attempt to access beyond end of device
[  115.087574][ T1833] loop2: rw=1, sector=1544, nr_sectors = 288 limit=256
[  115.101898][ T1833] kworker/u4:23: attempt to access beyond end of device
[  115.101898][ T1833] loop2: rw=1, sector=1864, nr_sectors = 608 limit=256
[  115.115947][ T2272] F2FS-fs (loop1): Found nat_bits in checkpoint
[  115.151546][ T2272] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  115.158604][ T2272] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  115.167140][ T1835] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=80000000, run fsck to fix.
[  115.721856][   T28] audit: type=1400 audit(1778538549.572:311): avc:  denied  { write } for  pid=2271 comm="syz.1.490" name="nf_conntrack" dev="proc" ino=4026532442 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[  116.195517][ T2270] loop0: detected capacity change from 0 to 131072
[  116.205216][ T2270] F2FS-fs (loop0): invalid crc value
[  116.226446][ T2270] F2FS-fs (loop0): Found nat_bits in checkpoint
[  116.348904][ T2270] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=80000000, run fsck to fix.
[  116.410756][ T2270] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  117.472788][   T10] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=80000000, run fsck to fix.
[  117.773520][ T2316] fuse: Bad value for 'group_id'
[  118.728860][ T2336] loop1: detected capacity change from 0 to 256
[  118.778355][ T2336] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x9059ffb0, utbl_chksum : 0xe619d30d)
[  119.082199][  T328] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  119.155803][   T28] audit: type=1400 audit(1778538552.782:312): avc:  denied  { read } for  pid=2345 comm="syz.4.505" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  119.301975][  T328] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  119.314024][  T328] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  119.324937][  T328] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  119.334131][  T328] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  119.342318][  T328] usb 3-1: SerialNumber: syz
[  119.935269][ T2354] netlink: 4 bytes leftover after parsing attributes in process `syz.0.507'.
[  120.447944][ T2341] loop3: detected capacity change from 0 to 131072
[  120.462164][ T2341] F2FS-fs (loop3): invalid crc value
[  120.484522][ T2341] F2FS-fs (loop3): Found nat_bits in checkpoint
[  121.035733][ T2341] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=80000000, run fsck to fix.
[  121.116394][ T2341] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  121.394132][ T2366] fuse: Invalid rootmode
[  121.515101][ T1834] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=80000000, run fsck to fix.
[  121.537191][ T2329] syz.3.502 (2329) used greatest stack depth: 20848 bytes left
[  121.940215][ T2378] loop3: detected capacity change from 0 to 512
[  121.961531][ T2378] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  121.971030][ T2378] ext4 filesystem being mounted at /119/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  122.005304][  T328] usb 3-1: skipping empty audio interface (v1)
[  122.024528][  T328] snd-usb-audio: probe of 3-1:1.0 failed with error -22
[  122.042512][   T24] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  122.052645][  T328] usb 3-1: USB disconnect, device number 5
[  122.311424][  T313] udevd[313]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  122.327933][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  122.344742][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  122.354930][   T24] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  122.368537][   T24] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  122.377962][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  122.390049][   T24] usb 2-1: config 0 descriptor??
[  123.005762][ T2374] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  123.036312][ T2374] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  123.055376][   T28] audit: type=1400 audit(1778538556.431:313): avc:  denied  { setattr } for  pid=2373 comm="syz.1.512" name="uinput" dev="devtmpfs" ino=262 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  123.110062][ T2394] EXT4-fs error (device loop3): ext4_empty_dir:3136: inode #12: comm syz.3.511: invalid size
[  123.153785][ T2394] EXT4-fs (loop3): Remounting filesystem read-only
[  124.348466][   T24] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving
[  124.362240][ T2412] loop0: detected capacity change from 0 to 256
[  124.370421][   T24] plantronics 0003:047F:FFFF.0001: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  124.398404][ T2412] FAT-fs (loop0): Directory bread(block 64) failed
[  124.405110][ T2412] FAT-fs (loop0): Directory bread(block 65) failed
[  124.411721][ T2412] FAT-fs (loop0): Directory bread(block 66) failed
[  124.418654][ T2412] FAT-fs (loop0): Directory bread(block 67) failed
[  124.425363][ T2412] FAT-fs (loop0): Directory bread(block 68) failed
[  124.431996][ T2412] FAT-fs (loop0): Directory bread(block 69) failed
[  124.446161][ T2412] FAT-fs (loop0): Directory bread(block 70) failed
[  124.459581][ T2412] FAT-fs (loop0): Directory bread(block 71) failed
[  124.473194][ T2412] FAT-fs (loop0): Directory bread(block 72) failed
[  124.523269][ T2412] FAT-fs (loop0): Directory bread(block 73) failed
[  124.538215][  T290] EXT4-fs (loop3): unmounting filesystem.
[  125.060001][ T2423] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer.
[  125.157668][ T2429] 8021q: VLANs not supported on ip_vti0
[  125.349382][ T2418] loop2: detected capacity change from 0 to 131072
[  125.361846][ T2418] F2FS-fs (loop2): invalid crc value
[  125.381816][ T2418] F2FS-fs (loop2): Found nat_bits in checkpoint
[  125.416506][ T2418] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[  125.515214][   T24] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  125.694921][  T328] usb 2-1: USB disconnect, device number 6
[  125.731092][   T24] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  125.765656][   T24] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  125.810344][   T24] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  125.841001][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  125.857461][   T24] usb 4-1: SerialNumber: syz
[  126.164988][ T2445] fuse: Bad value for 'group_id'
[  126.541685][  T328] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  126.815856][ T2453] loop2: detected capacity change from 0 to 128
[  126.841439][ T2453] FAT-fs (loop2): bogus number of reserved sectors
[  126.848058][ T2453] FAT-fs (loop2): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero
[  126.857446][ T2453] FAT-fs (loop2): Can't find a valid FAT filesystem
[  126.890472][  T328] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  126.902090][  T328] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  126.913594][  T328] usb 2-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[  126.923795][  T328] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  126.973459][  T328] usb 2-1: config 0 descriptor??
[  127.224984][ T2263] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  127.410062][  T328] playstation 0003:054C:0DF2.0002: unknown main item tag 0x0
[  127.417563][  T328] playstation 0003:054C:0DF2.0002: unknown main item tag 0x0
[  127.424974][  T328] playstation 0003:054C:0DF2.0002: unknown main item tag 0x0
[  127.432396][  T328] playstation 0003:054C:0DF2.0002: unknown main item tag 0x0
[  127.439859][  T328] playstation 0003:054C:0DF2.0002: unknown main item tag 0x0
[  127.447845][  T328] playstation 0003:054C:0DF2.0002: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.1-1/input0
[  127.785681][ T1834] kworker/u4:24: attempt to access beyond end of device
[  127.785681][ T1834] loop0: rw=1, sector=1224, nr_sectors = 256 limit=256
[  127.799730][ T1834] kworker/u4:24: attempt to access beyond end of device
[  127.799730][ T1834] loop0: rw=1, sector=1544, nr_sectors = 288 limit=256
[  127.813918][ T1834] kworker/u4:24: attempt to access beyond end of device
[  127.813918][ T1834] loop0: rw=1, sector=1864, nr_sectors = 608 limit=256
[  127.827643][  T817] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  128.037108][  T817] usb 3-1: Using ep0 maxpacket: 32
[  128.043432][  T817] usb 3-1: config 0 has an invalid interface number: 2 but max is 0
[  128.051510][  T817] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  128.061801][  T817] usb 3-1: config 0 has no interface number 0
[  128.062236][  T328] playstation 0003:054C:0DF2.0002: Invalid gyro calibration data for axis (3), disabling calibration.
[  128.077667][  T817] usb 3-1: New USB device found, idVendor=086a, idProduct=0003, bcdDevice=f0.3f
[  128.083213][  T328] playstation 0003:054C:0DF2.0002: Invalid gyro calibration data for axis (4), disabling calibration.
[  128.088370][  T817] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  128.100144][  T328] playstation 0003:054C:0DF2.0002: Invalid gyro calibration data for axis (5), disabling calibration.
[  128.108975][  T817] usb 3-1: Product: syz
[  128.119508][  T328] playstation 0003:054C:0DF2.0002: Invalid accelerometer calibration data for axis (0), disabling calibration.
[  128.122752][  T817] usb 3-1: Manufacturer: syz
[  128.134843][  T328] playstation 0003:054C:0DF2.0002: Invalid accelerometer calibration data for axis (1), disabling calibration.
[  128.138969][  T817] usb 3-1: SerialNumber: syz
[  128.151428][  T328] playstation 0003:054C:0DF2.0002: Invalid accelerometer calibration data for axis (2), disabling calibration.
[  128.167053][  T817] usb 3-1: config 0 descriptor??
[  128.169954][  T328] input: HID 054c:0df2 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:054C:0DF2.0002/input/input12
[  128.187174][  T328] input: HID 054c:0df2 Motion Sensors as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:054C:0DF2.0002/input/input13
[  128.201991][  T328] input: HID 054c:0df2 Touchpad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:054C:0DF2.0002/input/input14
[  128.220375][  T328] playstation 0003:054C:0DF2.0002: Registered DualSense controller hw_version=0xe8f2453f fw_version=0xa9ff1c9c
[  128.234466][ T2474] netlink: 4 bytes leftover after parsing attributes in process `syz.4.538'.
[  128.335203][ T2447] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  128.350236][ T2447] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  128.457339][  T817] snd-usb-audio: probe of 3-1:0.2 failed with error -2
[  128.574202][   T24] usb 4-1: skipping empty audio interface (v1)
[  128.641882][   T24] snd-usb-audio: probe of 4-1:1.0 failed with error -22
[  128.673918][ T2479] udevd[2479]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.2/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  128.716709][  T328] usb 2-1: reset high-speed USB device number 7 using dummy_hcd
[  128.727385][   T24] usb 4-1: USB disconnect, device number 8
[  129.105730][   T24] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  129.193095][  T310] usb 3-1: USB disconnect, device number 6
[  129.218114][ T2503] netlink: 60 bytes leftover after parsing attributes in process `syz.4.545'.
[  129.308795][   T24] usb 4-1: Using ep0 maxpacket: 16
[  129.315442][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  129.328679][   T24] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  129.342646][   T24] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  129.356878][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  129.594591][   T24] usb 4-1: config 0 descriptor??
[  129.598452][ T2520] netlink: 4 bytes leftover after parsing attributes in process `syz.0.551'.
[  130.540084][ T2501] loop2: detected capacity change from 0 to 131072
[  130.840642][ T2501] F2FS-fs (loop2): Wrong CP boundary, start(512) end(1536) blocks(0)
[  130.848797][ T2501] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  130.858626][ T2501] F2FS-fs (loop2): invalid crc value
[  130.984206][ T2501] F2FS-fs (loop2): Found nat_bits in checkpoint
[  131.032054][ T2501] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  131.039162][ T2501] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[  131.277776][ T2546] netlink: 60 bytes leftover after parsing attributes in process `syz.3.557'.
[  131.384975][   T24] usbhid 4-1:0.0: can't add hid device: -71
[  131.519087][  T328] usb 2-1: device descriptor read/64, error -71
[  131.525744][   T24] usbhid: probe of 4-1:0.0 failed with error -71
[  131.533526][ T2479] udevd[2479]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  131.549761][   T24] usb 4-1: USB disconnect, device number 9
[  131.640874][ T2559] netlink: 4 bytes leftover after parsing attributes in process `syz.3.562'.
[  131.884682][  T328] usb 2-1: device firmware changed
[  131.890058][ T1148] usb 2-1: USB disconnect, device number 7
[  132.024725][ T2570] loop3: detected capacity change from 0 to 128
[  132.036549][ T2570] FAT-fs (loop3): bogus number of reserved sectors
[  132.043125][ T2570] FAT-fs (loop3): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero
[  132.052484][ T2570] FAT-fs (loop3): Can't find a valid FAT filesystem
[  132.129957][ T1148] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  132.215394][  T328] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  132.387410][ T1148] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  132.397595][ T1148] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  132.407632][ T1148] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  132.416870][ T1148] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  132.424911][ T1148] usb 2-1: SerialNumber: syz
[  132.439792][  T328] usb 3-1: Using ep0 maxpacket: 8
[  132.446002][  T328] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  132.456982][  T328] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 7
[  132.469869][  T328] usb 3-1: New USB device found, idVendor=056a, idProduct=0090, bcdDevice= 0.00
[  132.506006][  T328] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  132.516887][  T328] usb 3-1: config 0 descriptor??
[  132.535651][ T2576] netlink: 60 bytes leftover after parsing attributes in process `syz.4.568'.
[  132.544716][    T6] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  132.664008][ T1148] usb 2-1: skipping empty audio interface (v1)
[  132.672099][ T1148] snd-usb-audio: probe of 2-1:1.0 failed with error -22
[  132.682478][ T1148] usb 2-1: USB disconnect, device number 8
[  133.968058][    T6] usb 1-1: Using ep0 maxpacket: 16
[  134.068089][    T6] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  134.079037][    T6] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  134.091883][    T6] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  134.101002][    T6] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  134.111143][    T6] usb 1-1: config 0 descriptor??
[  134.199818][ T2593] 8021q: VLANs not supported on ip_vti0
[  134.358981][    T6] usbhid 1-1:0.0: can't add hid device: -71
[  134.365378][    T6] usbhid: probe of 1-1:0.0 failed with error -71
[  134.373328][    T6] usb 1-1: USB disconnect, device number 9
[  134.383587][  T328] wacom 0003:056A:0090.0003: unknown main item tag 0x0
[  134.395328][ T1148] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  134.406070][  T328] wacom 0003:056A:0090.0003: unknown main item tag 0x0
[  134.414300][  T328] wacom 0003:056A:0090.0003: unknown main item tag 0x0
[  134.427068][  T328] wacom 0003:056A:0090.0003: unknown main item tag 0x0
[  134.434021][  T328] wacom 0003:056A:0090.0003: unknown main item tag 0x0
[  134.441056][ T2599] netlink: 4 bytes leftover after parsing attributes in process `syz.0.575'.
[  134.452240][  T328] wacom 0003:056A:0090.0003: hidraw0: USB HID v0.08 Device [HID 056a:0090] on usb-dummy_hcd.2-1/input0
[  134.598374][ T1148] usb 2-1: Using ep0 maxpacket: 32
[  134.604845][ T1148] usb 2-1: config 0 has an invalid interface number: 2 but max is 0
[  134.612966][ T1148] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  134.623193][ T1148] usb 2-1: config 0 has no interface number 0
[  134.635926][ T1148] usb 2-1: New USB device found, idVendor=086a, idProduct=0003, bcdDevice=f0.3f
[  134.645105][ T1148] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  134.654929][ T1148] usb 2-1: Product: syz
[  134.659586][ T1148] usb 2-1: Manufacturer: syz
[  134.664435][ T1148] usb 2-1: SerialNumber: syz
[  134.670810][ T1148] usb 2-1: config 0 descriptor??
[  134.897745][ T1148] snd-usb-audio: probe of 2-1:0.2 failed with error -2
[  134.906206][ T2479] udevd[2479]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  134.938521][ T2479] udevd[2479]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.2/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  135.082284][ T2611] loop3: detected capacity change from 0 to 512
[  135.093502][ T2611] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  135.102531][ T2611] ext4 filesystem being mounted at /133/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  135.206270][ T2619] netlink: 4 bytes leftover after parsing attributes in process `syz.4.579'.
[  135.343937][ T2611] EXT4-fs error (device loop3): ext4_empty_dir:3136: inode #12: comm syz.3.577: invalid size
[  135.354389][ T2611] EXT4-fs (loop3): Remounting filesystem read-only
[  135.391191][ T2622] netlink: 60 bytes leftover after parsing attributes in process `syz.0.580'.
[  135.685430][  T817] usb 3-1: USB disconnect, device number 7
[  135.690058][  T328] usb 2-1: USB disconnect, device number 9
[  135.714549][ T2628] loop1: detected capacity change from 0 to 512
[  135.732574][ T2628] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  135.743670][ T2628] ext4 filesystem being mounted at /98/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  135.888276][    T6] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  135.906447][ T2636] loop2: detected capacity change from 0 to 512
[  135.914946][ T2636] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  135.956410][ T2635] 8021q: VLANs not supported on ip_vti0
[  136.015233][ T2636] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c018, mo2=0002]
[  136.023458][ T2636] System zones: 1-12
[  136.030805][ T2636] EXT4-fs (loop2): 1 truncate cleaned up
[  136.036482][ T2636] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  136.400165][  T290] EXT4-fs (loop3): unmounting filesystem.
[  136.416551][ T2644] netlink: 4 bytes leftover after parsing attributes in process `syz.3.586'.
[  136.435088][    T6] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  136.452382][    T6] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  136.474418][    T6] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  136.485396][    T6] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  136.495779][    T6] usb 1-1: SerialNumber: syz
[  136.509128][ T2649] EXT4-fs error (device loop1): ext4_empty_dir:3136: inode #12: comm syz.1.582: invalid size
[  136.594510][ T2649] EXT4-fs (loop1): Remounting filesystem read-only
[  136.663980][  T292] EXT4-fs (loop2): unmounting filesystem.
[  136.716620][ T2656] loop2: detected capacity change from 0 to 1024
[  136.755874][ T2656] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  136.765329][  T289] EXT4-fs (loop1): unmounting filesystem.
[  136.781691][ T2656] ext4 filesystem being mounted at /116/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  136.842114][ T2660] loop1: detected capacity change from 0 to 256
[  136.971635][ T2660] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x9059ffb0, utbl_chksum : 0xe619d30d)
[  137.195254][ T2667] netlink: 60 bytes leftover after parsing attributes in process `syz.1.591'.
[  137.757492][  T292] EXT4-fs (loop2): unmounting filesystem.
[  137.966467][ T2694] netlink: 4 bytes leftover after parsing attributes in process `syz.2.599'.
[  138.156818][ T2676] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  138.225381][ T2698] netlink: 4 bytes leftover after parsing attributes in process `syz.1.600'.
[  138.248157][ T2700] 8021q: VLANs not supported on ip_vti0
[  138.286523][ T2702] netlink: 60 bytes leftover after parsing attributes in process `syz.1.602'.
[  138.349916][ T2676] usb 4-1: Using ep0 maxpacket: 16
[  138.356286][ T2676] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  138.367224][ T2676] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  138.380159][ T2676] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  138.389316][ T2676] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  138.398113][ T2676] usb 4-1: config 0 descriptor??
[  138.671366][ T2676] usbhid 4-1:0.0: can't add hid device: -71
[  138.677365][ T2676] usbhid: probe of 4-1:0.0 failed with error -71
[  138.707226][ T2676] usb 4-1: USB disconnect, device number 10
[  138.730072][    T6] usb 1-1: skipping empty audio interface (v1)
[  138.743224][    T6] snd-usb-audio: probe of 1-1:1.0 failed with error -22
[  138.751316][ T2717] fuse: Bad value for 'user_id'
[  138.762569][    T6] usb 1-1: USB disconnect, device number 10
[  139.077415][ T2479] udevd[2479]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  140.297026][ T2743] netlink: 60 bytes leftover after parsing attributes in process `syz.3.613'.
[  140.857892][ T2755] netlink: 4 bytes leftover after parsing attributes in process `syz.2.616'.
[  140.900558][ T2705] loop1: detected capacity change from 0 to 131072
[  140.910422][ T2705] F2FS-fs (loop1): invalid crc value
[  140.917264][ T2705] F2FS-fs (loop1): Found nat_bits in checkpoint
[  141.165698][ T2705] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=80000000, run fsck to fix.
[  141.194136][ T2705] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  141.308368][  T309] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=80000000, run fsck to fix.
[  141.741680][ T2775] FAULT_INJECTION: forcing a failure.
[  141.741680][ T2775] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  141.795916][ T2766] loop0: detected capacity change from 0 to 131072
[  141.802950][ T2766] F2FS-fs (loop0): Wrong CP boundary, start(512) end(1536) blocks(0)
[  141.811066][ T2766] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  141.819546][ T2766] F2FS-fs (loop0): invalid crc value
[  141.827824][ T2775] CPU: 0 PID: 2775 Comm: syz.1.618 Not tainted syzkaller #0
[  141.835136][ T2775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  141.845205][ T2775] Call Trace:
[  141.848500][ T2775]  <TASK>
[  141.851450][ T2775]  __dump_stack+0x21/0x24
[  141.855811][ T2775]  dump_stack_lvl+0x110/0x170
[  141.860515][ T2775]  ? __cfi_dump_stack_lvl+0x8/0x8
[  141.865568][ T2775]  dump_stack+0x15/0x24
[  141.869742][ T2775]  should_fail_ex+0x3d4/0x520
[  141.874436][ T2775]  should_fail+0xb/0x10
[  141.878602][ T2775]  should_fail_usercopy+0x1a/0x20
[  141.883636][ T2775]  _copy_from_user+0x1e/0xc0
[  141.888259][ T2775]  __sys_bpf+0x2a0/0x850
[  141.892518][ T2775]  ? bpf_link_show_fdinfo+0x330/0x330
[  141.897932][ T2775]  ? __cfi_ksys_write+0x10/0x10
[  141.899918][ T2777] loop2: detected capacity change from 0 to 256
[  141.902799][ T2775]  ? debug_smp_processor_id+0x17/0x20
[  141.914418][ T2775]  __x64_sys_bpf+0x7c/0x90
[  141.918847][ T2775]  x64_sys_call+0x488/0x9a0
[  141.923388][ T2775]  do_syscall_64+0x4c/0xa0
[  141.927827][ T2775]  ? clear_bhb_loop+0x30/0x80
[  141.932521][ T2775]  ? clear_bhb_loop+0x30/0x80
[  141.937216][ T2775]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  141.943129][ T2775] RIP: 0033:0x7f8c86b9cdd9
[  141.947639][ T2775] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  141.967260][ T2775] RSP: 002b:00007f8c87a02028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  141.975684][ T2775] RAX: ffffffffffffffda RBX: 00007f8c86e15fa0 RCX: 00007f8c86b9cdd9
[  141.983679][ T2775] RDX: 0000000000000050 RSI: 0000200000000180 RDI: 000000000000000a
[  141.991705][ T2775] RBP: 00007f8c87a02090 R08: 0000000000000000 R09: 0000000000000000
[  141.999710][ T2775] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  142.007717][ T2775] R13: 00007f8c86e16038 R14: 00007f8c86e15fa0 R15: 00007ffe7c38b478
[  142.015725][ T2775]  </TASK>
[  142.018110][ T2777] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xf4000b1f, utbl_chksum : 0xe619d30d)
[  142.040813][ T2766] F2FS-fs (loop0): Found nat_bits in checkpoint
[  142.085078][ T2766] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  142.092196][ T2766] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[  142.250697][ T2777] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  142.314895][   T28] audit: type=1400 audit(1778538574.455:314): avc:  denied  { write } for  pid=2772 comm="syz.2.619" path="/124/file1/l" dev="loop2" ino=1048679 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  142.391878][   T28] audit: type=1400 audit(1778538574.483:315): avc:  denied  { ioctl } for  pid=2772 comm="syz.2.619" path="/124/file1/l" dev="loop2" ino=1048679 ioctlcmd=0xaee1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  142.662222][ T2751] loop3: detected capacity change from 0 to 131072
[  142.672506][ T2751] F2FS-fs (loop3): invalid crc value
[  142.763992][ T2751] F2FS-fs (loop3): Found nat_bits in checkpoint
[  142.806126][ T2777] syz.2.619 (2777) used greatest stack depth: 20816 bytes left
[  142.831408][ T2793] netlink: 60 bytes leftover after parsing attributes in process `syz.4.624'.
[  142.878115][ T2751] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=80000000, run fsck to fix.
[  142.900602][ T2796] loop2: detected capacity change from 0 to 4096
[  142.922617][ T2751] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  142.940036][ T2796] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  142.998905][   T28] audit: type=1326 audit(1778538575.101:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2795 comm="syz.2.625" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48af99cdd9 code=0x7ffc0000
[  143.082573][  T292] EXT4-fs (loop2): unmounting filesystem.
[  143.084119][   T28] audit: type=1326 audit(1778538575.101:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2795 comm="syz.2.625" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f48af95d60e code=0x7ffc0000
[  143.118833][ T1833] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=80000000, run fsck to fix.
[  143.190301][   T28] audit: type=1326 audit(1778538575.101:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2795 comm="syz.2.625" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48af99cdd9 code=0x7ffc0000
[  143.292716][   T28] audit: type=1326 audit(1778538575.101:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2795 comm="syz.2.625" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=17 compat=0 ip=0x7f48af99cdd9 code=0x7ffc0000
[  143.343197][   T28] audit: type=1326 audit(1778538575.101:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2795 comm="syz.2.625" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48af99cdd9 code=0x7ffc0000
[  143.411032][   T28] audit: type=1326 audit(1778538575.101:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2795 comm="syz.2.625" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7f48af99cdd9 code=0x7ffc0000
[  143.479313][   T28] audit: type=1326 audit(1778538575.101:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2795 comm="syz.2.625" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48af99cdd9 code=0x7ffc0000
[  143.531890][    T6] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  143.651019][ T2784] loop1: detected capacity change from 0 to 131072
[  143.668759][ T2784] F2FS-fs (loop1): invalid crc value
[  143.685736][ T2784] F2FS-fs (loop1): Found nat_bits in checkpoint
[  143.842396][    T6] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  143.856487][    T6] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 196, using maximum allowed: 30
[  143.867689][    T6] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 196
[  143.881055][    T6] usb 3-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.00
[  143.891322][    T6] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  143.906934][ T2784] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  143.922477][    T6] usb 3-1: config 0 descriptor??
[  143.950991][    T6] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  144.142895][ T2809] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  144.171637][ T2809] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  144.185471][ T2809] FAULT_INJECTION: forcing a failure.
[  144.185471][ T2809] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  144.208472][ T2809] CPU: 0 PID: 2809 Comm: syz.2.629 Not tainted syzkaller #0
[  144.215804][ T2809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  144.225881][ T2809] Call Trace:
[  144.229176][ T2809]  <TASK>
[  144.232134][ T2809]  __dump_stack+0x21/0x24
[  144.236489][ T2809]  dump_stack_lvl+0x110/0x170
[  144.241187][ T2809]  ? __cfi_dump_stack_lvl+0x8/0x8
[  144.246236][ T2809]  dump_stack+0x15/0x24
[  144.250415][ T2809]  should_fail_ex+0x3d4/0x520
[  144.255110][ T2809]  should_fail+0xb/0x10
[  144.259373][ T2809]  should_fail_usercopy+0x1a/0x20
[  144.264414][ T2809]  _copy_from_user+0x1e/0xc0
[  144.269051][ T2809]  iovec_from_user+0x1aa/0x2e0
[  144.273826][ T2809]  __import_iovec+0x71/0x470
[  144.278428][ T2809]  import_iovec+0x7c/0xb0
[  144.282766][ T2809]  vfs_writev+0x154/0x5f0
[  144.287109][ T2809]  ? do_writev+0x2c0/0x2c0
[  144.291541][ T2809]  ? vfs_write+0xa2c/0xce0
[  144.295968][ T2809]  ? __kasan_check_write+0x14/0x20
[  144.301096][ T2809]  ? mutex_lock+0x93/0x1b0
[  144.305552][ T2809]  ? __cfi_mutex_lock+0x10/0x10
[  144.310437][ T2809]  ? __fdget_pos+0x2cd/0x380
[  144.315198][ T2809]  ? do_writev+0x76/0x2c0
[  144.319546][ T2809]  do_writev+0x14e/0x2c0
[  144.323802][ T2809]  ? do_readv+0x450/0x450
[  144.328146][ T2809]  ? debug_smp_processor_id+0x17/0x20
[  144.333533][ T2809]  __x64_sys_writev+0x7d/0x90
[  144.338221][ T2809]  x64_sys_call+0xad/0x9a0
[  144.342653][ T2809]  do_syscall_64+0x4c/0xa0
[  144.347083][ T2809]  ? clear_bhb_loop+0x30/0x80
[  144.351786][ T2809]  ? clear_bhb_loop+0x30/0x80
[  144.356510][ T2809]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  144.362426][ T2809] RIP: 0033:0x7f48af99cdd9
[  144.366845][ T2809] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  144.386463][ T2809] RSP: 002b:00007f48b08f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  144.394898][ T2809] RAX: ffffffffffffffda RBX: 00007f48afc15fa0 RCX: 00007f48af99cdd9
[  144.402890][ T2809] RDX: 0000000000000002 RSI: 0000200000000580 RDI: 0000000000000005
[  144.410878][ T2809] RBP: 00007f48b08f6090 R08: 0000000000000000 R09: 0000000000000000
[  144.418882][ T2809] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  144.426854][ T2809] R13: 00007f48afc16038 R14: 00007f48afc15fa0 R15: 00007fff78af8438
[  144.434848][ T2809]  </TASK>
[  144.463935][ T2837] netlink: 60 bytes leftover after parsing attributes in process `syz.4.636'.
[  144.485474][   T28] audit: type=1400 audit(1778538576.486:323): avc:  denied  { ioctl } for  pid=2839 comm="syz.4.637" path="socket:[32516]" dev="sockfs" ino=32516 ioctlcmd=0x8983 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  144.504414][    T6] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  144.707333][    T6] usb 1-1: Using ep0 maxpacket: 16
[  144.718756][    T6] usb 1-1: config 0 has an invalid interface number: 105 but max is 0
[  144.726942][    T6] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  144.747376][    T6] usb 1-1: config 0 has no interface number 0
[  144.760805][    T6] usb 1-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28
[  144.780663][    T6] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  144.796711][    T6] usb 1-1: Product: syz
[  144.800935][    T6] usb 1-1: Manufacturer: syz
[  144.805821][    T6] usb 1-1: SerialNumber: syz
[  144.814892][    T6] usb 1-1: config 0 descriptor??
[  145.041379][    T6] usb 1-1: Found UVC 0.00 device syz (046d:08d3)
[  145.047920][    T6] usb 1-1: No valid video chain found.
[  145.347596][ T2850] loop3: detected capacity change from 0 to 131072
[  145.359720][ T2850] F2FS-fs (loop3): invalid crc value
[  145.375958][ T2850] F2FS-fs (loop3): Found nat_bits in checkpoint
[  145.423654][ T2850] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=80000000, run fsck to fix.
[  145.442428][ T2850] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  145.508483][ T1833] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=80000000, run fsck to fix.
[  145.719835][ T2865] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=2865 comm=syz.0.631
[  145.796715][ T2867] fuse: Bad value for 'fd'
[  145.946507][ T2860] loop1: detected capacity change from 0 to 131072
[  145.972730][ T2860] F2FS-fs (loop1): Invalid log sectorsize (0)
[  145.984511][ T2860] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  145.994343][ T2860] F2FS-fs (loop1): invalid crc value
[  146.001312][ T2860] F2FS-fs (loop1): Found nat_bits in checkpoint
[  146.037352][ T2860] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  146.044517][ T2860] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  146.391566][ T2878] netlink: 4 bytes leftover after parsing attributes in process `syz.1.644'.
[  146.458677][  T471] usb 3-1: USB disconnect, device number 8
[  146.473597][ T2882] netlink: 4 bytes leftover after parsing attributes in process `syz.2.645'.
[  146.755829][ T2889] netlink: 60 bytes leftover after parsing attributes in process `syz.3.647'.
[  147.341405][    T6] usb 1-1: USB disconnect, device number 11
[  147.464385][ T2676] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  147.522977][ T2908] loop0: detected capacity change from 0 to 256
[  147.541244][ T2908] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x9059ffb0, utbl_chksum : 0xe619d30d)
[  147.590019][ T2911] tipc: Started in network mode
[  147.594990][ T2911] tipc: Node identity 7, cluster identity 9
[  147.601017][ T2911] tipc: Node number set to 7
[  147.667445][ T2676] usb 4-1: Using ep0 maxpacket: 8
[  147.673831][ T2676] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  147.686160][ T2676] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 7
[  147.706821][ T2676] usb 4-1: New USB device found, idVendor=056a, idProduct=0090, bcdDevice= 0.00
[  147.716214][ T2676] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  147.724400][ T2917] fuse: Bad value for 'fd'
[  147.778406][ T2676] usb 4-1: config 0 descriptor??
[  148.137375][ T2929] device ip6_vti0 entered promiscuous mode
[  148.157129][ T2929] loop2: detected capacity change from 0 to 1024
[  148.187273][ T2929] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  148.202462][ T2931] netlink: 60 bytes leftover after parsing attributes in process `syz.1.658'.
[  148.237725][ T2929] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  148.269642][  T292] EXT4-fs (loop2): unmounting filesystem.
[  148.292906][ T2936] netlink: 4 bytes leftover after parsing attributes in process `syz.2.660'.
[  148.326703][ T2676] usbhid 4-1:0.0: can't add hid device: -71
[  148.332765][ T2676] usbhid: probe of 4-1:0.0 failed with error -71
[  148.335262][ T2939] netlink: 4 bytes leftover after parsing attributes in process `syz.1.661'.
[  148.351467][ T2676] usb 4-1: USB disconnect, device number 11
[  148.981231][ T2967] loop2: detected capacity change from 0 to 1024
[  148.997025][ T2967] EXT4-fs: Ignoring removed i_version option
[  149.164693][ T2967] EXT4-fs (loop2): VFS: Can't find ext4 filesystem
[  149.216915][   T28] kauditd_printk_skb: 2 callbacks suppressed
[  149.216930][   T28] audit: type=1400 audit(1778538580.884:326): avc:  denied  { setopt } for  pid=2971 comm="syz.1.671" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  149.276029][   T28] audit: type=1400 audit(1778538580.884:327): avc:  denied  { read } for  pid=2971 comm="syz.1.671" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  149.312261][ T2967] loop2: detected capacity change from 0 to 256
[  149.349033][ T2967] FAT-fs (loop2): Directory bread(block 64) failed
[  149.365500][ T2967] FAT-fs (loop2): Directory bread(block 65) failed
[  149.379829][ T2967] FAT-fs (loop2): Directory bread(block 66) failed
[  149.395982][ T2967] FAT-fs (loop2): Directory bread(block 67) failed
[  149.412269][ T2967] FAT-fs (loop2): Directory bread(block 68) failed
[  149.418915][ T2967] FAT-fs (loop2): Directory bread(block 69) failed
[  149.425709][ T2967] FAT-fs (loop2): Directory bread(block 70) failed
[  149.432464][ T2967] FAT-fs (loop2): Directory bread(block 71) failed
[  149.439089][ T2967] FAT-fs (loop2): Directory bread(block 72) failed
[  149.446587][ T2967] FAT-fs (loop2): Directory bread(block 73) failed
[  149.538884][ T2976] fuse: Bad value for 'fd'
[  149.569735][ T2950] FAULT_INJECTION: forcing a failure.
[  149.569735][ T2950] name failslab, interval 1, probability 0, space 0, times 0
[  149.582530][ T2950] CPU: 0 PID: 2950 Comm: syz.0.663 Not tainted syzkaller #0
[  149.589833][ T2950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  149.599899][ T2950] Call Trace:
[  149.603189][ T2950]  <TASK>
[  149.606131][ T2950]  __dump_stack+0x21/0x24
[  149.610479][ T2950]  dump_stack_lvl+0x110/0x170
[  149.615170][ T2950]  ? __cfi_dump_stack_lvl+0x8/0x8
[  149.620222][ T2950]  ? locks_remove_file+0x368/0x1050
[  149.625452][ T2950]  dump_stack+0x15/0x24
[  149.629628][ T2950]  should_fail_ex+0x3d4/0x520
[  149.634337][ T2950]  __should_failslab+0xac/0xf0
[  149.639131][ T2950]  ? kvm_uevent_notify_change+0xcb/0x3b0
[  149.644787][ T2950]  should_failslab+0x9/0x20
[  149.649305][ T2950]  __kmem_cache_alloc_node+0x3d/0x2c0
[  149.654703][ T2950]  ? kvm_uevent_notify_change+0xcb/0x3b0
[  149.660360][ T2950]  kmalloc_trace+0x29/0xb0
[  149.664772][ T2950]  kvm_uevent_notify_change+0xcb/0x3b0
[  149.670228][ T2950]  kvm_put_kvm+0x9c/0x1450
[  149.674676][ T2950]  ? unwind_get_return_address+0x4d/0x90
[  149.680326][ T2950]  ? __cfi_stack_trace_consume_entry+0x10/0x10
[  149.686575][ T2950]  kvm_vcpu_release+0x57/0x60
[  149.691260][ T2950]  ? __cfi_kvm_vcpu_release+0x10/0x10
[  149.696637][ T2950]  __fput+0x1fc/0x8f0
[  149.700619][ T2950]  ____fput+0x15/0x20
[  149.704615][ T2950]  task_work_run+0x1e1/0x250
[  149.709212][ T2950]  ? __cfi_task_work_run+0x10/0x10
[  149.714362][ T2950]  ? __kasan_record_aux_stack+0xb6/0xc0
[  149.719965][ T2950]  ? task_work_add+0x7f/0x330
[  149.724675][ T2950]  ? fput+0xe1/0x1a0
[  149.728597][ T2950]  ? __se_sys_ioctl+0x192/0x1b0
[  149.733546][ T2950]  ? x64_sys_call+0x58b/0x9a0
[  149.738217][ T2950]  ? do_syscall_64+0x4c/0xa0
[  149.742883][ T2950]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  149.748960][ T2950]  get_signal+0x12e6/0x1520
[  149.753467][ T2950]  arch_do_signal_or_restart+0xd1/0x1140
[  149.759104][ T2950]  ? kick_process+0xee/0x160
[  149.763690][ T2950]  ? __cfi_arch_do_signal_or_restart+0x10/0x10
[  149.769831][ T2950]  ? task_work_add+0x2cb/0x330
[  149.774591][ T2950]  ? __cfi_task_work_add+0x10/0x10
[  149.779699][ T2950]  ? fput+0x15b/0x1a0
[  149.783699][ T2950]  exit_to_user_mode_loop+0x7a/0xb0
[  149.788912][ T2950]  exit_to_user_mode_prepare+0x87/0xd0
[  149.794388][ T2950]  syscall_exit_to_user_mode+0x1a/0x30
[  149.799847][ T2950]  do_syscall_64+0x58/0xa0
[  149.804263][ T2950]  ? clear_bhb_loop+0x30/0x80
[  149.808954][ T2950]  ? clear_bhb_loop+0x30/0x80
[  149.813665][ T2950]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  149.819551][ T2950] RIP: 0033:0x7fab47f9cdd9
[  149.823958][ T2950] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  149.843560][ T2950] RSP: 002b:00007fab48ec1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  149.851979][ T2950] RAX: fffffffffffffffc RBX: 00007fab48215fa0 RCX: 00007fab47f9cdd9
[  149.859949][ T2950] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  149.867923][ T2950] RBP: 00007fab48ec1090 R08: 0000000000000000 R09: 0000000000000000
[  149.875932][ T2950] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  149.883939][ T2950] R13: 00007fab48216038 R14: 00007fab48215fa0 R15: 00007fff8ceeb588
[  149.891917][ T2950]  </TASK>
[  149.941806][ T2982] fuse: Bad value for 'fd'
[  150.089220][ T2993] fuse: Bad value for 'fd'
[  150.337839][ T2997] fuse: Bad value for 'group_id'
[  150.360029][ T3000] loop1: detected capacity change from 0 to 256
[  150.383965][ T3000] FAT-fs (loop1): Directory bread(block 64) failed
[  150.390623][ T3000] FAT-fs (loop1): Directory bread(block 65) failed
[  150.397266][ T3000] FAT-fs (loop1): Directory bread(block 66) failed
[  150.404243][ T3000] FAT-fs (loop1): Directory bread(block 67) failed
[  150.410833][ T3000] FAT-fs (loop1): Directory bread(block 68) failed
[  150.417487][ T3000] FAT-fs (loop1): Directory bread(block 69) failed
[  150.424085][ T3000] FAT-fs (loop1): Directory bread(block 70) failed
[  150.430732][ T3000] FAT-fs (loop1): Directory bread(block 71) failed
[  150.437331][ T3000] FAT-fs (loop1): Directory bread(block 72) failed
[  150.459962][ T2991] loop0: detected capacity change from 0 to 40427
[  150.468587][ T3000] FAT-fs (loop1): Directory bread(block 73) failed
[  150.494370][ T2991] F2FS-fs (loop0): invalid crc value
[  150.528383][ T2991] F2FS-fs (loop0): Found nat_bits in checkpoint
[  150.560358][   T10] kworker/u4:1: attempt to access beyond end of device
[  150.560358][   T10] loop1: rw=1, sector=1224, nr_sectors = 256 limit=256
[  150.576559][   T10] kworker/u4:1: attempt to access beyond end of device
[  150.576559][   T10] loop1: rw=1, sector=1544, nr_sectors = 288 limit=256
[  150.591726][   T10] kworker/u4:1: attempt to access beyond end of device
[  150.591726][   T10] loop1: rw=1, sector=1864, nr_sectors = 608 limit=256
[  150.627638][ T2991] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  150.642466][   T28] audit: type=1400 audit(1778538582.250:328): avc:  denied  { unlink } for  pid=2990 comm="syz.0.676" name="file1" dev="loop0" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  150.668148][ T2991] syz.0.676: attempt to access beyond end of device
[  150.668148][ T2991] loop0: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  150.692752][ T3009] netlink: 4 bytes leftover after parsing attributes in process `syz.1.680'.
[  150.722578][   T28] audit: type=1400 audit(1778538582.316:329): avc:  denied  { read } for  pid=3010 comm="syz.3.681" name="loop-control" dev="devtmpfs" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  150.752330][   T28] audit: type=1400 audit(1778538582.344:330): avc:  denied  { open } for  pid=3010 comm="syz.3.681" path="/dev/loop-control" dev="devtmpfs" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  150.903187][ T3017] netlink: 60 bytes leftover after parsing attributes in process `syz.0.683'.
[  150.912491][ T3017] netlink: 56 bytes leftover after parsing attributes in process `syz.0.683'.
[  150.978741][ T3022] netlink: 8 bytes leftover after parsing attributes in process `syz.3.681'.
[  151.023122][ T3024] fuse: Unknown parameter 'grou00000000000000000000'
[  151.095682][   T28] audit: type=1400 audit(1778538582.578:331): avc:  denied  { ioctl } for  pid=3010 comm="syz.3.681" path="/dev/loop-control" dev="devtmpfs" ino=117 ioctlcmd=0x4c82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  151.967676][ T3036] FAULT_INJECTION: forcing a failure.
[  151.967676][ T3036] name failslab, interval 1, probability 0, space 0, times 0
[  151.980431][ T3036] CPU: 1 PID: 3036 Comm: syz.3.687 Not tainted syzkaller #0
[  151.987758][ T3036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  151.997841][ T3036] Call Trace:
[  152.001124][ T3036]  <TASK>
[  152.004162][ T3036]  __dump_stack+0x21/0x24
[  152.008501][ T3036]  dump_stack_lvl+0x110/0x170
[  152.013186][ T3036]  ? __cfi_dump_stack_lvl+0x8/0x8
[  152.018220][ T3036]  ? __cfi_kstrtouint_from_user+0x10/0x10
[  152.023950][ T3036]  dump_stack+0x15/0x24
[  152.028121][ T3036]  should_fail_ex+0x3d4/0x520
[  152.032806][ T3036]  __should_failslab+0xac/0xf0
[  152.037582][ T3036]  should_failslab+0x9/0x20
[  152.042115][ T3036]  slab_pre_alloc_hook+0x30/0x1e0
[  152.047164][ T3036]  kmem_cache_alloc_lru+0x49/0x280
[  152.052284][ T3036]  ? sock_alloc_inode+0x28/0xc0
[  152.057146][ T3036]  sock_alloc_inode+0x28/0xc0
[  152.061833][ T3036]  ? __cfi_sock_alloc_inode+0x10/0x10
[  152.067246][ T3036]  new_inode_pseudo+0x70/0x1f0
[  152.072029][ T3036]  do_accept+0x197/0x700
[  152.076302][ T3036]  ? _raw_spin_lock+0x94/0xf0
[  152.080989][ T3036]  ? __cfi_do_accept+0x10/0x10
[  152.085768][ T3036]  __sys_accept4+0xa7/0x120
[  152.090272][ T3036]  __x64_sys_accept4+0x9a/0xb0
[  152.095044][ T3036]  x64_sys_call+0x713/0x9a0
[  152.099569][ T3036]  do_syscall_64+0x4c/0xa0
[  152.103991][ T3036]  ? clear_bhb_loop+0x30/0x80
[  152.108678][ T3036]  ? clear_bhb_loop+0x30/0x80
[  152.113373][ T3036]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  152.119271][ T3036] RIP: 0033:0x7fc77ed9cdd9
[  152.123693][ T3036] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  152.143307][ T3036] RSP: 002b:00007fc77fd25028 EFLAGS: 00000246 ORIG_RAX: 0000000000000120
[  152.151728][ T3036] RAX: ffffffffffffffda RBX: 00007fc77f015fa0 RCX: 00007fc77ed9cdd9
[  152.159711][ T3036] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[  152.167690][ T3036] RBP: 00007fc77fd25090 R08: 0000000000000000 R09: 0000000000000000
[  152.175682][ T3036] R10: 0000000000080800 R11: 0000000000000246 R12: 0000000000000001
[  152.183655][ T3036] R13: 00007fc77f016038 R14: 00007fc77f015fa0 R15: 00007fffde0ca028
[  152.191645][ T3036]  </TASK>
[  152.209999][ T3037] fuse: Bad value for 'fd'
[  152.305489][ T3047] netlink: 40 bytes leftover after parsing attributes in process `syz.2.693'.
[  152.326323][ T3047] loop2: detected capacity change from 0 to 512
[  152.358266][ T3047] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  152.416350][ T3047] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2800: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  152.431130][ T3058] netlink: 60 bytes leftover after parsing attributes in process `syz.0.695'.
[  152.440326][ T3047] EXT4-fs (loop2): 1 truncate cleaned up
[  152.446559][ T3047] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  152.457529][ T3058] netlink: 56 bytes leftover after parsing attributes in process `syz.0.695'.
[  152.472005][   T28] audit: type=1400 audit(1778538583.953:332): avc:  denied  { map } for  pid=3045 comm="syz.2.693" path="/dev/loop2" dev="devtmpfs" ino=120 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  152.504632][ T3047] EXT4-fs error (device loop2): __ext4_get_inode_loc:4511: comm syz.2.693: Invalid inode table block 5 in block_group 0
[  152.511178][   T28] audit: type=1400 audit(1778538583.991:333): avc:  denied  { map } for  pid=3045 comm="syz.2.693" path="/141/file2/file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  152.540110][ T3047] EXT4-fs (loop2): Remounting filesystem read-only
[  152.547604][ T3047] EXT4-fs error (device loop2): __ext4_get_inode_loc:4511: comm syz.2.693: Invalid inode table block 5 in block_group 0
[  152.560563][ T3047] EXT4-fs (loop2): Remounting filesystem read-only
[  152.567626][ T3047] EXT4-fs error (device loop2): __ext4_get_inode_loc:4511: comm syz.2.693: Invalid inode table block 5 in block_group 0
[  152.581109][ T3047] EXT4-fs (loop2): Remounting filesystem read-only
[  152.587897][ T3045] EXT4-fs error (device loop2): __ext4_get_inode_loc:4511: comm syz.2.693: Invalid inode table block 5 in block_group 0
[  152.600987][ T3045] EXT4-fs (loop2): Remounting filesystem read-only
[  152.608045][ T3047] EXT4-fs error (device loop2): __ext4_get_inode_loc:4511: comm syz.2.693: Invalid inode table block 5 in block_group 0
[  152.620748][ T3060] netlink: 4 bytes leftover after parsing attributes in process `syz.0.696'.
[  152.629772][ T3047] EXT4-fs (loop2): Remounting filesystem read-only
[  152.636905][ T3045] EXT4-fs error (device loop2): __ext4_get_inode_loc:4511: comm syz.2.693: Invalid inode table block 5 in block_group 0
[  152.649790][ T3045] EXT4-fs (loop2): Remounting filesystem read-only
[  152.656424][ T3047] EXT4-fs error (device loop2): __ext4_get_inode_loc:4511: comm syz.2.693: Invalid inode table block 5 in block_group 0
[  152.669506][ T3047] EXT4-fs (loop2): Remounting filesystem read-only
[  152.676108][ T3045] EXT4-fs error (device loop2): __ext4_get_inode_loc:4511: comm syz.2.693: Invalid inode table block 5 in block_group 0
[  152.689045][ T3045] EXT4-fs (loop2): Remounting filesystem read-only
[  152.695656][ T3047] EXT4-fs error (device loop2): __ext4_get_inode_loc:4511: comm syz.2.693: Invalid inode table block 5 in block_group 0
[  152.708642][ T3047] EXT4-fs (loop2): Remounting filesystem read-only
[  152.715268][ T3045] EXT4-fs error (device loop2): __ext4_get_inode_loc:4511: comm syz.2.693: Invalid inode table block 5 in block_group 0
[  152.888052][ T3063] fuse: Unknown parameter 'grou00000000000000000000'
[  153.358647][ T3081] fuse: Bad value for 'fd'
[  153.419586][ T3084] netlink: 104 bytes leftover after parsing attributes in process `syz.4.704'.
[  153.531575][ T3091] overlayfs: failed to resolve './file0': -2
[  154.124005][ T3111] syz.1.714[3111] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  154.124093][ T3111] syz.1.714[3111] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  154.156845][ T3112] fuse: Bad value for 'group_id'
[  154.174819][ T3115] loop3: detected capacity change from 0 to 512
[  154.198711][ T3115] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  154.232204][ T3115] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.716: invalid indirect mapped block 9 (level 0)
[  154.249339][ T3115] EXT4-fs (loop3): 1 truncate cleaned up
[  154.255275][ T3115] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  154.265026][   T28] audit: type=1400 audit(1778538585.638:334): avc:  denied  { create } for  pid=3113 comm="syz.3.716" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  154.313523][ T3120] loop1: detected capacity change from 0 to 256
[  154.327095][ T3120] exfat: Deprecated parameter 'namecase'
[  154.339404][ T3120] exfat: Deprecated parameter 'utf8'
[  154.346280][   T28] audit: type=1400 audit(1778538585.684:335): avc:  denied  { write open } for  pid=3113 comm="syz.3.716" path="/159/bus/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop3" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  154.354657][ T3120] exfat: Deprecated parameter 'namecase'
[  154.462242][ T3120] exFAT-fs (loop1): Invalid boot checksum (boot checksum : 0x1119abd0, checksum : 0x11a9abd0)
[  154.472659][ T3120] exFAT-fs (loop1): invalid boot region
[  154.478289][ T3120] exFAT-fs (loop1): failed to recognize exfat type
[  154.532985][  T290] EXT4-fs (loop3): unmounting filesystem.
[  154.608935][ T3129] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  154.693914][ T3128] loop1: detected capacity change from 0 to 8192
[  154.743923][ T3134] loop2: detected capacity change from 0 to 1024
[  154.750584][ T3134] EXT4-fs: Ignoring removed i_version option
[  154.758277][ T3134] EXT4-fs (loop2): VFS: Can't find ext4 filesystem
[  154.780641][ T3128]  loop1: p2 p4[EZD]
[  154.795843][ T3128] loop1: p2 start 524297 is beyond EOD, truncated
[  154.802546][ T3128] loop1: p4 start 1476395008 is beyond EOD, truncated
[  155.882155][ T3152] netlink: 4 bytes leftover after parsing attributes in process `syz.3.726'.
[  156.222969][ T3165] overlayfs: failed to clone upperpath
[  156.481841][ T3186] netlink: 4 bytes leftover after parsing attributes in process `syz.1.738'.
[  157.358349][ T3207] loop2: detected capacity change from 0 to 256
[  157.382610][ T3207] FAT-fs (loop2): Directory bread(block 64) failed
[  157.403500][ T3207] FAT-fs (loop2): Directory bread(block 65) failed
[  157.410160][ T3207] FAT-fs (loop2): Directory bread(block 66) failed
[  157.417219][ T3207] FAT-fs (loop2): Directory bread(block 67) failed
[  157.425217][ T3207] FAT-fs (loop2): Directory bread(block 68) failed
[  157.431921][ T3207] FAT-fs (loop2): Directory bread(block 69) failed
[  157.438904][ T3207] FAT-fs (loop2): Directory bread(block 70) failed
[  157.445542][ T3207] FAT-fs (loop2): Directory bread(block 71) failed
[  157.452143][ T3207] FAT-fs (loop2): Directory bread(block 72) failed
[  157.459017][ T3207] FAT-fs (loop2): Directory bread(block 73) failed
[  158.305545][ T3242] fuse: Bad value for 'group_id'
[  158.637066][   T28] kauditd_printk_skb: 1 callbacks suppressed
[  158.637083][   T28] audit: type=1400 audit(1778538589.727:337): avc:  denied  { read write } for  pid=3250 comm="syz.2.761" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  158.675224][   T28] audit: type=1400 audit(1778538589.765:338): avc:  denied  { open } for  pid=3250 comm="syz.2.761" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  158.744399][ T3257] loop2: detected capacity change from 0 to 1024
[  158.766753][ T3257] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  158.768225][ T3260] netlink: 4 bytes leftover after parsing attributes in process `syz.3.763'.
[  158.776708][ T3257] EXT4-fs (loop2): orphan cleanup on readonly fs
[  158.790674][ T3257] Quota error (device loop2): v2_read_file_info: Can't read info structure
[  158.799402][ T3257] EXT4-fs warning (device loop2): ext4_enable_quotas:7074: Failed to enable quota tracking (type=0, err=-5, ino=3). Please run e2fsck to fix.
[  158.814755][ T3257] EXT4-fs (loop2): Cannot turn on quotas: error -5
[  158.821853][ T3257] EXT4-fs (loop2): 1 truncate cleaned up
[  158.828016][ T3257] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  158.861986][ T3263] IPv6: NLM_F_CREATE should be specified when creating new route
[  158.880444][   T28] audit: type=1400 audit(1778538589.961:339): avc:  denied  { mounton } for  pid=3264 comm="syz.1.765" path="/137/file0" dev="tmpfs" ino=788 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1
[  159.532999][  T292] EXT4-fs (loop2): unmounting filesystem.
[  159.831066][ T3280] loop2: detected capacity change from 0 to 1024
[  159.866284][ T3280] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  159.874991][ T3280] ext4 filesystem being mounted at /156/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  160.492721][ T3284] syz.0.769 (3284) used greatest stack depth: 20760 bytes left
[  160.501361][ T3288] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 112: padding at end of block bitmap is not set
[  160.539793][ T3288] EXT4-fs (loop2): Remounting filesystem read-only
[  160.572415][  T292] EXT4-fs (loop2): unmounting filesystem.
[  160.696850][   T28] audit: type=1400 audit(1778538591.655:340): avc:  denied  { getopt } for  pid=3306 comm="syz.0.776" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  160.949099][ T3313] netlink: 4 bytes leftover after parsing attributes in process `syz.1.777'.
[  161.153142][ T3317] FAULT_INJECTION: forcing a failure.
[  161.153142][ T3317] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  161.166457][ T3317] CPU: 0 PID: 3317 Comm: syz.3.778 Not tainted syzkaller #0
[  161.173759][ T3317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  161.183814][ T3317] Call Trace:
[  161.187120][ T3317]  <TASK>
[  161.190055][ T3317]  __dump_stack+0x21/0x24
[  161.194403][ T3317]  dump_stack_lvl+0x110/0x170
[  161.199101][ T3317]  ? __cfi_dump_stack_lvl+0x8/0x8
[  161.204128][ T3317]  dump_stack+0x15/0x24
[  161.208306][ T3317]  should_fail_ex+0x3d4/0x520
[  161.213010][ T3317]  should_fail+0xb/0x10
[  161.217162][ T3317]  should_fail_usercopy+0x1a/0x20
[  161.222362][ T3317]  _copy_from_user+0x1e/0xc0
[  161.227013][ T3317]  ___sys_sendmsg+0x1c3/0x360
[  161.231713][ T3317]  ? __sys_sendmsg+0x290/0x290
[  161.236485][ T3317]  ? kstrtouint+0x74/0xe0
[  161.240830][ T3317]  ? __fdget+0x19c/0x220
[  161.245113][ T3317]  __sys_sendmmsg+0x2cc/0x4e0
[  161.249819][ T3317]  ? __cfi___sys_sendmmsg+0x10/0x10
[  161.255057][ T3317]  ? __cfi_ksys_write+0x10/0x10
[  161.259915][ T3317]  __x64_sys_sendmmsg+0xa0/0xb0
[  161.264772][ T3317]  x64_sys_call+0x3f5/0x9a0
[  161.269316][ T3317]  do_syscall_64+0x4c/0xa0
[  161.273734][ T3317]  ? clear_bhb_loop+0x30/0x80
[  161.278438][ T3317]  ? clear_bhb_loop+0x30/0x80
[  161.283143][ T3317]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  161.289146][ T3317] RIP: 0033:0x7fc77ed9cdd9
[  161.293585][ T3317] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  161.313222][ T3317] RSP: 002b:00007fc77fd25028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  161.321687][ T3317] RAX: ffffffffffffffda RBX: 00007fc77f015fa0 RCX: 00007fc77ed9cdd9
[  161.329683][ T3317] RDX: 0000000000000002 RSI: 0000200000001b00 RDI: 0000000000000003
[  161.337686][ T3317] RBP: 00007fc77fd25090 R08: 0000000000000000 R09: 0000000000000000
[  161.345692][ T3317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  161.353684][ T3317] R13: 00007fc77f016038 R14: 00007fc77f015fa0 R15: 00007fffde0ca028
[  161.361691][ T3317]  </TASK>
[  161.383344][ T3325] binder: 3324:3325 ioctl c018620c 200000000040 returned -1
[  161.906412][ T3349] loop1: detected capacity change from 0 to 256
[  161.939114][ T3349] FAT-fs (loop1): Directory bread(block 64) failed
[  161.955042][ T3349] FAT-fs (loop1): Directory bread(block 65) failed
[  161.978784][ T3349] FAT-fs (loop1): Directory bread(block 66) failed
[  161.989784][ T3349] FAT-fs (loop1): Directory bread(block 67) failed
[  162.014398][ T3349] FAT-fs (loop1): Directory bread(block 68) failed
[  162.029216][ T3355] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3355 comm=syz.3.792
[  162.050372][ T3349] FAT-fs (loop1): Directory bread(block 69) failed
[  162.073415][ T3349] FAT-fs (loop1): Directory bread(block 70) failed
[  162.108663][ T3349] FAT-fs (loop1): Directory bread(block 71) failed
[  162.147194][ T3349] FAT-fs (loop1): Directory bread(block 72) failed
[  162.180547][ T3349] FAT-fs (loop1): Directory bread(block 73) failed
[  162.263344][ T3360] loop3: detected capacity change from 0 to 4096
[  162.294777][ T3360] EXT4-fs (loop3): can't mount with data=, fs mounted w/o journal
[  162.460389][ T3365] loop1: detected capacity change from 0 to 128
[  162.469453][ T3365] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  162.542245][ T3365] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  162.859128][ T3365] block device autoloading is deprecated and will be removed.
[  163.414411][ T3370] loop2: detected capacity change from 0 to 128
[  163.421174][ T3370] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  163.437201][ T3370] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  163.769046][ T3372] loop1: detected capacity change from 0 to 1024
[  163.909684][ T3372] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  163.984679][ T3372] EXT4-fs (loop1): shut down requested (2)
[  163.996566][   T28] audit: type=1400 audit(1778538594.752:341): avc:  denied  { read } for  pid=85 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[  164.032902][  T289] EXT4-fs (loop1): unmounting filesystem.
[  164.049820][   T28] audit: type=1400 audit(1778538594.752:342): avc:  denied  { search } for  pid=85 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  164.091840][   T28] audit: type=1400 audit(1778538594.752:343): avc:  denied  { write } for  pid=85 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  164.134588][   T28] audit: type=1400 audit(1778538594.752:344): avc:  denied  { add_name } for  pid=85 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  164.176732][   T28] audit: type=1400 audit(1778538594.752:345): avc:  denied  { create } for  pid=85 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  164.218968][   T28] audit: type=1400 audit(1778538594.752:346): avc:  denied  { append open } for  pid=85 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  164.280407][ T3380] fuse: Bad value for 'group_id'
[  164.298250][   T28] audit: type=1400 audit(1778538594.752:347): avc:  denied  { getattr } for  pid=85 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  164.459579][ T3386] loop1: detected capacity change from 0 to 128
[  164.943753][ T3386] loop1: detected capacity change from 0 to 16
[  164.953142][ T3386] erofs: (device loop1): mounted with root inode @ nid 36.
[  165.636315][ T3398] fuse: Invalid rootmode
[  166.477104][ T3392] loop3: detected capacity change from 0 to 131072
[  166.510296][ T3392] F2FS-fs (loop3): invalid crc value
[  166.556900][ T3392] F2FS-fs (loop3): Found nat_bits in checkpoint
[  166.706538][ T3421] netlink: 4 bytes leftover after parsing attributes in process `syz.0.808'.
[  166.723113][ T3392] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  166.873240][ T3401] loop1: detected capacity change from 0 to 131072
[  166.880285][ T3401] F2FS-fs (loop1): Wrong NAT boundary, start(2560) end(3584) blocks(0)
[  166.902877][ T3401] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  166.911689][ T3401] F2FS-fs (loop1): invalid crc value
[  166.967215][ T3401] F2FS-fs (loop1): Found nat_bits in checkpoint
[  167.231925][ T3401] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  167.248586][ T3401] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  167.340217][ T3401] netlink: 16 bytes leftover after parsing attributes in process `syz.1.804'.
[  167.368565][   T28] audit: type=1400 audit(1778538597.897:348): avc:  denied  { read append } for  pid=3400 comm="syz.1.804" path="/146/file2/blkio.throttle.io_service_bytes_recursive" dev="loop1" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  167.425917][   T28] audit: type=1400 audit(1778538597.943:349): avc:  denied  { ioctl } for  pid=3400 comm="syz.1.804" path="/146/file2/blkio.throttle.io_service_bytes_recursive" dev="loop1" ino=10 ioctlcmd=0x7014 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  167.803884][ T3451] fuse: Invalid rootmode
[  170.113760][    T6] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  170.827437][    T6] usb 4-1: Using ep0 maxpacket: 16
[  170.841302][    T6] usb 4-1: device descriptor read/all, error -71
[  171.127455][   T28] audit: type=1400 audit(1778538601.284:350): avc:  denied  { bind } for  pid=3461 comm="syz.1.820" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  171.224758][   T28] audit: type=1400 audit(1778538601.284:351): avc:  denied  { write } for  pid=3461 comm="syz.1.820" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  171.304457][ T3482] netlink: 4 bytes leftover after parsing attributes in process `syz.0.824'.
[  171.344696][  T309] Bluetooth: hci0: Frame reassembly failed (-84)
[  171.352404][   T28] audit: type=1400 audit(1778538601.630:352): avc:  denied  { bind } for  pid=3472 comm="syz.3.823" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  171.375991][  T309] Bluetooth: hci0: Frame reassembly failed (-84)
[  171.816853][ T3495] netlink: 60 bytes leftover after parsing attributes in process `syz.4.828'.
[  171.826646][ T3495] netlink: 44 bytes leftover after parsing attributes in process `syz.4.828'.
[  171.835675][ T3495] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[  172.049389][ T3501] fuse: Invalid rootmode
[  172.071687][ T3470] loop2: detected capacity change from 0 to 131072
[  172.095794][ T3470] F2FS-fs (loop2): invalid crc value
[  172.129156][ T3470] F2FS-fs (loop2): Found nat_bits in checkpoint
[  172.163821][ T3470] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[  172.498830][ T3516] loop2: detected capacity change from 0 to 1024
[  172.514484][ T3516] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  172.523350][ T3516] ext4 filesystem being mounted at /164/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  172.701534][ T3516] netlink: 452 bytes leftover after parsing attributes in process `syz.2.832'.
[  172.776112][  T292] EXT4-fs (loop2): unmounting filesystem.
[  172.882626][   T28] audit: type=1400 audit(1778538603.062:353): avc:  denied  { read } for  pid=3526 comm="syz.2.837" name="msr" dev="devtmpfs" ino=86 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  172.883378][ T3527] FAULT_INJECTION: forcing a failure.
[  172.883378][ T3527] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  172.905413][   T28] audit: type=1400 audit(1778538603.062:354): avc:  denied  { open } for  pid=3526 comm="syz.2.837" path="/dev/cpu/0/msr" dev="devtmpfs" ino=86 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  172.920127][ T3527] CPU: 0 PID: 3527 Comm: syz.2.837 Not tainted syzkaller #0
[  172.948810][ T3527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  172.958866][ T3527] Call Trace:
[  172.962150][ T3527]  <TASK>
[  172.965102][ T3527]  __dump_stack+0x21/0x24
[  172.969439][ T3527]  dump_stack_lvl+0x110/0x170
[  172.974127][ T3527]  ? __cfi_dump_stack_lvl+0x8/0x8
[  172.979157][ T3527]  dump_stack+0x15/0x24
[  172.983349][ T3527]  should_fail_ex+0x3d4/0x520
[  172.988032][ T3527]  should_fail+0xb/0x10
[  172.992197][ T3527]  should_fail_usercopy+0x1a/0x20
[  172.997237][ T3527]  _copy_to_user+0x1e/0x90
[  173.001669][ T3527]  simple_read_from_buffer+0xe9/0x160
[  173.007080][ T3527]  proc_fail_nth_read+0x1a6/0x220
[  173.012121][ T3527]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  173.017677][ T3527]  ? security_file_permission+0x94/0xb0
[  173.023237][ T3527]  ? __cfi_proc_fail_nth_read+0x10/0x10
[  173.028787][ T3527]  vfs_read+0x27a/0x910
[  173.032949][ T3527]  ? __cfi_vfs_read+0x10/0x10
[  173.037629][ T3527]  ? __kasan_check_write+0x14/0x20
[  173.042746][ T3527]  ? mutex_lock+0x93/0x1b0
[  173.047175][ T3527]  ? __cfi_mutex_lock+0x10/0x10
[  173.052042][ T3527]  ? __fdget_pos+0x2cd/0x380
[  173.056671][ T3527]  ? ksys_read+0x71/0x250
[  173.061022][ T3527]  ksys_read+0x149/0x250
[  173.065276][ T3527]  ? __cfi_ksys_read+0x10/0x10
[  173.070048][ T3527]  ? debug_smp_processor_id+0x17/0x20
[  173.075433][ T3527]  __x64_sys_read+0x7b/0x90
[  173.079939][ T3527]  x64_sys_call+0x2f/0x9a0
[  173.084361][ T3527]  do_syscall_64+0x4c/0xa0
[  173.088800][ T3527]  ? clear_bhb_loop+0x30/0x80
[  173.093496][ T3527]  ? clear_bhb_loop+0x30/0x80
[  173.098177][ T3527]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  173.104075][ T3527] RIP: 0033:0x7f48af95d60e
[  173.108496][ T3527] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  173.128106][ T3527] RSP: 002b:00007f48b08f5fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  173.136518][ T3527] RAX: ffffffffffffffda RBX: 00007f48b08f66c0 RCX: 00007f48af95d60e
[  173.144494][ T3527] RDX: 000000000000000f RSI: 00007f48b08f60a0 RDI: 0000000000000004
[  173.152470][ T3527] RBP: 00007f48b08f6090 R08: 0000000000000000 R09: 0000000000000000
[  173.160464][ T3527] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  173.168438][ T3527] R13: 00007f48afc16038 R14: 00007f48afc15fa0 R15: 00007fff78af8438
[  173.176426][ T3527]  </TASK>
[  173.224638][ T3532] FAULT_INJECTION: forcing a failure.
[  173.224638][ T3532] name failslab, interval 1, probability 0, space 0, times 0
[  173.237396][ T3532] CPU: 1 PID: 3532 Comm: syz.1.839 Not tainted syzkaller #0
[  173.244701][ T3532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  173.254745][ T3532] Call Trace:
[  173.258030][ T3532]  <TASK>
[  173.260984][ T3532]  __dump_stack+0x21/0x24
[  173.265322][ T3532]  dump_stack_lvl+0x110/0x170
[  173.270007][ T3532]  ? __cfi_dump_stack_lvl+0x8/0x8
[  173.275028][ T3532]  dump_stack+0x15/0x24
[  173.279176][ T3532]  should_fail_ex+0x3d4/0x520
[  173.283865][ T3532]  __should_failslab+0xac/0xf0
[  173.288625][ T3532]  should_failslab+0x9/0x20
[  173.293138][ T3532]  kmem_cache_alloc_node+0x42/0x340
[  173.298333][ T3532]  ? alloc_io_context+0x2d/0x280
[  173.303279][ T3532]  alloc_io_context+0x2d/0x280
[  173.308044][ T3532]  set_task_ioprio+0x1ed/0x340
[  173.312807][ T3532]  __se_sys_ioprio_set+0x2e8/0x720
[  173.317930][ T3532]  __x64_sys_ioprio_set+0x7b/0x90
[  173.322963][ T3532]  x64_sys_call+0x6fe/0x9a0
[  173.327470][ T3532]  do_syscall_64+0x4c/0xa0
[  173.331892][ T3532]  ? clear_bhb_loop+0x30/0x80
[  173.336575][ T3532]  ? clear_bhb_loop+0x30/0x80
[  173.341255][ T3532]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  173.347148][ T3532] RIP: 0033:0x7f8c86b9cdd9
[  173.351553][ T3532] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  173.371158][ T3532] RSP: 002b:00007f8c87a02028 EFLAGS: 00000246 ORIG_RAX: 00000000000000fb
[  173.379575][ T3532] RAX: ffffffffffffffda RBX: 00007f8c86e15fa0 RCX: 00007f8c86b9cdd9
[  173.387540][ T3532] RDX: 0000000000006000 RSI: 0000000000000000 RDI: 0000000000000003
[  173.395546][ T3532] RBP: 00007f8c87a02090 R08: 0000000000000000 R09: 0000000000000000
[  173.403527][ T3532] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  173.411499][ T3532] R13: 00007f8c86e16038 R14: 00007f8c86e15fa0 R15: 00007ffe7c38b478
[  173.419472][ T3532]  </TASK>
[  173.458012][ T3536] netlink: 4 bytes leftover after parsing attributes in process `syz.4.841'.
[  173.488605][   T28] audit: type=1400 audit(1778538603.624:355): avc:  denied  { load_policy } for  pid=3540 comm="syz.2.843" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  173.513492][ T3541] SELinux: failed to load policy
[  173.581091][ T2263] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  173.914490][ T3552] loop2: detected capacity change from 0 to 1024
[  173.984421][ T3552] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  174.002315][ T3552] ext4 filesystem being mounted at /169/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  174.231673][ T3561] netlink: 188 bytes leftover after parsing attributes in process `syz.3.847'.
[  175.006579][ T3565] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1821 sclass=netlink_route_socket pid=3565 comm=syz.4.850
[  175.019560][   T28] audit: type=1400 audit(1778538605.037:356): avc:  denied  { create } for  pid=3564 comm="syz.4.850" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  175.286367][ T3552] netlink: 452 bytes leftover after parsing attributes in process `syz.2.848'.
[  175.304858][ T3573] FAULT_INJECTION: forcing a failure.
[  175.304858][ T3573] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  175.318789][ T3573] CPU: 0 PID: 3573 Comm: syz.3.851 Not tainted syzkaller #0
[  175.326189][ T3573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  175.336259][ T3573] Call Trace:
[  175.339556][ T3573]  <TASK>
[  175.342523][ T3573]  __dump_stack+0x21/0x24
[  175.346869][ T3573]  dump_stack_lvl+0x110/0x170
[  175.351567][ T3573]  ? __cfi_dump_stack_lvl+0x8/0x8
[  175.356620][ T3573]  dump_stack+0x15/0x24
[  175.360798][ T3573]  should_fail_ex+0x3d4/0x520
[  175.365489][ T3573]  should_fail+0xb/0x10
[  175.369659][ T3573]  should_fail_usercopy+0x1a/0x20
[  175.374695][ T3573]  _copy_from_iter+0x196/0x1010
[  175.379576][ T3573]  ? __cfi__copy_from_iter+0x10/0x10
[  175.384886][ T3573]  ? __check_object_size+0x45a/0x600
[  175.390186][ T3573]  kernfs_fop_write_iter+0x1a1/0x470
[  175.395494][ T3573]  vfs_write+0x603/0xce0
[  175.399753][ T3573]  ? __cfi_vfs_write+0x10/0x10
[  175.404530][ T3573]  ? __cfi_mutex_lock+0x10/0x10
[  175.409412][ T3573]  ? __fdget_pos+0x2cd/0x380
[  175.414019][ T3573]  ? ksys_write+0x71/0x250
[  175.418457][ T3573]  ksys_write+0x149/0x250
[  175.422814][ T3573]  ? __cfi_ksys_write+0x10/0x10
[  175.427677][ T3573]  ? debug_smp_processor_id+0x17/0x20
[  175.433110][ T3573]  __x64_sys_write+0x7b/0x90
[  175.437715][ T3573]  x64_sys_call+0x27b/0x9a0
[  175.442247][ T3573]  do_syscall_64+0x4c/0xa0
[  175.446695][ T3573]  ? clear_bhb_loop+0x30/0x80
[  175.451411][ T3573]  ? clear_bhb_loop+0x30/0x80
[  175.456126][ T3573]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  175.462071][ T3573] RIP: 0033:0x7fc77ed9cdd9
[  175.466514][ T3573] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  175.486137][ T3573] RSP: 002b:00007fc77fd25028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  175.494573][ T3573] RAX: ffffffffffffffda RBX: 00007fc77f015fa0 RCX: 00007fc77ed9cdd9
[  175.502591][ T3573] RDX: 0000000000000012 RSI: 0000200000000200 RDI: 0000000000000006
[  175.510580][ T3573] RBP: 00007fc77fd25090 R08: 0000000000000000 R09: 0000000000000000
[  175.518574][ T3573] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  175.526559][ T3573] R13: 00007fc77f016038 R14: 00007fc77f015fa0 R15: 00007fffde0ca028
[  175.534566][ T3573]  </TASK>
[  175.562707][ T3579] loop3: detected capacity change from 0 to 128
[  175.574828][   T28] audit: type=1400 audit(1778538605.580:357): avc:  denied  { remount } for  pid=3578 comm="syz.3.855" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  175.880527][  T292] EXT4-fs (loop2): unmounting filesystem.
[  175.899922][ T3538] loop1: detected capacity change from 0 to 131072
[  175.918722][ T3538] F2FS-fs (loop1): invalid crc value
[  175.938405][ T3538] F2FS-fs (loop1): Found nat_bits in checkpoint
[  176.027142][ T3538] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  176.113731][  T714] usb 4-1: new full-speed USB device number 14 using dummy_hcd
[  176.267976][ T1833] Bluetooth: hci0: Frame reassembly failed (-84)
[  176.328443][  T714] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  176.340776][ T3608] netlink: 4 bytes leftover after parsing attributes in process `syz.4.864'.
[  176.358302][  T714] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  176.381860][ T3611] overlayfs: failed to clone upperpath
[  176.390719][  T714] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has an invalid bInterval 97, changing to 4
[  176.423805][  T714] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 24929, setting to 1023
[  176.448907][  T714] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  176.468903][  T714] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  176.490416][  T714] usb 4-1: Product: syz
[  176.494615][  T714] usb 4-1: Manufacturer: syz
[  176.509132][  T714] usb 4-1: SerialNumber: syz
[  176.729013][ T3579] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  176.925730][   T28] audit: type=1400 audit(1778538606.833:358): avc:  denied  { mount } for  pid=3618 comm="syz.4.867" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[  176.948139][ T3619] overlayfs: failed to clone lowerpath
[  177.168367][   T28] audit: type=1326 audit(1778538607.067:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3578 comm="syz.3.855" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc77ed9cdd9 code=0x7ffc0000
[  177.214189][   T28] audit: type=1326 audit(1778538607.067:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3578 comm="syz.3.855" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc77ed9cdd9 code=0x7ffc0000
[  177.267245][   T28] audit: type=1326 audit(1778538607.096:361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3578 comm="syz.3.855" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc77ed9cdd9 code=0x7ffc0000
[  177.322730][   T28] audit: type=1326 audit(1778538607.096:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3578 comm="syz.3.855" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc77ed9cdd9 code=0x7ffc0000
[  177.374912][   T28] audit: type=1326 audit(1778538607.096:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3578 comm="syz.3.855" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc77ed9cdd9 code=0x7ffc0000
[  177.408713][ T3579] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  177.436681][   T28] audit: type=1326 audit(1778538607.096:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3578 comm="syz.3.855" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc77ed9ca6b code=0x7ffc0000
[  177.488706][   T28] audit: type=1326 audit(1778538607.096:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3578 comm="syz.3.855" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc77ed9ca6b code=0x7ffc0000
[  177.541437][   T28] audit: type=1326 audit(1778538607.096:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3578 comm="syz.3.855" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fc77ed5d60e code=0x7ffc0000
[  177.598371][   T28] audit: type=1326 audit(1778538607.301:367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3578 comm="syz.3.855" exe="/root/ci2-android-6-1/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc77ed9cdd9 code=0x7ffc0000
[  177.686063][ T3615] loop1: detected capacity change from 0 to 131072
[  177.696040][ T3615] F2FS-fs (loop1): invalid crc value
[  177.725983][ T3615] F2FS-fs (loop1): Found nat_bits in checkpoint
[  177.789409][ T3615] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=80000000, run fsck to fix.
[  177.808408][ T3615] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  177.836313][ T3579] netlink: 16 bytes leftover after parsing attributes in process `syz.3.855'.
[  177.847610][  T714] cdc_ncm 4-1:1.0: bind() failure
[  177.855219][  T714] cdc_ncm: probe of 4-1:1.1 failed with error -71
[  177.862178][  T714] cdc_mbim: probe of 4-1:1.1 failed with error -71
[  177.870080][  T714] usb 4-1: USB disconnect, device number 14
[  177.884115][ T1834] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=80000000, run fsck to fix.
[  178.127321][ T3646] netlink: 32 bytes leftover after parsing attributes in process `syz.1.877'.
[  178.139065][ T3646] loop1: detected capacity change from 0 to 512
[  178.150138][ T3646] EXT4-fs (loop1): 1 truncate cleaned up
[  178.156167][ T3646] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  178.166799][ T3646] EXT4-fs (loop1): shut down requested (2)
[  178.173096][ T3646] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop1 ino=12
[  178.182007][ T3646] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop1 ino=12
[  178.191099][ T3646] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop1 ino=15
[  178.199967][ T3646] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop1 ino=14
[  178.208842][ T3646] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop1 ino=12
[  178.217631][ T3646] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop1 ino=15
[  178.226478][ T3646] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop1 ino=12
[  178.235675][ T3646] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop1 ino=14
[  178.253111][  T289] EXT4-fs (loop1): unmounting filesystem.
[  178.432587][ T2263] Bluetooth: hci0: command 0x1003 tx timeout
[  178.438745][ T2425] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  183.316054][    T6] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  183.348141][ T1148] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  183.540451][    T6] usb 4-1: Using ep0 maxpacket: 16
[  183.542142][ T1148] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 7
[  183.550940][    T6] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 8
[  183.569302][    T6] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[  183.572690][ T1148] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  183.584335][    T6] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  183.603969][    T6] usb 4-1: Product: syz
[  183.608549][    T6] usb 4-1: Manufacturer: syz
[  183.614847][    T6] usb 4-1: SerialNumber: syz
[  183.617666][ T1148] usb 3-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=69.cf
[  183.632406][    T6] usb 4-1: config 0 descriptor??
[  183.641937][ T1148] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  183.651439][    T6] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected
[  183.659493][ T1148] usb 3-1: Product: syz
[  183.669776][ T1148] usb 3-1: Manufacturer: syz
[  183.679067][    T6] usb 4-1: Detected FT232R
[  183.688440][ T1148] usb 3-1: SerialNumber: syz
[  183.729104][ T1148] usb 3-1: config 0 descriptor??
[  183.755256][ T1148] usb 3-1: Found UVC 0.00 device syz (18ec:3288)
[  183.772796][ T1148] usb 3-1: No valid video chain found.
[  183.865921][    T6] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[  184.041330][  T817] usb 3-1: USB disconnect, device number 9
[  184.092821][    T6] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  184.306854][  T714] usb 4-1: USB disconnect, device number 15
[  184.313857][  T714] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  184.323877][  T714] ftdi_sio 4-1:0.0: device disconnected
[  184.591132][ T3731] loop2: detected capacity change from 0 to 1024
[  184.626639][ T3731] EXT4-fs: Ignoring removed i_version option
[  184.638038][ T3731] EXT4-fs (loop2): VFS: Can't find ext4 filesystem
[  184.891771][ T3731] loop2: detected capacity change from 0 to 256
[  184.924765][ T3731] FAT-fs (loop2): Directory bread(block 64) failed
[  184.931858][ T3731] FAT-fs (loop2): Directory bread(block 65) failed
[  184.938834][ T3731] FAT-fs (loop2): Directory bread(block 66) failed
[  184.948647][ T3731] FAT-fs (loop2): Directory bread(block 67) failed
[  184.956133][ T3731] FAT-fs (loop2): Directory bread(block 68) failed
[  184.971917][ T3731] FAT-fs (loop2): Directory bread(block 69) failed
[  184.980933][ T3731] FAT-fs (loop2): Directory bread(block 70) failed
[  184.988348][ T3731] FAT-fs (loop2): Directory bread(block 71) failed
[  185.008324][ T3731] FAT-fs (loop2): Directory bread(block 72) failed
[  185.107323][ T3731] FAT-fs (loop2): Directory bread(block 73) failed
[  185.273261][   T28] kauditd_printk_skb: 101 callbacks suppressed
[  185.273279][   T28] audit: type=1400 audit(1778538614.657:469): avc:  denied  { mount } for  pid=3730 comm="syz.2.905" name="/" dev="loop2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[  185.366504][ T3748] loop1: detected capacity change from 0 to 1024
[  185.406149][ T3748] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  185.422075][ T3748] ext4 filesystem being mounted at /165/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  185.536095][   T28] audit: type=1400 audit(1778538614.900:470): avc:  denied  { unmount } for  pid=292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[  185.738898][   T28] audit: type=1400 audit(1778538615.078:471): avc:  denied  { mount } for  pid=3747 comm="syz.1.912" name="/" dev="configfs" ino=14336 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[  185.948148][ T3755] loop2: detected capacity change from 0 to 512
[  186.688553][ T1834] EXT4-fs error (device loop1): ext4_map_blocks:745: inode #15: comm kworker/u4:24: lblock 0 mapped to illegal pblock 0 (length 6)
[  186.714202][ T1834] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 6 with error 117
[  186.727375][ T1834] EXT4-fs (loop1): This should not happen!! Data will be lost
[  186.727375][ T1834] 
[  186.739652][ T3764] loop2: detected capacity change from 0 to 256
[  186.750957][ T1834] EXT4-fs error (device loop1): ext4_map_blocks:745: inode #15: block 8: comm kworker/u4:24: lblock 8 mapped to illegal pblock 8 (length 8)
[  186.767970][ T3764] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x9059ffb0, utbl_chksum : 0xe619d30d)
[  186.780178][ T1834] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  186.798615][ T1834] EXT4-fs (loop1): This should not happen!! Data will be lost
[  186.798615][ T1834] 
[  186.928043][ T3771] loop3: detected capacity change from 0 to 256
[  186.960855][ T3709] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  186.963157][ T3771] x_tables: duplicate underflow at hook 2
[  187.058989][ T3776] netlink: 4 bytes leftover after parsing attributes in process `syz.4.920'.
[  187.222539][ T3782] loop3: detected capacity change from 0 to 256
[  187.238874][  T817] usb 3-1: new full-speed USB device number 10 using dummy_hcd
[  187.263455][ T3782] FAT-fs (loop3): Directory bread(block 64) failed
[  187.278605][ T3782] FAT-fs (loop3): Directory bread(block 65) failed
[  187.285412][ T3782] FAT-fs (loop3): Directory bread(block 66) failed
[  187.292124][ T3782] FAT-fs (loop3): Directory bread(block 67) failed
[  187.298725][ T3782] FAT-fs (loop3): Directory bread(block 68) failed
[  187.305465][ T3782] FAT-fs (loop3): Directory bread(block 69) failed
[  187.312069][ T3782] FAT-fs (loop3): Directory bread(block 70) failed
[  187.320172][ T3782] FAT-fs (loop3): Directory bread(block 71) failed
[  187.326915][ T3782] FAT-fs (loop3): Directory bread(block 72) failed
[  187.333464][ T3782] FAT-fs (loop3): Directory bread(block 73) failed
[  187.395495][ T3786] 8021q: VLANs not supported on ip_vti0
[  187.431471][ T3788] loop3: detected capacity change from 0 to 512
[  187.452721][  T817] usb 3-1: config 0 has an invalid interface number: 41 but max is 0
[  187.460865][  T817] usb 3-1: config 0 has no interface number 0
[  187.473710][ T3788] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -2
[  187.487004][  T289] EXT4-fs (loop1): unmounting filesystem.
[  187.492685][  T817] usb 3-1: config 0 interface 41 has no altsetting 0
[  187.500315][ T3788] EXT4-fs error (device loop3): ext4_iget_extra_inode:4754: inode #15: comm syz.3.926: corrupted in-inode xattr
[  187.512760][ T3788] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.926: couldn't read orphan inode 15 (err -117)
[  187.524750][  T817] usb 3-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  187.527621][ T3788] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  187.534186][  T817] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  187.550791][  T817] usb 3-1: Product: syz
[  187.555000][  T817] usb 3-1: Manufacturer: syz
[  187.559666][  T817] usb 3-1: SerialNumber: syz
[  187.565084][  T817] usb 3-1: config 0 descriptor??
[  187.696938][ T3801] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  188.458999][  T290] EXT4-fs (loop3): unmounting filesystem.
[  188.498868][   T19] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  188.611173][ T3816] 8021q: VLANs not supported on ip_vti0
[  188.776630][   T19] usb 2-1: Using ep0 maxpacket: 8
[  188.783014][   T19] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  188.795475][   T19] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 7
[  188.808691][   T19] usb 2-1: New USB device found, idVendor=056a, idProduct=0090, bcdDevice= 0.00
[  188.817816][   T19] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  188.819511][  T328] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  188.834446][   T19] usb 2-1: config 0 descriptor??
[  188.888510][  T817] CoreChips 3-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0
[  189.045014][  T328] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 7
[  189.056562][  T328] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  189.076215][  T328] usb 4-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=69.cf
[  189.085419][  T328] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  189.093638][  T328] usb 4-1: Product: syz
[  189.097964][  T328] usb 4-1: Manufacturer: syz
[  189.102587][  T328] usb 4-1: SerialNumber: syz
[  189.108141][  T328] usb 4-1: config 0 descriptor??
[  189.118201][  T817] CoreChips 3-1:0.41 (unnamed net_device) (uninitialized): Failed to send software reset:ffffffb9
[  189.120830][  T328] usb 4-1: Found UVC 0.00 device syz (18ec:3288)
[  189.143102][  T817] CoreChips 3-1:0.41 (unnamed net_device) (uninitialized): Failed to power down PHY : -71
[  189.153411][  T817] CoreChips: probe of 3-1:0.41 failed with error -71
[  189.168241][  T328] usb 4-1: No valid video chain found.
[  189.173938][  T817] usb 3-1: USB disconnect, device number 10
[  189.257128][   T19] usbhid 2-1:0.0: can't add hid device: -71
[  189.263203][   T19] usbhid: probe of 2-1:0.0 failed with error -71
[  189.270444][   T19] usb 2-1: USB disconnect, device number 10
[  189.418818][    T6] usb 4-1: USB disconnect, device number 16
[  189.789402][   T28] audit: type=1400 audit(1778538618.877:472): avc:  denied  { write } for  pid=3832 comm="syz.2.939" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  189.826957][ T3835] loop1: detected capacity change from 0 to 256
[  189.854452][ T3835] FAT-fs (loop1): Directory bread(block 64) failed
[  189.861498][ T3835] FAT-fs (loop1): Directory bread(block 65) failed
[  189.923687][ T3835] FAT-fs (loop1): Directory bread(block 66) failed
[  189.930345][ T3835] FAT-fs (loop1): Directory bread(block 67) failed
[  189.932313][ T3837] netlink: 4 bytes leftover after parsing attributes in process `syz.2.939'.
[  189.989637][   T28] audit: type=1400 audit(1778538619.064:473): avc:  denied  { create } for  pid=3832 comm="syz.2.939" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1
[  190.350074][ T3835] FAT-fs (loop1): Directory bread(block 68) failed
[  190.470869][ T3835] FAT-fs (loop1): Directory bread(block 69) failed
[  190.473159][   T28] audit: type=1400 audit(1778538619.064:474): avc:  denied  { sys_admin } for  pid=3832 comm="syz.2.939" capability=21  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[  190.502520][ T3835] FAT-fs (loop1): Directory bread(block 70) failed
[  190.518461][ T3835] FAT-fs (loop1): Directory bread(block 71) failed
[  190.530180][ T3835] FAT-fs (loop1): Directory bread(block 72) failed
[  190.536788][ T3835] FAT-fs (loop1): Directory bread(block 73) failed
[  190.563943][ T3840] loop3: detected capacity change from 0 to 2048
[  190.687364][ T3840]  loop3: p1 < > p3 < >
[  190.691811][ T3840] loop3: partition table partially beyond EOD, truncated
[  190.701087][ T3840] loop3: p1 start 3405774849 is beyond EOD, truncated
[  190.828461][ T3840] loop3: detected capacity change from 0 to 4096
[  190.844536][   T28] audit: type=1400 audit(1778538619.869:475): avc:  denied  { setopt } for  pid=3839 comm="syz.3.941" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  190.907277][ T3855] 8021q: VLANs not supported on ip_vti0
[  190.950197][ T3857] loop3: detected capacity change from 0 to 1024
[  190.995455][ T3857] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  191.004390][ T3857] ext4 filesystem being mounted at /202/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  191.131806][ T1833] Bluetooth: hci0: Frame reassembly failed (-84)
[  191.337044][   T28] audit: type=1400 audit(1778538620.328:476): avc:  denied  { setopt } for  pid=3868 comm="syz.4.949" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  192.060141][  T290] EXT4-fs (loop3): unmounting filesystem.
[  192.377848][   T19] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  192.785055][   T19] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 7
[  192.796047][   T19] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  192.807305][   T19] usb 4-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=69.cf
[  192.816491][   T19] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  192.824514][   T19] usb 4-1: Product: syz
[  192.828732][   T19] usb 4-1: Manufacturer: syz
[  192.833352][   T19] usb 4-1: SerialNumber: syz
[  192.838799][   T19] usb 4-1: config 0 descriptor??
[  192.844767][   T19] usb 4-1: Found UVC 0.00 device syz (18ec:3288)
[  192.851195][   T19] usb 4-1: No valid video chain found.
[  193.193066][ T3898] usb 4-1: USB disconnect, device number 17
[  193.334424][ T2425] Bluetooth: hci0: command 0x1003 tx timeout
[  193.340613][   T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  193.853564][ T3854] syz.1.946 (3854) used greatest stack depth: 20720 bytes left
[  193.956976][ T3913] loop2: detected capacity change from 0 to 1024
[  193.982181][ T3913] EXT4-fs: Ignoring removed i_version option
[  193.994161][ T3913] EXT4-fs (loop2): VFS: Can't find ext4 filesystem
[  194.072268][ T3920] loop3: detected capacity change from 0 to 1024
[  194.079431][ T3920] EXT4-fs: Ignoring removed i_version option
[  194.085735][ T3920] EXT4-fs (loop3): VFS: Can't find ext4 filesystem
[  194.122874][ T3913] loop2: detected capacity change from 0 to 256
[  194.171856][ T3913] FAT-fs (loop2): Directory bread(block 64) failed
[  194.196908][ T3913] FAT-fs (loop2): Directory bread(block 65) failed
[  194.215858][ T3913] FAT-fs (loop2): Directory bread(block 66) failed
[  194.228277][ T3913] FAT-fs (loop2): Directory bread(block 67) failed
[  194.234942][ T3913] FAT-fs (loop2): Directory bread(block 68) failed
[  194.260438][ T3920] loop3: detected capacity change from 0 to 256
[  194.266957][ T3913] FAT-fs (loop2): Directory bread(block 69) failed
[  194.291368][ T3913] FAT-fs (loop2): Directory bread(block 70) failed
[  194.300731][ T3913] FAT-fs (loop2): Directory bread(block 71) failed
[  194.307358][ T3913] FAT-fs (loop2): Directory bread(block 72) failed
[  194.313918][ T3913] FAT-fs (loop2): Directory bread(block 73) failed
[  194.318601][ T3920] FAT-fs (loop3): Directory bread(block 64) failed
[  194.382421][ T3920] FAT-fs (loop3): Directory bread(block 65) failed
[  194.396025][   T28] audit: type=1400 audit(1778538623.191:477): avc:  denied  { ioctl } for  pid=3924 comm="syz.2.967" path="socket:[38683]" dev="sockfs" ino=38683 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  194.427593][ T3920] FAT-fs (loop3): Directory bread(block 66) failed
[  194.454618][ T3920] FAT-fs (loop3): Directory bread(block 67) failed
[  194.468078][ T3920] FAT-fs (loop3): Directory bread(block 68) failed
[  194.482551][ T3920] FAT-fs (loop3): Directory bread(block 69) failed
[  194.496396][ T3920] FAT-fs (loop3): Directory bread(block 70) failed
[  194.503100][ T3920] FAT-fs (loop3): Directory bread(block 71) failed
[  194.510249][ T3920] FAT-fs (loop3): Directory bread(block 72) failed
[  194.517017][ T3920] FAT-fs (loop3): Directory bread(block 73) failed
[  194.526335][ T3928] loop2: detected capacity change from 0 to 4096
[  194.572894][ T3928] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=e842c018, mo2=0003]
[  194.593564][ T3928] System zones: 0-5
[  194.602842][ T3928] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  194.623799][   T28] audit: type=1400 audit(1778538623.406:478): avc:  denied  { read write } for  pid=3927 comm="syz.2.968" name="uhid" dev="devtmpfs" ino=267 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  194.683642][   T28] audit: type=1400 audit(1778538623.444:479): avc:  denied  { open } for  pid=3927 comm="syz.2.968" path="/dev/uhid" dev="devtmpfs" ino=267 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  194.743644][   T28] audit: type=1400 audit(1778538623.519:480): avc:  denied  { map } for  pid=3927 comm="syz.2.968" path="/184/file0/cgroup.kill" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  194.803258][ T3940] FAULT_INJECTION: forcing a failure.
[  194.803258][ T3940] name failslab, interval 1, probability 0, space 0, times 0
[  194.829756][ T3940] CPU: 0 PID: 3940 Comm: syz.1.972 Not tainted syzkaller #0
[  194.837091][ T3940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  194.847172][ T3940] Call Trace:
[  194.850477][ T3940]  <TASK>
[  194.853428][ T3940]  __dump_stack+0x21/0x24
[  194.857793][ T3940]  dump_stack_lvl+0x110/0x170
[  194.862522][ T3940]  ? __cfi_dump_stack_lvl+0x8/0x8
[  194.867563][ T3940]  ? get_page_from_freelist+0x2d12/0x2d80
[  194.873318][ T3940]  ? selinux_socket_sock_rcv_skb+0x30f/0x870
[  194.879343][ T3940]  dump_stack+0x15/0x24
[  194.883531][ T3940]  should_fail_ex+0x3d4/0x520
[  194.888227][ T3940]  ? mas_alloc_nodes+0x2d8/0x850
[  194.893191][ T3940]  __should_failslab+0xac/0xf0
[  194.897980][ T3940]  should_failslab+0x9/0x20
[  194.902503][ T3940]  kmem_cache_alloc+0x3b/0x330
[  194.907292][ T3940]  mas_alloc_nodes+0x2d8/0x850
[  194.912108][ T3940]  mas_preallocate+0xe13/0x1440
[  194.917014][ T3940]  ? __cfi_mas_preallocate+0x10/0x10
[  194.922318][ T3940]  ? rwsem_write_trylock+0x136/0x300
[  194.927628][ T3940]  vma_expand+0x3b7/0xa10
[  194.931994][ T3940]  mmap_region+0xf61/0x21f0
[  194.936534][ T3940]  ? __cfi_mmap_region+0x10/0x10
[  194.941499][ T3940]  ? cap_mmap_addr+0x165/0x2e0
[  194.946296][ T3940]  ? get_unmapped_area+0x313/0x380
[  194.951455][ T3940]  do_mmap+0x856/0xdd0
[  194.955563][ T3940]  ? __count_memcg_events+0x8f/0xe0
[  194.960792][ T3940]  ? __cfi_do_mmap+0x10/0x10
[  194.965405][ T3940]  vm_mmap_pgoff+0x224/0x410
[  194.970027][ T3940]  ? __cfi_vm_mmap_pgoff+0x10/0x10
[  194.975174][ T3940]  ? up_read+0x56/0x1d0
[  194.979386][ T3940]  ksys_mmap_pgoff+0xf6/0x1d0
[  194.984103][ T3940]  __x64_sys_mmap+0xfa/0x110
[  194.988719][ T3940]  x64_sys_call+0x8fd/0x9a0
[  194.993247][ T3940]  do_syscall_64+0x4c/0xa0
[  194.997712][ T3940]  ? clear_bhb_loop+0x30/0x80
[  195.002454][ T3940]  ? clear_bhb_loop+0x30/0x80
[  195.007180][ T3940]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  195.013130][ T3940] RIP: 0033:0x7f8c86b9cb42
[  195.017585][ T3940] Code: 4f 01 00 0f 1f 44 00 00 41 f7 c1 ff 0f 00 00 75 27 55 89 cd 53 48 89 fb 48 85 ff 74 3b 41 89 ea 48 89 df b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 6e 5b 5d c3 0f 1f 00 48 c7 c0 e8 ff ff ff 64
[  195.037218][ T3940] RSP: 002b:00007f8c87a00d08 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  195.045650][ T3940] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8c86b9cb42
[  195.053646][ T3940] RDX: 0000000000000000 RSI: 0000000008000000 RDI: 0000000000000000
[  195.061648][ T3940] RBP: 0000000000000022 R08: 00000000ffffffff R09: 0000000000000000
[  195.069648][ T3940] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000004000000
[  195.077645][ T3940] R13: 0000000000001000 R14: 0000000000000022 R15: 00007f8c86c5002f
[  195.085670][ T3940]  </TASK>
[  195.277274][ T3940] ------------[ cut here ]------------
[  195.282809][ T3940] kernel BUG at mm/mmap.c:2854!
[  195.316771][ T3940] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[  195.322986][ T3940] CPU: 1 PID: 3940 Comm: syz.1.972 Not tainted syzkaller #0
[  195.330334][ T3940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  195.340442][ T3940] RIP: 0010:mmap_region+0x2098/0x21f0
[  195.345877][ T3940] Code: 80 c1 03 38 c1 0f 8c 01 fa ff ff 4c 89 ff 49 89 d5 e8 ac 47 09 00 4c 89 ea e9 ee f9 ff ff e8 cf ab c3 ff 0f 0b e8 c8 ab c3 ff <0f> 0b 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c e1 e6 ff ff 4c 89 e7
[  195.365511][ T3940] RSP: 0018:ffffc9000ded7a40 EFLAGS: 00010293
[  195.371616][ T3940] RAX: ffffffff81adca88 RBX: 00007f8c855f8000 RCX: ffff888114d52880
[  195.379617][ T3940] RDX: 0000000000000000 RSI: 00007f8c855f7fff RDI: 00007f8c855f8000
[  195.387625][ T3940] RBP: ffffc9000ded7c30 R08: ffff888114d52880 R09: 0000000000000003
[  195.395630][ T3940] R10: 0000000000000003 R11: 0000000000000000 R12: 1ffff92001bdaf60
[  195.403626][ T3940] R13: 0000000000000070 R14: 00007f8c855f8000 R15: 00007f8c855f7fff
[  195.411622][ T3940] FS:  00007f8c87a026c0(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[  195.420587][ T3940] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  195.427200][ T3940] CR2: 00007fc77fce2ff8 CR3: 0000000114133000 CR4: 00000000003506a0
[  195.435194][ T3940] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  195.443181][ T3940] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  195.451175][ T3940] Call Trace:
[  195.454472][ T3940]  <TASK>
[  195.457420][ T3940]  ? __cfi_mmap_region+0x10/0x10
[  195.462395][ T3940]  ? cap_mmap_addr+0x165/0x2e0
[  195.467193][ T3940]  ? get_unmapped_area+0x313/0x380
[  195.472342][ T3940]  do_mmap+0x856/0xdd0
[  195.476443][ T3940]  ? __count_memcg_events+0x8f/0xe0
[  195.481682][ T3940]  ? __cfi_do_mmap+0x10/0x10
[  195.486396][ T3940]  vm_mmap_pgoff+0x224/0x410
[  195.491012][ T3940]  ? __cfi_vm_mmap_pgoff+0x10/0x10
[  195.496155][ T3940]  ? up_read+0x56/0x1d0
[  195.500356][ T3940]  ksys_mmap_pgoff+0xf6/0x1d0
[  195.505079][ T3940]  __x64_sys_mmap+0xfa/0x110
[  195.509715][ T3940]  x64_sys_call+0x8fd/0x9a0
[  195.514240][ T3940]  do_syscall_64+0x4c/0xa0
[  195.518688][ T3940]  ? clear_bhb_loop+0x30/0x80
[  195.523401][ T3940]  ? clear_bhb_loop+0x30/0x80
[  195.528117][ T3940]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  195.534053][ T3940] RIP: 0033:0x7f8c86b9cb42
[  195.538488][ T3940] Code: 4f 01 00 0f 1f 44 00 00 41 f7 c1 ff 0f 00 00 75 27 55 89 cd 53 48 89 fb 48 85 ff 74 3b 41 89 ea 48 89 df b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 6e 5b 5d c3 0f 1f 00 48 c7 c0 e8 ff ff ff 64
[  195.558108][ T3940] RSP: 002b:00007f8c87a00d08 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  195.566571][ T3940] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8c86b9cb42
[  195.574598][ T3940] RDX: 0000000000000000 RSI: 0000000008000000 RDI: 0000000000000000
[  195.582598][ T3940] RBP: 0000000000000022 R08: 00000000ffffffff R09: 0000000000000000
[  195.590593][ T3940] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000004000000
[  195.598583][ T3940] R13: 0000000000001000 R14: 0000000000000022 R15: 00007f8c86c5002f
[  195.606578][ T3940]  </TASK>
[  195.609623][ T3940] Modules linked in:
[  195.618762][ T3940] ---[ end trace 0000000000000000 ]---
[  195.624278][ T3940] RIP: 0010:mmap_region+0x2098/0x21f0
[  195.625621][ T1834] Bluetooth: hci0: Frame reassembly failed (-84)
[  195.631151][ T3940] Code: 80 c1 03 38 c1 0f 8c 01 fa ff ff 4c 89 ff 49 89 d5 e8 ac 47 09 00 4c 89 ea e9 ee f9 ff ff e8 cf ab c3 ff 0f 0b e8 c8 ab c3 ff <0f> 0b 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c e1 e6 ff ff 4c 89 e7
[  195.655809][ T3940] RSP: 0018:ffffc9000ded7a40 EFLAGS: 00010293
[  195.662163][ T3940] RAX: ffffffff81adca88 RBX: 00007f8c855f8000 RCX: ffff888114d52880
[  195.662393][  T292] EXT4-fs (loop2): unmounting filesystem.
[  195.670231][ T3940] RDX: 0000000000000000 RSI: 00007f8c855f7fff RDI: 00007f8c855f8000
[  195.701184][ T3940] RBP: ffffc9000ded7c30 R08: ffff888114d52880 R09: 0000000000000003
[  195.711519][ T3940] R10: 0000000000000003 R11: 0000000000000000 R12: 1ffff92001bdaf60
[  195.734182][ T3940] R13: 0000000000000070 R14: 00007f8c855f8000 R15: 00007f8c855f7fff
[  195.742227][ T3940] FS:  00007f8c87a026c0(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[  195.751664][ T3940] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  195.776045][ T3940] CR2: 00007fc77fce2ff8 CR3: 0000000114133000 CR4: 00000000003506a0
[  195.805684][ T3940] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  195.813786][ T3940] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  195.829150][ T3940] Kernel panic - not syncing: Fatal exception
[  195.835829][ T3940] Kernel Offset: disabled
[  195.840157][ T3940] Rebooting in 86400 seconds..