last executing test programs:

9.124937002s ago: executing program 0 (id=268):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000008000008500000006"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000000)={'gretap0\x00', &(0x7f0000000100)={'gre0\x00', 0x0, 0x0, 0x7, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @dev}}}})
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c00170000000000100020f1850000006d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r4}, 0x10)
setsockopt$inet_mreqn(r3, 0x0, 0x40, &(0x7f00000000c0)={@multicast1, @multicast2}, 0xc)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r5}, 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={0x0, r6, 0x0, 0x1, &(0x7f0000000080)='\x00', <r7=>0x0}, 0x30)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000300)={r7}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r2}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r8, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000040), &(0x7f0000000280)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_SURVEY(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r10, @ANYBLOB="a903000000000000000032"], 0x1c}}, 0x0)

9.123976152s ago: executing program 0 (id=269):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000004000000000000000000008500000050000000850000005000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='ext4_ext_remove_space_done\x00', r0}, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='ext4_ext_remove_space_done\x00', r1}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
close(0xffffffffffffffff)

9.060210177s ago: executing program 0 (id=270):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000008500000082"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
recvmsg(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/249, 0xf9}], 0x1}, 0x0)
close(r2)
sendmsg$tipc(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{0x0}], 0x1, 0x0, 0x0, 0x3}, 0x0)

8.231295295s ago: executing program 0 (id=276):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6, 0x24, 0x1a, 0x0, 0x28}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x20, 0x80, 0x1c, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3158}}, 0x0, 0x0, 0x0, 0x0})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x18}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000300000000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e8500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x26e1, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r5, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x808000, 0x4, 0x20300, 0xfc}, 0x1c)
bind$packet(r5, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x81, 0x6, @broadcast}, 0x14)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
r6 = dup(r4)
ioctl$KVM_SET_MSRS(r6, 0xc008ae88, &(0x7f00000000c0)=ANY=[@ANYBLOB="8200000002000000044d564b"])
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='ext4_da_write_pages\x00', r7}, 0x10)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r8, &(0x7f0000000180), 0x2000)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
read$FUSE(r6, &(0x7f0000001080)={0x2020, 0x0, 0x0, 0x0, 0x0, <r9=>0x0}, 0x2020)
sched_setscheduler(r9, 0x2, &(0x7f0000000080)=0x2)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000001040)={0x14, 0x0, &(0x7f0000001000)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)

6.46594633s ago: executing program 4 (id=282):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6, 0x24, 0x1a, 0x0, 0x28}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x20, 0x80, 0x1c, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3158}}, 0x0, 0x0, 0x0, 0x0})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x18}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000003000000000000000000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e8500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x26e1, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r5, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x808000, 0x4, 0x20300, 0xfc}, 0x1c)
bind$packet(r5, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x81, 0x6, @broadcast}, 0x14)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
r6 = dup(r4)
ioctl$KVM_SET_MSRS(r6, 0xc008ae88, &(0x7f00000000c0)=ANY=[@ANYBLOB="8200000002000000044d564b"])
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='ext4_da_write_pages\x00', r7}, 0x10)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r8, &(0x7f0000000180), 0x2000)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
read$FUSE(r6, &(0x7f0000001080)={0x2020, 0x0, 0x0, 0x0, 0x0, <r9=>0x0}, 0x2020)
sched_setscheduler(r9, 0x2, &(0x7f0000000080)=0x2)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000001040)={0x14, 0x0, &(0x7f0000001000)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)

4.62812827s ago: executing program 0 (id=289):
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x2, 0x4, 0x2}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000007000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000fdffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
r3 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0)
fstat(r3, &(0x7f0000000cc0)={0x0, 0x0, 0x0, 0x0, <r4=>0x0, <r5=>0x0})
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x100080d, &(0x7f0000003f80)=ANY=[@ANYRES32=r5, @ANYRESOCT, @ANYRES8=r5, @ANYRESDEC, @ANYBLOB="215aa15bf29ed2ff6f9241ff60693d298a3d41143bfc9091146111b4930c37eddcf542d641b821af229e7d8780d50b6f47fa3e5928555eb4d6d507d92b87b0b01c19c789895e02891afc082bb85a470e7f168a6aa2c2bc51a3f3a404a4a1e6e2fbad00d592df65bd2a593f488bf41dbc7ea43fe2554fbe34e4a77f606f35e445aff55aaa19f7ffffffffffffff19bd4739c80c9e6681229c48e0c6de634c35c029c4eb3b43412c95089416a3d607800000303758410658a4ec52e5b778eda9cd1bd8834e145c111690b0da927087e805000000000100008fd8b9bdfbdaa777db54127463a589ee1925c34b6459505702f3a45f285c53c1f15bab2eef6324d67ad8d7e247317d80ff3ad9120b4e2294e67de9adaab76fa991571a187cd8f7fbc49bf45d6f8dbf69ef0d765a02ad98e802b1688148a8c017e3af238f82c49bbd8ba542fbfec5693d82158e3216b95656986f9d7eec7244a27dfaf8623fc76943bf142a6159d6c622dbcac3d324d07be5a5cc88f85a857ff9d45924424d3453c969afa37d952940f3147d5af234b39c3ff742a2e5300e10ee692a32f5c3321d44eadaa8c44bf9d534b52fe758082299e04f839e529a6d0293bf12770ac948730a0c367e117137c6fd930b1f306138163b7180e111d6926255a71bd227b1d27f2897721e3bda884b0792a81134d8fbc9aafc732b15aee5c9e0a835ac17b457efa36ce1095a3196d278207846ea81172826d49b87aac6e662bb824f16b0b65fc6989395ba022bd6af2f1830375c311bdf55f15d9830564e65dc76e5b7c9a91e857dbcef3909cfd628649337de6ff04a398f4325a430467aee51d7fa12ef61bc0b67d1e18e62754d8a2b65fbb8e01450b2882a99f414220f9fb94009492270cc703569cfef8cc0d520b023ce6bf947c3f301b8320f12966a7736956fd7aba87b9ea3f90699ec8b916bf539b348d44069af48c413fe58e99f10ba139d16450158e3001d388e9fd31b105ee2a6c8810570469938f3d6e4bb63ea045bb4eebb1504d5457d4460bd7fe9344ffbfbef28fce0aef35003a99826f893acdfb4dd460c41d1e31f49e331993bf0a7825e2968ef4f735f20a92672e5921c05a8b4b2c4402e38f524856365d1cdeb179e3491b2d546f7b6a441136f4293857dc7a0f48b10a41825eb6c05e8386d021dcf4f1b19b7067f32877acccf22810db3cf4870f61f0ac08dd51993813f72f75a1dcdb5e9c01e87dbadc00220c06cd0628363dbc4a1da0482524b32c7292aedd9bfb5eed00fbdbdc59f8c2543bb6285441b966ec995b63c4a7a7cf279c59f5c385dcceacb520905098607b0b46f81ebf9ca2563fda18024314292dc02a6e226beb6b63bf8f190a4b2865a9246094cbeff3d593f42b5df77e5c875265ff15c8fbceb6f5310f07606ad5cbe38a86c06742a1ce62f890f05e23c67204612c7ab0500000034a829c8749455d880057b4665f6964f37f2e07dfb9654db40a56633f7751f15e392a9c73fe02135ff9a7dbd66292a0e91f7ceec617c3759e18dd7d6f16a3a597cf55efedbf42345aec4970686800085ffb22b09f5418a5d74620a7e30713c50d734a8e9da4c2815acec2afc37ed8c8a9c2354acba756f6a09d8e33706ccda743a624708cf9ccbc016a7b2c5302cc131ededaf8f54dbce508d1e27ddb0ac254426c25b851cfbd6ab4d9474d34cf486bfffe0a87055ebba5f14ee", @ANYRESHEX, @ANYRESDEC, @ANYRES32, @ANYRESHEX=0x0, @ANYRESOCT=r4, @ANYRESDEC, @ANYRES8=r5, @ANYRES8=r3], 0xff, 0x1f1, &(0x7f0000000900)="$eJzsmb2LE0EYxp+Z3cveHSLYWNhYeOCJ3n5F5ZorThArQThFLYO3CcFNIskKSUAk2NhYigi2/gMWFqks7OxstVBBsDClYCGMzOy4mSRuSLgigbw/yOR53/l6Z0ieLRYEQaws377++vLsyu7NCwCOYQuOzv+whmM4kEWfXz48/3zv6qs3n16/rx9/1B9fbx2AELPvvwHg3b6FREVCiMej/VuyeTGauwWOc1rfBoObyj9CkQYRGO4qZQOZBhobWsSRe68RH5arceTLJpBNKJuiuZecPegxHGZnE4IZ/a1O934pjqPmuFgT//aZ6JpXTLs/Vd8+x56OZX0cwJ2nT3oy1ncDHzy9SwABOAKti2A40HoXDlzXHV6Jcf5T9nB9a5bzL0qw3+nPQGZO7Cy+npURwlmKMmYQbDwj/9BZ5uSg/2Fy1vdlKT5fMOQ4jjIuAFnmmh7zcTOOrx9h04LecbLLMv2J2cBZw59s2Jl/eEntgdfqdHeqtVIlqkT1MCxe9i/6/qXQK1cd+J6yoyn+t678adNYf80cYDxQCqyAdilJmkEbSJpBFodpazjuwdvGTzWHK//j2D6TriEvWR3b+X89TH+4+pZq28otniAIgiAIgiAIgiAIgiAIYi5OgyF9BaJeVIkcwhtq9N8AAAD//zSFbeI=")
syz_emit_ethernet(0x76, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd6000008000403c00fc000000000000000000000000000000ff02"], 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e0000001080002"], 0x64}}, 0x0)
syz_usb_connect$cdc_ecm(0x0, 0x56, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000020000082505a1a44000000001010902440001010000000904000000020600000324"], 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0)

2.370030076s ago: executing program 3 (id=297):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000100), 0x4)
r1 = socket$igmp(0x2, 0x3, 0x2)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x6, &(0x7f0000000140)={0x0, {{0x29, 0x0, 0x0, @mcast1}}}, 0x88)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080))
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10)
r3 = getpid()
sched_setscheduler(r3, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'lo\x00', {0x2, 0x0, @loopback}})
connect$inet(r0, &(0x7f00000006c0)={0x2, 0x0, @dev}, 0x10)
sendmmsg$inet(r0, &(0x7f0000000940)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000480)=[{0x0}, {&(0x7f0000000200)}, {&(0x7f0000000280)}, {&(0x7f00000002c0)}, {&(0x7f0000000380)}], 0x5, &(0x7f0000000500)}}, {{&(0x7f0000000700)={0x2, 0x0, @private}, 0x10, &(0x7f0000002c40)=[{&(0x7f0000000a80)}, {&(0x7f0000000740)="33cf616da962a034", 0x8}, {&(0x7f0000002b00)="ef3a26084dc784b0886faf47ff51c6cbd026340828fef4a33b0d485ff57f6d34243b09966f907fb9363fe6a71acc61e781b9a0655d917fd4f99869440d1b657e2afa0db373cc025b441d52e95309b0c05cf0b99d2b268153a03581be8a63d71960600c77880ddec1fb2f2817c3ba224e61d398ec56e74b93dd8e32e7", 0x7c}, {&(0x7f0000002c00)="8eff58957acd6581bb5a451bd03237f37bb3832d5aa9e485dff631ab83a9e15739ba1ea68a91e4b788efd7a82b736d678440ef5732cafdbe45a1ec", 0x3b}], 0x4, &(0x7f0000000840)=[@ip_tos_u8={{0x11}}, @ip_tos_int={{0x14}}], 0x30}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000500)="a8a07c45daaccc0ee8caf025163332f12801d2a9dc6d4c5464be5596bc62da875a494a3914f2113c212e100a16772d2c8099065a138d61d3f0a1bb2f473c73c6b20cd549b6f30c740b92bcd4d325f83ffbfc99e0497997dc6c15e30a51f907e915832891aa2d9c38a0c9b5b607c220da438cef4e99061d7c00062a1c3809e3e7", 0x80}], 0x1}}], 0x4, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x3, 0x4, &(0x7f0000001180)=ANY=[@ANYBLOB="8500000013000000350000000000ba00850000000800000095000000000000004cf12aa5cbd56806f81f06a9c0ff431553ca08030871e23089f5e0a141d524588f32cb447f90ee60b191e2c825cd4d580e7953f911aa1f7017230163cf09493497cbe593f90a847687a1ef1f83dd6c1023678a1086f790f9dce435558fe138d7362090db7457c14bc34e6bde0887c697add9a7ab69000000004f0a9c139e19b27de95dbfb3fe241454a04080bf668ce021879c820f9b80fe233888f0008000007027d4b33729d714e0e205db36aa52281c71e90bbd1615e3a833c63d330700f514c622ff99237bfb3557b4e44bdfdae050a0678a3d8407b0a45c623d8ef9baf37ac4effeac63a1606ff3c25ac788dbcc31bb76fbf87fc74300000000932d2793674f1f8719d07a6396b18b6e214bd29aef8d03483012c76199e301494d766a733d7117fc9107bc5b9267fbf8b0d2e2f4f6582b9510d30a5d3d3bd12bc338028e217e7d59efd3090be5bf2f9d1c42104df0da362f586aa2397bb7866d97163b2bdc3364b08dfcc0415c369736ea2897e6bb88e8fae37345fb21b69331e250886b7bf9efdcd5e998f7cfad443c3336c6abfc401c4f774942c7e5a56f0c3281afbf9b1f5e2a7080d147347508a7d2884a2b49b6039c221dabadcd313c01384dd93ff43a3ff43b69bb8659a89d857f3b15de7b06fd9fe93470ee07794c213f9c51a7ecaa2cdc70024c3aa400000000000000000000000000000000000000000000000085d16fbc2f7845935b8abf55ae4fc25c736170a4b9b78bacd235e49c0c773e783f48e36d61aebcaaeec26da752aba7eda57fbe0fbb9d771e1d5b2979ab12b6467ae7d8d746"], &(0x7f0000000140)='GPL\x00', 0x0, 0xfffffe1f, &(0x7f00000004c0)=""/153, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x49}, 0x15)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r7, 0x0, 0x12, 0xfffffffffffffd85, &(0x7f00000000c0)="61df712bc884fed5722780b688a8", 0x0, 0x739d, 0x0, 0x20}, 0x28)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000a40)=ANY=[@ANYBLOB="7c0000000301010800000000000000000a00fffc0c00198008000200080200005c0002802c00018014000300ff01000000000000000000000000000114000400fe8000000000000000000000000000142c0001801400030020010000000000000000000000000002080004"], 0x7c}}, 0x0)

2.362867176s ago: executing program 4 (id=298):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x0, 0x5, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r1}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"})

2.356282417s ago: executing program 4 (id=299):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000004c0)={{r1}, &(0x7f0000000380), &(0x7f00000003c0)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0xffffffff, @hyper}, 0x10, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$sock(r2, &(0x7f0000000cc0)={&(0x7f0000000680)=@pppol2tp={0x18, 0x1, {0x0, r3, {0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x2, 0x0, 0x1}}, 0x80, &(0x7f0000000c40)=[{&(0x7f0000000700)="02ab4c225cdc6e50389a2ae80142cb1bffc9374753b8aa27244c656f520db729cb685af5535b92150dc06ad43799ce5a4fa89204146c6fa160d42c431e47be070e14d6a2e5951dad1f2b3da5fd96ceac1ecd55407f2094093f0da60dee5a59f3ac990729fa7d3bdcca9b08eacee1eaf16438cd8757785a1bba2b569c862507d4e23421a9fdef5790a53fc7d77b233595803832b2f8cb704f3e", 0x99}, {&(0x7f00000008c0)="b068bbb1774d9d4a3be5b0d8644429111402a0347af75d24b961429874433cabc67989f922f13aded805d1e584f4260119cdf394039804fc1f724c07aebc3bf13e84", 0x42}, {&(0x7f0000000940)="25a76ab68ff368263826c003365d0c5c2b051a87a5b230fd07da64d5879e680f110ff66cddf2c201a68f2f94ccdba4eca4de77ffb82bf00df12b7372ffda9e489793341e044209aa13c4c7573f2234999d261a0c4f9442b13b1395ae0a28a549267dda3e8e11e7fb4529ed0d29d19f613ce425864b95b577c41221a8ca89e719142f5121b135a954c31249164466f03176ad4739ac", 0x95}, {&(0x7f0000000a00)="3bb14ccd5475fb934bc06e8c47176dc992722b774be322325693e3a6f5dde5294c4b875220c03f6d2bebc9eb790eeb6382db7c5f40c144e7fb8c666c010f339082b491b3a74d93e863fa345853a685", 0x4f}, {&(0x7f0000000a80)="e475806ba29127c6f6e9d7bd738cdb4b92754785991dea3ac5213e2f6c1099da63e51ba2f0c60be443687294406932f2bf9af36080f998c61c4de21506afc10655365a479b8b56a6c3e3ff4e6917188c1815b1769551cb4b01c042aa8d421aa2d1062ca762908cd65cb72d5a2d1239e8aea38ec968c318c723243d59527538a9", 0x80}, {&(0x7f0000000b00)="cd722b2260d827c7a1724eaa9d94d730c3d44aae5e4102f59bce4fa1ad146374e689b1515b830acbd959f5ba336557ce6e32588c6c00a2ccc1e5bdba10e8e69cafc5a4254fd5dbfbe87742f5d591723552f13709f97879c4a2fc1066f2481e20cddf0cc26c6aea80824ef80990c9d6b8336eddef2486e4a7dedace986c83739d99b2ccb6ea51", 0x86}], 0x6, &(0x7f0000000040)=[@txtime={{0x18, 0x1, 0x3d, 0x10000}}], 0x18}, 0x4040)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x1a, 0x3, &(0x7f0000000400)=@framed, &(0x7f0000000340)='syzkaller\x00', 0x1, 0xc5, &(0x7f0000000180)=""/197, 0x0, 0x0, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x64}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={0x0, r5}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000580)='kmem_cache_free\x00'}, 0x10)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@loopback, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@loopback, 0x0, 0x2b}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}, 0xe8)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0)
r7 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[], 0x10}}, 0x0) (fail_nth: 2)

2.06820355s ago: executing program 4 (id=301):
sendmsg(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x0, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020148100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
ioprio_set$uid(0x3, 0x0, 0x0)

1.851746458s ago: executing program 4 (id=303):
socket$inet6(0xa, 0x80002, 0x0)
open(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x2, 0x7fe2, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB])
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r6, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
umount2(&(0x7f00000001c0)='./file0\x00', 0x0)

1.671001933s ago: executing program 0 (id=304):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6, 0x24, 0x1a, 0x0, 0x28}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x20, 0x80, 0x1c, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3158}}, 0x0, 0x0, 0x0, 0x0})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x18}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000003000000000000000000001811", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e8500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x26e1, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r5, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x808000, 0x4, 0x20300, 0xfc}, 0x1c)
bind$packet(r5, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x81, 0x6, @broadcast}, 0x14)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
r6 = dup(r4)
ioctl$KVM_SET_MSRS(r6, 0xc008ae88, &(0x7f00000000c0)=ANY=[@ANYBLOB="8200000002000000044d564b"])
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='ext4_da_write_pages\x00', r7}, 0x10)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r8, &(0x7f0000000180), 0x2000)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
read$FUSE(r6, &(0x7f0000001080)={0x2020, 0x0, 0x0, 0x0, 0x0, <r9=>0x0}, 0x2020)
sched_setscheduler(r9, 0x2, &(0x7f0000000080)=0x2)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000001040)={0x14, 0x0, &(0x7f0000001000)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)

1.655734104s ago: executing program 1 (id=305):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000008000008500000006"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000000)={'gretap0\x00', &(0x7f0000000100)={'gre0\x00', 0x0, 0x0, 0x7, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @dev}}}})
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c00170000000000100020f1850000006d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r4}, 0x10)
setsockopt$inet_mreqn(r3, 0x0, 0x40, &(0x7f00000000c0)={@multicast1, @multicast2}, 0xc)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r5}, 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={0x0, r6, 0x0, 0x1, &(0x7f0000000080)='\x00', <r7=>0x0}, 0x30)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000300)={r7}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r2}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r8, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000040), &(0x7f0000000280)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_SURVEY(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r10, @ANYBLOB="a903000000000000000032"], 0x1c}}, 0x0)

1.408827564s ago: executing program 1 (id=306):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x0, 0x5, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r1}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"})

1.356034868s ago: executing program 1 (id=307):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000000c0)="17000000020001000003be8c5ee17688a2003208030300ecff3f0000000300000a0000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dff060115003901000000000000ea000000000000000002", 0x8a)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'wlan1\x00', <r4=>0x0})
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)={0x9c, r5, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}, @NL80211_ATTR_TID_CONFIG={0x40, 0x11d, 0x0, 0x1, [{0x2c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x2}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0xe169}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x9}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xd2}]}, {0x10, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xd9}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}]}]}, @NL80211_ATTR_TID_CONFIG={0x3c, 0x11d, 0x0, 0x1, [{0x38, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0xd0}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x8d}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x4}]}]}]}, 0x9c}}, 0x4008010)
r6 = socket$unix(0x1, 0x1, 0x0)
connect$unix(r6, &(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r7 = open(0x0, 0x0, 0x80)
write$binfmt_script(r3, &(0x7f0000000540)={'#! ', './file0', [{0x20, 'cgroup.subtree_control\x00'}, {0x20, '([&-'}, {0x20, '#]/'}, {0x20, 'cgroup2\x00'}, {0x20, '/&:#'}, {0x20, '#!'}, {0x20, ')'}, {0x20, '(8/+[))'}, {}, {0x20, 'nl80211\x00'}], 0xa, "edcc6e07cabe092de11d102225ff7798252ef72e509d9ea64896784d1e1468f468a4b309aa1e43f5438fabbdc1c057c05f46e7a3a7bc884353379590aaa9761bc33be3c6f5ef88927a9fe8dd2cd5a0d3012068db92d633109519570075ebde9da25a2b1fefa28d8d36f814ce9338636c0d24326cb884631668446a4f8f936ceb0cd7c669b13c557dbd0aa0c77850ed0be6e7d3d22a24d22cc306f098782e7b1d73b2472dbbaa252bd38dbde4dbddba751d930f1c"}, 0x105)
r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r8, 0x29, 0x19, &(0x7f0000000040)=0x3, 0x4)
syz_emit_ethernet(0x6e, &(0x7f0000000340)={@multicast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "02adf7", 0x38, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @time_exceed={0x3, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "fd9063", 0x0, 0x3a, 0x0, @mcast1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], "1e520b4c951ee12e"}}}}}}}, 0x0)
recvfrom$inet6(r8, 0x0, 0x0, 0x0, 0x0, 0x0)
fstat(r7, &(0x7f00000004c0))
r9 = openat$cgroup_subtree(r7, &(0x7f00000001c0), 0x2, 0x0)
write$cgroup_subtree(r9, &(0x7f0000000100)={[{0x2d, 'pids'}]}, 0x6)
socket$key(0xf, 0x3, 0x2)

1.293919444s ago: executing program 3 (id=309):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x0, 0x5, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r1}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"})

1.287987804s ago: executing program 3 (id=310):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=@framed={{}, [@ringbuf_output={{0x18, 0x2, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x43}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r2 = open(&(0x7f0000000180)='./bus\x00', 0x14957e, 0x0)
readahead(r2, 0x0, 0x0) (fail_nth: 2)

807.304263ms ago: executing program 4 (id=311):
lstat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r0=>0x0})
getresuid(&(0x7f0000000180), &(0x7f00000001c0)=<r1=>0x0, &(0x7f0000000200))
mount$9p_rdma(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x8, &(0x7f0000000240)={'trans=rdma,', {'port', 0x3d, 0x4e23}, 0x2c, {[{@rq={'rq', 0x3d, 0xffffffffffffffff}}], [{@appraise_type}, {@uid_eq={'uid', 0x3d, r0}}, {@uid_gt={'uid>', r1}}]}})
io_setup(0x3, &(0x7f0000000300)=<r2=>0x0)
r3 = syz_open_dev$usbfs(&(0x7f0000000340), 0x3, 0x420000)
r4 = eventfd2(0x80000000, 0x80800)
io_submit(r2, 0x1, &(0x7f0000000440)=[&(0x7f0000000400)={0x0, 0x0, 0x0, 0x3, 0xd7, r3, &(0x7f0000000380)="e249ea94ac81d4f99efd99adb2164074009e594201831746f621a67a2ee1780f6dc9c0bd6db7412b3e18a2423ae1e81df09aecb917d05e29086202d98c13872ca83831a16df2d77062f9828960e9", 0x4e, 0x0, 0x0, 0x2, r4}])
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000500)={{0x1, <r5=>0xffffffffffffffff}, &(0x7f0000000480), &(0x7f00000004c0)}, 0x20)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f00000006c0)={'batadv0\x00', <r6=>0x0})
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000740)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x5, 0x3}, 0x48)
r8 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000007c0), 0x80, 0x0)
r9 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000800)='/sys/power/pm_freeze_timeout', 0x10003, 0x6)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000880)={0x6, 0x14, &(0x7f0000000540)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x9}, [@cb_func={0x18, 0x9, 0x4, 0x0, 0xfffffffffffffffd}, @alu={0x7f187df0b64ab683, 0x0, 0x2, 0x6, 0x3, 0xc1de1ffbb0170824, 0xffffffffffffffff}, @jmp={0x5, 0x1, 0x5, 0x0, 0x3, 0x100, 0x10}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @cb_func={0x18, 0x9, 0x4, 0x0, 0xffffffffffffffff}, @generic={0x81, 0x9, 0x6, 0x6, 0x400}]}, &(0x7f0000000600)='syzkaller\x00', 0x9, 0x53, &(0x7f0000000640)=""/83, 0x41100, 0x4f, '\x00', r6, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000700)={0x2, 0xa, 0x5}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000840)=[r7, 0x1, r4, r8, r9], 0x0, 0x10, 0x5}, 0x90)
write$P9_RREADDIR(r4, &(0x7f0000000940)={0x49, 0x29, 0x1, {0xad, [{{0x4, 0x1, 0x2}, 0xc, 0x3, 0x7, './file0'}, {{0x20, 0x1, 0x1}, 0x6, 0xaf, 0x7, './file0'}]}}, 0x49)
execveat(r9, &(0x7f00000009c0)='./file0\x00', &(0x7f0000000a40)=[&(0x7f0000000a00)='-))%\x00'], &(0x7f0000000b00)=[&(0x7f0000000a80)='\\%\x00', &(0x7f0000000ac0)='%\x00'], 0x100)
ioctl$SIOCSIFHWADDR(r9, 0x8924, &(0x7f0000000b40)={'netpci0\x00'})
ioctl$EVIOCGPROP(r9, 0x80404509, &(0x7f0000000b80)=""/160)
r10 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000d00), 0x0, 0x0)
io_submit(r2, 0x1, &(0x7f0000000d80)=[&(0x7f0000000d40)={0x0, 0x0, 0x0, 0x5, 0x10, r4, &(0x7f0000000c40)="c42efe86d48ea9c0bce32debf1fd6033c7c08a7a1e78d1eb126d67d5a3f2d55ffda7be2aa97cfe086212517dfacf59fa4853cdd78c2bc8d25686adf763a45a104135ce490a4752d8f40d9c3f7c5e336b04ad506d8547ab8e69d9a4d8c9738d1d78f6dfbc4a9ed2e696aca8ffe8e649bfa1652daab9292bcc1d6c691026f5e4a356cd31418195e80f0a4b26e5260ce465d46bb5044d4c8127a0aac53904f89d2be67f171b8e2eea491f1e55988bb6587bb407", 0xb2, 0x6, 0x0, 0x2, r10}])
r11 = syz_usb_connect$cdc_ncm(0x3, 0x78, &(0x7f0000000dc0)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x66, 0x2, 0x1, 0x4, 0x10, 0x1, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x7, 0x24, 0x6, 0x0, 0x1, "02bc"}, {0x5, 0x24, 0x0, 0x5}, {0xd, 0x24, 0xf, 0x1, 0x1, 0x4, 0x8, 0x81}, {0x6, 0x24, 0x1a, 0x9d5, 0xc}, [@country_functional={0x8, 0x24, 0x7, 0x5, 0x4, [0x9c]}]}, {{0x9, 0x5, 0x81, 0x3, 0x40, 0x1, 0x6, 0x7}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x40, 0x61, 0x7, 0x5}}, {{0x9, 0x5, 0x3, 0x2, 0x400, 0xff, 0x1, 0x7}}}}}}}]}}, &(0x7f0000000f40)={0xa, &(0x7f0000000e40)={0xa, 0x6, 0x201, 0xd9, 0x7, 0x7, 0x10, 0x2}, 0x8, &(0x7f0000000e80)={0x5, 0xf, 0x8, 0x1, [@ptm_cap={0x3}]}, 0x2, [{0x4, &(0x7f0000000ec0)=@lang_id={0x4, 0x3, 0x1c0a}}, {0x4, &(0x7f0000000f00)=@lang_id={0x4, 0x3, 0xf0ff}}]})
syz_usb_control_io$cdc_ncm(r11, &(0x7f0000001080)={0x14, &(0x7f0000000f80)={0x0, 0x2, 0x84, {0x84, 0xa, "0d55e2c6e0b42209382e42df09515ee96435160ff310d38ccdc4bcff7f1133d958281f058e17d7e1201ec5221bbf654841303dde250fd0e78433b097767fe9d7808d91f059e95a98734cc75fdc7694125e77db8394680a662613387ac40a47294443146c03f1c72ab9a2e612dab10b3687456b84b8bc2395ca8002b4584cc5a4a702"}}, &(0x7f0000001040)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000001340)={0x44, &(0x7f00000010c0)={0x0, 0x11, 0x88, "085df7687477b05de0576cd4d77b616cc3cf2c6b213f7c04d846b9a3aeafa8bb6769f9d5b1092c1cf298b431c92cebb35b49e7a9d93ef1e7fedb960217d65be165acdd3a5adb21cd1ae15bf6586039b4efb401d3e75627b064d74c60f184b5d33d35adffbe4810abbb8d686a35f4c659f11d6a1adbf16781ecc0e9ed7fcccd9367c67f0e92fe208b"}, &(0x7f0000001180)={0x0, 0xa, 0x1, 0x7}, &(0x7f00000011c0)={0x0, 0x8, 0x1, 0xd}, &(0x7f0000001200)={0x20, 0x80, 0x1c, {0x4, 0x2, 0x94, 0x2, 0x5b, 0x2, 0x3, 0xffff, 0x0, 0x1, 0x101, 0x200}}, &(0x7f0000001240)={0x20, 0x85, 0x4, 0x4}, &(0x7f0000001280)={0x20, 0x83, 0x2}, &(0x7f00000012c0)={0x20, 0x87, 0x2, 0xa}, &(0x7f0000001300)={0x20, 0x89, 0x2, 0x1}})
futex(&(0x7f00000013c0), 0x5, 0x2, &(0x7f0000001400), &(0x7f0000001440), 0x0)
ioctl$FAT_IOCTL_GET_VOLUME_ID(r4, 0x80047213, &(0x7f0000001480))
r12 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x40010, r10, 0x0)
syz_memcpy_off$IO_URING_METADATA_FLAGS(r12, 0x118, &(0x7f00000014c0), 0x0, 0x4)
lsetxattr$security_evm(&(0x7f0000001500)='./file0\x00', &(0x7f0000001540), &(0x7f0000001580)=@ng={0x4, 0x7, "fba4be7365066d17f697ae"}, 0xd, 0x0)
ioctl$BTRFS_IOC_INO_PATHS(r4, 0xc0389423, &(0x7f0000001600)={0x3ff, 0x28, [0x0, 0xff, 0x7, 0x4], &(0x7f00000015c0)=[0x0, 0x0, 0x0, 0x0, 0x0]})
recvmmsg(r8, &(0x7f0000007500)=[{{&(0x7f0000001640)=@sco={0x1f, @fixed}, 0x80, &(0x7f0000002940)=[{&(0x7f00000016c0)=""/197, 0xc5}, {&(0x7f00000017c0)=""/4096, 0x1000}, {&(0x7f00000027c0)=""/41, 0x29}, {&(0x7f0000002800)=""/21, 0x15}, {&(0x7f0000002840)=""/232, 0xe8}], 0x5, &(0x7f00000029c0)=""/4096, 0x1000}, 0x5}, {{&(0x7f00000039c0)=@l2, 0x80, &(0x7f0000003dc0)=[{&(0x7f0000003a40)=""/199, 0xc7}, {&(0x7f0000003b40)=""/189, 0xbd}, {&(0x7f0000003c00)=""/35, 0x23}, {&(0x7f0000003c40)=""/107, 0x6b}, {&(0x7f0000003cc0)=""/242, 0xf2}], 0x5, &(0x7f0000003e40)=""/168, 0xa8}, 0x3}, {{&(0x7f0000003f00)=@pppol2tpv3={0x18, 0x1, {0x0, <r13=>0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, &(0x7f00000050c0)=[{&(0x7f0000003f80)=""/176, 0xb0}, {&(0x7f0000004040)=""/55, 0x37}, {&(0x7f0000004080)=""/62, 0x3e}, {&(0x7f00000040c0)=""/4096, 0x1000}], 0x4, &(0x7f0000005100)=""/94, 0x5e}, 0xd4}, {{0x0, 0x0, &(0x7f0000005180)}, 0x7}, {{&(0x7f00000051c0)=@pppol2tp={0x18, 0x1, {0x0, <r14=>0xffffffffffffffff, {0x2, 0x0, @loopback}}}, 0x80, &(0x7f0000007240)=[{&(0x7f0000005240)=""/4096, 0x1000}, {&(0x7f0000006240)=""/4096, 0x1000}], 0x2, &(0x7f0000007280)=""/150, 0x96}, 0xfae3}, {{&(0x7f0000007340)=@in6={0xa, 0x0, 0x0, @remote}, 0x80, &(0x7f0000007480)=[{&(0x7f00000073c0)=""/164, 0xa4}], 0x1, &(0x7f00000074c0)=""/1, 0x1}, 0x577ceb26}], 0x6, 0x40000002, &(0x7f0000007680)={0x0, 0x3938700})
sendmsg$TIPC_CMD_SET_LINK_PRI(r14, &(0x7f00000077c0)={&(0x7f00000076c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000007780)={&(0x7f0000007700)={0x68, 0x0, 0x300, 0x70bd27, 0x25dfdbff, {{}, {}, {0x4c, 0x18, {0x8, @link='broadcast-link\x00'}}}, ["", "", "", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x20048014}, 0x20000001)
ioctl$EXT4_IOC_SWAP_BOOT(r13, 0x6611)

735.127949ms ago: executing program 3 (id=312):
r0 = socket$inet6(0xa, 0x0, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
r1 = socket$inet6(0xa, 0x3, 0x7)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@private2, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x62}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@empty, 0x0, 0x32}, 0x0, @in=@multicast1}}, 0xe8)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
r2 = userfaultfd(0x80801)
setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0xd, &(0x7f0000000380)="0b43c2163600bc8943fc0300006b1f6fdb2e5cfa2738798559326a0682a92ed7885d1ba8c047828b23fae1443ee818ad5f943f77d07cabad1320691fced92fba229c", 0x42)
getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, 0x0, &(0x7f0000000200))
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_ZEROPAGE(r2, 0xc020aa04, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000500)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
setpriority(0x0, 0x0, 0x0)
sendto$inet6(r0, &(0x7f0000000100)="52c5839e2d2a299b10bfff29e66657215fe698d3ab9a5245ca1eae67905e87a83f77d5bb6849f5374a7218eca7fe588410068a106b5b81a8bc3dd55f43cdeea105f6248577a2f5", 0x47, 0x801, &(0x7f0000000080)={0xa, 0x4e23, 0x6, @private0, 0xb4}, 0x1c)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0xfff7)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
socket$key(0xf, 0x3, 0x2)
ioctl$UFFDIO_UNREGISTER(r2, 0x8010aa01, &(0x7f0000000280)={&(0x7f0000fff000/0x1000)=nil, 0x1000})
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=@newsa={0x154, 0x10, 0x713, 0x0, 0x0, {{@in=@remote, @in=@local, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, {@in=@loopback, 0x0, 0x32}, @in6=@rand_addr=' \x01\x00', {}, {}, {0x0, 0x0, 0x80000000}, 0x0, 0x0, 0xa}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @encap={0x1c, 0x4, {0x1, 0x0, 0x0, @in=@loopback}}]}, 0x154}}, 0x0)
accept4(0xffffffffffffffff, 0x0, &(0x7f0000000200), 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r4, &(0x7f0000000000)={0xa, 0x4e21, 0x9d4a, @remote, 0x9}, 0x1c)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x63, 0x11, 0x2f}, [@ldst={0x7}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48)
socket$inet6(0xa, 0x3, 0x2c)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000001c0)={0x0, @remote, @local}, &(0x7f0000000240)=0xc)

734.620969ms ago: executing program 3 (id=313):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={<r0=>0xffffffffffffffff})
close(r0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
close(r0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdb4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe15, 0x5, 0x0, 0x0, 0x0, 0x0, 0x8, 0xffffffffffffff4b, 0x0}}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r2, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r2}, 0x0, 0x0}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r3}, 0x10)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @broadcast})

638.620597ms ago: executing program 3 (id=314):
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x2, 0x4, 0x2}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000007000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000fdffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
r3 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0)
fstat(r3, &(0x7f0000000cc0)={0x0, 0x0, 0x0, 0x0, <r4=>0x0, <r5=>0x0})
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x100080d, &(0x7f0000003f80)=ANY=[@ANYRES32=r5, @ANYRESOCT, @ANYRES8=r5, @ANYRESDEC, @ANYBLOB="215aa15bf29ed2ff6f9241ff60693d298a3d41143bfc9091146111b4930c37eddcf542d641b821af229e7d8780d50b6f47fa3e5928555eb4d6d507d92b87b0b01c19c789895e02891afc082bb85a470e7f168a6aa2c2bc51a3f3a404a4a1e6e2fbad00d592df65bd2a593f488bf41dbc7ea43fe2554fbe34e4a77f606f35e445aff55aaa19f7ffffffffffffff19bd4739c80c9e6681229c48e0c6de634c35c029c4eb3b43412c95089416a3d607800000303758410658a4ec52e5b778eda9cd1bd8834e145c111690b0da927087e805000000000100008fd8b9bdfbdaa777db54127463a589ee1925c34b6459505702f3a45f285c53c1f15bab2eef6324d67ad8d7e247317d80ff3ad9120b4e2294e67de9adaab76fa991571a187cd8f7fbc49bf45d6f8dbf69ef0d765a02ad98e802b1688148a8c017e3af238f82c49bbd8ba542fbfec5693d82158e3216b95656986f9d7eec7244a27dfaf8623fc76943bf142a6159d6c622dbcac3d324d07be5a5cc88f85a857ff9d45924424d3453c969afa37d952940f3147d5af234b39c3ff742a2e5300e10ee692a32f5c3321d44eadaa8c44bf9d534b52fe758082299e04f839e529a6d0293bf12770ac948730a0c367e117137c6fd930b1f306138163b7180e111d6926255a71bd227b1d27f2897721e3bda884b0792a81134d8fbc9aafc732b15aee5c9e0a835ac17b457efa36ce1095a3196d278207846ea81172826d49b87aac6e662bb824f16b0b65fc6989395ba022bd6af2f1830375c311bdf55f15d9830564e65dc76e5b7c9a91e857dbcef3909cfd628649337de6ff04a398f4325a430467aee51d7fa12ef61bc0b67d1e18e62754d8a2b65fbb8e01450b2882a99f414220f9fb94009492270cc703569cfef8cc0d520b023ce6bf947c3f301b8320f12966a7736956fd7aba87b9ea3f90699ec8b916bf539b348d44069af48c413fe58e99f10ba139d16450158e3001d388e9fd31b105ee2a6c8810570469938f3d6e4bb63ea045bb4eebb1504d5457d4460bd7fe9344ffbfbef28fce0aef35003a99826f893acdfb4dd460c41d1e31f49e331993bf0a7825e2968ef4f735f20a92672e5921c05a8b4b2c4402e38f524856365d1cdeb179e3491b2d546f7b6a441136f4293857dc7a0f48b10a41825eb6c05e8386d021dcf4f1b19b7067f32877acccf22810db3cf4870f61f0ac08dd51993813f72f75a1dcdb5e9c01e87dbadc00220c06cd0628363dbc4a1da0482524b32c7292aedd9bfb5eed00fbdbdc59f8c2543bb6285441b966ec995b63c4a7a7cf279c59f5c385dcceacb520905098607b0b46f81ebf9ca2563fda18024314292dc02a6e226beb6b63bf8f190a4b2865a9246094cbeff3d593f42b5df77e5c875265ff15c8fbceb6f5310f07606ad5cbe38a86c06742a1ce62f890f05e23c67204612c7ab0500000034a829c8749455d880057b4665f6964f37f2e07dfb9654db40a56633f7751f15e392a9c73fe02135ff9a7dbd66292a0e91f7ceec617c3759e18dd7d6f16a3a597cf55efedbf42345aec4970686800085ffb22b09f5418a5d74620a7e30713c50d734a8e9da4c2815acec2afc37ed8c8a9c2354acba756f6a09d8e33706ccda743a624708cf9ccbc016a7b2c5302cc131ededaf8f54dbce508d1e27ddb0ac254426c25b851cfbd6ab4d9474d34cf486bfffe0a87055ebba5f14ee", @ANYRESHEX, @ANYRESDEC, @ANYRES32, @ANYRESHEX=0x0, @ANYRESOCT=r4, @ANYRESDEC, @ANYRES8=r5, @ANYRES8=r3], 0xff, 0x1f1, &(0x7f0000000900)="$eJzsmb2LE0EYxp+Z3cveHSLYWNhYeOCJ3n5F5ZorThArQThFLYO3CcFNIskKSUAk2NhYigi2/gMWFqks7OxstVBBsDClYCGMzOy4mSRuSLgigbw/yOR53/l6Z0ieLRYEQaws377++vLsyu7NCwCOYQuOzv+whmM4kEWfXz48/3zv6qs3n16/rx9/1B9fbx2AELPvvwHg3b6FREVCiMej/VuyeTGauwWOc1rfBoObyj9CkQYRGO4qZQOZBhobWsSRe68RH5arceTLJpBNKJuiuZecPegxHGZnE4IZ/a1O934pjqPmuFgT//aZ6JpXTLs/Vd8+x56OZX0cwJ2nT3oy1ncDHzy9SwABOAKti2A40HoXDlzXHV6Jcf5T9nB9a5bzL0qw3+nPQGZO7Cy+npURwlmKMmYQbDwj/9BZ5uSg/2Fy1vdlKT5fMOQ4jjIuAFnmmh7zcTOOrx9h04LecbLLMv2J2cBZw59s2Jl/eEntgdfqdHeqtVIlqkT1MCxe9i/6/qXQK1cd+J6yoyn+t678adNYf80cYDxQCqyAdilJmkEbSJpBFodpazjuwdvGTzWHK//j2D6TriEvWR3b+X89TH+4+pZq28otniAIgiAIgiAIgiAIgiAIYi5OgyF9BaJeVIkcwhtq9N8AAAD//zSFbeI=")
syz_emit_ethernet(0x76, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd6000008000403c00fc000000000000000000000000000000ff02"], 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e0000001080002"], 0x64}}, 0x0)
syz_usb_connect$cdc_ecm(0x0, 0x56, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000020000082505a1a44000000001010902440001010000000904000000020600000324"], 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0)

449.917873ms ago: executing program 1 (id=315):
sendmsg(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x0, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020148100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
ioprio_set$uid(0x3, 0x0, 0x0)

310.707704ms ago: executing program 2 (id=316):
sendmsg(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x0, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020148100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
ioprio_set$uid(0x3, 0x0, 0x0)

284.140366ms ago: executing program 1 (id=317):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000008000008500000006"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000000)={'gretap0\x00', &(0x7f0000000100)={'gre0\x00', 0x0, 0x0, 0x7, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @dev}}}})
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c00170000000000100020f1850000006d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r4}, 0x10)
setsockopt$inet_mreqn(r3, 0x0, 0x40, &(0x7f00000000c0)={@multicast1, @multicast2}, 0xc)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r5}, 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={0x0, r6, 0x0, 0x1, &(0x7f0000000080)='\x00', <r7=>0x0}, 0x30)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000300)={r7}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r2}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r8, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000040), &(0x7f0000000280)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_SURVEY(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r10, @ANYBLOB="a903000000000000000032"], 0x1c}}, 0x0)

263.227638ms ago: executing program 1 (id=318):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000100), 0x4)
r1 = socket$igmp(0x2, 0x3, 0x2)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x6, &(0x7f0000000140)={0x0, {{0x29, 0x0, 0x0, @mcast1}}}, 0x88)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x0, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10)
r3 = getpid()
sched_setscheduler(r3, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'lo\x00', {0x2, 0x0, @loopback}})
connect$inet(r0, &(0x7f00000006c0)={0x2, 0x0, @dev}, 0x10)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x3, 0x4, &(0x7f0000001180)=ANY=[@ANYBLOB="8500000013000000350000000000ba00850000000800000095000000000000004cf12aa5cbd56806f81f06a9c0ff431553ca08030871e23089f5e0a141d524588f32cb447f90ee60b191e2c825cd4d580e7953f911aa1f7017230163cf09493497cbe593f90a847687a1ef1f83dd6c1023678a1086f790f9dce435558fe138d7362090db7457c14bc34e6bde0887c697add9a7ab69000000004f0a9c139e19b27de95dbfb3fe241454a04080bf668ce021879c820f9b80fe233888f0008000007027d4b33729d714e0e205db36aa52281c71e90bbd1615e3a833c63d330700f514c622ff99237bfb3557b4e44bdfdae050a0678a3d8407b0a45c623d8ef9baf37ac4effeac63a1606ff3c25ac788dbcc31bb76fbf87fc74300000000932d2793674f1f8719d07a6396b18b6e214bd29aef8d03483012c76199e301494d766a733d7117fc9107bc5b9267fbf8b0d2e2f4f6582b9510d30a5d3d3bd12bc338028e217e7d59efd3090be5bf2f9d1c42104df0da362f586aa2397bb7866d97163b2bdc3364b08dfcc0415c369736ea2897e6bb88e8fae37345fb21b69331e250886b7bf9efdcd5e998f7cfad443c3336c6abfc401c4f774942c7e5a56f0c3281afbf9b1f5e2a7080d147347508a7d2884a2b49b6039c221dabadcd313c01384dd93ff43a3ff43b69bb8659a89d857f3b15de7b06fd9fe93470ee07794c213f9c51a7ecaa2cdc70024c3aa400000000000000000000000000000000000000000000000085d16fbc2f7845935b8abf55ae4fc25c736170a4b9b78bacd235e49c0c773e783f48e36d61aebcaaeec26da752aba7eda57fbe0fbb9d771e1d5b2979ab12b6467ae7d8d746"], &(0x7f0000000140)='GPL\x00', 0x0, 0xfffffe1f, &(0x7f00000004c0)=""/153, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x49}, 0x15)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r6, 0x0, 0x12, 0xfffffffffffffd85, &(0x7f00000000c0)="61df712bc884fed5722780b688a8", 0x0, 0x739d, 0x0, 0x20}, 0x28)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000a40)=ANY=[@ANYBLOB="7c0000000301010800000000000000000a00fffc0c00198008000200080200005c0002802c00018014000300ff01000000000000000000000000000114000400fe8000000000000000000000000000142c0001801400030020010000000000000000000000000002080004"], 0x7c}}, 0x0)

161.427686ms ago: executing program 2 (id=319):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x0, 0x5, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r1}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"})

152.907547ms ago: executing program 2 (id=320):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000008000008500000006"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000000)={'gretap0\x00', &(0x7f0000000100)={'gre0\x00', 0x0, 0x0, 0x7, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @dev}}}})
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c00170000000000100020f1850000006d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r4}, 0x10)
setsockopt$inet_mreqn(r3, 0x0, 0x40, &(0x7f00000000c0)={@multicast1, @multicast2}, 0xc)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r5}, 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={0x0, r6, 0x0, 0x1, &(0x7f0000000080)='\x00', <r7=>0x0}, 0x30)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000300)={r7}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r2}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r8, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000040), &(0x7f0000000280)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_SURVEY(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r10, @ANYBLOB="a903000000000000000032"], 0x1c}}, 0x0)

96.153911ms ago: executing program 2 (id=321):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0xa, 0x4, 0x808, 0xc}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020642500000000002008007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001840)={{r0}, &(0x7f00000017c0), &(0x7f0000001800)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000200)='signal_deliver\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000017b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x52)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_deliver\x00'}, 0x10)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)

84.778523ms ago: executing program 2 (id=322):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000080)=0x8, 0x4)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cpuset.memory_pressure\x00', 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x6}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffdb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$BTRFS_IOC_QGROUP_ASSIGN(r1, 0x40189429, &(0x7f0000000040)={0x1, 0x3, 0x73e3})
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x12, 0x8, 0x4, 0x7cb4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xb, 0x1f, 0x2, 0xbf22, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x9, 0x4, 0xfff, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x24, 0x68, 0x309, 0x0, 0x0, {}, [@NHA_BLACKHOLE={0x4}, @NHA_ID={0x8, 0x1, 0x1}]}, 0x24}}, 0x0)

0s ago: executing program 2 (id=323):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = open(&(0x7f0000000040)='./bus\x00', 0x14507e, 0x0)
r2 = eventfd2(0x0, 0x0)
dup2(r2, r1)
write$eventfd(r2, &(0x7f0000000000)=0xfffffffffffffffe, 0x8)
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f0000000000)={0x0, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000240)=""/53, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x0, 0x0, &(0x7f0000000500)=""/73, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000480))
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000340)=0xffffffff)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x0, 0x0})
dup2(0xffffffffffffffff, r3)
r4 = socket(0x10, 0x3, 0x0)
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0, <r5=>0x0}, &(0x7f0000cab000)=0x12)
setregid(r5, 0x0)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f00000024c0), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r6, @ANYBLOB=',~ootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYRESOCT=r1], 0x0, 0x0, 0x0)
utimes(&(0x7f0000000280)='./file0\x00', 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000c80)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r7}, 0x10)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r8 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESOCT=r8, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r8, &(0x7f00000040c0)={0x2020, 0x0, <r9=>0x0}, 0x2020)
write$FUSE_INIT(r8, &(0x7f0000000100)={0x50, 0x0, r9}, 0x50)
syz_fuse_handle_req(r8, &(0x7f000000c280)="897c6500ff3035465c7acb4e06980b05687c1480c7aafe631c0543db2bf0d6f539506e8782da06c1ca018774d72e9e5a3418ab66ee78dad68457b17ec9d47bf7d8272d607c1c0a4bd906f0cee7f8451828d2458596bdd6a459ba18ebaf61b38f5d66c27fa8a024ad7832a85e58689a4c254c94cbcf7208fce6e61d9566459789d15a6f91dd7db7c54cc3a94da956fb290a8a15f849270bc459d9d9f47801be86dd5c9d18382081a993b7bfde5c28adca4c7132fd6be743b076033b5859891703eb65fa256d6f47450b6edacbd05a9bd8b372e90cfc30f32826566dac6c48e6ef001881cbc30482f9ec469e476a101da496b8c0785eaf875d3608b0c49e9d39baaa1041f903a805f0f24aa63722fa2d87b98595fa5cfaf8b79c458de43ee39904e7cac7540a934b4108957785d58807abff186949f1b94cd21b724aff34ac45c7066dcdbd68ea7b766af9d045cd7fafeafc5c5a0c3400ef4e0c71a6fdd5b8d68a6f317644cda9d2fd2c839a82b97b3d909b54c672227bef573c9de1991d65a63017f724d1f7f1575e69db53318a7fd7065b303e751518c8eef04f642dbd4dfa349040a7b5401050ffc2b4ef62803a7c8eaba99e011dfac24d81b2b61e0b0581e53bf520f623eca17f0545c5e59ff15b527475f970f589894ae589145fa4283f7225088ccfeba1d72e9128f8c223ae1840f2edae3dbcdf7e560d5cdf4f71c9ada1931c0f8312c000101b264aaddb9fab166ba8d8903d6098eca20935ca607ea79e936798b3dfb22a7e159abb234cf21f3733dbf263a8ff116092f251659108892b2e21e1b428fd225096a5040270b2d70347013eaa1fd8e452942200283aab092c4ffc5b8b427b5d691a5a773e09da20539ff0f8214331c5d84107ae8a59aeb58efe22d7a079e446f1dfb07510377799bfdc7ee59cabcd76af0fe8a427ac8258ff33bbad5a8061f1cfdfbf375d73d676cc7916d6658ce46a0b17ad6350150f98e3512b513e25ca73f5f5df0a1fb9582ace7906c493fe1fd2889d9aac0b7c29c2b6c205537627bad64df433336a5ace32ca871e51b4dab0fbb00886a1fa81a98b74de0a26cebf65723515ebb807fc3c161ed42d1a7b6b55717613577ea437f3a2967c66ce45ff85a6a35b7cd40625fc575b107d7394e3d2db51d58347276c33e21f50b5a6b5672bf9fda63139bb75aead1fe4ee9a4064af5a5958466aa39faa6d821489fa415224c8d69d3b5922236832c2b1e4f6b8863b32f9aea83fb522a2de081d674502b48f73ce6db98d84136059b4a6676bc85ac6b7626329afa9bc7d3f9f2caa3c4d872744e0a8e02d72a75c6c545b8ec8e15b6fb0fe4185bd0d154960e6fef05ba40e5fe2968eb1301dcc52a03337179e74ba1522af93d77827845f8941c69ed8bb84567e3c63f1cc378a542f1de7007b688ff0a9c69d5861f0b85402c30a2fd391c52bafbe65f8e82135fd38361d7c0b43c982b2f3e7cb09c40c7e215114f4243d670cd576bcd93c1e959345170c75d6c3cf89cf8c2c70dc792e646e7c649d4c5f36bb016c7acd466ad58473d40dfef36394e581065a8581ab852250403cf372ac0065bf757fa3f445424ac0d82aec1938a2ea116bdfd306baa1cb06c62a4a97d66ab1b9489469cb8ba842da12e310caed02c5ef05c0be1e1e8c9c8b87d6871c94c57d164d08672b205c948086a06a545b266b7ad902a908681eb188bc51b6190b5cb9d8ca59b8c4c6e7369c00d6f6119fd5d437239e3d3c89cb81e09e560fb817590106015f08e7b09f1e1e65bfab3b8489fa058e24081978b9e25463d9945bfbca81c08885d4b6d4c62e217bd9e19460762f36c66bc948fe31cde089626fbb310e3c78a8d3f2eac21d374d9b58d887235d3a95721168e4b9475849071d60ecfe7ea5d6c4bf60da3747612ef59bb651270f326c0af31bc8c71361f851de34ccb3c8071b96f1128d7ee79b41246e566edd0272dbd3ccfe472b38e5e03d3ef83218bd498e6de8b4d92cb6f82716449ede7ba845028eccdb9137be8a622ac88ac53118fbc39637fa7a93cd3abc6f7671c7804420d66e94720acbcac916950f9baca77fef4217155ccc2cd0507339a0486f9f468eb28772986ee768c63eba671bf8c52e48a2a5dc2cc24fe925368706c2d712dd1064692b0fb2a32ddfbd4a0ffcf9c2abcedaae6e527bc1d42637aff2a275b76a7a7f010e42e1cc1d27141f6c3585a2bf58c6c5789ce61551d10118a000e3764631ec0b7f4b1a6f22a678133a30940b79dc76f863dd9f6e0d7776300898c97cef286c731c2050928c492439256e481652bff0d202db3cfdc54c9816ceea7895357bfa0362fad79afd09ed55189294d6ead7e898ac091cddbe7efcedb314bc02a18dd5bbddc42e089124758bb491fd1536aab27c5c124567bc325e7028bced5a179a011d1cb9a5ffb61d7af863e91ec8e60495561188b74d158ba1418228d44e92915a22eb1c166ef7d6179e84381ed950ffd747f13e24172942d922ca3109fb8b1e4e6264fa4a4eec75ad0d0e22579d90f45d6cd157300e38ae665eb56457202e25a8dd5877ba99725de288660badd2704345d9bad208c903ba27ea167dd45a77f77b6502b525b2973270582858183c784c324c1366fbba8d410c38bf75b41e067f6a9a017c56595161db4fc5639393fdafb1f148d3f416c1adc5fe1ab9cebe4689855c9b4bda6dcba5d5fa858a1b87d2ad23cdf54dbdf4d14aa4462da0b6f1107f4afa0091c2643508861a4d9f133ba77751941bb8fb756abf1a104205b80d47a3b4a59724d959c8b5833da4f56fb6613231f230a9378c9af741e94fd2c7213ac1d7625559b3f032f6c8df3ab441929720fe43d7c548cc661eed5b3c62b3c61f538ea3228376e2a18c6da2ad906322f64fb4865cde8e1889a8e5237fd6a39bbd6662f1dedc22fbd74e4376fa610cd710703dbd3924a38beae69783d1d5abf36122cbb87129ba719042748f060f4303a3199c5891c5040fd8cdb9761b006bf64cdcb65e5cc50a29994b8c1c34b83760ece12ed9ed7c3d2a7f8911cdf23a1afe0d7db1bf342aa0123dd5cd31339f5c8e160c4efef882602b3eccbe76fb690162b8bfb8a31910bcdf9a4a5dde76c2ac2fcd8678add7a000cfdcab398eb2171c026313eb6eb56b4b87bf8ef93f7f8a1c0bcc3775b681d4229ea561cb52281d8ba4315c3694ed08433596884d5a7ce3a8b1f82359846b7136726e2fe37bf4f7b7e2206cdcdb0705ced9f0dcaaa2ed3a78ea70d2cfeab668eb321400fc955e9aeb7bbcf86cd03f02dd443503a1480d9d9f899f53bd747a95293786798fc59fceb09e686a9328da4f929b6201841bbbefaffcf3386abdf69540e3b46a643ec10f0acf21f27c0053dc13f18485dbc898729dfbeaaa4887b58cd442d7ffa941808cd9658595be8650a815b088621278d89f0d8a4252566b923df3a3cd65c0e4af08fad385927251b31d35f75eaf25e6cf13a579aeeb0bcc0a14ca4a20a6831d532be0b2af3821792a2df95131b7fafef245aa19b214053342aa820c35858d13f84e496294529411015c41ed447b5b51dc44a45d52552a2be1abfc157f3ace7bfa32d5b931421d5a152dd66b7bf549311b08325e5a7201f793037b38990bedeca8a647c08d2478670f8fc2b4e8983ea18bcd514daeeeeb9d7a778f783c76edf01bd4beda4b77b612cd2e865c2e4f58ca7ae06147bf66ae6aee221cf9b9505dc07e6fb6cf4f82dc8c406c78e270210c11cf2531011ed678d9dfe1f49c9a69a95a9f3b0e5b624d9c2664d787ab911b75a4a38d63e9d6c353f8aaf433ff961fe5e34d84936ead0d0bc7954caf84e541f5c6f3f20c9eed21eb0316b82c0dc5182540e63a0af25565496792153d6395adc2b8d68b8bcd93dd110ff5685879db4384ec390d44b89663d43a5de3bdc0e103b7c1b355dc5f6fe3518c93628780ba03f156badea65d1d0af8433c9e8a975fdd19453da662a33fa9f0f5fa15fdb216b483fb48370a967246e0b763df8b3bc7924a6c76c4b114f803dbfa3b312e6815b4eb67be167283a9e482d9a5beac250089d069d4c386b7fda5fc228404a0f58b12ca4dc131c381b49b42b570bcfc0dd663f24afaf65a26a21f6d92f52c9f8de36cb76bacbaa0eef98ba6b7dbbc2629a03bb2b6f83fc5adaf20c217bc8d0f0d2421e01472532bcb546aeb2d483c8f95011a3ba1d2fd8086a717cb015dd53064ef4a80b6d6fdc12d9069223fdf2aa9b192a0e0bdb38436f49d9eedfef3665815633fee4344aff11162526362b70b18e1dbedbb5d8c4698860beccf667851878a25a1e766caae2861f2e23404aac859e62fdfeac06a6057554828d7035806e8ab3ee2fa6d711e5811db61231a22f4672f6a11b27641f350bcab78792362e6ebc1c054a643bbbf2746678c14dc567d1f73e37005c8ab6374c4d8d3106384a2d32c5fcf05cb9ba97cb7fa1aff11505a701bead543e555f3901ef3b693d5b9ebf49518c3509af042b7e84b1b867c22b7e08725220e4338fd074edce428212e6a3563a08e2ccd8ab71910256532904542e93d5c7deb5bf5d49beb3202d4da4f643649e55edbb91188cdcf0883a40c6ed6b8a086fb5c50dc08fee00308420121d4c7431b3cfb80f9c1e099423ac451d67b12e930d9e391d0a799c7d4b54a0d56ea0aae00c1d009e21fb5459416b464b227d66ccc1a68da59d64c1583dee54bbcd7d61ffe541fd0fb7452adba91906918966a7d58019ad1f8fdebeceeed7018837b6e4272eefeec8385abe7207fb2d7061fa6cdc478165a98971f9729b818a73edefed976d5c7c0a651c091cfd1174c020e39330a79144271fe4cbc61ea0ffa274d0d87d06dd08c1d5f8a0364d46ef7b54426bc286330c75fa257afeb2715c2ae511ff53b1189cc59ab80b1325fbdcedfdb8f36ed71f70091116e16b52188b794e637755027caac8db8554f8674b844964c710cacd7a9d6b06baf6fef76159a380e639b0d3e66080a7cf7f86baac01dbe47fe687fcef2f3bfbf6f8fba045181dee688360a11ee56e5fc73ed31c0e2924ae57f0cc93c63a30662a65c5d5f17123ae28cc5b74dd13ed81b03dc7fa61dc575668868c0df12d3553269f04ba79084d070abcdbd4745de80e90e4e3e524f27249b5c4a2f2d4c8b331b0cb6d4efe62a298daacc6eacdfe008c1f912795dbdc37098c42db860953120fda709baa6d46f52eaba781505e68561ca0f281e850532ef8e7c779883e312806e1c357bdef8d0dda005e710cfa6eb8686e8bf3bff036b3fcdc4036541d93530ce6f598442c24170b307ef05f23c93aa0ec96831b532d8120402214a940d1fa01ed649061a4a71308be189cffd729a196754fb8a75f23851189589be1b819f0612cad3dc94ccee88f4ab9ef6ac9c7daad8cf94f5ed9496c4c824e5b4f66ce32a80e7a6ef069a32f6812e656aa5f5742bd432afdf026c86e8f28212c1139dad47d7fc07e5c1a83e993daaa4a4bb5f0c9435ccab2a10f867ffe259dba7a1d9168619b1e3048860a5122e4a5d0b00372eaae861a0cc88549852fffa76e6d78739b654d67df15ea97a9a46b7c382d83191a673aa619b4a10ec05bc681379b0d6df824cb6fe158e9d89ae5dd1ef66976f67972b553db52eb6feef836dca6026293f83a61e117754a7424a3da63bd82d017f87f0603e2a9b8fc550aae611681935ae91f7ca2b5341b05a25208bd28f1a202a7f2a213b1d7411ffb557470aec00c4d13c70163f22a038a189710dd19a47e8db4a87c3fd329a63abca172a9810edad2d8e19ef85b57ea4287cfb3d740d7ea3fa9c80d06e1aa84b317f678ddb3c147ba5e0db432125f59ca4944c8e9050281ca82a3ecf67b2a5df678697a52a7297af1ecb03c586af7b91d74e881964ed95f7be12fa07e2a4e71aab8b913a13996fa33e915144bf00e49b8e7adec5b2c4b8165f54ba3155230e241ee023af77a295ab87c40f63f6092ccee05cb08a265abe8f57c9919bf45064b6c2240ba8011db223a283a4e2292d9b59df8c9a4fdc763f0631007db9976f351717db0e6b5f9c6e5f227c2efa1ae5fe0be1af0b22fc164f9f9678a01fe8b059749fe8a2972455732da1989c609d191544ef9fbb3e58da93ec4a582430523f260b776e4d747312747d18a9bae14740f5dcd35fd1072f8a4d81573b5882203be856b62d7e1d87081a9e431872c9d68864197bbc61f15dd8aeae950d34d6ce97182deebd2ad64cabd1c723baf512acfc7e94675b31369bd60e155af79b97bb734312569f736dcd5b5a78223ffaa0f7e93e1a112cb9f6a5b88fe3cf12c30024c16c6b8380fdf086c662665d3751c11617cc4dbd5b8bc7543301a23fbc90ba8d060193cdc2b68c31c734d516707b759f7db009c8f06e69b40154e1cd8ae444afb28134acdf871136b4fd78bd86d7faaaf618afb25e92d1ee37cdff0595278f9565f5eb109e181e9cacec2f22e32e9f34774ee223fdb992febcc5dbc5cceeda16cbcf1434730d859e7e03d36ff17636a7a7e66956b515894da114f3040909f90ce3cfbb2d7d46e37049c0fb124e0683d662eb427cd7b851ada229451e6e3aaee64b9964ced3036bde5d9d80eb062474f96ecfb9b65fcafc719494ac12ab7df245475f2a5e7f85ca4789833ca373e6214d39176c8f51dde87a4cfe5414a20f68bb9f34709979b99533ba3435c4aa56e525195e10ffd00f8e41aee30a909c07b973bbf733d45500b539ebe2206d438216690998d9e256db1b7ac6bef3e810785e1986985c945a2b820323a592721fcfa444934d0faf8aa439d5efca5dcd77b72d1eb91b3790d50d0a7483e354c415f81d99c133d648c1293e795b3c43f9b47e23ef982e10072ea5baafb0df675e69af1807b225afa0cec3eafbde8535d3ecaa0ea6ddbffe4465207425bb003670320324df0aeeb16b38a043f9c0e85673b36def332fd68b2b1e6edda621d0cadebbced8c7fc8f890489115b457249e8d8103676b3207a472804d33e0fe511ac56cd8dc5333b2333892f87b455940ada78fcf5075c358fce990e6f65f095eb416d876ce6f120b8b02cfa6b176ee269c942f881247c3e464cce2aa65c39137607c585aeb4b5f24f5f8e058c9c8b48003c1809da3e8aad1bee7955c3a976d43fe132e2b16f4758a0a9884e51d13b930675a4361ff366b0fed190ad7b2a00385528951e39cd44ea06d8921b9d613d7626221154cf86249a550198fe4e5b05ad3052b474291da0a0a2f701759859bc0392adf243ad5eca89e6d18e28dff99ef95743bcabe75504be8c715cd6360facf3bb06cb97c29989d4f6ff5083573cefe6ef0b39a252a2678112fa88e5b06c9a6bfc9597cc96e5a49710c4fc120fb0da4945b9d94e46de1e9989d0fc3d8d20df23d815b660c799a903f651b0d013f7fe158f1d297f7fcb6a48780ca5525f1d081ada0aafa83552318b848783306549750b6254cf676c7b934cf7fdab992717f0cdc089b34278f3fb151cadde14d0d3250e85a4b0ff2a2778a219aa40563d3ef575285484424b6d0e7cc8392342e4848c6fc8cb20fa1b450cc4c1fea19f3bbdd9e342e6c49cd7ac893b1eda2e93d1d74d20969465946b398fbc733757741ac822c4a118632cd242a439fc37512cf79b7c629504ccc1e7f2f11798955c3262b5e9695625ba74d8050e20f51d4769e1ab938f487f1bc4b55b5abcaa3ec079c2d0972b2ae9bfb7c5423b959119292ea05f1d79d35afe47e49d97c946b193bffc0a8f607f18a6845cecbbdd98cd351db2b2dce05a4848ba84a6a497b4618950130cb7e76c03d0976eb2fb41d3a42a1430063ed8e5b8c67e80fd4fc1148911958babbcbff33a6505de209b0d9320017fd736fd027a16564008ab2e1f48a6dd66c9256730e9fda0a606875d0871b2b9b0bc2ed4e1b696dbf0283c8dc72cf4338e595266f5390bc3a21f988353118f2948fc75d050ea076b73508d9ed89bade0ba305c1f4e5daf9d40d2f5e7ababed8d1b1d919c61a6d3fb149c1a9b44e38585a2fe322f83d73a3aecb44da3f0e82942d75d62ed3f91eb44f3411df014f88839e4cb1e21b9b259d4eb4adaf6b0be433d0ed4c87ec77dde5ee9d566e3dd8d928fc1875c63af26c59daba5ae267d9bd5da72b99a03e6a33cc48ed961ab484ff4a46c2d5fa597e626e00b530d7b9a9705e4e08d03f3a7f2a5a5233ad6340e3b5c89db81ca713b6d7d855c6324955f85109b204566f50178cd88abe3fcba25de905e8ea0b75ad51831761ed9b1af2470f976f05ec73bf74d137c207270cfd614170518cdc449aeeb663e114359c8124eaf2499d8cf5dc84a0872301db2e57b50bd285060ec4390d99d4ae3674ca3bb8679c1b08e566ba4f30daec8684a980055eb43cb5a1306c4b52a154682aa96637e06c869278aa2f74ef7345632c11265ef8ac97e953745302556881ba0cb590fef271c0abb193fb84d18ee3f24d9976ae816b857d6f68d1fdfe10b312c799fe014debf875d04bff8b4f387859e97c6bf13f7083c28a2045a0b5eb09c94e781a165965e8617c0efed1701ea9667aeca26d9577ea7b1242e1d91b25d6a66756cc627648a293b9f4345966bc469fafaeddc1118d0972bd5c7751a1f51e5989fd952f314ae10417c97b41e60ebfbc47e496486fa4a89fd16aea7fa1eabebd26eb2a37a3e2b351e0c9d2f67b2e5be0f921adc9b6045b045948e5103af0e5050b9c0799b513c00865deebda730de538f956ceb6164e08bd6f58655a294b4b44fc65309b30f9c00f92ef5bd5b911a3d830f72c258b19521bb8e80db02129954efb61423f518d2c5f36587303890cad9a93fa4f4bcd0e24c67db679c67ea59c1350b8442577632d5e8735833f3daf5a74bc7bd82659a81beba8c889632efe03cd24187aee856cf659e16e195464f52f2b984fc7a299e7b2aa53979a147ebed35705d5e89691666536f2febacfcef9b32d14952f958b72512869e4f6a0a34176918217888b1eb8b89322ebb6bb1dead2b4744e728479880db70e6147edaff6c3f083f18e0696bdbd78cf0bda14d9f42e5c1077ced00041aadff90470aacec0e48e2a5f2a0ed37818a173b96061e8c5bf24c0bde9e09f9e0ddb8e13306ef1d4eb8043ebadde5d7553e5212ecd4691eb426251f9d6720b8276ac543dde02399a35d974b22c1727d4b6df01957cae47443b706d43165e01d6932b136f561ce837431254cfb2a6e7d8070a2d3805aaa15b3c10ccd0cda2e9b418ce9ef380e5d08217752e12b3b892d03a9495c83d78d674612fde5a67738b2d4649ce44606ecce6bf3bd1293eca246a83643e4f1c7ba362b110e07c8479f216e3d4afc4fcb8d0820c8ab702a66d8183e83174597035e92b9b500dee08c80b927b42c3689c7c9617b4112c9e54cbfa51e989b5fd42b80c595d3edd265f138e8128cfbbb0e4f53aa0aa95a2ecda4518b2e564c42d5de7671560843d08103b9bdceac5fdeb0b1266f72f491265dd2b2b80a225a50955167da1812364ea340d82f61535401bae6f3140a8795d7c318a64cee4676627244930957b2f0b227be21b72d90027e6a5a7af3c59470c74dcdb71d1ef090a0f49c91acd604c792385c8f4e085765292822ee5eca03885fd6bfeaca9b3bbbdeac939f7846a487c5a483ed1e4fbf37c93886ea27bb35c812089b900b77c7c924147e97b6a71533610750bc84921012aa8158b213f7601d934a20bdd1f757b0a33042a683af6b9069f3900059d7f80f9fdcc9f33ece8cf7888dc9e24f1fc6ca0ecccf161c5334c60f440feb3acfc3d115011c176dfa05314c5bcf089e3c82bbe7680a3eefdcdbf3ac27265b779db4f49bade0128eda6e29bc5933ef454601db1b49628fd39ab938794fa46a33937a086ece7050d31a21524e2f0cacb307ed4412a2078636f9cc8e11c5c31cc0f9edd7be6d1e31a1513a58e25215f5a24245cb988589e6d5e5119f4f6557c697fad7d1c3a7e3bae064db4382701e33e48c5b6a52fe9141a385ef2325c6f7781134607e98bfd02c43d6deefaa861700388b40d98e941cfb2ddec209f977e8b9f93d29fdbf85e3010ce7cd622e8c75ce3df535e392052b6d65d5042d2a6e78bbfe5ee146e8b18d4bc7fb024dbba57cbe0402205593766a313950cb719d00c67bb6b3bcaa1015b89e820f11475afce655947113a7c3dcbb52427f090df994fbf076db867e0ab3f6125fb8884c1d13ff3e99fab5fa8b9f0b72cb44db4d0a48d9ec17f9733764e213c40a15ad821ec60e4a88cb2fd9dd9a4f35e6a708f4b74067f4be3f03a95261f6b191df53fa5bb5164e4a164630ad9ce39087aa950ad9e60cd2c44fa2237c49abf858c97737fd21180fd0b9542767150fbed3f39a29e6c3484d9437e15d2439f2a54b2a1ac7e63e6c436658abc3f1dd52d984f6c6901768a8cf2ec98ebf44e90e0fc0c24f8957c62e05d8eacecaf25b178fd710af609a8a1bc4d7955b5f0cb4f48a37685e6304ea5843573a1abff37b5106916c83c8f23f939a0dc43aea8d196191ed6e18dd793990d1f37d7de0bf8fac6f469843724eaab86be8a483be281b8ecf4aa29d9c571951cde8cd8c2aaf4d597ac2cb48f23fad145916920a55d655924940573b64dbd42a280cddc4810434f930183fdbbdc72db1491a4c9d44daf9b1bc2fecd855508648063040faeb125da0e68e6cd2002181118eecff0be1dd8eae726af5d451630cd65119c52abd6dded97f931202f186a18c4ba34bc2c3f6d765e2d8f445e959f26ffb55827cf3ff2cc0289f17b82c8caa5a2d3d54306a300f0ef42bbe4ea9e32c5d4b1173942745cdcfe4f5d1619eefaf8dc600afbc9171d516f7f4b35331d0b9be005132ffad5e9df59710278b842afb626a78b8b8b37fc3a894dc705b2d4e0940cb264e9dc87eaa148e6faf78125462f28a0f1d7b3c65a291b85713fa71ffc478f6601e8716c35489f4a54ed0c70bcfd5502cc91374dc3c982075c5180398bc6b195b36e79dcc4087cb990cc9d964a150e0dcc887d496bdd27c3f298736b9ad8345ba2df46021964cf43c38f9d2e94b77bee2b7bf059e0870ff9f17b9ef1320c0aa88a2fa9781e9017ab64643de9a3df9ed4b8cfd8fa080a2e494409520b795eb1517d224a05e450c4c8ae0e9fd29c0e72d3a592cce55f6dd5107f21214e1a3f9a5448384de06149f959ec0c92790f0ff229ab4971171f1c528ae6d095ec007bf5e7f55d623a68194e9ea8edc3af418075338328f24e7504341c22bef72c2963fc9c3237ba990d29c2c8aa3007395f6d96e95b40ee1b18dbad550bf39d0d98268cb74dde76d987c3169c9067495fb1b88508bbb7e94cbb7dfc15c03b1d5b163132c8a468906f02d422a8cf98d0b432b5779dd962074b72dd27439b2e94312f573435e5aa84664432c1914839cd6e172186ce93eeb1d7cb0659696d9d550eb3b185f8c6ee16e53f78233cbe709f99d2879d63d93f7d0ed133241d2f1ab1eb2c56605ca0f0e01c39ab0ba2370fe5c4e68de0561b517ff9a10023c386236398372c7176e35443e2cf5dd6cbed9f23395f231e6a54f65626cb5860a8b72122c34664119e7c47204ef4a70583a00", 0x2000, &(0x7f0000001940)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={0x92, 0x0, 0x0, {0x4, 0x0, 0x8, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0xc000, 0x0, 0x0, r5, 0x0, 0xfc000000}}}, 0x0, 0x0, 0x0, 0x0})
lremovexattr(&(0x7f0000000580)='./file0/../file0/file0\x00', &(0x7f00000003c0)=ANY=[@ANYBLOB='b'])
futex(&(0x7f0000000700)=0xfffffffe, 0x6, 0x2, &(0x7f0000004080)={0x0, 0x3938700}, 0x0, 0x0)
rt_sigreturn()

kernel console output (not intermixed with test programs):

iate } for  pid=378 comm="syz.2.18" name="blkio.bfq.io_serviced_recursive" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[   24.949048][   T30] audit: type=1400 audit(1720259752.321:130): avc:  denied  { read append open } for  pid=378 comm="syz.2.18" path="/4/file1/blkio.bfq.io_serviced_recursive" dev="loop2" ino=1048590 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   24.985092][  T391] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2
[   25.061709][  T405] FAULT_INJECTION: forcing a failure.
[   25.061709][  T405] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[   25.080335][  T401] netlink: 20 bytes leftover after parsing attributes in process `syz.4.21'.
[   25.093356][   T30] audit: type=1400 audit(1720259752.361:131): avc:  denied  { map } for  pid=378 comm="syz.2.18" path="/4/file1/blkio.bfq.io_serviced_recursive" dev="loop2" ino=1048590 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   25.139807][  T391] EXT4-fs (loop2): 1 truncate cleaned up
[   25.173011][  T391] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsold,usrjquota="errors=continue,noload,data_err=ignore,usrjquota="errors=continue,errors=remount-ro,noblock_validity,. Quota mode: writeback.
[   25.195700][  T405] CPU: 1 PID: 405 Comm: syz.3.25 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0
[   25.205152][  T405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   25.215046][  T405] Call Trace:
[   25.218170][  T405]  <TASK>
[   25.219764][   T30] audit: type=1400 audit(1720259752.361:132): avc:  denied  { execute } for  pid=378 comm="syz.2.18" path="/4/file1/blkio.bfq.io_serviced_recursive" dev="loop2" ino=1048590 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   25.220944][  T405]  dump_stack_lvl+0x151/0x1b7
[   25.250721][  T405]  ? io_uring_drop_tctx_refs+0x190/0x190
[   25.256190][  T405]  dump_stack+0x15/0x17
[   25.260182][  T405]  should_fail+0x3c6/0x510
[   25.264433][  T405]  should_fail_alloc_page+0x5a/0x80
[   25.269467][  T405]  prepare_alloc_pages+0x15c/0x700
[   25.274412][  T405]  ? native_set_ldt+0x360/0x360
[   25.279103][  T405]  ? __alloc_pages_bulk+0xe40/0xe40
[   25.284133][  T405]  ? _raw_spin_unlock+0x4d/0x70
[   25.288822][  T405]  ? finish_task_switch+0x167/0x7b0
[   25.293855][  T405]  __alloc_pages+0x18c/0x8f0
[   25.298287][  T405]  ? prep_new_page+0x110/0x110
[   25.302881][  T405]  ? __kasan_check_write+0x14/0x20
[   25.307828][  T405]  kmalloc_order+0x4a/0x160
[   25.312171][  T405]  kmalloc_order_trace+0x1a/0xb0
[   25.316941][  T405]  __kmalloc+0x19c/0x270
[   25.321015][  T405]  ? sysvec_reschedule_ipi+0x7d/0x150
[   25.326223][  T405]  kvmalloc_node+0x1f0/0x4d0
[   25.330662][  T405]  ? __check_object_size+0x73/0x3d0
[   25.335684][  T405]  ? vm_mmap+0xb0/0xb0
[   25.339594][  T405]  ? strncpy_from_user+0xff/0x2d0
[   25.344451][  T405]  vmemdup_user+0x26/0xe0
[   25.348616][  T405]  setxattr+0x185/0x2e0
[   25.352608][  T405]  ? path_setxattr+0x2a0/0x2a0
[   25.357212][  T405]  ? preempt_schedule_thunk+0x16/0x18
[   25.362414][  T405]  ? mnt_want_write_file+0xf2/0x440
[   25.367449][  T405]  ? mnt_want_write_file+0x35e/0x440
[   25.372571][  T405]  ? mnt_want_write_file+0x23a/0x440
[   25.377692][  T405]  __se_sys_fsetxattr+0x18d/0x200
[   25.382574][  T405]  __x64_sys_fsetxattr+0xbf/0xd0
[   25.387326][  T405]  do_syscall_64+0x3d/0xb0
[   25.391586][  T405]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   25.397314][  T405] RIP: 0033:0x7f6f39e26bd9
[   25.401561][  T405] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   25.421090][  T405] RSP: 002b:00007f6f390a8048 EFLAGS: 00000246 ORIG_RAX: 00000000000000be
[   25.429333][  T405] RAX: ffffffffffffffda RBX: 00007f6f39fb4f60 RCX: 00007f6f39e26bd9
[   25.437232][  T405] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[   25.445044][  T405] RBP: 00007f6f390a80a0 R08: 0000000000000000 R09: 0000000000000000
[   25.453289][  T405] R10: 000000000000fe44 R11: 0000000000000246 R12: 0000000000000001
[   25.461099][  T405] R13: 000000000000000b R14: 00007f6f39fb4f60 R15: 00007ffe6e1e30d8
[   25.468915][  T405]  </TASK>
[   25.472884][  T391] FAULT_INJECTION: forcing a failure.
[   25.472884][  T391] name failslab, interval 1, probability 0, space 0, times 0
[   25.485946][  T391] CPU: 0 PID: 391 Comm: syz.2.22 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0
[   25.495402][  T391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   25.505297][  T391] Call Trace:
[   25.508420][  T391]  <TASK>
[   25.511196][  T391]  dump_stack_lvl+0x151/0x1b7
[   25.515707][  T391]  ? io_uring_drop_tctx_refs+0x190/0x190
[   25.521179][  T391]  ? 0xffffffffa0028d40
[   25.525169][  T391]  dump_stack+0x15/0x17
[   25.529161][  T391]  should_fail+0x3c6/0x510
[   25.533416][  T391]  __should_failslab+0xa4/0xe0
[   25.538028][  T391]  should_failslab+0x9/0x20
[   25.542354][  T391]  slab_pre_alloc_hook+0x37/0xd0
[   25.547218][  T391]  __kmalloc+0x6d/0x270
[   25.551206][  T391]  ? kvmalloc_node+0x1f0/0x4d0
[   25.555806][  T391]  kvmalloc_node+0x1f0/0x4d0
[   25.560231][  T391]  ? vm_mmap+0xb0/0xb0
[   25.564148][  T391]  ? kmem_cache_free+0xa0/0x2e0
[   25.568825][  T391]  ? kmem_cache_free+0x116/0x2e0
[   25.573599][  T391]  seq_read_iter+0x1ff/0xd00
[   25.578118][  T391]  ? __x64_sys_openat+0x243/0x290
[   25.582971][  T391]  ? do_syscall_64+0x3d/0xb0
[   25.587400][  T391]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   25.593302][  T391]  ? iov_iter_init+0x53/0x190
[   25.597815][  T391]  seq_read+0x44f/0x5c0
[   25.601811][  T391]  ? kstrtol_from_user+0x310/0x310
[   25.606753][  T391]  ? seq_open+0x130/0x130
[   25.610928][  T391]  ? check_stack_object+0x114/0x130
[   25.615954][  T391]  ? avc_policy_seqno+0x1b/0x70
[   25.620638][  T391]  ? seq_open+0x130/0x130
[   25.624802][  T391]  proc_reg_read+0x1e9/0x2d0
[   25.629229][  T391]  do_iter_read+0x51d/0x7b0
[   25.633570][  T391]  do_preadv+0x20e/0x350
[   25.637649][  T391]  ? vfs_writev+0x560/0x560
[   25.641989][  T391]  ? ksys_write+0x260/0x2c0
[   25.646329][  T391]  ? debug_smp_processor_id+0x17/0x20
[   25.651536][  T391]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   25.657452][  T391]  __x64_sys_preadv+0x9e/0xb0
[   25.661952][  T391]  do_syscall_64+0x3d/0xb0
[   25.666204][  T391]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   25.671932][  T391] RIP: 0033:0x7f0265852bd9
[   25.676187][  T391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   25.695632][  T391] RSP: 002b:00007f0264ad4048 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[   25.703980][  T391] RAX: ffffffffffffffda RBX: 00007f02659e0f60 RCX: 00007f0265852bd9
[   25.711769][  T391] RDX: 0000000000000001 RSI: 0000000020000640 RDI: 0000000000000005
[   25.719694][  T391] RBP: 00007f0264ad40a0 R08: 0000000000000000 R09: 0000000000000000
[   25.727678][  T391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   25.735489][  T391] R13: 000000000000000b R14: 00007f02659e0f60 R15: 00007fff45528108
[   25.743304][  T391]  </TASK>
[   27.634659][  T434] loop1: detected capacity change from 0 to 256
[   27.663495][  T438] loop2: detected capacity change from 0 to 512
[   27.717528][  T438] EXT4-fs (loop2): Quota format mount options ignored when QUOTA feature is enabled
[   27.732392][  T434] FAT-fs (loop1): Directory bread(block 64) failed
[   27.738946][  T434] FAT-fs (loop1): Directory bread(block 65) failed
[   27.745315][  T434] FAT-fs (loop1): Directory bread(block 66) failed
[   27.751893][  T434] FAT-fs (loop1): Directory bread(block 67) failed
[   27.754741][  T438] EXT4-fs (loop2): mounted filesystem without journal. Opts: noauto_da_alloc,jqfmt=vfsold,noquota,min_batch_time=0x0000000000000003,delalloc,,errors=continue. Quota mode: writeback.
[   27.776033][  T434] FAT-fs (loop1): Directory bread(block 68) failed
[   27.782450][  T434] FAT-fs (loop1): Directory bread(block 69) failed
[   27.796852][  T438] ext4 filesystem being mounted at /8/file0 supports timestamps until 2038 (0x7fffffff)
[   27.806609][  T434] FAT-fs (loop1): Directory bread(block 70) failed
[   27.809074][  T438] EXT4-fs error (device loop2): ext4_xattr_block_get:546: inode #15: comm syz.2.35: corrupted xattr block 32
[   27.828230][  T447] syz.4.38[447] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   27.828299][  T447] syz.4.38[447] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   27.839892][  T438] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=15
[   27.860427][  T438] EXT4-fs error (device loop2): ext4_xattr_block_get:546: inode #15: comm syz.2.35: corrupted xattr block 32
[   27.861317][  T434] FAT-fs (loop1): Directory bread(block 71) failed
[   27.878440][  T438] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=15
[   27.896271][  T434] FAT-fs (loop1): Directory bread(block 72) failed
[   27.902715][  T434] FAT-fs (loop1): Directory bread(block 73) failed
[   27.903650][  T438] EXT4-fs error (device loop2): __ext4_new_inode:1282: comm syz.2.35: failed to insert inode 16: doubly allocated?
[   27.921671][  T450] FAULT_INJECTION: forcing a failure.
[   27.921671][  T450] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   27.940093][  T448] loop0: detected capacity change from 0 to 256
[   27.949864][  T450] CPU: 0 PID: 450 Comm: syz.3.39 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0
[   27.950944][  T447] ip_tunnel: non-ECT from 172.30.0.5 with TOS=0x2
[   27.959313][  T450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   27.959326][  T450] Call Trace:
[   27.959330][  T450]  <TASK>
[   27.959337][  T450]  dump_stack_lvl+0x151/0x1b7
[   27.959358][  T450]  ? io_uring_drop_tctx_refs+0x190/0x190
[   27.991342][  T450]  ? __stack_depot_save+0x34/0x470
[   27.996285][  T450]  ? kmem_cache_free+0x116/0x2e0
[   28.001059][  T450]  dump_stack+0x15/0x17
[   28.005078][  T450]  should_fail+0x3c6/0x510
[   28.009305][  T450]  should_fail_usercopy+0x1a/0x20
[   28.014166][  T450]  _copy_from_user+0x20/0xd0
[   28.018766][  T450]  iovec_from_user+0xc7/0x330
[   28.023278][  T450]  __import_iovec+0x6d/0x420
[   28.027704][  T450]  ? __ia32_sys_shutdown+0x70/0x70
[   28.032654][  T450]  import_iovec+0xe5/0x120
[   28.036906][  T450]  ___sys_sendmsg+0x215/0x2e0
[   28.041418][  T450]  ? __sys_sendmsg+0x260/0x260
[   28.046025][  T450]  ? __fdget+0x1bc/0x240
[   28.050099][  T450]  __se_sys_sendmsg+0x19a/0x260
[   28.054786][  T450]  ? __x64_sys_sendmsg+0x90/0x90
[   28.059557][  T450]  ? ksys_write+0x260/0x2c0
[   28.063901][  T450]  ? debug_smp_processor_id+0x17/0x20
[   28.069103][  T450]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   28.075008][  T450]  __x64_sys_sendmsg+0x7b/0x90
[   28.079606][  T450]  do_syscall_64+0x3d/0xb0
[   28.083859][  T450]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   28.089588][  T450] RIP: 0033:0x7f6f39e26bd9
[   28.093843][  T450] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   28.113285][  T450] RSP: 002b:00007f6f390a8048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   28.121527][  T450] RAX: ffffffffffffffda RBX: 00007f6f39fb4f60 RCX: 00007f6f39e26bd9
[   28.129338][  T450] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000005
[   28.137149][  T450] RBP: 00007f6f390a80a0 R08: 0000000000000000 R09: 0000000000000000
[   28.144963][  T450] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   28.152776][  T450] R13: 000000000000000b R14: 00007f6f39fb4f60 R15: 00007ffe6e1e30d8
[   28.160587][  T450]  </TASK>
[   28.236493][  T448] FAT-fs (loop0): Unrecognized mount option "shortnam~›!÷¡o` e=win95" or missing value
[   28.349099][  T460] attempt to access beyond end of device
[   28.349099][  T460] loop1: rw=2049, want=1352, limit=256
[   28.364886][  T459] FAULT_INJECTION: forcing a failure.
[   28.364886][  T459] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   28.392356][  T459] CPU: 0 PID: 459 Comm: syz.2.41 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0
[   28.395442][  T448] loop0: detected capacity change from 0 to 128
[   28.401812][  T459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   28.401825][  T459] Call Trace:
[   28.401830][  T459]  <TASK>
[   28.401837][  T459]  dump_stack_lvl+0x151/0x1b7
[   28.401858][  T459]  ? io_uring_drop_tctx_refs+0x190/0x190
[   28.401874][  T459]  ? __this_cpu_preempt_check+0x13/0x20
[   28.439398][  T459]  ? tracing_record_taskinfo_sched_switch+0x84/0x390
[   28.445906][  T459]  dump_stack+0x15/0x17
[   28.449897][  T459]  should_fail+0x3c6/0x510
[   28.454144][  T459]  should_fail_usercopy+0x1a/0x20
[   28.459013][  T459]  _copy_from_user+0x20/0xd0
[   28.463541][  T459]  iovec_from_user+0xc7/0x330
[   28.468035][  T459]  __import_iovec+0x6d/0x420
[   28.472461][  T459]  ? __ia32_sys_shutdown+0x70/0x70
[   28.477407][  T459]  import_iovec+0xe5/0x120
[   28.481659][  T459]  ___sys_sendmsg+0x215/0x2e0
[   28.486171][  T459]  ? irqentry_exit_cond_resched+0x2a/0x30
[   28.491730][  T459]  ? __sys_sendmsg+0x260/0x260
[   28.496330][  T459]  ? vfs_write+0x454/0x1110
[   28.500683][  T459]  ? __fdget+0x1bc/0x240
[   28.504745][  T459]  __se_sys_sendmsg+0x19a/0x260
[   28.509433][  T459]  ? __x64_sys_sendmsg+0x90/0x90
[   28.514205][  T459]  ? switch_fpu_return+0x1ed/0x3d0
[   28.519156][  T459]  ? __kasan_check_read+0x11/0x20
[   28.524015][  T459]  __x64_sys_sendmsg+0x7b/0x90
[   28.528621][  T459]  do_syscall_64+0x3d/0xb0
[   28.532868][  T459]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   28.538595][  T459] RIP: 0033:0x7f0265852bd9
[   28.542850][  T459] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   28.545935][   T26] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   28.562380][  T459] RSP: 002b:00007f0264ad4048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   28.562405][  T459] RAX: ffffffffffffffda RBX: 00007f02659e0f60 RCX: 00007f0265852bd9
[   28.562416][  T459] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 000000000000000c
[   28.562425][  T459] RBP: 00007f0264ad40a0 R08: 0000000000000000 R09: 0000000000000000
[   28.562434][  T459] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   28.596034][  T439] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   28.601461][  T459] R13: 000000000000000b R14: 00007f02659e0f60 R15: 00007fff45528108
[   28.601484][  T459]  </TASK>
[   28.699034][  T448] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   28.720257][  T448] ext4 filesystem being mounted at /5/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff)
[   28.833312][  T468] device pim6reg1 entered promiscuous mode
[   28.904270][   T26] usb 5-1: Using ep0 maxpacket: 16
[   29.426272][   T26] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[   29.438156][   T26] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[   29.448355][   T26] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   29.461345][   T26] usb 5-1: config 0 descriptor??
[   29.525989][  T439] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   29.876249][  T439] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   29.896398][   T26] usbhid 5-1:0.0: can't add hid device: -71
[   29.908863][   T26] usbhid: probe of 5-1:0.0 failed with error -71
[   29.979892][   T30] kauditd_printk_skb: 24 callbacks suppressed
[   29.979905][   T30] audit: type=1400 audit(1720259757.621:157): avc:  denied  { read } for  pid=483 comm="syz.2.49" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   29.996780][  T439] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   30.013436][   T26] usb 5-1: USB disconnect, device number 2
[   30.020400][  T439] usb 4-1: Product: syz
[   30.024471][  T439] usb 4-1: Manufacturer: syz
[   30.029261][  T439] usb 4-1: SerialNumber: syz
[   30.498151][   T30] audit: type=1400 audit(1720259758.141:158): avc:  denied  { block_suspend } for  pid=492 comm="syz.4.51" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   30.536582][  T503] device pim6reg1 entered promiscuous mode
[   30.546223][   T30] audit: type=1400 audit(1720259758.191:159): avc:  denied  { append } for  pid=82 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   30.568517][   T30] audit: type=1400 audit(1720259758.191:160): avc:  denied  { open } for  pid=82 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   30.595403][   T30] audit: type=1400 audit(1720259758.191:161): avc:  denied  { getattr } for  pid=82 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   30.623791][   T30] audit: type=1400 audit(1720259758.261:162): avc:  denied  { create } for  pid=505 comm="syz.0.56" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   30.642919][   T30] audit: type=1400 audit(1720259758.261:163): avc:  denied  { bind } for  pid=505 comm="syz.0.56" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   30.661976][   T30] audit: type=1400 audit(1720259758.261:164): avc:  denied  { connect } for  pid=505 comm="syz.0.56" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   30.681135][   T30] audit: type=1400 audit(1720259758.261:165): avc:  denied  { write } for  pid=505 comm="syz.0.56" name="ppp" dev="devtmpfs" ino=134 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[   30.703342][   T30] audit: type=1400 audit(1720259758.261:166): avc:  denied  { ioctl } for  pid=505 comm="syz.0.56" path="/dev/ppp" dev="devtmpfs" ino=134 ioctlcmd=0x7438 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[   30.729123][  T508] loop4: detected capacity change from 0 to 1024
[   30.766318][  T508] =======================================================
[   30.766318][  T508] WARNING: The mand mount option has been deprecated and
[   30.766318][  T508]          and is ignored by this kernel. Remove the mand
[   30.766318][  T508]          option from the mount to silence this warning.
[   30.766318][  T508] =======================================================
[   30.824296][  T508] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,debug_want_extra_isize=0x0000000000000082,data_err=abort,nodelalloc,data=ordered,init_itable=0x0000000000000003,usrquota,max_dir_size_kb=0x00000000000040d2,quota,,errors=continue. Quota mode: writeback.
[   30.885915][    T6] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   31.062142][  T457] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   31.465977][  T439] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42
[   31.472399][  T439] cdc_ncm 4-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[   31.479972][  T439] cdc_ncm 4-1:1.0: setting rx_max = 2048
[   31.545974][    T6] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[   31.554907][    T6] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   31.563653][    T6] usb 1-1: config 0 descriptor??
[   31.995227][  T540] device pim6reg1 entered promiscuous mode
[   32.107845][  T439] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM, 42:42:42:42:42:42
[   32.139278][  T439] usb 4-1: USB disconnect, device number 2
[   32.145171][  T439] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM
[   32.194055][  T506] blk_update_request: I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   32.213129][  T506] FAT-fs (loop1): unable to read boot sector
[   32.227501][  T544] loop1: detected capacity change from 0 to 40427
[   32.288244][  T547] loop2: detected capacity change from 0 to 40427
[   32.316259][  T544] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[   32.323835][  T544] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[   32.332296][  T547] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[   32.340675][  T547] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[   32.349932][  T544] F2FS-fs (loop1): invalid crc value
[   32.357012][  T547] F2FS-fs (loop2): invalid crc value
[   32.368542][  T547] F2FS-fs (loop2): Found nat_bits in checkpoint
[   32.392343][  T544] F2FS-fs (loop1): Found nat_bits in checkpoint
[   32.404825][  T547] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[   32.411890][  T547] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   32.442425][  T544] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[   32.450135][  T544] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   32.917593][  T559] FAULT_INJECTION: forcing a failure.
[   32.917593][  T559] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   32.930494][  T559] CPU: 1 PID: 559 Comm: syz.2.68 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0
[   32.939903][  T559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   32.949802][  T559] Call Trace:
[   32.952925][  T559]  <TASK>
[   32.955698][  T559]  dump_stack_lvl+0x151/0x1b7
[   32.960217][  T559]  ? io_uring_drop_tctx_refs+0x190/0x190
[   32.965681][  T559]  ? plist_del+0x40e/0x420
[   32.969936][  T559]  dump_stack+0x15/0x17
[   32.973929][  T559]  should_fail+0x3c6/0x510
[   32.978179][  T559]  should_fail_usercopy+0x1a/0x20
[   32.983039][  T559]  _copy_from_user+0x20/0xd0
[   32.987468][  T559]  __copy_msghdr_from_user+0xaf/0x7c0
[   32.992675][  T559]  ? asm_sysvec_reschedule_ipi+0x1b/0x20
[   32.998143][  T559]  ? __ia32_sys_shutdown+0x70/0x70
[   33.003089][  T559]  ? kasan_check_range+0x82/0x2a0
[   33.007953][  T559]  ___sys_sendmsg+0x166/0x2e0
[   33.009221][  T560] netlink: 48 bytes leftover after parsing attributes in process `syz.1.67'.
[   33.012460][  T559]  ? __sys_sendmsg+0x260/0x260
[   33.025656][  T559]  ? _raw_spin_lock+0xa4/0x1b0
[   33.030252][  T559]  ? plist_add+0x3e0/0x460
[   33.034509][  T559]  ? __fdget+0x1bc/0x240
[   33.038586][  T559]  __se_sys_sendmsg+0x19a/0x260
[   33.043271][  T559]  ? __x64_sys_sendmsg+0x90/0x90
[   33.048044][  T559]  ? switch_fpu_return+0x1ed/0x3d0
[   33.052993][  T559]  ? __kasan_check_read+0x11/0x20
[   33.057851][  T559]  __x64_sys_sendmsg+0x7b/0x90
[   33.062452][  T559]  do_syscall_64+0x3d/0xb0
[   33.066704][  T559]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   33.072433][  T559] RIP: 0033:0x7f0265852bd9
[   33.076688][  T559] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   33.096127][  T559] RSP: 002b:00007f0264ab3048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   33.104373][  T559] RAX: ffffffffffffffda RBX: 00007f02659e1038 RCX: 00007f0265852bd9
[   33.112185][  T559] RDX: 0000000000000000 RSI: 0000000020000900 RDI: 0000000000000008
[   33.119995][  T559] RBP: 00007f0264ab30a0 R08: 0000000000000000 R09: 0000000000000000
[   33.127809][  T559] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   33.135618][  T559] R13: 000000000000006e R14: 00007f02659e1038 R15: 00007fff45528108
[   33.143435][  T559]  </TASK>
[   33.165969][    T6] usb 1-1: Cannot read MAC address
[   33.171039][    T6] MOSCHIP usb-ethernet driver: probe of 1-1:0.0 failed with error -71
[   33.181174][  T412] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[   33.184326][    T6] usb 1-1: USB disconnect, device number 2
[   33.190233][  T412] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[   33.283939][   T45] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[   33.292978][   T45] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[   33.676129][  T570] netlink: 20 bytes leftover after parsing attributes in process `syz.4.72'.
[   33.677986][  T572] loop1: detected capacity change from 0 to 256
[   33.709786][  T572] FAT-fs (loop1): Directory bread(block 64) failed
[   33.723402][  T572] FAT-fs (loop1): Directory bread(block 65) failed
[   33.734200][  T572] FAT-fs (loop1): Directory bread(block 66) failed
[   33.740856][  T572] FAT-fs (loop1): Directory bread(block 67) failed
[   33.747526][  T572] FAT-fs (loop1): Directory bread(block 68) failed
[   33.753870][  T572] FAT-fs (loop1): Directory bread(block 69) failed
[   33.776003][  T572] FAT-fs (loop1): Directory bread(block 70) failed
[   33.787404][  T578] IPv6: NLM_F_CREATE should be specified when creating new route
[   33.800777][  T572] FAT-fs (loop1): Directory bread(block 71) failed
[   33.807206][  T578] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   33.814170][  T578] IPv6: NLM_F_CREATE should be set when creating new route
[   33.814293][  T572] FAT-fs (loop1): Directory bread(block 72) failed
[   33.821209][  T578] IPv6: NLM_F_CREATE should be set when creating new route
[   33.836581][  T572] FAT-fs (loop1): Directory bread(block 73) failed
[   33.877197][  T584] device pim6reg1 entered promiscuous mode
[   34.094026][  T590] attempt to access beyond end of device
[   34.094026][  T590] loop1: rw=2049, want=1352, limit=256
[   34.135904][    T6] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   35.251934][   T30] kauditd_printk_skb: 12 callbacks suppressed
[   35.251951][   T30] audit: type=1400 audit(1720259762.151:179): avc:  denied  { map } for  pid=591 comm="syz.3.80" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=155 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[   35.298958][   T30] audit: type=1400 audit(1720259762.151:180): avc:  denied  { execute } for  pid=591 comm="syz.3.80" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=155 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[   35.337190][  T598] loop3: detected capacity change from 0 to 512
[   35.351524][  T598] EXT4-fs (loop3): Quota format mount options ignored when QUOTA feature is enabled
[   35.370962][   T30] audit: type=1400 audit(1720259762.311:181): avc:  denied  { create } for  pid=591 comm="syz.3.80" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   35.445957][  T598] EXT4-fs (loop3): mounted filesystem without journal. Opts: noauto_da_alloc,jqfmt=vfsold,noquota,min_batch_time=0x0000000000000003,delalloc,,errors=continue. Quota mode: writeback.
[   35.485039][  T598] ext4 filesystem being mounted at /12/file0 supports timestamps until 2038 (0x7fffffff)
[   35.505154][  T598] EXT4-fs error (device loop3): ext4_xattr_block_get:546: inode #15: comm syz.3.81: corrupted xattr block 32
[   35.516883][  T598] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop3 ino=15
[   35.525793][  T598] EXT4-fs error (device loop3): ext4_xattr_block_get:546: inode #15: comm syz.3.81: corrupted xattr block 32
[   35.529195][  T589] loop2: detected capacity change from 0 to 40427
[   35.537780][  T598] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop3 ino=15
[   35.543431][    T6] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   35.554442][  T598] EXT4-fs error (device loop3): __ext4_new_inode:1282: comm syz.3.81: failed to insert inode 16: doubly allocated?
[   35.563087][    T6] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   35.627844][  T589] F2FS-fs (loop2): invalid crc value
[   35.645405][  T589] F2FS-fs (loop2): Found nat_bits in checkpoint
[   35.656001][    T6] usb 1-1: New USB device found, idVendor=056a, idProduct=032c, bcdDevice= 0.00
[   35.668217][    T6] usb 1-1: New USB device strings: Mfr=0, Product=16, SerialNumber=0
[   35.698760][    T6] usb 1-1: Product: syz
[   35.705125][  T589] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   35.706811][    T6] usb 1-1: config 0 descriptor??
[   35.723002][   T30] audit: type=1400 audit(1720259763.361:182): avc:  denied  { read } for  pid=588 comm="syz.2.79" path="/20/file0/blkio.bfq.io_service_bytes" dev="loop2" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   35.775940][  T439] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   35.822639][  T613] fuse: Unknown parameter '0x000000000000000a'
[   35.934330][  T288] attempt to access beyond end of device
[   35.934330][  T288] loop2: rw=2049, want=45104, limit=40427
[   36.245955][  T439] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   36.246092][   T30] audit: type=1400 audit(1720259763.891:183): avc:  denied  { append } for  pid=618 comm="syz.1.87" name="loop9" dev="devtmpfs" ino=121 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   36.376030][   T26] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   36.512692][  T439] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   36.535618][  T581] UDC core: couldn't find an available UDC or it's busy: -16
[   36.574015][   T30] audit: type=1326 audit(1720259764.071:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=618 comm="syz.1.87" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3acc5b1bd9 code=0x7ffc0000
[   36.596963][  T581] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[   36.598002][  T439] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   36.604522][   T30] audit: type=1326 audit(1720259764.071:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=618 comm="syz.1.87" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3acc5b1bd9 code=0x7ffc0000
[   36.650585][   T30] audit: type=1326 audit(1720259764.081:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=618 comm="syz.1.87" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3acc5b1bd9 code=0x7ffc0000
[   36.661476][  T439] usb 5-1: Product: syz
[   36.676377][   T30] audit: type=1326 audit(1720259764.081:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=618 comm="syz.1.87" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3acc5b1bd9 code=0x7ffc0000
[   36.677584][  T439] usb 5-1: Manufacturer: syz
[   36.701966][    T6] wacom 0003:056A:032C.0001: unknown main item tag 0x0
[   36.705216][  T439] usb 5-1: SerialNumber: syz
[   36.712950][   T30] audit: type=1326 audit(1720259764.081:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=618 comm="syz.1.87" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3acc5b1bd9 code=0x7ffc0000
[   36.738649][    T6] wacom 0003:056A:032C.0001: unknown main item tag 0x0
[   36.746593][    T6] wacom 0003:056A:032C.0001: hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0
[   36.886097][   T26] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[   36.895491][   T26] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   36.909449][   T26] usb 3-1: config 0 descriptor??
[   36.926514][  T304] usb 1-1: USB disconnect, device number 3
[   37.111503][  T630] FAULT_INJECTION: forcing a failure.
[   37.111503][  T630] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   37.124542][  T630] CPU: 1 PID: 630 Comm: syz.1.89 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0
[   37.133987][  T630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   37.143884][  T630] Call Trace:
[   37.147004][  T630]  <TASK>
[   37.149786][  T630]  dump_stack_lvl+0x151/0x1b7
[   37.154295][  T630]  ? io_uring_drop_tctx_refs+0x190/0x190
[   37.159764][  T630]  ? kmem_cache_free+0x116/0x2e0
[   37.164535][  T630]  dump_stack+0x15/0x17
[   37.168527][  T630]  should_fail+0x3c6/0x510
[   37.172781][  T630]  should_fail_usercopy+0x1a/0x20
[   37.177642][  T630]  _copy_from_user+0x20/0xd0
[   37.182069][  T630]  __copy_msghdr_from_user+0x587/0x7c0
[   37.187363][  T630]  ? __ia32_sys_shutdown+0x70/0x70
[   37.192309][  T630]  ___sys_sendmsg+0x166/0x2e0
[   37.196825][  T630]  ? __sys_sendmsg+0x260/0x260
[   37.201428][  T630]  ? __fdget+0x1bc/0x240
[   37.205500][  T630]  __se_sys_sendmsg+0x19a/0x260
[   37.210190][  T630]  ? __x64_sys_sendmsg+0x90/0x90
[   37.214961][  T630]  ? ksys_write+0x260/0x2c0
[   37.219303][  T630]  ? debug_smp_processor_id+0x17/0x20
[   37.224508][  T630]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   37.230413][  T630]  __x64_sys_sendmsg+0x7b/0x90
[   37.235015][  T630]  do_syscall_64+0x3d/0xb0
[   37.239263][  T630]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   37.244992][  T630] RIP: 0033:0x7f3acc5b1bd9
[   37.249247][  T630] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   37.268687][  T630] RSP: 002b:00007f3acb833048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   37.276931][  T630] RAX: ffffffffffffffda RBX: 00007f3acc73ff60 RCX: 00007f3acc5b1bd9
[   37.284744][  T630] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003
[   37.292555][  T630] RBP: 00007f3acb8330a0 R08: 0000000000000000 R09: 0000000000000000
[   37.300367][  T630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   37.308178][  T630] R13: 000000000000000b R14: 00007f3acc73ff60 R15: 00007ffc7d18c858
[   37.315994][  T630]  </TASK>
[   37.329047][  T617] blk_update_request: I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   37.340705][  T617] FAT-fs (loop5): unable to read boot sector
[   37.509127][  T640] netlink: 20 bytes leftover after parsing attributes in process `syz.1.91'.
[   37.836142][   T26] usb 3-1: Cannot read MAC address
[   37.841330][   T26] MOSCHIP usb-ethernet driver: probe of 3-1:0.0 failed with error -71
[   37.877846][   T26] usb 3-1: USB disconnect, device number 2
[   37.883130][  T645] loop0: detected capacity change from 0 to 512
[   37.937914][  T645] EXT4-fs (loop0): mounted filesystem without journal. Opts: user_xattr,data_err=ignore,noblock_validity,,errors=continue. Quota mode: none.
[   37.956773][  T645] EXT4-fs (loop0): Couldn't remount RDWR because of unprocessed orphan inode list.  Please umount/remount instead
[   38.181220][  T654] netlink: 20 bytes leftover after parsing attributes in process `syz.0.94'.
[   38.326004][  T439] cdc_ncm 5-1:1.0: MAC-Address: 42:42:42:42:42:42
[   38.345009][  T439] cdc_ncm 5-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[   38.358063][  T439] cdc_ncm 5-1:1.0: setting rx_max = 2048
[   38.364734][  T657] device syzkaller0 entered promiscuous mode
[   38.397017][  T657] input input7: cannot allocate more than FF_MAX_EFFECTS effects
[   38.443531][  T669] loop0: detected capacity change from 0 to 512
[   38.460313][  T672] input: syz0 as /devices/virtual/input/input8
[   38.478081][  T676] FAULT_INJECTION: forcing a failure.
[   38.478081][  T676] name failslab, interval 1, probability 0, space 0, times 0
[   38.490641][  T676] CPU: 0 PID: 676 Comm: syz.2.103 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0
[   38.500171][  T676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   38.510066][  T676] Call Trace:
[   38.513187][  T676]  <TASK>
[   38.515969][  T676]  dump_stack_lvl+0x151/0x1b7
[   38.520478][  T676]  ? io_uring_drop_tctx_refs+0x190/0x190
[   38.525946][  T676]  dump_stack+0x15/0x17
[   38.529936][  T676]  should_fail+0x3c6/0x510
[   38.534191][  T676]  __should_failslab+0xa4/0xe0
[   38.538789][  T676]  ? __alloc_skb+0xbe/0x550
[   38.543128][  T676]  should_failslab+0x9/0x20
[   38.547468][  T676]  slab_pre_alloc_hook+0x37/0xd0
[   38.552244][  T676]  ? __alloc_skb+0xbe/0x550
[   38.556580][  T676]  kmem_cache_alloc+0x44/0x200
[   38.561182][  T676]  __alloc_skb+0xbe/0x550
[   38.565346][  T676]  audit_log_start+0x456/0xa80
[   38.569948][  T676]  ? ____kasan_slab_free+0x131/0x160
[   38.575070][  T676]  ? audit_serial+0x30/0x30
[   38.579410][  T676]  ? migrate_enable+0x1c1/0x2a0
[   38.584095][  T676]  ? proc_fail_nth_read+0x210/0x210
[   38.589129][  T676]  ? fsnotify_perm+0x6a/0x5d0
[   38.593643][  T676]  audit_seccomp+0x61/0x1e0
[   38.597987][  T676]  ? migrate_disable+0xd9/0x190
[   38.602675][  T676]  __seccomp_filter+0xc08/0x1c60
[   38.607444][  T676]  ? file_end_write+0x1c0/0x1c0
[   38.612132][  T676]  ? __secure_computing+0x300/0x300
[   38.617163][  T676]  ? mutex_unlock+0xb2/0x260
[   38.621590][  T676]  ? wait_for_completion_killable_timeout+0x10/0x10
[   38.628013][  T676]  ? __mutex_lock_slowpath+0x10/0x10
[   38.633137][  T676]  ? __kasan_check_write+0x14/0x20
[   38.638084][  T676]  ? switch_fpu_return+0x1ed/0x3d0
[   38.643030][  T676]  ? fpu_flush_thread+0xf0/0xf0
[   38.647715][  T676]  __secure_computing+0xf0/0x300
[   38.652489][  T676]  syscall_enter_from_user_mode+0xd5/0x1b0
[   38.658131][  T676]  do_syscall_64+0x1e/0xb0
[   38.662383][  T676]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   38.668110][  T676] RIP: 0033:0x7f0265852bd9
[   38.672365][  T676] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   38.691807][  T676] RSP: 002b:00007f0264ad4048 EFLAGS: 00000246 ORIG_RAX: 00000000000000bb
[   38.700051][  T676] RAX: ffffffffffffffda RBX: 00007f02659e0f60 RCX: 00007f0265852bd9
[   38.707867][  T676] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
[   38.715677][  T676] RBP: 00007f0264ad40a0 R08: 0000000000000000 R09: 0000000000000000
[   38.723484][  T676] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   38.731295][  T676] R13: 000000000000000b R14: 00007f02659e0f60 R15: 00007fff45528108
[   38.739112][  T676]  </TASK>
[   38.763803][  T669] EXT4-fs (loop0): orphan cleanup on readonly fs
[   38.776336][  T669] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #15: comm syz.0.100: corrupted in-inode xattr
[   38.899020][  T669] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz.0.100: couldn't read orphan inode 15 (err -117)
[   39.031605][  T669] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   39.056886][  T683] netlink: 8 bytes leftover after parsing attributes in process `syz.2.105'.
[   39.066577][  T669] UDC core: couldn't find an available UDC or it's busy: -16
[   39.073762][  T669] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[   39.087549][  T439] cdc_ncm 5-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.4-1, CDC NCM, 42:42:42:42:42:42
[   39.140509][  T439] usb 5-1: USB disconnect, device number 3
[   39.154201][  T439] cdc_ncm 5-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.4-1, CDC NCM
[   39.545930][  T310] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   39.698627][  T722] netlink: 20 bytes leftover after parsing attributes in process `syz.1.107'.
[   39.795920][  T310] usb 1-1: Using ep0 maxpacket: 8
[   39.835962][  T310] usb 1-1: too many configurations: 60, using maximum allowed: 8
[   40.140868][  T732] loop2: detected capacity change from 0 to 512
[   40.176018][  T310] usb 1-1: unable to read config index 0 descriptor/start: -61
[   40.183427][  T310] usb 1-1: can't read configurations, error -61
[   40.190124][  T732] EXT4-fs (loop2): Mount option "nouser_xattr" will be removed by 3.5
[   40.190124][  T732] Contact linux-ext4@vger.kernel.org if you think we should keep it.
[   40.190124][  T732] 
[   40.208252][  T732] EXT4-fs (loop2): Ignoring removed orlov option
[   40.214373][  T732] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   40.227496][  T732] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #15: comm syz.2.111: casefold flag without casefold feature
[   40.240210][  T732] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz.2.111: missing EA_INODE flag
[   40.251695][  T732] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.111: error while reading EA inode 12 err=-117
[   40.263874][  T732] EXT4-fs (loop2): 1 orphan inode deleted
[   40.269561][  T732] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_nolock,abort,init_itable=0x000000000000006a,nojournal_checksum,noinit_itable,nouser_xattr,usrjquota=,orlov,minixdf,resgid=0x0000000000000000,,errors=continue. Quota mode: none.
[   40.294300][   T30] kauditd_printk_skb: 41 callbacks suppressed
[   40.294315][   T30] audit: type=1400 audit(1720259767.931:228): avc:  denied  { create } for  pid=731 comm="syz.2.111" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[   40.322942][  T732] tipc: Can't bind to reserved service type 0
[   40.329109][   T30] audit: type=1400 audit(1720259767.971:229): avc:  denied  { rmdir } for  pid=731 comm="syz.2.111" name="file0" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[   40.350512][  T310] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[   40.350782][   T30] audit: type=1400 audit(1720259767.971:230): avc:  denied  { setopt } for  pid=731 comm="syz.2.111" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   40.377116][  T439] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[   40.384440][   T30] audit: type=1400 audit(1720259767.971:231): avc:  denied  { bind } for  pid=731 comm="syz.2.111" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   40.411012][  T736] loop1: detected capacity change from 0 to 512
[   40.451188][  T736] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[   40.465340][  T736] EXT4-fs (loop1): 1 truncate cleaned up
[   40.470926][  T736] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsold,usrjquota="errors=continue,noload,data_err=ignore,usrjquota="errors=continue,errors=remount-ro,noblock_validity,. Quota mode: writeback.
[   40.507040][   T30] audit: type=1326 audit(1720259768.151:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=741 comm="syz.2.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0265852bd9 code=0x7ffc0000
[   40.530512][   T30] audit: type=1326 audit(1720259768.151:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=741 comm="syz.2.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f0265852bd9 code=0x7ffc0000
[   40.560059][   T30] audit: type=1326 audit(1720259768.151:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=741 comm="syz.2.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0265852bd9 code=0x7ffc0000
[   40.585677][   T30] audit: type=1326 audit(1720259768.151:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=741 comm="syz.2.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=187 compat=0 ip=0x7f0265852bd9 code=0x7ffc0000
[   40.608741][  T310] usb 1-1: Using ep0 maxpacket: 8
[   40.613624][   T30] audit: type=1326 audit(1720259768.151:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=741 comm="syz.2.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0265852bd9 code=0x7ffc0000
[   40.636896][   T30] audit: type=1326 audit(1720259768.181:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=741 comm="syz.2.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0265852bd9 code=0x7ffc0000
[   40.662445][  T310] usb 1-1: too many configurations: 60, using maximum allowed: 8
[   40.678179][  T744] device pim6reg1 entered promiscuous mode
[   40.736264][  T751] FAULT_INJECTION: forcing a failure.
[   40.736264][  T751] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   40.749337][  T751] CPU: 0 PID: 751 Comm: syz.1.118 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0
[   40.758868][  T751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   40.768786][  T751] Call Trace:
[   40.771884][  T751]  <TASK>
[   40.774659][  T751]  dump_stack_lvl+0x151/0x1b7
[   40.779175][  T751]  ? io_uring_drop_tctx_refs+0x190/0x190
[   40.784642][  T751]  dump_stack+0x15/0x17
[   40.788633][  T751]  should_fail+0x3c6/0x510
[   40.792889][  T751]  should_fail_usercopy+0x1a/0x20
[   40.797746][  T751]  _copy_from_user+0x20/0xd0
[   40.802177][  T751]  __se_sys_memfd_create+0x131/0x3e0
[   40.807303][  T751]  __x64_sys_memfd_create+0x5b/0x70
[   40.812334][  T751]  do_syscall_64+0x3d/0xb0
[   40.816587][  T751]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   40.822315][  T751] RIP: 0033:0x7f3acc5b1bd9
[   40.826568][  T751] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   40.846012][  T751] RSP: 002b:00007f3acb832e28 EFLAGS: 00000206 ORIG_RAX: 000000000000013f
[   40.854258][  T751] RAX: ffffffffffffffda RBX: 000000000000044e RCX: 00007f3acc5b1bd9
[   40.862065][  T751] RDX: 00007f3acb832f00 RSI: 0000000000000000 RDI: 00007f3acc61fd24
[   40.869879][  T751] RBP: 0000000020000900 R08: 00007f3acb832bc7 R09: 00007f3acb832e50
[   40.877696][  T751] R10: 000000000000000a R11: 0000000000000206 R12: 0000000020000480
[   40.885498][  T751] R13: 00007f3acb832f00 R14: 00007f3acb832ec0 R15: 0000000020000000
[   40.893321][  T751]  </TASK>
[   40.972548][  T754] fuse: Bad value for 'group_id'
[   41.286287][  T752] netlink: 12 bytes leftover after parsing attributes in process `syz.2.116'.
[   41.356236][  T439] usb 5-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[   41.367889][  T310] usb 1-1: unable to read config index 0 descriptor/start: -61
[   41.375322][  T310] usb 1-1: can't read configurations, error -61
[   41.375441][  T439] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   41.381450][  T310] usb usb1-port1: attempt power cycle
[   41.408522][  T439] usb 5-1: config 0 descriptor??
[   41.567344][  T763] loop3: detected capacity change from 0 to 512
[   41.662675][  T767] fuse: Unknown parameter '0x000000000000000a'
[   41.704273][   T26] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   41.766546][  T728] blk_update_request: I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   41.776099][  T763] EXT4-fs (loop3): mounted filesystem without journal. Opts: user_xattr,data_err=ignore,noblock_validity,,errors=continue. Quota mode: none.
[   41.778121][  T728] FAT-fs (loop9): unable to read boot sector
[   41.811599][  T763] EXT4-fs (loop3): Couldn't remount RDWR because of unprocessed orphan inode list.  Please umount/remount instead
[   41.835898][  T310] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[   41.925972][  T310] usb 1-1: Using ep0 maxpacket: 8
[   41.966036][  T310] usb 1-1: too many configurations: 60, using maximum allowed: 8
[   41.985755][  T770] loop3: detected capacity change from 0 to 40427
[   42.077221][  T770] F2FS-fs (loop3): invalid crc value
[   42.086201][  T310] usb 1-1: unable to read config index 0 descriptor/start: -61
[   42.088650][  T770] F2FS-fs (loop3): Found nat_bits in checkpoint
[   42.093639][  T310] usb 1-1: can't read configurations, error -61
[   42.120917][  T770] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   42.136101][  T439] usb 5-1: Cannot read MAC address
[   42.146284][  T439] MOSCHIP usb-ethernet driver: probe of 5-1:0.0 failed with error -71
[   42.156986][   T26] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   42.182230][  T439] usb 5-1: USB disconnect, device number 4
[   42.223762][  T290] attempt to access beyond end of device
[   42.223762][  T290] loop3: rw=2049, want=45112, limit=40427
[   42.360438][  T777] loop2: detected capacity change from 0 to 1024
[   42.386033][   T26] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   42.395518][   T26] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   42.403722][   T26] usb 2-1: Product: syz
[   42.407773][   T26] usb 2-1: Manufacturer: syz
[   42.411027][  T777] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,debug_want_extra_isize=0x0000000000000082,data_err=abort,nodelalloc,data=ordered,init_itable=0x0000000000000003,usrquota,max_dir_size_kb=0x00000000000040d2,quota,,errors=continue. Quota mode: writeback.
[   42.412146][   T26] usb 2-1: SerialNumber: syz
[   42.515922][  T310] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[   42.588707][  T784] loop3: detected capacity change from 0 to 40427
[   42.666308][  T784] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[   42.673864][  T784] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[   42.682684][  T784] F2FS-fs (loop3): invalid crc value
[   42.693655][  T784] F2FS-fs (loop3): Found nat_bits in checkpoint
[   42.703680][  T789] device pim6reg1 entered promiscuous mode
[   42.716029][  T439] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   42.724714][  T784] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[   42.731658][  T784] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   42.765969][  T310] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   42.776813][  T310] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   42.786608][  T310] usb 1-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00
[   42.806210][  T310] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   42.817959][  T310] usb 1-1: config 0 descriptor??
[   42.940387][  T796] netlink: 48 bytes leftover after parsing attributes in process `syz.3.127'.
[   43.005947][  T439] usb 3-1: Using ep0 maxpacket: 32
[   43.024319][  T310] usbhid 1-1:0.0: can't add hid device: -22
[   43.031288][  T310] usbhid: probe of 1-1:0.0 failed with error -22
[   43.125974][  T439] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   43.136860][  T439] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   43.199591][  T800] netlink: 12 bytes leftover after parsing attributes in process `syz.4.131'.
[   43.358467][  T439] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[   43.367553][  T439] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[   43.376069][  T439] usb 3-1: Product: syz
[   43.380188][  T439] usb 3-1: Manufacturer: syz
[   43.384607][  T412] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[   43.393746][  T412] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[   43.436450][  T439] hub 3-1:4.0: USB hub found
[   43.491975][  T807] process 'syz.3.132' launched './file0' with NULL argv: empty string added
[   43.656000][  T439] hub 3-1:4.0: 2 ports detected
[   43.755990][   T26] cdc_ncm 2-1:1.0: MAC-Address: 42:42:42:42:42:42
[   43.762305][   T26] cdc_ncm 2-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[   43.769503][   T26] cdc_ncm 2-1:1.0: setting rx_max = 2048
[   44.067078][   T26] cdc_ncm 2-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.1-1, CDC NCM, 42:42:42:42:42:42
[   44.081144][   T26] usb 2-1: USB disconnect, device number 2
[   44.087771][   T26] cdc_ncm 2-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.1-1, CDC NCM
[   44.193670][  T825] fuse: Unknown parameter '0x000000000000000a'
[   44.505999][  T829] FAULT_INJECTION: forcing a failure.
[   44.505999][  T829] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   44.518921][  T829] CPU: 1 PID: 829 Comm: syz.3.138 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0
[   44.528399][  T829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   44.538295][  T829] Call Trace:
[   44.541421][  T829]  <TASK>
[   44.544199][  T829]  dump_stack_lvl+0x151/0x1b7
[   44.548716][  T829]  ? io_uring_drop_tctx_refs+0x190/0x190
[   44.554289][  T829]  dump_stack+0x15/0x17
[   44.558272][  T829]  should_fail+0x3c6/0x510
[   44.562523][  T829]  should_fail_usercopy+0x1a/0x20
[   44.567384][  T829]  _copy_from_user+0x20/0xd0
[   44.571811][  T829]  __se_sys_memfd_create+0x131/0x3e0
[   44.576930][  T829]  __x64_sys_memfd_create+0x5b/0x70
[   44.581964][  T829]  do_syscall_64+0x3d/0xb0
[   44.586220][  T829]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   44.591944][  T829] RIP: 0033:0x7f6f39e26bd9
[   44.596196][  T829] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   44.615798][  T829] RSP: 002b:00007f6f39066048 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[   44.624043][  T829] RAX: ffffffffffffffda RBX: 00007f6f39fb5110 RCX: 00007f6f39e26bd9
[   44.631852][  T829] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000020000180
[   44.639661][  T829] RBP: 00007f6f390660a0 R08: 0000000000000000 R09: 0000000000000000
[   44.647484][  T829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   44.655287][  T829] R13: 000000000000006e R14: 00007f6f39fb5110 R15: 00007ffe6e1e30d8
[   44.663105][  T829]  </TASK>
[   45.115974][  T439] hub 3-1:4.0: activate --> -90
[   45.155921][  T304] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[   45.181478][  T622] usb 1-1: USB disconnect, device number 7
[   45.195945][  T310] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   45.239666][  T841] FAULT_INJECTION: forcing a failure.
[   45.239666][  T841] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   45.252639][  T841] CPU: 0 PID: 841 Comm: syz.3.143 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0
[   45.262169][  T841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   45.272064][  T841] Call Trace:
[   45.275188][  T841]  <TASK>
[   45.277964][  T841]  dump_stack_lvl+0x151/0x1b7
[   45.282477][  T841]  ? io_uring_drop_tctx_refs+0x190/0x190
[   45.287947][  T841]  ? __stack_depot_save+0x34/0x470
[   45.292895][  T841]  ? kmem_cache_free+0x116/0x2e0
[   45.297666][  T841]  dump_stack+0x15/0x17
[   45.301655][  T841]  should_fail+0x3c6/0x510
[   45.305910][  T841]  should_fail_usercopy+0x1a/0x20
[   45.310771][  T841]  _copy_from_user+0x20/0xd0
[   45.315195][  T841]  iovec_from_user+0xc7/0x330
[   45.319713][  T841]  __import_iovec+0x6d/0x420
[   45.324137][  T841]  ? __ia32_sys_shutdown+0x70/0x70
[   45.329083][  T841]  import_iovec+0xe5/0x120
[   45.333338][  T841]  ___sys_sendmsg+0x215/0x2e0
[   45.337850][  T841]  ? __sys_sendmsg+0x260/0x260
[   45.342453][  T841]  ? __fdget+0x1bc/0x240
[   45.346529][  T841]  __se_sys_sendmsg+0x19a/0x260
[   45.351214][  T841]  ? __x64_sys_sendmsg+0x90/0x90
[   45.355989][  T841]  ? ksys_write+0x260/0x2c0
[   45.360329][  T841]  ? debug_smp_processor_id+0x17/0x20
[   45.365536][  T841]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   45.371438][  T841]  __x64_sys_sendmsg+0x7b/0x90
[   45.376038][  T841]  do_syscall_64+0x3d/0xb0
[   45.380289][  T841]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   45.386018][  T841] RIP: 0033:0x7f6f39e26bd9
[   45.390271][  T841] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   45.409809][  T841] RSP: 002b:00007f6f390a8048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   45.418054][  T841] RAX: ffffffffffffffda RBX: 00007f6f39fb4f60 RCX: 00007f6f39e26bd9
[   45.425951][  T841] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000006
[   45.433762][  T841] RBP: 00007f6f390a80a0 R08: 0000000000000000 R09: 0000000000000000
[   45.441573][  T841] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   45.449399][  T841] R13: 000000000000000b R14: 00007f6f39fb4f60 R15: 00007ffe6e1e30d8
[   45.457302][  T841]  </TASK>
[   45.637397][  T848] netlink: 12 bytes leftover after parsing attributes in process `syz.3.145'.
[   45.724158][  T849] loop0: detected capacity change from 0 to 256
[   45.760155][  T849] exfat: Deprecated parameter 'namecase'
[   45.766074][  T849] exfat: Deprecated parameter 'utf8'
[   45.821606][  T849] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfc6d8, utbl_chksum : 0xe619d30d)
[   45.871944][  T310] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   45.871992][  T304] usb 5-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[   45.891949][  T304] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   45.945748][  T304] usb 5-1: config 0 descriptor??
[   45.950146][   T30] kauditd_printk_skb: 8 callbacks suppressed
[   45.950157][   T30] audit: type=1400 audit(1720259773.591:246): avc:  denied  { relabelfrom } for  pid=776 comm="syz.2.126" name="" dev="pipefs" ino=16173 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[   45.953194][  T310] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   45.987964][  T310] usb 2-1: New USB device found, idVendor=056a, idProduct=0315, bcdDevice= 0.00
[   45.997388][  T310] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   46.005625][  T310] usb 2-1: config 0 descriptor??
[   46.198259][  T832] blk_update_request: I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   46.209031][  T832] FAT-fs (loop9): unable to read boot sector
[   46.246828][   T30] audit: type=1400 audit(1720259773.891:247): avc:  denied  { read } for  pid=833 comm="syz.1.140" name="usbmon7" dev="devtmpfs" ino=156 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   46.269833][   T30] audit: type=1400 audit(1720259773.891:248): avc:  denied  { read } for  pid=833 comm="syz.1.140" name="usbmon7" dev="devtmpfs" ino=156 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   46.293033][   T30] audit: type=1400 audit(1720259773.891:249): avc:  denied  { open } for  pid=833 comm="syz.1.140" path="/dev/usbmon7" dev="devtmpfs" ino=156 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   46.317791][   T30] audit: type=1400 audit(1720259773.891:250): avc:  denied  { open } for  pid=833 comm="syz.1.140" path="/dev/usbmon7" dev="devtmpfs" ino=156 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   46.352676][   T30] audit: type=1400 audit(1720259773.961:251): avc:  denied  { ioctl } for  pid=833 comm="syz.1.140" path="/dev/usbmon7" dev="devtmpfs" ino=156 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   46.377912][  T304] usb 5-1: Cannot read MAC address
[   46.382908][  T304] MOSCHIP usb-ethernet driver: probe of 5-1:0.0 failed with error -71
[   46.393795][  T304] usb 5-1: USB disconnect, device number 5
[   46.433132][   T30] audit: type=1400 audit(1720259774.071:252): avc:  denied  { map } for  pid=833 comm="syz.1.140" path="/dev/zero" dev="devtmpfs" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:zero_device_t tclass=chr_file permissive=1
[   46.545958][  T310] usbhid 2-1:0.0: can't add hid device: -71
[   46.551809][  T310] usbhid: probe of 2-1:0.0 failed with error -71
[   46.562897][  T310] usb 2-1: USB disconnect, device number 3
[   46.615935][   T30] audit: type=1326 audit(1720259774.231:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=869 comm="syz.0.151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70e789fbd9 code=0x7ffc0000
[   46.878000][   T30] audit: type=1326 audit(1720259774.231:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=869 comm="syz.0.151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70e789fbd9 code=0x7ffc0000
[   46.901210][   T30] audit: type=1326 audit(1720259774.241:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=869 comm="syz.0.151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=76 compat=0 ip=0x7f70e789fbd9 code=0x7ffc0000
[   46.937949][  T876] fuse: Unknown parameter '0x000000000000000a'
[   47.180302][   T39] usb 3-1: USB disconnect, device number 3
[   47.195964][  T439] usb 3-1-port2: cannot warm reset (err = -71)
[   47.237822][  T887] loop2: detected capacity change from 0 to 128
[   47.332962][  T887] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[   47.373470][  T887] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF
[   47.381991][  T310] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[   47.399796][  T887] FAT-fs (loop2): Filesystem has been set read-only
[   47.433647][  T898] netlink: 8 bytes leftover after parsing attributes in process `syz.0.161'.
[   47.475311][  T899] netlink: 12 bytes leftover after parsing attributes in process `syz.3.157'.
[   47.675985][   T39] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[   47.676014][  T439] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   47.925980][  T310] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   47.935983][  T310] usb 5-1: config 0 interface 0 altsetting 129 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   47.946764][  T310] usb 5-1: config 0 interface 0 altsetting 129 endpoint 0x81 has invalid wMaxPacketSize 0
[   47.956473][  T310] usb 5-1: config 0 interface 0 has no altsetting 0
[   47.962891][  T310] usb 5-1: New USB device found, idVendor=0c12, idProduct=0005, bcdDevice= 0.00
[   47.971768][  T310] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   47.980144][  T310] usb 5-1: config 0 descriptor??
[   48.046014][  T439] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   48.056874][   T39] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   48.067658][   T39] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   48.077268][   T39] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[   48.086337][   T39] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   48.094726][   T39] usb 3-1: config 0 descriptor??
[   48.225991][  T439] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   48.235033][  T439] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   48.242906][  T439] usb 2-1: Product: syz
[   48.246860][  T439] usb 2-1: Manufacturer: syz
[   48.251258][  T439] usb 2-1: SerialNumber: syz
[   48.432280][  T885] loop4: detected capacity change from 0 to 16
[   48.433052][  T914] loop0: detected capacity change from 0 to 256
[   48.446924][  T885] erofs: (device loop4): mounted with root inode @ nid 36.
[   48.454518][  T885] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[   48.464583][  T885] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -38 in[52, 4044] out[1851]
[   48.477069][   T26] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[   48.481474][  T914] FAT-fs (loop0): Directory bread(block 64) failed
[   48.484385][  T885] erofs: (device loop4): z_erofs_readpage: failed to read, err [-117]
[   48.491050][  T914] FAT-fs (loop0): Directory bread(block 65) failed
[   48.505297][  T914] FAT-fs (loop0): Directory bread(block 66) failed
[   48.511805][  T914] FAT-fs (loop0): Directory bread(block 67) failed
[   48.518632][  T914] FAT-fs (loop0): Directory bread(block 68) failed
[   48.524959][  T914] FAT-fs (loop0): Directory bread(block 69) failed
[   48.526769][  T310] zeroplus 0003:0C12:0005.0002: unknown main item tag 0x0
[   48.531614][  T914] FAT-fs (loop0): Directory bread(block 70) failed
[   48.540140][  T310] zeroplus 0003:0C12:0005.0002: unknown main item tag 0x0
[   48.544825][  T914] FAT-fs (loop0): Directory bread(block 71) failed
[   48.551675][  T310] zeroplus 0003:0C12:0005.0002: unknown main item tag 0x0
[   48.558066][  T914] FAT-fs (loop0): Directory bread(block 72) failed
[   48.565100][  T310] zeroplus 0003:0C12:0005.0002: unknown main item tag 0x0
[   48.571754][  T914] FAT-fs (loop0): Directory bread(block 73) failed
[   48.578430][  T310] zeroplus 0003:0C12:0005.0002: unknown main item tag 0x0
[   48.605136][  T310] zeroplus 0003:0C12:0005.0002: hidraw0: USB HID v0.00 Device [HID 0c12:0005] on usb-dummy_hcd.4-1/input0
[   48.619191][  T310] zeroplus 0003:0C12:0005.0002: no inputs found
[   48.744825][  T916] attempt to access beyond end of device
[   48.744825][  T916] loop0: rw=2049, want=1352, limit=256
[   48.769688][  T310] usb 5-1: USB disconnect, device number 6
[   48.836041][   T26] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[   48.845102][   T26] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   48.856453][   T26] usb 4-1: config 0 descriptor??
[   48.896299][   T39] usb 3-1: language id specifier not provided by device, defaulting to English
[   49.118916][  T887] netlink: 20 bytes leftover after parsing attributes in process `syz.2.156'.
[   49.185960][   T26] usb 4-1: Cannot read MAC address
[   49.191187][   T26] MOSCHIP usb-ethernet driver: probe of 4-1:0.0 failed with error -71
[   49.201880][   T26] usb 4-1: USB disconnect, device number 3
[   49.226065][   T39] uclogic 0003:256C:006D.0003: failed retrieving Huion firmware version: -71
[   49.234936][   T39] uclogic 0003:256C:006D.0003: failed probing parameters: -71
[   49.242343][   T39] uclogic: probe of 0003:256C:006D.0003 failed with error -71
[   49.254881][   T39] usb 3-1: USB disconnect, device number 4
[   49.374939][  T925] FAULT_INJECTION: forcing a failure.
[   49.374939][  T925] name failslab, interval 1, probability 0, space 0, times 0
[   49.385822][  T896] loop1: detected capacity change from 0 to 2048
[   49.406256][  T925] CPU: 1 PID: 925 Comm: syz.4.170 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0
[   49.415804][  T925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   49.425696][  T925] Call Trace:
[   49.428818][  T925]  <TASK>
[   49.431594][  T925]  dump_stack_lvl+0x151/0x1b7
[   49.436109][  T925]  ? io_uring_drop_tctx_refs+0x190/0x190
[   49.441580][  T925]  dump_stack+0x15/0x17
[   49.445567][  T925]  should_fail+0x3c6/0x510
[   49.449821][  T925]  __should_failslab+0xa4/0xe0
[   49.454423][  T925]  ? __alloc_skb+0xbe/0x550
[   49.458762][  T925]  should_failslab+0x9/0x20
[   49.463103][  T925]  slab_pre_alloc_hook+0x37/0xd0
[   49.467874][  T925]  ? __alloc_skb+0xbe/0x550
[   49.472213][  T925]  kmem_cache_alloc+0x44/0x200
[   49.476813][  T925]  __alloc_skb+0xbe/0x550
[   49.480980][  T925]  audit_log_start+0x456/0xa80
[   49.485578][  T925]  ? ____kasan_slab_free+0x131/0x160
[   49.490701][  T925]  ? audit_serial+0x30/0x30
[   49.495041][  T925]  ? migrate_enable+0x1c1/0x2a0
[   49.499727][  T925]  audit_seccomp+0x61/0x1e0
[   49.504067][  T925]  __seccomp_filter+0xc08/0x1c60
[   49.508843][  T925]  ? file_end_write+0x1c0/0x1c0
[   49.513529][  T925]  ? __secure_computing+0x300/0x300
[   49.518562][  T925]  ? mutex_unlock+0xb2/0x260
[   49.522988][  T925]  ? wait_for_completion_killable_timeout+0x10/0x10
[   49.529413][  T925]  ? __mutex_lock_slowpath+0x10/0x10
[   49.534532][  T925]  ? __kasan_check_write+0x14/0x20
[   49.539479][  T925]  ? fput_many+0x160/0x1b0
[   49.543731][  T925]  ? ksys_write+0x260/0x2c0
[   49.548074][  T925]  __secure_computing+0xf0/0x300
[   49.552847][  T925]  syscall_enter_from_user_mode+0xd5/0x1b0
[   49.558488][  T925]  do_syscall_64+0x1e/0xb0
[   49.562740][  T925]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   49.568469][  T925] RIP: 0033:0x7f50ca7aabd9
[   49.572725][  T925] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   49.592162][  T925] RSP: 002b:00007f50c9a2c048 EFLAGS: 00000246 ORIG_RAX: 00000000000000bb
[   49.600406][  T925] RAX: ffffffffffffffda RBX: 00007f50ca938f60 RCX: 00007f50ca7aabd9
[   49.608227][  T925] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[   49.616035][  T925] RBP: 00007f50c9a2c0a0 R08: 0000000000000000 R09: 0000000000000000
[   49.623842][  T925] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   49.631652][  T925] R13: 000000000000000b R14: 00007f50ca938f60 R15: 00007ffe139f1c98
[   49.639471][  T925]  </TASK>
[   49.688125][  T896] EXT4-fs (loop1): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,,errors=continue. Quota mode: none.
[   49.693652][  T931] netlink: 8 bytes leftover after parsing attributes in process `syz.4.172'.
[   49.702156][  T896] ext4 filesystem being mounted at /33/file0 supports timestamps until 2038 (0x7fffffff)
[   49.734148][  T896] fs-verity: sha512 using implementation "sha512-avx2"
[   49.755944][  T439] cdc_ncm 2-1:1.0: bind() failure
[   49.761886][  T439] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[   49.775906][  T439] cdc_ncm 2-1:1.1: bind() failure
[   49.783318][  T937] FAULT_INJECTION: forcing a failure.
[   49.783318][  T937] name failslab, interval 1, probability 0, space 0, times 0
[   49.806462][  T439] usb 2-1: USB disconnect, device number 4
[   49.854345][  T937] CPU: 1 PID: 937 Comm: syz.0.168 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0
[   49.863895][  T937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   49.873797][  T937] Call Trace:
[   49.877024][  T937]  <TASK>
[   49.879776][  T937]  dump_stack_lvl+0x151/0x1b7
[   49.884288][  T937]  ? io_uring_drop_tctx_refs+0x190/0x190
[   49.889758][  T937]  ? __kasan_check_write+0x14/0x20
[   49.894702][  T937]  dump_stack+0x15/0x17
[   49.898695][  T937]  should_fail+0x3c6/0x510
[   49.902947][  T937]  __should_failslab+0xa4/0xe0
[   49.907551][  T937]  should_failslab+0x9/0x20
[   49.911886][  T937]  slab_pre_alloc_hook+0x37/0xd0
[   49.916661][  T937]  kmem_cache_alloc_trace+0x48/0x210
[   49.921782][  T937]  ? __se_sys_io_uring_setup+0x38d/0x3670
[   49.927338][  T937]  __se_sys_io_uring_setup+0x38d/0x3670
[   49.932718][  T937]  ? __kasan_check_write+0x14/0x20
[   49.937666][  T937]  ? mutex_unlock+0xb2/0x260
[   49.942094][  T937]  ? __mutex_lock_slowpath+0x10/0x10
[   49.947394][  T937]  ? __kasan_check_write+0x14/0x20
[   49.952338][  T937]  ? fput_many+0x160/0x1b0
[   49.956589][  T937]  ? __x64_sys_io_uring_setup+0x70/0x70
[   49.961969][  T937]  ? debug_smp_processor_id+0x17/0x20
[   49.967175][  T937]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   49.973079][  T937]  __x64_sys_io_uring_setup+0x5b/0x70
[   49.978285][  T937]  do_syscall_64+0x3d/0xb0
[   49.982540][  T937]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   49.988267][  T937] RIP: 0033:0x7f70e789fbd9
[   49.992521][  T937] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   50.012309][  T937] RSP: 002b:00007f70e6adefd8 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[   50.020561][  T937] RAX: ffffffffffffffda RBX: 00007f70e7a2e110 RCX: 00007f70e789fbd9
[   50.028455][  T937] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 000000000000247a
[   50.036261][  T937] RBP: 0000000020000140 R08: 0000000000000000 R09: 0000000000000000
[   50.044073][  T937] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000001
[   50.051885][  T937] R13: 00000000200001c0 R14: 000000000000247a R15: 0000000000000000
[   50.059703][  T937]  </TASK>
[   50.091969][  T948] loop3: detected capacity change from 0 to 256
[   50.155637][  T948] FAT-fs (loop3): Directory bread(block 64) failed
[   50.162301][  T948] FAT-fs (loop3): Directory bread(block 65) failed
[   50.169773][  T948] FAT-fs (loop3): Directory bread(block 66) failed
[   50.176445][  T948] FAT-fs (loop3): Directory bread(block 67) failed
[   50.183023][  T948] FAT-fs (loop3): Directory bread(block 68) failed
[   50.189584][  T948] FAT-fs (loop3): Directory bread(block 69) failed
[   50.196087][  T948] FAT-fs (loop3): Directory bread(block 70) failed
[   50.202917][  T948] FAT-fs (loop3): Directory bread(block 71) failed
[   50.210166][  T948] FAT-fs (loop3): Directory bread(block 72) failed
[   50.216995][  T948] FAT-fs (loop3): Directory bread(block 73) failed
[   50.418895][  T954] netlink: 12 bytes leftover after parsing attributes in process `syz.2.176'.
[   50.662175][  T961] attempt to access beyond end of device
[   50.662175][  T961] loop3: rw=2049, want=1352, limit=256
[   51.336187][   T30] kauditd_printk_skb: 173 callbacks suppressed
[   51.336253][   T30] audit: type=1326 audit(1720259778.861:427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=957 comm="syz.0.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70e789fbd9 code=0x7ffc0000
[   51.415233][   T30] audit: type=1326 audit(1720259778.861:428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=957 comm="syz.0.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70e789fbd9 code=0x7ffc0000
[   51.417003][  T963] netlink: 8 bytes leftover after parsing attributes in process `syz.1.182'.
[   51.448611][   T30] audit: type=1326 audit(1720259778.861:429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=957 comm="syz.0.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f70e789fbd9 code=0x7ffc0000
[   51.472508][   T30] audit: type=1326 audit(1720259778.861:430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=957 comm="syz.0.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70e789fbd9 code=0x7ffc0000
[   51.519555][   T30] audit: type=1326 audit(1720259778.861:431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=957 comm="syz.0.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70e789fbd9 code=0x7ffc0000
[   51.554616][  T968] netlink: 8 bytes leftover after parsing attributes in process `syz.4.184'.
[   51.604802][   T30] audit: type=1326 audit(1720259778.861:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=957 comm="syz.0.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f70e789fbd9 code=0x7ffc0000
[   51.651373][   T30] audit: type=1326 audit(1720259778.861:433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=957 comm="syz.0.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70e789fbd9 code=0x7ffc0000
[   51.677616][   T30] audit: type=1326 audit(1720259778.861:434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=957 comm="syz.0.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70e789fbd9 code=0x7ffc0000
[   51.766610][   T30] audit: type=1326 audit(1720259778.861:435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=957 comm="syz.0.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=105 compat=0 ip=0x7f70e789fbd9 code=0x7ffc0000
[   51.790561][   T30] audit: type=1326 audit(1720259778.861:436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=957 comm="syz.0.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70e789fbd9 code=0x7ffc0000
[   51.916064][  T304] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[   52.295976][  T304] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[   52.304858][  T304] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   52.313219][  T304] usb 1-1: config 0 descriptor??
[   52.424191][  T997] loop2: detected capacity change from 0 to 256
[   52.490754][  T997] FAT-fs (loop2): Directory bread(block 64) failed
[   52.497176][  T997] FAT-fs (loop2): Directory bread(block 65) failed
[   52.503526][  T997] FAT-fs (loop2): Directory bread(block 66) failed
[   52.509944][  T997] FAT-fs (loop2): Directory bread(block 67) failed
[   52.516434][  T997] FAT-fs (loop2): Directory bread(block 68) failed
[   52.522793][  T997] FAT-fs (loop2): Directory bread(block 69) failed
[   52.529234][  T997] FAT-fs (loop2): Directory bread(block 70) failed
[   52.535561][  T997] FAT-fs (loop2): Directory bread(block 71) failed
[   52.542000][  T997] FAT-fs (loop2): Directory bread(block 72) failed
[   52.548241][  T997] FAT-fs (loop2): Directory bread(block 73) failed
[   52.625953][   T39] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[   52.666086][  T304] usb 1-1: Cannot read MAC address
[   52.671251][  T304] MOSCHIP usb-ethernet driver: probe of 1-1:0.0 failed with error -71
[   52.689940][  T304] usb 1-1: USB disconnect, device number 8
[   52.702770][  T999] attempt to access beyond end of device
[   52.702770][  T999] loop2: rw=2049, want=1352, limit=256
[   53.884980][   T39] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   55.626087][   T39] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   55.635038][   T39] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   55.655912][   T39] usb 4-1: Product: syz
[   55.725952][   T39] usb 4-1: can't set config #1, error -71
[   55.732745][   T39] usb 4-1: USB disconnect, device number 4
[   56.003838][ T1038] netlink: 12 bytes leftover after parsing attributes in process `syz.0.198'.
[   56.230875][ T1045] netlink: 12 bytes leftover after parsing attributes in process `syz.2.204'.
[   56.725910][   T39] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[   56.755904][   T60] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[   56.805911][  T918] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[   57.085984][   T39] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   57.115957][   T60] usb 2-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[   57.124824][   T60] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   57.142206][   T60] usb 2-1: config 0 descriptor??
[   57.150173][   T30] kauditd_printk_skb: 89 callbacks suppressed
[   57.150187][   T30] audit: type=1326 audit(1720259784.791:526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1066 comm="syz.3.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f39e26bd9 code=0x7ffc0000
[   57.179552][   T30] audit: type=1326 audit(1720259784.791:527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1066 comm="syz.3.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f39e26bd9 code=0x7ffc0000
[   57.203085][  T918] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   57.204361][   T30] audit: type=1326 audit(1720259784.791:528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1066 comm="syz.3.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=76 compat=0 ip=0x7f6f39e26bd9 code=0x7ffc0000
[   57.237217][   T30] audit: type=1326 audit(1720259784.791:529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1066 comm="syz.3.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f39e26bd9 code=0x7ffc0000
[   57.260575][   T30] audit: type=1326 audit(1720259784.791:530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1066 comm="syz.3.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f6f39e26bd9 code=0x7ffc0000
[   57.284146][   T30] audit: type=1326 audit(1720259784.791:531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1066 comm="syz.3.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f39e26bd9 code=0x7ffc0000
[   57.307483][   T39] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   57.307640][   T30] audit: type=1326 audit(1720259784.791:532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1066 comm="syz.3.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f6f39e26bd9 code=0x7ffc0000
[   57.316655][   T39] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   57.316919][   T39] usb 1-1: Product: syz
[   57.350470][   T30] audit: type=1326 audit(1720259784.791:533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1066 comm="syz.3.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f39e26bd9 code=0x7ffc0000
[   57.361345][   T39] usb 1-1: Manufacturer: syz
[   57.374620][   T30] audit: type=1326 audit(1720259784.791:534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1066 comm="syz.3.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f6f39e26bd9 code=0x7ffc0000
[   57.401883][   T30] audit: type=1326 audit(1720259784.791:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1066 comm="syz.3.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f39e26bd9 code=0x7ffc0000
[   57.426099][   T39] usb 1-1: SerialNumber: syz
[   57.435990][  T918] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   57.444821][  T918] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   57.452745][  T918] usb 5-1: Product: syz
[   57.456717][  T918] usb 5-1: Manufacturer: syz
[   57.461047][  T918] usb 5-1: SerialNumber: syz
[   57.686005][   T60] usb 2-1: Cannot read MAC address
[   57.691072][   T60] MOSCHIP usb-ethernet driver: probe of 2-1:0.0 failed with error -71
[   57.699872][   T60] usb 2-1: USB disconnect, device number 5
[   58.502219][ T1086] netlink: 12 bytes leftover after parsing attributes in process `syz.3.219'.
[   58.580648][ T1090] loop2: detected capacity change from 0 to 512
[   58.617801][ T1090] EXT4-fs (loop2): Quota format mount options ignored when QUOTA feature is enabled
[   58.637866][ T1090] EXT4-fs (loop2): mounted filesystem without journal. Opts: noauto_da_alloc,jqfmt=vfsold,noquota,min_batch_time=0x0000000000000003,delalloc,,errors=continue. Quota mode: writeback.
[   58.656119][ T1090] ext4 filesystem being mounted at /47/file0 supports timestamps until 2038 (0x7fffffff)
[   58.669903][ T1090] EXT4-fs error (device loop2): ext4_xattr_block_get:546: inode #15: comm syz.2.220: corrupted xattr block 32
[   58.681747][ T1090] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=15
[   58.690862][ T1090] EXT4-fs error (device loop2): ext4_xattr_block_get:546: inode #15: comm syz.2.220: corrupted xattr block 32
[   58.702764][ T1090] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=15
[   58.712542][ T1090] EXT4-fs error (device loop2): __ext4_new_inode:1282: comm syz.2.220: failed to insert inode 16: doubly allocated?
[   58.811519][ T1056] loop4: detected capacity change from 0 to 2048
[   58.908903][ T1101] netlink: 12 bytes leftover after parsing attributes in process `syz.2.221'.
[   58.910190][ T1056] EXT4-fs (loop4): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,,errors=continue. Quota mode: none.
[   58.926123][   T39] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[   58.937907][ T1056] ext4 filesystem being mounted at /44/file0 supports timestamps until 2038 (0x7fffffff)
[   58.955837][   T39] cdc_ncm 1-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[   58.977230][   T39] cdc_ncm 1-1:1.0: setting rx_max = 2048
[   58.986046][  T918] cdc_ncm 5-1:1.0: bind() failure
[   58.992050][  T918] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found
[   59.090709][  T918] cdc_ncm 5-1:1.1: bind() failure
[   59.108512][  T918] usb 5-1: USB disconnect, device number 7
[   59.354042][ T1111] device pim6reg1 entered promiscuous mode
[   59.417204][   T39] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM, 42:42:42:42:42:42
[   59.433633][   T39] usb 1-1: USB disconnect, device number 9
[   59.441188][   T39] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM
[   59.605819][ T1146] loop3: detected capacity change from 0 to 16
[   59.621612][ T1146] erofs: (device loop3): erofs_read_inode: unsupported chunk format 7fff of nid 36
[   59.915906][   T60] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[   59.966007][  T304] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[   59.992910][ T1162] FAULT_INJECTION: forcing a failure.
[   59.992910][ T1162] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   60.006158][ T1162] CPU: 0 PID: 1162 Comm: syz.4.231 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0
[   60.015865][ T1162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   60.026002][ T1162] Call Trace:
[   60.029113][ T1162]  <TASK>
[   60.031893][ T1162]  dump_stack_lvl+0x151/0x1b7
[   60.036414][ T1162]  ? io_uring_drop_tctx_refs+0x190/0x190
[   60.041886][ T1162]  ? __wake_up_klogd+0xd5/0x110
[   60.046560][ T1162]  dump_stack+0x15/0x17
[   60.050550][ T1162]  should_fail+0x3c6/0x510
[   60.054807][ T1162]  should_fail_usercopy+0x1a/0x20
[   60.059664][ T1162]  _copy_to_user+0x20/0x90
[   60.064003][ T1162]  simple_read_from_buffer+0xc7/0x150
[   60.069303][ T1162]  proc_fail_nth_read+0x1a3/0x210
[   60.074161][ T1162]  ? proc_fault_inject_write+0x390/0x390
[   60.079627][ T1162]  ? fsnotify_perm+0x470/0x5d0
[   60.084227][ T1162]  ? security_file_permission+0x86/0xb0
[   60.089624][ T1162]  ? proc_fault_inject_write+0x390/0x390
[   60.095080][ T1162]  vfs_read+0x27d/0xd40
[   60.099072][ T1162]  ? kernel_read+0x1f0/0x1f0
[   60.103496][ T1162]  ? __kasan_check_write+0x14/0x20
[   60.108446][ T1162]  ? mutex_lock+0xb6/0x1e0
[   60.112698][ T1162]  ? wait_for_completion_killable_timeout+0x10/0x10
[   60.119121][ T1162]  ? __fdget_pos+0x2e7/0x3a0
[   60.123546][ T1162]  ? ksys_read+0x77/0x2c0
[   60.127713][ T1162]  ksys_read+0x199/0x2c0
[   60.131789][ T1162]  ? bpf_trace_run1+0x1c0/0x1c0
[   60.136478][ T1162]  ? vfs_write+0x1110/0x1110
[   60.140903][ T1162]  ? __bpf_trace_sys_enter+0x62/0x70
[   60.146025][ T1162]  __x64_sys_read+0x7b/0x90
[   60.150365][ T1162]  do_syscall_64+0x3d/0xb0
[   60.154617][ T1162]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   60.160344][ T1162] RIP: 0033:0x7f50ca7a96bc
[   60.164598][ T1162] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48
[   60.184042][ T1162] RSP: 002b:00007f50c99ea040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   60.192284][ T1162] RAX: ffffffffffffffda RBX: 00007f50ca939110 RCX: 00007f50ca7a96bc
[   60.200097][ T1162] RDX: 000000000000000f RSI: 00007f50c99ea0b0 RDI: 000000000000000d
[   60.207906][ T1162] RBP: 00007f50c99ea0a0 R08: 0000000000000000 R09: 0000000000000000
[   60.215719][ T1162] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   60.223529][ T1162] R13: 000000000000006e R14: 00007f50ca939110 R15: 00007ffe139f1c98
[   60.231346][ T1162]  </TASK>
[   60.910617][ T1172] fuse: Unknown parameter '0x000000000000000a'
[   60.976218][   T60] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[   60.985606][   T60] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   61.122662][  T310] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[   61.165956][  T304] usb 4-1: Using ep0 maxpacket: 8
[   61.179763][   T60] usb 3-1: config 0 descriptor??
[   61.185922][ T1175] netlink: 20 bytes leftover after parsing attributes in process `syz.0.237'.
[   61.325940][  T304] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   61.416142][  T304] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   61.425072][  T304] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[   61.433280][  T304] usb 4-1: SerialNumber: syz
[   61.439206][ T1148] blk_update_request: I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   61.454246][ T1148] FAT-fs (loop5): unable to read boot sector
[   61.478091][ T1184] netlink: 12 bytes leftover after parsing attributes in process `syz.0.240'.
[   61.485986][  T310] usb 2-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[   61.496309][  T304] cdc_ether 4-1:1.0: invalid descriptor buffer length
[   61.504436][  T304] usb 4-1: bad CDC descriptors
[   61.509211][  T310] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   61.523882][  T310] usb 2-1: config 0 descriptor??
[   61.555941][   T60] usb 3-1: Cannot read MAC address
[   61.561018][   T60] MOSCHIP usb-ethernet driver: probe of 3-1:0.0 failed with error -71
[   61.573288][   T60] usb 3-1: USB disconnect, device number 5
[   61.689453][   T20] usb 4-1: USB disconnect, device number 5
[   61.770958][ T1158] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   61.781874][ T1158] FAT-fs (loop3): unable to read boot sector
[   61.885964][  T310] usb 2-1: Cannot read MAC address
[   61.890966][  T310] MOSCHIP usb-ethernet driver: probe of 2-1:0.0 failed with error -71
[   61.900175][  T310] usb 2-1: USB disconnect, device number 6
[   62.063439][ T1187] loop2: detected capacity change from 0 to 256
[   62.138397][ T1187] FAT-fs (loop2): Directory bread(block 64) failed
[   62.144891][ T1187] FAT-fs (loop2): Directory bread(block 65) failed
[   62.151578][ T1187] FAT-fs (loop2): Directory bread(block 66) failed
[   62.158241][ T1187] FAT-fs (loop2): Directory bread(block 67) failed
[   62.164607][ T1187] FAT-fs (loop2): Directory bread(block 68) failed
[   62.170975][ T1187] FAT-fs (loop2): Directory bread(block 69) failed
[   62.177618][ T1187] FAT-fs (loop2): Directory bread(block 70) failed
[   62.184048][ T1187] FAT-fs (loop2): Directory bread(block 71) failed
[   62.190663][ T1187] FAT-fs (loop2): Directory bread(block 72) failed
[   62.224628][ T1187] FAT-fs (loop2): Directory bread(block 73) failed
[   62.316135][   T30] kauditd_printk_skb: 49 callbacks suppressed
[   62.316174][   T30] audit: type=1326 audit(1720259789.901:585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1188 comm="syz.4.242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50ca7aabd9 code=0x7ffc0000
[   62.399397][   T30] audit: type=1326 audit(1720259789.901:586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1188 comm="syz.4.242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50ca7aabd9 code=0x7ffc0000
[   62.489973][   T30] audit: type=1326 audit(1720259789.901:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1188 comm="syz.4.242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f50ca7aabd9 code=0x7ffc0000
[   62.513173][   T30] audit: type=1326 audit(1720259789.911:588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1188 comm="syz.4.242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50ca7aabd9 code=0x7ffc0000
[   62.536333][   T30] audit: type=1326 audit(1720259789.911:589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1188 comm="syz.4.242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50ca7aabd9 code=0x7ffc0000
[   62.559482][   T30] audit: type=1326 audit(1720259789.911:590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1188 comm="syz.4.242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f50ca7aabd9 code=0x7ffc0000
[   62.583213][   T30] audit: type=1326 audit(1720259789.911:591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1188 comm="syz.4.242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50ca7aabd9 code=0x7ffc0000
[   63.478792][ T1200] attempt to access beyond end of device
[   63.478792][ T1200] loop2: rw=2049, want=1352, limit=256
[   63.628277][   T30] audit: type=1326 audit(1720259789.911:592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1188 comm="syz.4.242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50ca7aabd9 code=0x7ffc0000
[   63.684261][   T30] audit: type=1326 audit(1720259789.911:593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1188 comm="syz.4.242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=105 compat=0 ip=0x7f50ca7aabd9 code=0x7ffc0000
[   63.733953][   T30] audit: type=1326 audit(1720259789.911:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1188 comm="syz.4.242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50ca7aabd9 code=0x7ffc0000
[   63.775926][   T20] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[   63.823437][ T1212] netlink: 20 bytes leftover after parsing attributes in process `syz.4.248'.
[   63.869880][ T1215] loop2: detected capacity change from 0 to 2048
[   63.873089][ T1217] loop4: detected capacity change from 0 to 512
[   63.939850][ T1217] EXT4-fs (loop4): Quota format mount options ignored when QUOTA feature is enabled
[   63.939861][ T1215] EXT4-fs (loop2): couldn't mount as ext3 due to feature incompatibilities
[   63.983087][ T1217] EXT4-fs (loop4): mounted filesystem without journal. Opts: noauto_da_alloc,jqfmt=vfsold,noquota,min_batch_time=0x0000000000000003,delalloc,,errors=continue. Quota mode: writeback.
[   64.001414][ T1217] ext4 filesystem being mounted at /53/file0 supports timestamps until 2038 (0x7fffffff)
[   64.012654][ T1217] EXT4-fs error (device loop4): ext4_xattr_block_get:546: inode #15: comm syz.4.250: corrupted xattr block 32
[   64.029485][ T1217] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop4 ino=15
[   64.038103][ T1209] loop0: detected capacity change from 0 to 40427
[   64.044668][ T1217] EXT4-fs error (device loop4): ext4_xattr_block_get:546: inode #15: comm syz.4.250: corrupted xattr block 32
[   64.056835][ T1217] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop4 ino=15
[   64.067156][ T1217] EXT4-fs error (device loop4): __ext4_new_inode:1282: comm syz.4.250: failed to insert inode 16: doubly allocated?
[   64.122443][ T1209] F2FS-fs (loop0): invalid crc value
[   64.143063][ T1209] F2FS-fs (loop0): Wrong journal entry on segno 65538
[   64.149880][ T1209] F2FS-fs (loop0): Failed to initialize F2FS segment manager (-117)
[   64.157817][   T20] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   64.305948][   T39] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[   64.326005][   T20] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   64.334863][   T20] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   64.352848][   T20] usb 4-1: Product: syz
[   64.356860][   T20] usb 4-1: Manufacturer: syz
[   64.361446][   T20] usb 4-1: SerialNumber: syz
[   64.555911][  T312] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[   64.572559][ T1215] loop2: detected capacity change from 0 to 131072
[   64.657177][ T1215] F2FS-fs (loop2): invalid crc value
[   64.675174][ T1215] F2FS-fs (loop2): Found nat_bits in checkpoint
[   64.685968][   T39] usb 2-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[   64.694993][   T39] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   64.703929][   T39] usb 2-1: config 0 descriptor??
[   64.706719][ T1215] F2FS-fs (loop2): Cannot turn on quotas: -2 on 0
[   64.715338][ T1215] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[   64.853795][ T1238] loop2: detected capacity change from 0 to 1024
[   64.915972][  T312] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   64.926090][  T312] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[   64.930809][ T1238] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,debug_want_extra_isize=0x0000000000000082,data_err=abort,nodelalloc,data=ordered,init_itable=0x0000000000000003,usrquota,max_dir_size_kb=0x00000000000040d2,quota,,errors=continue. Quota mode: writeback.
[   64.937088][  T312] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[   64.976450][ T1222] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   64.995922][ T1222] FAT-fs (loop3): unable to read boot sector
[   65.001801][  T312] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[   65.012370][  T312] usb 1-1: config 1 interface 2 has no altsetting 0
[   65.020335][ T1241] loop4: detected capacity change from 0 to 512
[   65.107920][ T1241] EXT4-fs (loop4): Quota format mount options ignored when QUOTA feature is enabled
[   65.125978][   T39] usb 2-1: Cannot read MAC address
[   65.127384][ T1241] EXT4-fs (loop4): mounted filesystem without journal. Opts: noauto_da_alloc,jqfmt=vfsold,noquota,min_batch_time=0x0000000000000003,delalloc,,errors=continue. Quota mode: writeback.
[   65.131007][   T39] MOSCHIP usb-ethernet driver: probe of 2-1:0.0 failed with error -71
[   65.149255][ T1241] ext4 filesystem being mounted at /55/file0 supports timestamps until 2038 (0x7fffffff)
[   65.159980][   T39] usb 2-1: USB disconnect, device number 7
[   65.179263][ T1241] EXT4-fs error (device loop4): ext4_xattr_block_get:546: inode #15: comm syz.4.255: corrupted xattr block 32
[   65.186012][  T312] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   65.191063][ T1241] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop4 ino=15
[   65.199614][  T312] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   65.208893][ T1241] EXT4-fs error (device loop4): ext4_xattr_block_get:546: inode #15: comm syz.4.255: corrupted xattr block 32
[   65.216170][  T312] usb 1-1: Product: syz
[   65.228619][ T1241] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop4 ino=15
[   65.234523][  T312] usb 1-1: Manufacturer: syz
[   65.241379][ T1241] EXT4-fs error (device loop4): __ext4_new_inode:1282: comm syz.4.255: failed to insert inode 16: doubly allocated?
[   65.244778][  T312] usb 1-1: SerialNumber: syz
[   65.325956][  T622] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[   65.586031][  T622] usb 3-1: Using ep0 maxpacket: 32
[   65.616068][   T20] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42
[   65.622327][   T20] cdc_ncm 4-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[   65.629647][   T20] cdc_ncm 4-1:1.0: setting rx_max = 2048
[   65.726041][  T312] usb 1-1: selecting invalid altsetting 0
[   65.734018][  T312] usb 1-1: USB disconnect, device number 10
[   65.745954][  T622] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   65.759682][  T622] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   65.815192][ T1257] loop1: detected capacity change from 0 to 256
[   65.830505][ T1257] FAT-fs (loop1): Directory bread(block 64) failed
[   65.840855][ T1257] FAT-fs (loop1): Directory bread(block 65) failed
[   65.847818][ T1257] FAT-fs (loop1): Directory bread(block 66) failed
[   65.854184][ T1257] FAT-fs (loop1): Directory bread(block 67) failed
[   65.860797][ T1257] FAT-fs (loop1): Directory bread(block 68) failed
[   65.867369][ T1257] FAT-fs (loop1): Directory bread(block 69) failed
[   65.874208][ T1257] FAT-fs (loop1): Directory bread(block 70) failed
[   65.880605][ T1257] FAT-fs (loop1): Directory bread(block 71) failed
[   65.887455][  T622] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[   65.896538][  T622] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[   65.904824][ T1257] FAT-fs (loop1): Directory bread(block 72) failed
[   65.911367][  T622] usb 3-1: Product: syz
[   65.915451][  T622] usb 3-1: Manufacturer: syz
[   65.915727][ T1257] FAT-fs (loop1): Directory bread(block 73) failed
[   65.968310][  T622] hub 3-1:4.0: USB hub found
[   65.976084][   T20] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM, 42:42:42:42:42:42
[   65.988610][   T20] usb 4-1: USB disconnect, device number 6
[   65.996618][   T20] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM
[   66.077928][ T1267] attempt to access beyond end of device
[   66.077928][ T1267] loop1: rw=2049, want=1352, limit=256
[   66.246026][  T622] hub 3-1:4.0: 2 ports detected
[   66.468051][ T1280] netlink: 20 bytes leftover after parsing attributes in process `syz.0.260'.
[   66.757667][ T1302] loop3: detected capacity change from 0 to 16
[   66.777617][ T1302] erofs: (device loop3): erofs_read_inode: unsupported chunk format 7fff of nid 36
[   67.144354][ T1310] netlink: 8 bytes leftover after parsing attributes in process `syz.0.268'.
[   67.153074][  T482] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[   67.395951][  T482] usb 4-1: Using ep0 maxpacket: 8
[   67.516012][  T482] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   67.533131][ T1317] loop4: detected capacity change from 0 to 512
[   67.605990][  T482] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   67.614901][  T482] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[   67.622880][  T622] hub 3-1:4.0: activate --> -90
[   67.628452][ T1317] EXT4-fs (loop4): Quota format mount options ignored when QUOTA feature is enabled
[   67.642051][  T482] usb 4-1: SerialNumber: syz
[   67.657497][ T1317] EXT4-fs (loop4): mounted filesystem without journal. Opts: noauto_da_alloc,jqfmt=vfsold,noquota,min_batch_time=0x0000000000000003,delalloc,,errors=continue. Quota mode: writeback.
[   67.676853][ T1317] ext4 filesystem being mounted at /61/file0 supports timestamps until 2038 (0x7fffffff)
[   67.687535][ T1324] FAULT_INJECTION: forcing a failure.
[   67.687535][ T1324] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   67.694425][ T1317] EXT4-fs error (device loop4): ext4_xattr_block_get:546: inode #15: comm syz.4.271: corrupted xattr block 32
[   67.700804][  T482] cdc_ether 4-1:1.0: invalid descriptor buffer length
[   67.713972][ T1317] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop4 ino=15
[   67.719108][  T482] usb 4-1: bad CDC descriptors
[   67.727298][ T1324] CPU: 0 PID: 1324 Comm: syz.1.273 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0
[   67.732907][ T1317] EXT4-fs error (device loop4): ext4_xattr_block_get:546: inode #15: comm syz.4.271: corrupted xattr block 32
[   67.741418][ T1324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   67.741430][ T1324] Call Trace:
[   67.741434][ T1324]  <TASK>
[   67.741439][ T1324]  dump_stack_lvl+0x151/0x1b7
[   67.741459][ T1324]  ? io_uring_drop_tctx_refs+0x190/0x190
[   67.741477][ T1324]  ? arch_stack_walk+0xf3/0x140
[   67.741494][ T1324]  dump_stack+0x15/0x17
[   67.741509][ T1324]  should_fail+0x3c6/0x510
[   67.741527][ T1324]  should_fail_usercopy+0x1a/0x20
[   67.741542][ T1324]  _copy_from_user+0x20/0xd0
[   67.741555][ T1324]  iovec_from_user+0xc7/0x330
[   67.741572][ T1324]  __import_iovec+0x6d/0x420
[   67.741587][ T1324]  ? __ia32_sys_shutdown+0x70/0x70
[   67.741606][ T1324]  import_iovec+0xe5/0x120
[   67.741624][ T1324]  ___sys_sendmsg+0x215/0x2e0
[   67.741641][ T1324]  ? __sys_sendmsg+0x260/0x260
[   67.754195][ T1317] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop4 ino=15
[   67.762950][ T1324]  ? bpf_ringbuf_query+0xdd/0x130
[   67.762976][ T1324]  ? __kasan_check_write+0x14/0x20
[   67.762993][ T1324]  ? proc_fail_nth_write+0x20b/0x290
[   67.767357][ T1317] EXT4-fs error (device loop4): __ext4_new_inode:1282: comm syz.4.271: failed to insert inode 16: doubly allocated?
[   67.769115][ T1324]  ? __fdget+0x1bc/0x240
[   67.769135][ T1324]  __sys_sendmmsg+0x2bf/0x530
[   67.872838][ T1324]  ? __ia32_sys_sendmsg+0x90/0x90
[   67.877691][ T1324]  ? mutex_unlock+0xb2/0x260
[   67.882117][ T1324]  ? __kasan_check_write+0x14/0x20
[   67.887067][ T1324]  ? debug_smp_processor_id+0x17/0x20
[   67.892270][ T1324]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   67.898175][ T1324]  __x64_sys_sendmmsg+0xa0/0xb0
[   67.902861][ T1324]  do_syscall_64+0x3d/0xb0
[   67.907112][ T1324]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   67.912840][ T1324] RIP: 0033:0x7f3acc5b1bd9
[   67.917097][ T1324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   67.936621][ T1324] RSP: 002b:00007f3acb833048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   67.944868][ T1324] RAX: ffffffffffffffda RBX: 00007f3acc73ff60 RCX: 00007f3acc5b1bd9
[   67.952681][ T1324] RDX: 0000000000000001 RSI: 0000000020002fc0 RDI: 000000000000000a
[   67.960491][ T1324] RBP: 00007f3acb8330a0 R08: 0000000000000000 R09: 0000000000000000
[   67.968302][ T1324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   67.976112][ T1324] R13: 000000000000000b R14: 00007f3acc73ff60 R15: 00007ffc7d18c858
[   67.983930][ T1324]  </TASK>
[   67.995624][  T482] usb 4-1: USB disconnect, device number 7
[   68.706034][   T30] kauditd_printk_skb: 24 callbacks suppressed
[   68.706088][   T30] audit: type=1326 audit(1720259796.281:619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1327 comm="syz.4.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50ca7aabd9 code=0x7ffc0000
[   68.750360][   T30] audit: type=1326 audit(1720259796.281:620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1327 comm="syz.4.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50ca7aabd9 code=0x7ffc0000
[   68.773843][   T30] audit: type=1326 audit(1720259796.281:621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1327 comm="syz.4.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f50ca7aabd9 code=0x7ffc0000
[   68.796930][ T1204] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[   68.798656][   T30] audit: type=1326 audit(1720259796.291:622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1327 comm="syz.4.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50ca7aabd9 code=0x7ffc0000
[   68.827441][   T30] audit: type=1326 audit(1720259796.291:623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1327 comm="syz.4.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50ca7aabd9 code=0x7ffc0000
[   68.850678][   T30] audit: type=1326 audit(1720259796.291:624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1327 comm="syz.4.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f50ca7aabd9 code=0x7ffc0000
[   68.888541][   T30] audit: type=1326 audit(1720259796.291:625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1327 comm="syz.4.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50ca7aabd9 code=0x7ffc0000
[   68.917507][ T1338] loop1: detected capacity change from 0 to 256
[   68.924205][   T30] audit: type=1326 audit(1720259796.291:626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1327 comm="syz.4.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50ca7aabd9 code=0x7ffc0000
[   68.960063][ T1338] FAT-fs (loop1): Directory bread(block 64) failed
[   68.972813][ T1338] FAT-fs (loop1): Directory bread(block 65) failed
[   68.982077][   T30] audit: type=1326 audit(1720259796.291:627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1327 comm="syz.4.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=105 compat=0 ip=0x7f50ca7aabd9 code=0x7ffc0000
[   68.999229][ T1338] FAT-fs (loop1): Directory bread(block 66) failed
[   69.008154][   T30] audit: type=1326 audit(1720259796.291:628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1327 comm="syz.4.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50ca7aabd9 code=0x7ffc0000
[   69.011658][ T1338] FAT-fs (loop1): Directory bread(block 67) failed
[   69.040935][ T1338] FAT-fs (loop1): Directory bread(block 68) failed
[   69.047481][ T1338] FAT-fs (loop1): Directory bread(block 69) failed
[   69.053821][ T1338] FAT-fs (loop1): Directory bread(block 70) failed
[   69.060226][ T1338] FAT-fs (loop1): Directory bread(block 71) failed
[   69.066526][ T1338] FAT-fs (loop1): Directory bread(block 72) failed
[   69.073080][ T1338] FAT-fs (loop1): Directory bread(block 73) failed
[   69.155951][ T1343] netlink: 20 bytes leftover after parsing attributes in process `syz.4.278'.
[   69.182416][ T1344] loop3: detected capacity change from 0 to 2048
[   69.237336][ T1344]  loop3: p2 p3 p7
[   69.266079][ T1204] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   69.271785][ T1346] attempt to access beyond end of device
[   69.271785][ T1346] loop1: rw=2049, want=1352, limit=256
[   69.308034][ T1344] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=54867 sclass=netlink_route_socket pid=1344 comm=syz.3.279
[   69.466013][ T1204] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   69.467101][  T320] udevd[320]: inotify_add_watch(7, /dev/loop3p7, 10) failed: No such file or directory
[   69.475562][  T313] udevd[313]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory
[   69.494180][ T1204] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   69.495456][  T542] udevd[542]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory
[   69.502634][ T1204] usb 1-1: Product: syz
[   69.518042][ T1204] usb 1-1: Manufacturer: syz
[   69.522654][ T1204] usb 1-1: SerialNumber: syz
[   69.715947][   T39] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[   69.850982][  T312] usb 3-1: USB disconnect, device number 6
[   69.865968][  T622] usb 3-1-port2: cannot warm reset (err = -71)
[   70.078664][ T1360] netlink: 12 bytes leftover after parsing attributes in process `syz.2.284'.
[   70.185922][ T1201] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[   70.206020][   T39] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   70.395992][   T39] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   70.404922][   T39] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   70.412723][   T39] usb 4-1: Product: syz
[   70.416712][   T39] usb 4-1: Manufacturer: syz
[   70.421065][   T39] usb 4-1: SerialNumber: syz
[   70.565954][ T1201] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   70.766401][ T1201] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   70.775510][ T1201] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   70.789255][ T1201] usb 5-1: Product: syz
[   70.815984][ T1204] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[   70.822237][ T1204] cdc_ncm 1-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[   70.829845][ T1204] cdc_ncm 1-1:1.0: setting rx_max = 2048
[   70.833275][ T1201] usb 5-1: Manufacturer: syz
[   70.840042][ T1201] usb 5-1: SerialNumber: syz
[   70.960708][ T1373] fuse: Unknown parameter 'grou00000000000000000000'
[   71.125991][  T312] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[   71.147147][ T1204] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM, 42:42:42:42:42:42
[   71.160689][ T1204] usb 1-1: USB disconnect, device number 11
[   71.167079][ T1204] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM
[   71.565969][  T312] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 64
[   71.575615][  T312] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1024
[   71.638790][   T39] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42
[   71.664015][ T1378] loop0: detected capacity change from 0 to 16
[   71.674085][   T39] cdc_ncm 4-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[   71.681529][   T39] cdc_ncm 4-1:1.0: setting rx_max = 2048
[   71.735989][  T312] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   71.741878][ T1378] erofs: (device loop0): erofs_read_inode: unsupported chunk format 7fff of nid 36
[   71.748217][  T312] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   71.762355][  T312] usb 2-1: Product: syz
[   71.766392][  T312] usb 2-1: Manufacturer: 
[   71.770766][  T312] usb 2-1: SerialNumber: syz
[   71.947280][   T39] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM, 42:42:42:42:42:42
[   71.958659][   T39] usb 4-1: USB disconnect, device number 8
[   71.964507][   T39] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM
[   72.030945][ T1400] netlink: 20 bytes leftover after parsing attributes in process `syz.2.292'.
[   72.095976][ T1201] cdc_ncm 5-1:1.0: MAC-Address: 42:42:42:42:42:42
[   72.102316][ T1201] cdc_ncm 5-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[   72.109475][ T1201] cdc_ncm 5-1:1.0: setting rx_max = 2048
[   72.115961][   T20] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[   72.275977][  T312] cdc_ncm 2-1:1.0: bind() failure
[   72.281558][  T312] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[   72.288322][  T312] cdc_ncm 2-1:1.1: bind() failure
[   72.294492][  T312] usb 2-1: USB disconnect, device number 8
[   72.355909][   T20] usb 1-1: Using ep0 maxpacket: 8
[   72.377040][ T1201] cdc_ncm 5-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.4-1, CDC NCM, 42:42:42:42:42:42
[   72.389679][ T1201] usb 5-1: USB disconnect, device number 8
[   72.397002][ T1201] cdc_ncm 5-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.4-1, CDC NCM
[   72.476483][   T20] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   72.502540][ T1440] netlink: 8 bytes leftover after parsing attributes in process `syz.3.293'.
[   72.524585][ T1447] loop3: detected capacity change from 0 to 256
[   72.542499][ T1447] FAT-fs (loop3): Directory bread(block 64) failed
[   72.549479][ T1447] FAT-fs (loop3): Directory bread(block 65) failed
[   72.555727][ T1447] FAT-fs (loop3): Directory bread(block 66) failed
[   72.562339][ T1447] FAT-fs (loop3): Directory bread(block 67) failed
[   72.569033][   T20] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   72.575986][ T1447] FAT-fs (loop3): Directory bread(block 68) failed
[   72.578138][   T20] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[   72.584518][ T1447] FAT-fs (loop3): Directory bread(block 69) failed
[   72.592965][   T20] usb 1-1: SerialNumber: syz
[   72.599366][ T1447] FAT-fs (loop3): Directory bread(block 70) failed
[   72.609986][ T1447] FAT-fs (loop3): Directory bread(block 71) failed
[   72.616308][ T1447] FAT-fs (loop3): Directory bread(block 72) failed
[   72.622585][ T1447] FAT-fs (loop3): Directory bread(block 73) failed
[   72.636278][   T20] cdc_ether 1-1:1.0: invalid descriptor buffer length
[   72.644024][   T20] usb 1-1: bad CDC descriptors
[   72.798394][ T1453] attempt to access beyond end of device
[   72.798394][ T1453] loop3: rw=2049, want=1352, limit=256
[   73.268312][    T6] usb 1-1: USB disconnect, device number 12
[   73.936681][ T1461] FAULT_INJECTION: forcing a failure.
[   73.936681][ T1461] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   73.949662][ T1461] CPU: 0 PID: 1461 Comm: syz.4.299 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0
[   73.959286][ T1461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   73.969178][ T1461] Call Trace:
[   73.972312][ T1461]  <TASK>
[   73.975077][ T1461]  dump_stack_lvl+0x151/0x1b7
[   73.979676][ T1461]  ? io_uring_drop_tctx_refs+0x190/0x190
[   73.985144][ T1461]  ? __stack_depot_save+0x34/0x470
[   73.990102][ T1461]  ? kmem_cache_free+0x116/0x2e0
[   73.994865][ T1461]  dump_stack+0x15/0x17
[   73.998856][ T1461]  should_fail+0x3c6/0x510
[   74.003110][ T1461]  should_fail_usercopy+0x1a/0x20
[   74.007972][ T1461]  _copy_from_user+0x20/0xd0
[   74.012406][ T1461]  iovec_from_user+0xc7/0x330
[   74.016910][ T1461]  __import_iovec+0x6d/0x420
[   74.021336][ T1461]  ? __ia32_sys_shutdown+0x70/0x70
[   74.026293][ T1461]  import_iovec+0xe5/0x120
[   74.030538][ T1461]  ___sys_sendmsg+0x215/0x2e0
[   74.035052][ T1461]  ? __sys_sendmsg+0x260/0x260
[   74.039666][ T1461]  ? __fdget+0x1bc/0x240
[   74.043731][ T1461]  __se_sys_sendmsg+0x19a/0x260
[   74.048424][ T1461]  ? __x64_sys_sendmsg+0x90/0x90
[   74.053191][ T1461]  ? ksys_write+0x260/0x2c0
[   74.057538][ T1461]  ? debug_smp_processor_id+0x17/0x20
[   74.062737][ T1461]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   74.068640][ T1461]  __x64_sys_sendmsg+0x7b/0x90
[   74.073239][ T1461]  do_syscall_64+0x3d/0xb0
[   74.077493][ T1461]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   74.083220][ T1461] RIP: 0033:0x7f50ca7aabd9
[   74.087473][ T1461] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   74.106921][ T1461] RSP: 002b:00007f50c9a2c048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   74.115169][ T1461] RAX: ffffffffffffffda RBX: 00007f50ca938f60 RCX: 00007f50ca7aabd9
[   74.122972][ T1461] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 000000000000000a
[   74.130782][ T1461] RBP: 00007f50c9a2c0a0 R08: 0000000000000000 R09: 0000000000000000
[   74.138593][ T1461] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   74.146404][ T1461] R13: 000000000000000b R14: 00007f50ca938f60 R15: 00007ffe139f1c98
[   74.154222][ T1461]  </TASK>
[   74.297495][   T30] kauditd_printk_skb: 13 callbacks suppressed
[   74.297510][   T30] audit: type=1326 audit(1720259801.941:642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1469 comm="syz.4.301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50ca7aabd9 code=0x7ffc0000
[   74.379291][   T30] audit: type=1326 audit(1720259801.941:643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1469 comm="syz.4.301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50ca7aabd9 code=0x7ffc0000
[   74.454395][   T30] audit: type=1326 audit(1720259801.971:644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1469 comm="syz.4.301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=251 compat=0 ip=0x7f50ca7aabd9 code=0x7ffc0000
[   74.477841][   T30] audit: type=1326 audit(1720259801.971:645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1469 comm="syz.4.301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50ca7aabd9 code=0x7ffc0000
[   74.549041][ T1475] netlink: 12 bytes leftover after parsing attributes in process `syz.3.297'.
[   74.552006][   T30] audit: type=1326 audit(1720259801.971:646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1469 comm="syz.4.301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50ca7aabd9 code=0x7ffc0000
[   74.583079][   T30] audit: type=1326 audit(1720259802.221:647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1471 comm="syz.1.302" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3acc5b1bd9 code=0x7ffc0000
[   74.608671][   T30] audit: type=1326 audit(1720259802.221:648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1471 comm="syz.1.302" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3acc5b1bd9 code=0x7ffc0000
[   74.694612][ T1484] fuse: Unknown parameter '0x000000000000000a'
[   74.777174][ T1483] netlink: 8 bytes leftover after parsing attributes in process `syz.1.305'.
[   74.870240][   T30] audit: type=1326 audit(1720259802.221:649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1471 comm="syz.1.302" exe="/root/syz-executor" sig=0 arch=c000003e syscall=251 compat=0 ip=0x7f3acc5b1bd9 code=0x7ffc0000
[   74.893383][   T30] audit: type=1326 audit(1720259802.221:650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1471 comm="syz.1.302" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3acc5b1bd9 code=0x7ffc0000
[   74.955436][ T1490] loop2: detected capacity change from 0 to 256
[   74.961889][   T30] audit: type=1326 audit(1720259802.221:651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1471 comm="syz.1.302" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3acc5b1bd9 code=0x7ffc0000
[   75.002905][ T1494] FAULT_INJECTION: forcing a failure.
[   75.002905][ T1494] name failslab, interval 1, probability 0, space 0, times 0
[   75.015578][ T1494] CPU: 0 PID: 1494 Comm: syz.3.310 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0
[   75.025200][ T1494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   75.035095][ T1494] Call Trace:
[   75.038216][ T1494]  <TASK>
[   75.040994][ T1494]  dump_stack_lvl+0x151/0x1b7
[   75.045507][ T1494]  ? io_uring_drop_tctx_refs+0x190/0x190
[   75.050975][ T1494]  dump_stack+0x15/0x17
[   75.054964][ T1494]  should_fail+0x3c6/0x510
[   75.059229][ T1494]  __should_failslab+0xa4/0xe0
[   75.063821][ T1494]  ? __alloc_skb+0xbe/0x550
[   75.068160][ T1494]  should_failslab+0x9/0x20
[   75.072505][ T1494]  slab_pre_alloc_hook+0x37/0xd0
[   75.077272][ T1494]  ? __alloc_skb+0xbe/0x550
[   75.081611][ T1494]  kmem_cache_alloc+0x44/0x200
[   75.086214][ T1494]  __alloc_skb+0xbe/0x550
[   75.090379][ T1494]  audit_log_start+0x456/0xa80
[   75.095064][ T1494]  ? ____kasan_slab_free+0x131/0x160
[   75.100187][ T1494]  ? audit_serial+0x30/0x30
[   75.104526][ T1494]  ? migrate_enable+0x1c1/0x2a0
[   75.109220][ T1494]  ? proc_fail_nth_read+0x210/0x210
[   75.114245][ T1494]  ? fsnotify_perm+0x6a/0x5d0
[   75.118759][ T1494]  audit_seccomp+0x61/0x1e0
[   75.123098][ T1494]  ? migrate_disable+0xd9/0x190
[   75.127785][ T1494]  __seccomp_filter+0xc08/0x1c60
[   75.132567][ T1494]  ? file_end_write+0x1c0/0x1c0
[   75.137422][ T1494]  ? __secure_computing+0x300/0x300
[   75.142609][ T1494]  ? mutex_unlock+0xb2/0x260
[   75.147034][ T1494]  ? wait_for_completion_killable_timeout+0x10/0x10
[   75.153457][ T1494]  ? __mutex_lock_slowpath+0x10/0x10
[   75.158573][ T1494]  ? __kasan_check_write+0x14/0x20
[   75.163525][ T1494]  ? fput_many+0x160/0x1b0
[   75.167776][ T1494]  ? ksys_write+0x260/0x2c0
[   75.172140][ T1494]  __secure_computing+0xf0/0x300
[   75.176887][ T1494]  syscall_enter_from_user_mode+0xd5/0x1b0
[   75.182531][ T1494]  do_syscall_64+0x1e/0xb0
[   75.186782][ T1494]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   75.192510][ T1494] RIP: 0033:0x7f6f39e26bd9
[   75.196765][ T1494] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.216216][ T1494] RSP: 002b:00007f6f390a8048 EFLAGS: 00000246 ORIG_RAX: 00000000000000bb
[   75.224458][ T1494] RAX: ffffffffffffffda RBX: 00007f6f39fb4f60 RCX: 00007f6f39e26bd9
[   75.232268][ T1494] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
[   75.240101][ T1494] RBP: 00007f6f390a80a0 R08: 0000000000000000 R09: 0000000000000000
[   75.247883][ T1494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   75.255695][ T1494] R13: 000000000000000b R14: 00007f6f39fb4f60 R15: 00007ffe6e1e30d8
[   75.263512][ T1494]  </TASK>
[   75.492121][    T6] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[   75.513222][ T1490] FAT-fs (loop2): Directory bread(block 64) failed
[   75.527135][ T1490] FAT-fs (loop2): Directory bread(block 65) failed
[   75.536088][ T1490] FAT-fs (loop2): Directory bread(block 66) failed
[   75.544831][ T1490] FAT-fs (loop2): Directory bread(block 67) failed
[   75.552211][ T1490] FAT-fs (loop2): Directory bread(block 68) failed
[   75.559391][ T1490] FAT-fs (loop2): Directory bread(block 69) failed
[   75.565907][ T1490] FAT-fs (loop2): Directory bread(block 70) failed
[   75.572246][ T1490] FAT-fs (loop2): Directory bread(block 71) failed
[   75.578820][ T1490] FAT-fs (loop2): Directory bread(block 72) failed
[   75.582952][ T1504] device pim6reg1 entered promiscuous mode
[   75.585184][ T1490] FAT-fs (loop2): Directory bread(block 73) failed
[   75.666786][ T1506] loop3: detected capacity change from 0 to 16
[   75.737600][ T1506] erofs: (device loop3): erofs_read_inode: unsupported chunk format 7fff of nid 36
[   75.744765][ T1509] attempt to access beyond end of device
[   75.744765][ T1509] loop2: rw=2049, want=1352, limit=256
[   75.836379][  T304] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[   75.935989][    T6] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   76.011578][ T1515] netlink: 8 bytes leftover after parsing attributes in process `syz.1.317'.
[   76.116028][    T6] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   76.125110][    T6] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   76.137592][    T6] usb 1-1: Product: syz
[   76.141639][    T6] usb 1-1: Manufacturer: syz
[   76.146353][    T6] usb 1-1: SerialNumber: syz
[   76.165463][ T1525] netlink: 8 bytes leftover after parsing attributes in process `syz.2.320'.
[   76.176053][  T330] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[   76.254645][ T1533] fuse: Unknown parameter '~ootmode'
[   76.275968][  T304] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 64
[   76.285639][  T304] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1024
[   76.314327][ T1535] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
[   76.325871][ T1535] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[   76.334114][ T1535] CPU: 1 PID: 1535 Comm: syz.2.323 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0
[   76.343749][ T1535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   76.353644][ T1535] RIP: 0010:step_into+0x1b6/0xe70
[   76.358508][ T1535] Code: 20 0f 85 99 0a 00 00 44 8b 3b 43 80 3c 2c 00 74 0a 48 8b 7c 24 18 e8 09 bd f3 ff 48 8b 9c 24 b8 00 00 00 48 89 d8 48 c1 e8 03 <42> 0f b6 04 28 84 c0 0f 85 86 0a 00 00 8b 1b 89 de 81 e6 00 00 07
[   76.378036][ T1535] RSP: 0018:ffffc90000c97800 EFLAGS: 00010246
[   76.383928][ T1535] RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000040000
[   76.391742][ T1535] RDX: ffffc90002174000 RSI: 00000000000001fe RDI: 00000000000001ff
[   76.399552][ T1535] RBP: ffffc90000c97930 R08: ffffffff81beb400 R09: ffffed1024645ae5
[   76.407364][ T1535] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff92000192f17
[   76.415174][ T1535] R13: dffffc0000000000 R14: ffffc90000c97b20 R15: 0000000000000000
[   76.416001][  T330] usb 4-1: Using ep0 maxpacket: 8
[   76.423189][ T1535] FS:  00007f0264ab36c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[   76.423217][ T1535] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   76.423229][ T1535] CR2: 00007f0264ab2fa8 CR3: 0000000133e06000 CR4: 00000000003506a0
[   76.451053][ T1535] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   76.455979][  T304] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   76.458862][ T1535] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   76.458878][ T1535] Call Trace:
[   76.458883][ T1535]  <TASK>
[   76.458892][ T1535]  ? __die_body+0x62/0xb0
[   76.467993][  T304] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   76.475528][ T1535]  ? die_addr+0x9f/0xd0
[   76.479223][  T304] usb 5-1: Product: syz
[   76.481426][ T1535]  ? exc_general_protection+0x311/0x4b0
[   76.485593][  T304] usb 5-1: Manufacturer: 
[   76.493405][ T1535]  ? dentry_free+0xbf/0x160
[   76.493424][ T1535]  ? asm_exc_general_protection+0x27/0x30
[   76.493443][ T1535]  ? step_into+0x160/0xe70
[   76.493459][ T1535]  ? step_into+0x1b6/0xe70
[   76.493476][ T1535]  ? set_root+0x400/0x400
[   76.493492][ T1535]  walk_component+0x359/0x610
[   76.497911][  T304] usb 5-1: SerialNumber: syz
[   76.501387][ T1535]  ? nd_alloc_stack+0xf0/0xf0
[   76.545971][  T330] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   76.547220][ T1535]  ? handle_lookup_down+0x130/0x130
[   76.562148][ T1535]  path_lookupat+0x16d/0x450
[   76.566571][ T1535]  filename_lookup+0x230/0x5c0
[   76.571170][ T1535]  ? hashlen_string+0x120/0x120
[   76.575862][ T1535]  ? getname_flags+0x1fd/0x520
[   76.580459][ T1535]  user_path_at_empty+0x43/0x1a0
[   76.585229][ T1535]  path_removexattr+0xb3/0x320
[   76.589833][ T1535]  ? bpf_trace_run1+0x1c0/0x1c0
[   76.594516][ T1535]  ? listxattr+0x300/0x300
[   76.598768][ T1535]  ? debug_smp_processor_id+0x17/0x20
[   76.603979][ T1535]  ? fpregs_assert_state_consistent+0xb6/0xe0
[   76.609880][ T1535]  ? exit_to_user_mode_prepare+0x39/0xa0
[   76.615360][ T1535]  ? irqentry_exit_to_user_mode+0x17/0x20
[   76.620905][ T1535]  ? irqentry_exit+0x12/0x40
[   76.625330][ T1535]  ? exc_page_fault+0x47a/0x830
[   76.630020][ T1535]  __x64_sys_lremovexattr+0x5d/0x70
[   76.635050][ T1535]  do_syscall_64+0x3d/0xb0
[   76.635992][  T330] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   76.639302][ T1535]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   76.639323][ T1535] RIP: 0033:0x7f0265852bd9
[   76.648250][  T330] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[   76.653884][ T1535] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.659166][  T330] usb 4-1: SerialNumber: syz
[   76.665947][ T1535] RSP: 002b:00007f0264ab3048 EFLAGS: 00000246 ORIG_RAX: 00000000000000c6
[   76.665969][ T1535] RAX: ffffffffffffffda RBX: 00007f02659e1038 RCX: 00007f0265852bd9
[   76.665981][ T1535] RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000020000580
[   76.665995][ T1535] RBP: 00007f02658c1aa1 R08: 0000000000000000 R09: 0000000000000000
[   76.666006][ T1535] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   76.727577][  T330] cdc_ether 4-1:1.0: invalid descriptor buffer length
[   76.729306][ T1535] R13: 000000000000006e R14: 00007f02659e1038 R15: 00007fff45528108
[   76.735953][  T330] usb 4-1: bad CDC descriptors
[   76.743719][ T1535]  </TASK>
[   76.743725][ T1535] Modules linked in:
[   76.754972][ T1535] ---[ end trace f11b3469ba85c739 ]---
[   76.760543][ T1535] RIP: 0010:step_into+0x1b6/0xe70
[   76.767172][ T1535] Code: 20 0f 85 99 0a 00 00 44 8b 3b 43 80 3c 2c 00 74 0a 48 8b 7c 24 18 e8 09 bd f3 ff 48 8b 9c 24 b8 00 00 00 48 89 d8 48 c1 e8 03 <42> 0f b6 04 28 84 c0 0f 85 86 0a 00 00 8b 1b 89 de 81 e6 00 00 07
[   76.786920][ T1535] RSP: 0018:ffffc90000c97800 EFLAGS: 00010246
[   76.792888][ T1535] RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000040000
[   76.800727][ T1535] RDX: ffffc90002174000 RSI: 00000000000001fe RDI: 00000000000001ff
[   76.808490][ T1535] RBP: ffffc90000c97930 R08: ffffffff81beb400 R09: ffffed1024645ae5
[   76.816295][ T1535] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff92000192f17
[   76.824051][ T1535] R13: dffffc0000000000 R14: ffffc90000c97b20 R15: 0000000000000000
[   76.832027][ T1535] FS:  00007f0264ab36c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[   76.840809][ T1535] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   76.847319][ T1535] CR2: 0000000020001080 CR3: 0000000133e06000 CR4: 00000000003506b0
[   76.855100][ T1535] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   76.863211][ T1535] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   76.871119][ T1535] Kernel panic - not syncing: Fatal exception
[   76.877067][ T1535] Kernel Offset: disabled
[   76.881191][ T1535] Rebooting in 86400 seconds..