last executing test programs:

18.611027406s ago: executing program 0 (id=1):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = eventfd(0x0)
r5 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000100)={r5, 0x0, 0x2, r4})
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000040)={r5, 0x0, 0x2, r4})

18.347533797s ago: executing program 0 (id=9):
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f0000000240), 0x1, 0x787, &(0x7f0000001000)="$eJzs3ctrXNUfAPDvnSRNk/b3SwRB6yogaKB0YmpsFVxUXIhgoaBr22EyDTWTTMlMShMCtojgRlBxIeimax9159bHVv8LF9JSNS1WXEjkzqOdNjPppM3MBPL5wMmcc++dnPOdcx/nzr3MDWDPmkj/ZCIORcRHScRYfXoSEUPV3GDEidpyt9fX8mlKYmPjzT+S6jK31tfy0fSe1IF64cmI+PH9iMOZzfWWV1bnc8ViYalenqosnJ8qr6weObeQmyvMFRaPTc/MHD3+wvFjOxfrX7+sHrz+8WvPfnPin/eeuPrhT0mciIP1ec1x7JSJmKh/JkPpR3iPV3e6sj5L+t0AHkq6aQ7UtvI4FGMxUM21MdLLlgEA3fJuRGwAAHtM4vgPAHtM43uAW+tr+Ubq7zcSvXXjlYjYX4u/cX2zNmewfs1uf/U66Oit5J4rI0lEjO9A/RMR8cV3b3+Vpqj3g2tpQC9cuhwRZ8YnNu//k033LGzXc1vN3BiuvkzcN3mvHX+gn75Pxz8vthr/Ze6Mf6LF+Ge4xbb7MB68/Weu7UA1baXjv5eb7m273RR/3fhAvfS/6phvKDl7rlhI923/j4jJGBpOy9PVRVuP3CZv/nuzXf3N478/P3nny7T+9PXuEplrg8P3vmc2V8k9atwNNy5HPDXYKv7kTv8nbca/pzqs4/WXPvi83bw0/jTeRtocf3dtXIl4pmX/3+3LZMv7E6eqq8NUY6Vo4dtfPxttV39z/6cprb9xLtALaf+Pbh3/eNJ8v2Z5+3X8fGXsh3bzHhx/6/V/X/JWNb+vPu1irlJZmo7Yl7yxefrRu+9tlBvLp/FPPt16+69V23r9T88Jz3QY/+D1379++Pi7K41/dlv9v/3M1dvzA+3q76z/Z6q5yfqUTvZ/nTbwUT47AAAAAAAAAAAAAAAAAAAAAAAAAOhUJiIORpLJ3slnMtls7Rnej8doplgqVw6fLS0vzkb1WdnjMZRp/NTlWNPvoU7Xfw+/UT56X/n5iHgsIj4dHqmWs/lScbbfwQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA3YE2z/9P/Tbc79YBAF2zv98NAAB6zvEfAPae7R3/R7rWDgCgd5z/A8De0/Hx/0x32wEA9I7zfwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALrs1MmTadr4e30tn5ZnL6wsz5cuHJktlOezC8v5bL60dD47VyrNFQvZfGmh7T+6VHsplkrnZ2Jx+eJUpVCuTJVXVk8vlJYXK6fPLeTmCqcLQz2LDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6V15Znc8Vi4UlmS0zI7ujGbsmMxi7ohkyXcs07yVG+reDAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjl/gsAAP//IIYqoQ==")
open(&(0x7f0000000040)='./bus\x00', 0x1ed37e, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f00000007c0)='./file0/file0\x00', 0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="a156fb1f3e7613f132fdfe87d74adf0a58b6640ec03971666dc9c3a5c48761c8844033c5b814535ebb2d992a6efabe2e6fa85399eb54c1adeae3cd12ec752acad93527626683e247fa6bf702bd7a4f98cdae89cb7e5569e71c759c6a883b0c2448776c713aff1a01b42af0e5f6e01636e2e88bbdf9313d1800e88ec88d60281bd87610f87f50998a15affbe038222af780abf298fd4b0f053c4853ddcf08de807214160fb7c5f139075dba7550d8f01a3749806d8b9c49a60169e6a65a8fe79ceaa52afce56dcb5829379ba34c2eb9d339c547d69a24835d36a1b2da35ee85dd4729ff0dfbf622922a331a132bdf54d2111807816f9168451ac0258c9c437ee1d6a0e17c02de593eda6a7c0ed055e40d801fc2f4b9ebb065a058336a4988c75b5d87b0d9f313ee0198fc5bf1a94a7fe1a1b759dff21dee05620861ea086ec5c54e79d930b084404fde0041f208fff9ec73392711c888ff25613329de0defd9a4255dd248eb68387698e849b4b559fe305f974dd42faf1d65d0884feeec0cf161298e78200127c5ec76c39265e6de469228803a4aa7606452465e8cfb3bb607752333ec8cfc92d2eedadf2b84ce7d10a408606357f90e5294093e4ef34a28a35108648b4ec1ff42c4fcd5dad80bef4c7a1b0a1bde10ac4444796792d632c060563b7594a1d4c7b8e960b6d2f4d3b9c8d8b275259b375939fa1788357474022943c58598ba1b1e4c04baff45aab6b5231d5abe0ec4b331062e3d1cc78fc6fbc7f50d4c7544dc5c1d36a606e14a520442468e72fe9946ce667ecf4fc97cd73baa8e48a3d9eb967df8c5c2aea85db00993672a402f58800d862775829b8c2b23a29b436e596588dc7931235fba0028ecf9315a8a6b93825ccfa63f5c8d0d3b16218271935d05e9830ed9926ab3bee9ab3b610a7c286375c2d5afcf43d67fda10a81fc750e2a1ce8aa75ebe3d6049758a4ed424adff6be2657aef64764ab3bfdaa2591b74d29e56141007bffa2344d3605e85399422857fff1843ac8a9d6739330a24f12b029a2faa3659f37547caf95cb8e1022d0e91ece3ccf432b494a2fcb13a3aecc985dd6028924157d2fe864d641d618c45f3235764c44d6da1a6a03a9d510ec384bbf4327e8a3066d8bf14be80ce01ba54220f6960ba54d759e01738d8e2896f8d80fa90696191b2e963f55b2c0ebba75025497dfec21385e83a45a02fea6a080cbc3236da4b6091f2916be1103022bb0563125139421a8a57ca0489ef4857b80a635fa7715d67a29a4e3758baf8c23acb724f22d78970e2f354bb2dae708adae3add9e7b612b3b01036de7ed4fd1c58ef62aa29cdaf0992e81c6d384e2e7432f7f6ead41adb12d7ad2a000cbd0b01f06849014d7479e0900ee80f51c5c18714b2b523ad44eb8e063fef84467fc633a42b76a9fa93fd7cb77f70838101d2dc15efba0a24bfd2a7d45d38621f0d55429b50207eecb3bd9b7fa6c648aef1b626c61893b4239929c1224779b18f86186c18de63cba176c20497f9aff2d41ed709764ff5f7d6224a1b0aaa4db4d101b095ff9529b753ca637919e75ed7f88570d3413f0a4067c9037c12cb92f0fac44c442817d16f633d09887d59825866a9053e6f304a406f6f6fe8206ba11c09cc36d6cab7a4aa2d0eef2cb66c1625720249416614b709cc1b9c4b1f8a5105c4c1169aca0a3c2de66edd87364c9d61012170418ab255eb86a3ffd3684de9445a328089ff9d8b7847a3c01b6f64bb66172e407d944e6e32855b4d0b4a43ccd2ba8d26cc033d152ae682f4bad1ddbeca95ef9e8d8386cc4433a2f2bbba18c8e60dd0d5f789145a9c6f9eae361d1e10f73dc26671b76dee7792fcbb7c96a2ea9aa90c77efbae89e13b43bddd54bc0afb3e59aab0a981a789376d7cfb679dec3a84e8d00d93785e1e2dba3167ccf9e4d4a650b3b9c5e84738ae0e50bbb4b186dab3c15e6fc19346362a52c17701eb96bcd8e4cd20fc9e30b03eeee6d6f613d6d40d835aac092923fb3a029c347410183d9f4eb55a5644bb134138e9fa1161a61725281bef0928c5d34078f2e22345ad0f134af2b1ea6873c730832ce6e7ac7b77f7232432c46eec4a724c8bd892a33517334a28a389463fd32e9a50b63b6bd9b14210ff07a48069d910a0ecc2fff9ffef9802b1700b0b116fde0f836a5ca07bb3d9f920bf77de631f612e3ab84a3d68601353c4507ee80ff2fb74bb185e4471f1db548c357da006f3beb0cdd4b8a7fb23c5f6b938ba26f0c4b589fc9e4153b44f532abcd4f350ec3732674548735ea6245a9216915c8f28f05a1ad4aebda08016c57bb4ed7ed7f035f3e9d818a6111601c9df23cac15ade986fcceed39b8976afb53a7b9eaed2cafac79b1f20568102f425eb03f210f888a16d5eb44cef18eb555daa581543b8e0204fe7707b98974f159f7c255ff2f9dcdc5fe0a0c41edc74bcab680f4543577f6a0b011bb4cc8fc201e287770b35c912e331693b1ddf5cb4f5b3f6a7954f0380d2a40d9d2c2cfcde30e176a51578eff0f6aaca65aecba50a4c3ba97c5e10aecdffd6cbe806cf16869bc5e10d496a9d2d1b79911b614d18c1be134b5c644a579f947d3776721ea9fae364bf5c657a54833f4973918278e57516dc9853797c9b899f2ce4d599bc1d305d9e4d13951d60253f715192f0f9ffed06f157f18f32a238fffa44fe4670aeb003e2fbd2d0644dbf7965cf919172d4cab092814e2f694b3c09dc2d9a439fa684b5095ffb1510566bf268449686ce32cb97ecf5e8a77a6f06b65b9ec68146d3ed81b611642dfd8ae19e3ea0a3253d2f7202e6fddbf6e3493ff72f1157b2afb5894d9178890bd38417be58e1e811c89353cf954d33702469c45cf5dd9daf2df78a544479410de9fa16d21b9e07be8dc30403590d55ae3e3ec3417f9dbc98e468a42d873e6b56c68465fe72f3a2cfa34a9e7dbefa23c1a846e7af580569ae04723005083beee5aa7a2ace3ecdeda1ede86b4cf453c6f0e5e42d93d03646917c78d51d199e086e748e0b57aeb04f224a37c11a56cf0c9b63807f965dac09dd3e6260006ac5b8706732953464b56d5c8af2908b587f2140706b317e2a23944a496e0880b74bca08465a1ff193c8bbdb9743e5d7efb634ee760c8d9e69ad9d19d564572639f3874536936f60d1304d8421d6eab30d7afed2f5fdb0e58806c9493653213bd20ab89d41b1d19fb40df4e34c26554e881d0737eeae8eef5978123e92cb8779ba993f5478bd0b31bbaa2a7cc8194cd80eac8e94b6da2a66c98c19a055ccd8937f7e5d58a81b0b13222061cb6559155f859673bebe45fe710f9ea87f4f654c710535f5699abb2a2908831348fac977f3fbbfd13de93b5cdedbcbea0aaebc194cb3a9794fe0e6ead86e45d5023686b510c695ec291d427dd22386b71e48c0c3970b54086738909bf927690d56f60020734bb729f2d806c7026beb377bf685d5f54aa4d4ab94f39a8ae1cba61d3fbe84e5190ac546a3cff94cd6696267f8c7a18424f34b525eab3bfefffcae8719c27b588e3b72b9e77f8359b5df86ce22d1dacdbed04b5320a56726b519984c2df103c3bd203a11e88dcbadbd5e518489c0db6e9e7322178e4aa0e723effee0716e63747fa340b9b38f6356c0722b7140b59b02f972ca8c2fa86869076ca146cfc7cfbf915b653091d8023a3479e30170fea6b6c81e925732c5f45752e7a07102a334d1be38b629c35f182ff6a6224130851dcc6d4cbdcb38000d686cd38a67cda2cf624a1947b77eb4386a661adec96aeab44c4f31ecb2bd8330f0d5d6566a58d74e82813f15b0ae203ff40e911711c9260528af2a9cd47d02c505d0499d156451d2da5901a5ca9fc2977ab1385d229604dbae73217939c4af27a7fd259bac9fb9e1f853219ebed2de31899af9d9dcf979c2d62e36bbe9fc8ca3f81f232c01b0b36d233cd020bbce6223914a5963e1ba2671bb1f8728707bf88f5f767929e8d87fa8bb14d36198241be91a94b109d444d8849d6806e8774d22e034971e065d483b68987de845b079e09df06fc0a5e799f0f3a1ca49f8b6e27377c648296d2f37d63d2ec3df467105b1a55dcf7516433c9a2cef7afd8d2ed6ce80c3da2122fa5a8d6d2c68fbd174956266c6f48683d034a6464ee09771ffc289d75a9ad7e63412804a49d2c2e0ab08bbf4408f7e45a5dfa55843c88698a07bd849488711da11db4119f0d88068860fc9d190d1ba543bd17dae8673c24196b18a9af5b0863a93b94b1592346f4a868c42814b3eb433e47d6350fd4c6b98c75f7ec768f2a850cfed19ed1e8d583983e0c39f0fd3469f129796b8a7c8018bc5bf68ed155cf06693a03f0b9ac5d4cdcc40754555b8d8e112b07a03cdbe6025b043500ad90733481396c03112c8eac0dfe6d08ca6041ddc292f12f92778b94b7665d107430a080cc3e8adb4b0c1f45be144ae11351499bdf6e01334db91e5f6d4bba6a8d94dce5597a1a00e9c82bba740ae4a255135f59273aff580569f3378012d0dcb7e2395cd53a80465d79a55d803d7d4c40bc47de96722b9370258652a13710d0357282fef48490487168c7ea05c0f83f84ffea9531aa6f90d874d964b90960d324e745c2221de90efe89fcb89c04ae9e501008f4fa57e6d9764c411120809cd435711851e9ccbcbf5d22c521c36f79f62c5fa19ba29e5e2428c492a2ca686b5c96f59605bf3646a6101b97dcc1b9846d39e4dba22fca87bdd7ebc4f1e927b682d327b547580dc926256ff5d2f088e74d9a5d2d110418d69965f4984c4bd5c8ad89bc9302f9cec8c3625f7a96509d88972519c7de9b6fa6a68c447ea74d7e9c3fd87be4e72866688de59aef38e1ae094c13d9a4792aa60363d76a36b22f4739e8ebc7f3c52daaf188dfe4ee4e3f1f1bafe2b4ed98d6744aba63011930cba874f9b0c25219d114d6fe7fad1aed62fd5265ad2cc4e632be265e3f214199d872a9047c26111a3bda8042576732f0ad0f2fcc426c5083c56d824dfd08001bb4c5a12347fe8f6c36225b8b76a27a4cc2ab40e0dc2c5672aee42140fbe68b502981f30d7e9e7d43b956b0fe32b1ca1b02c7068469b29adac3d7112f0d4d40b047da6333c8424884ddc47ce1e01de06c59ae4fcb35bf6bf38f2e42d8faeb298247e7755dddc5e23a10d6b6a8823a77308b580fb9aabe26842c72395240e37836f2472b5aecf42031189f5f6053ea905b6b54d2f29b6609f6122f07a568cc9d4b3c16afb7dc870e25b396a91490651644b19d4f03482ca4b6571ed983006b78a5b59d308fe08234bad7615096c68247d7451689884afa5d3288d24823b79e0c87391d67dff989121d614cbf10266adbb6a4bc14fe18dc8038543a3286ab4a9fb2027eebe6af7cc925be45b3dfc7a26581583212e2e08fdc25de62b6ccb0fdf51c83d27b75535f2b4bf63f2c93a9c2d0911022c1780d6934aeed29e788720b158424639a2a6caf74bdf8ace60fb90a06ddb5f678b344d13742dbc49ef22e222f00edf582843d4d1054bf4beda0fbc00dedf1c0dda2bc7e6184d86ffadf6c15dd4199f6b4a5ae41c4e5bb7219496ed8c03aef76b4653ec79650fc9f5c374b17db7a8222d6a51a51ad6103dc552c155e9e8dd4246449140a99123d8a2f0e0928b2621a794ad8c0dc2e9e8420e23ce37a02c9423e3455a9a860d0297e08ddda45299555e25662042fe28698f1602dbea7d7ee3543697bb99d033cc365b0967a5d1d0bfddda4ffc60ca1ade345c3126a9999ded21e2dcd9b9c15a09a080016e1e0d33129cd"], 0x1, 0x37f, &(0x7f0000000440)="$eJzs3c9rI2UYwPFn0jQ/umyTgygK0ge96GVoq2e1SBeEgkt3I+4Kwux2oiFjUmZCJCK2nryKN/8BwWUPHhY8LKj/QC/e1osXT9vLgqCLiCPzK8l0p0mTZmm6+/3Abt7kfZ/M+04m5XkCeXP4/tefNOueWbc6kivdF0NE5KFIVXKSMKKbgmTYl1cv/HnvxSvXrhdFZHNb9dLG1dfWVXV55adPPy/Hw+4W5aD64eGD9T8Onj14/vC/qx83PG142mp31NIb7d871g3H1p2G1zRVLzu25dnaaHm2G/W3o/66097d7anV2rm4tOvanqdWq6dNu6edtnbcnlofWY2WmqapF5eyphsrjug7r0pTxNRubW9bG1Me8OaUcZi1f3zfH9HtuhvWgohZDt+vw2q3HvvcAADA3Enn//ptkrBXJddPKI24FiiE7XQZEOT/SXtra3Nbg2JhkP/ffumXzoX37izH+f/dQlb+//pvUXwq/w+OPvP8//sj98uzO5HzYm+SwafK/zEfVtLvyPuDij0W5P/Bu6Ff0X/5we3VsEH+DwAAAAAAAAAAAAAAAAAAAADAefDQ9yu+71eS2+Tf4CsE8f2QsT/yi8Y4d3KS/foX4x0F+tcDnkhXrl2XUvjFvfyyiPNVt9atRbdxfzJwVSryb3g9xKINJ6L9BDRQlZ+dvW5tMQ5YCP/fKIiKI7asSUWqqfiwfemdrc01jUTx4fH3ujUjvxTE16URxq9LRZ7Jjl/PjC/IKy8PxZtSkV9vSlsc2Qmv60H8F2uqb7+7dSS+HI7L8ubjfUkAAAAAAJg5U7UUl8/VdP0b1e+mqZrVH9TyMlyfP/r5QL++Xs2sz/OVF/Jnu3YAAAAAAJ4WXuGzpuU4tuv1jm2UZdyY5Pc0Rj9PdiM/yeCgcS9sLI4aszC0wpM+cyH+BY0JJi+TrdRynL+Kknkyky1cU12lU5xVy0nWf4LBpUlfAtfLTb522/VWgvnoVMsZaiQfG0WPLDxy6uTyceE/GEnUZAdNds4dN/i5b777e7p1GfGuvcNdb9wppVZ6TLhx5JH9MRftA98fO5/F7L8WP07zIzMAAAAA5kSS9Je95JG3znZCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8hU63E9vJGme9RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGBe/B8AAP//Tuzx8g==")
chdir(&(0x7f0000000100)='./file0\x00')
rename(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='./file1\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0)
pwritev2(r1, &(0x7f00000001c0)=[{&(0x7f0000000080)="ff", 0xfdef}], 0x1, 0xe7b, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x3, 0x6, &(0x7f0000000180)=@framed={{0x18, 0x2}, [@map_fd={0x18, 0x1}, @call={0x85, 0x0, 0x0, 0x86}]}, &(0x7f0000000000)='syzkaller\x00', 0x1, 0xd0, &(0x7f00000003c0)=""/208, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)

17.729045041s ago: executing program 0 (id=16):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'pim6reg1\x00', 0x2})
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='qdisc_create\x00', r2}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='qdisc_create\x00', r3}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000007c0)={{r0}, &(0x7f0000000740), &(0x7f0000000780)='%pK    \x00'}, 0x20)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000140)={'pim6reg1\x00', @broadcast})

17.436175382s ago: executing program 0 (id=20):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000040)={0xa, 0xa, @local}, 0x10, 0x0, 0x0, 0x0, 0x0, 0xa6820000}, 0xe7e6)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, &(0x7f00000000c0)="0f01590044663502000000440f22c067660f3a2272076f3e26660f3880a98d250f0f8d0100b066b8c40000000f23c80f21f866350c0070000f23f8d8e7f30fc7330f73d613f30fc7b3385d", 0x3b}], 0x1, 0x8, 0x0, 0x62)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r3, 0xae9a)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

17.435898742s ago: executing program 32 (id=20):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000040)={0xa, 0xa, @local}, 0x10, 0x0, 0x0, 0x0, 0x0, 0xa6820000}, 0xe7e6)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, &(0x7f00000000c0)="0f01590044663502000000440f22c067660f3a2272076f3e26660f3880a98d250f0f8d0100b066b8c40000000f23c80f21f866350c0070000f23f8d8e7f30fc7330f73d613f30fc7b3385d", 0x3b}], 0x1, 0x8, 0x0, 0x62)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r3, 0xae9a)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

14.19231286s ago: executing program 4 (id=74):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000))
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_INIT(r2, &(0x7f0000000380)={0x50}, 0x50)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
creat(&(0x7f00000003c0)='./file0/../file0/file0\x00', 0x0)

14.154976121s ago: executing program 4 (id=75):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000001800)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000793000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x0, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, &(0x7f0000000040)="26260fae49000f1c70080fc7b90000008066baf80cb88cf2a689ef66bafc0cb037ee0f01dfdc7a0067670f01c381fa080000000f2c8423f47f00000f2045", 0x3e}], 0x1, 0x2a, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_NMI(r3, 0xae9a)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

14.009095771s ago: executing program 4 (id=77):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200001400001cb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x204092, &(0x7f0000000140)={[{@delalloc}, {}, {@nouid32}]}, 0x6, 0x50d, &(0x7f00000006c0)="$eJzs3U1vI3cZAPBnHLubbQNOWw6lEtvQF2URrJM0fYk4lEbi5VQJUe7ZkDhRFCdeJU67iVaQfgIQqgCJC5y4IPEBkFA/AkKqBDcOnEAVZOmBCzIae9xNHDs4Wsezm/x+0mT+8//Hfp7HiSfzFk8AV9ZURLwdEWMR8UpElLP+QjbFYXtKv+/+0b2VdEqi2Xz3n0kkWV/3cz6VPSz1ve9E/CA5HXd3/2BzuVar7pzsPri1sbW8Xl2vbs/Pz72x8ObC6wuzA1aSFM8afToi3vrmpz/78W++/dYfvvb+35b+cfOHaVq3s/FedQxDu/RSjJ9YvjzS35tiq0IAAB4Hz0bEMxHxYkR8JcoxFmduRgMAAACPoeY3Jq51mgAAAMDlVIiIiUgKlex634koFCqV9jW8X4gnC7X6buOra/W97dV0LGIySoW1jVp1NrtWeDJKSbo812o/WH61a3k+uwb3w/L1dLk1BgAAAIzGYtf+/6fl9v4/AAAAcMn0Phk/NvI8AAAAgIvjYnwAAAC4/Oz/AwAAwKX23XfeSafm/aN7rfsArL63v7dZf+/WanV3s7K1t1JZqe/cqazX6+u1amWA/wio1et3XovtvbszjeJuY2Z3/2Bpq7633Vhq3dd7qfrMCGoCAAAATnr6hY/+kkTE4devt6bUE9lYKdfMgEdIUuzquP3lnDIBhuLcH/IztXcxiQAj1/03Hbg67OMDSXdH14bBeL9NhT92d9z4v7FscwAAQD6mv+j8P1xVhbwTAHLzk7wTAHIz8LH4qYvNAxi9ktv8wZV36vx/l/F+A6fO//fTbJ4rIQAAYOgm2rPDyM4FTkShUKl8dlowWduoVWcj4vMR8edy6Vq6PJdjvgAAAAAAAAAAAAAAAAAAAAAAAADwOGo2k2gCAAAAl1pE4e9Jdv+v6fLLE93HB55I/lNuzSPi/V+++/O7y43Gzlza/6/P+hu/yPpfzeMIBgAAAFxFpTNHO/vpnf14AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABim+0f3VjrTKON+shjXY7JX/GKMt+bjUYqIJ/+dRPHY45KIGBtC/MMPIuK5XvGTNK2YzLLojl+IiOs5x39qCPHhKvtoMSLe7vX+K8RUa977/VfMpof1yWLrTd4zfmf9N9Zn/fe5AWM8//HvZvrG/yDi+WLv9U8nftIn/ksDxr/9/YODfmPNX0dM9/z7k7RnhewbG1t3Znb3D25tbC2vV9er2/Pzc28svLnw+sLszNpGrZp97Rnjp1/6/eGHfetvBzgev1PnZDvDH/Wr/+UB6//vx3ePnm03S6fjR9x8qffP/7nWvPfrn/5OvJK9POn4dKd92G4fd+O3f7rRL7c0/mqf17/98y83H8Qvnqj/5mDlH6/5V4M9BAC4SLv7B5vLtVp1ZwSNF18b3hMmrUa6FTSi5PNudA52PCr5jOcT/VrkW/u3Hvp5OpvDD/M8fx1aXek+Q++hHFdKAADAhXiw0Z93JgAAAAAAAAAAAAAAAAAAAHB1tf7/f+ycHwT4wvk+aaw75mE+pQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnOl/AQAA//9DhsFC")
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da070000000000010902240001000000000904000009030000000921000000012222000905810308"], 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="00222200000096b4ed"], 0x0}, 0x0)
write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0)
creat(0x0, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

11.740806744s ago: executing program 4 (id=115):
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1008002, &(0x7f0000000d40)={[{@grpquota}, {@delalloc}, {@resuid}, {@errors_remount}, {@dioread_nolock}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x9}}, {@nomblk_io_submit}, {@data_err_abort}]}, 0x1, 0x5d8, &(0x7f00000005c0)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mounts\x00')
r1 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0)
mount$bind(&(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000140)='./file0/../file0\x00', 0x0, 0x1217880, 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
sendfile(r1, r0, 0x0, 0x80000004)

11.576644695s ago: executing program 4 (id=119):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
socket$unix(0x1, 0x5, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
readv(0xffffffffffffffff, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000100))
r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
writev(r1, &(0x7f0000002800)=[{&(0x7f0000002500)='\f7', 0x2}], 0x1)

11.353345866s ago: executing program 4 (id=124):
syz_mount_image$msdos(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='flush,nocase,discard,dots,fmask=00000000000000000000177,dots,nodots,nodots,dots,\x00', @ANYRESOCT], 0x1, 0x140, &(0x7f00000006c0)="$eJzs27Fq21AUBuDj2m3ddvFcOgi6dDJtn6CluFAqaEnwkEwJOFnsYIgXJZMfJS8YCJ683ZAo2Imxhwy2IPq+RT/8CO4dpMMV6OjT2XAwnpyO/8+i3WhE60dkMW9EJ15FM0rTAABeknlKcZNSSm+n8e4qUkpVrwgA2DbzHwDqx/wHgPox/wGgfvYPDv/+zPPeXpa1I66nRb/ol9ey//0n733N7nWWd82Kot9c9N/KPnvav473D/33tf2b+PK57O+6X//ylf5DDLa/fQAAAKiFbraw9nzf7W7qy/To+8DK+b0VH1s72wYA8AyTi8vh8Wh0ci4IgrAIVb+ZgG1bPvRVrwQAAAAAAAAAAAAAANhkF78TVb1HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWHUbAAD//0DvUik=")
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
unlinkat(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', 0x200)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000001200)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x10, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f000049c000/0x18000)=nil, &(0x7f0000000400)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000640)=0x1)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x1, 0x1, 0x9, '\x00', 0x40007})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

11.309705286s ago: executing program 33 (id=124):
syz_mount_image$msdos(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='flush,nocase,discard,dots,fmask=00000000000000000000177,dots,nodots,nodots,dots,\x00', @ANYRESOCT], 0x1, 0x140, &(0x7f00000006c0)="$eJzs27Fq21AUBuDj2m3ddvFcOgi6dDJtn6CluFAqaEnwkEwJOFnsYIgXJZMfJS8YCJ683ZAo2Imxhwy2IPq+RT/8CO4dpMMV6OjT2XAwnpyO/8+i3WhE60dkMW9EJ15FM0rTAABeknlKcZNSSm+n8e4qUkpVrwgA2DbzHwDqx/wHgPox/wGgfvYPDv/+zPPeXpa1I66nRb/ol9ey//0n733N7nWWd82Kot9c9N/KPnvav473D/33tf2b+PK57O+6X//ylf5DDLa/fQAAAKiFbraw9nzf7W7qy/To+8DK+b0VH1s72wYA8AyTi8vh8Wh0ci4IgrAIVb+ZgG1bPvRVrwQAAAAAAAAAAAAAANhkF78TVb1HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWHUbAAD//0DvUik=")
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
unlinkat(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', 0x200)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000001200)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x10, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f000049c000/0x18000)=nil, &(0x7f0000000400)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000640)=0x1)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x1, 0x1, 0x9, '\x00', 0x40007})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

5.4147161s ago: executing program 2 (id=198):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000004c0)='./bus\x00', &(0x7f0000000440), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x0, 0x0)
mknodat(r0, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
linkat(r0, &(0x7f0000000100)='./file1\x00', r0, &(0x7f0000000240)='./file0\x00', 0x0)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1)
link(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000bc0)='./file0\x00')

4.972652672s ago: executing program 2 (id=200):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
vmsplice(r1, 0x0, 0x0, 0x1)
syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
splice(r2, 0x0, r1, 0x0, 0x1, 0x0)
ioctl$sock_SIOCINQ(r1, 0x541b, &(0x7f0000000000))

4.459118665s ago: executing program 1 (id=209):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x1})
close(r1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000006100)='cmdline\x00')
read$char_usb(r3, &(0x7f0000000100)=""/124, 0xfffffd77)

4.208413376s ago: executing program 1 (id=212):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
socket$packet(0x11, 0x3, 0x300)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
pipe(&(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c)
sendto$inet6(r3, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c)
sendto$inet6(r3, &(0x7f0000000080)="44f9b108b1cdc885c9c533d21f474bec8bfef1df1e2da71e578dc6b91d09f7ab15378571d8e27546090000006e75436914ab717528ee4b7a9beaf908d11137c11903064e83b4951f4d433a5404970c85d92d7083fd38844cbb0c6c5eb508ddc2dc7a590aa7941b1e9eeb5a688138dea09b776cbfa784cbf550bf3074fb0d775da4df5a3f48bbdf452eeb6b923da9d0e25b80f76a873664b5753444fe05f33e5f91045540836c3cd6af10f0cd018f0c6f57f926ac959a5628c45088fbe0c87fbe6cbcda4662d2a12f6d00"/215, 0xd0d0c2ac, 0x1, 0x0, 0x0)
splice(r3, 0x0, r2, 0x0, 0x406f408, 0x0)

3.881858968s ago: executing program 5 (id=214):
r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPGETCONNLIST(r0, 0x800448d2, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_btf_id_by_name$bpf_lsm(0x0)

3.364133241s ago: executing program 1 (id=216):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500001000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0x2)
readv(r2, &(0x7f0000000000)=[{&(0x7f0000001300)=""/244, 0x940}], 0x1)
timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc))
timer_settime(0x0, 0x0, &(0x7f00000008c0)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x13, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000240)=<r3=>0x0)
timer_settime(r3, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0)

3.243037912s ago: executing program 1 (id=219):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x0, 0x0)
getpid()
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="180200000000000000000000000000008500000028000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095000000000000002f81c461b3fea834ceb0e17d802cfb227e656a3698c79205e02f1561b0010095448e9f7024b45fb2006c9117fe2a42fcd2ce278009682dc8f7c867b177ec5bd50b92aedef35b6cd87b56690b4c96f63ab02174911d5e51b76d2c31b8bece7b0f841f393c401d8f51383f0f28d4c00fa2149870f1779f204103dbebff2a0e292b42f01b0bb114fa6e1889a6437285a0c9f00c4245e4d3524af00636736e812558294430bf4b365e0a9c468c9eb4977fb131145e0179c4ddb37a6704a36503e63d66ddcf9b8e1035383b90de09d000c223ffb7f13624e3ac52b248f92d041959c1f7985eb94aad8c0adf4e8730313d1b02662c6847a9851f40a969486ebbe7bfcb5b28fc7dbe1bb80c4a2c18a53fecc51e51de59049b040000000000000090f483d0da08eef67837ed671c2154513111dbc0ee58c70889a1c6306b98300a49147242d3f8a6e4aea9b51d0e182153e1283089c3b42cca072dce78b07806950d2b5fd0b448fdf18269cbe47fae4cedeb356536d94534260fa7d6e6b7aa30d8dd5c82e448ef52da9f0894bb3993edafc976ad43adbe9731dd41d181a9c20000000000000000b06b1abf14008cb85cbf9fbe93b793ffd0a228ae47572a8f1404b5c310fa196eab37dc020770769f2dfb98785281b43b774d0976e2d7359baf0cfcd7493b307fd83d9852f646b75b8eae0b14a4ee6424e721aa1af44b3881fd71ff2bb7582e4dad35488acc74c6f6f0c329ed1927cdf35068007296b74c126e3c14c9f4d0e0fba2da34859b50fffde7a15bfe95bd08dd63ea244bd70befe69ee9d35ebf0cb89a9bf40f"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x65)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x40005, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

3.136673182s ago: executing program 3 (id=220):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x2, 0x4, 0x5, 0x2, 0x1000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f00000007c0)='\x00\x00\x03\x06\x00\x00\x00\x05\x00x\x92\x12\xac\x06^\xbewV\xf3\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|c\xfc\"\xee\xc4\x93Q\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f_D\xbdt/\'\xf6\xc3\x8c\xb8\vS\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16=\xcc\xb0\x1b7\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\xa9\x96\xf8/0Xd\xcf\xb9\xa2\x1d\x13\x8fC\xd2&\xd8\x9d\x8b\xe0E\xd2\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7T\xfb\xfc\xfauT\xf8\x9e\x86\xef.\xf6<\xbfB\xe7\x80\x1a\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x97\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\vE\x18\"\x87\xa0\xa9:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\x13Y\x86\xd8\xbfH\xc6\x9c\x8cs4\r\xcd\xd1\x83JT\xf9\xa2\x83?\xb3\x0f\xc6&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\xf4[n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\xa9]\xc2\\\xda<\xc8d.w\x9c\xaf4\xbb\xe8Co\xb3\xd8\x82\x92\xba+\x99PXB\xdc\xbay\xa0s<\x92k\vJTRW\xc26\x06\x10\x92\xc7\xa55\x9fZ\xff*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146%Z\x83H\xabF\x18<\x86h\x01=\x03i\xc4\t\x8e/\x12\a\xdf\xe7zU\x1d\x15\x0e\xc1?\xeau\xb4\x84x\x00\x00X\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd\x92\xd0}ur\xaag\xdb&e$\f\rrT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\x05\xfa\x99\x15\x87\x14\x13$\t\xa8?\xee\x94W\x8e\xe1\xcc\xc3U\x84\xc6]:\x9a|W\xec\x84\x18\bb\x82\x8f\xc0\xab\xe3a\x99\x17\x85\x9a\x05\xb1\x12K\\\xf2\xd5\b^[D~~\x84\\\xe4\x00')
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000300)='\x00\x00\x03\v\x00\x00\x00\x01\x00x\x92\x12\xbc\x00\x00\xbb\x0642\x9c\x1a\xd1\xcbx\xb0\xd6\x1e\x10gQ\xca\x0e;\xf7\'\x8c\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn\x05\x00\x00\x00-<\r\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \xac\xc4K\x03\xfa\x13Vz\xbf\xe3c\x8d \x0f\xb1\xe9\xf2oci(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafd%\xf1\xdbjE\x01\xd1sD5hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\x851Y9OB\xdeB\xe1\x02-&\"1hS\x92\xe4$-\x02\x00\xe4\x8e\"\x85\xc9x\xef\x81E.r\x89\xe5\x00\x9e\x97\x96\xb8j\x81\xf0\xdca\xfb\xa6\xff\xff\xff\xff\x00\x00\x00\x00d\xf0\xf1j\x11\x12\xc0\xbb\xfdq~#\xf7\xa8\"$,\xf4\x84|\x89o\x00<\xa6-\xb0\xd3\x80\xbe\xcf\a\x00\xfc\xa6\xb1\x05\x94\x84l\xbfA\xeb\xd8\t\x00\x00\x00CvNhx461\x04N<\xedV\xcet\xaa~\xf3j\x94\xec\x92\x86uY\xf6\xb5\t?,~\xa67\\\xb9\xc9K\xf8\x9d\x96\xc0\xb5\xc7wF\x99\x12\x97T\x90.\x9c\xe3\x9a\xf1\xb9\x9c\x13\xbc\x19\xde/\xaahB\t\x97\a03\xcd\xb3\xc8\xd5l\x14!\xf9Xg2\x1d\xeeB\xccT\x0e\xd8\xef\xc8\xe9\xb4\xf3l\xc3\xf2\x998\xc8\xc2|2\xee\xb4W\x99f.\xeb\xe9\x05\xcbkz3+\xdd\xe1*8\x95@0t0\xad\xe3#\xd7\x19\xe7Q\xdfmI\xe5\x1e\xe4\x87\xc9\x8f\xa7\xe0\xd9v\xf6\x01\x9d\x8f`,\x1a8\x81I\x86l\x8f2\r:\xc1\x02\xd6Z%\xa7Ks\x8bUolS\x05\xbe\x97\x1fGe\x94\xa6\xa3\xab\xdb\r\x17\xff[\xb1\x00\xff\x7f\x00\x00\x00\x00')

3.094447112s ago: executing program 3 (id=221):
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x4000, &(0x7f0000000380)={[{@test_dummy_encryption}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x84}}, {@stripe={'stripe', 0x3d, 0x7}}, {@commit={'commit', 0x3d, 0x5}}, {@orlov}, {@barrier_val={'barrier', 0x3d, 0x8}}, {@max_batch_time}, {@data_err_abort}]}, 0xd, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x4800, 0x0, 0x0, 0x0, &(0x7f0000000000))
chdir(&(0x7f00000003c0)='./bus\x00')
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
renameat2(0xffffffffffffff9c, &(0x7f0000000580)='./file1\x00', 0xffffffffffffff9c, &(0x7f0000000040)='./file0/file0\x00', 0x0)
chdir(&(0x7f00000000c0)='./bus\x00')
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000)

2.941832893s ago: executing program 5 (id=222):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x3, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1e7d, 0x2cf6, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r3, 0x0, 0x0)
syz_usb_control_io(r3, &(0x7f0000000400)={0x2c, &(0x7f0000000280)={0x0, 0x21, 0x7, {0x7, 0x0, "3d7da32915"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r3, 0x0, &(0x7f0000000480)={0x2c, 0x0, 0x0, 0x0, &(0x7f00000003c0)={0x20, 0x1, 0x3, "5f68dd"}, 0x0})
syz_usb_control_io(r3, 0x0, 0x0)

2.828213254s ago: executing program 3 (id=223):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
read$FUSE(r0, &(0x7f0000000a40)={0x2020}, 0x2)
syz_usb_connect$uac1(0x0, 0x71, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000000000086b1d01014000010203010902"], 0x0)
r1 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e85"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x45, 0x1000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000010700000000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
sendfile(r1, r0, 0x0, 0x3a)

2.375310566s ago: executing program 1 (id=224):
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$packet(0x11, 0x3, 0x300)
r0 = socket(0x28, 0x5, 0x0)
r1 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r1, 0x0, 0x0)
connect$vsock_stream(r0, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x4, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
ppoll(&(0x7f0000000500)=[{r2}], 0x1, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x3000}, 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0)

1.950440549s ago: executing program 2 (id=225):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x8, 0x0, 0x0, 0x0, 0x73, 0x11, 0x41}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0xb7}, @exit={0x95, 0x0, 0xc2}], {0x95, 0x0, 0x1200}}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="180000000000000000000000000000009500160000000000e2bac15d3b6641a215f099e26603a050337b2ccc70a9f928ba3c529bb6e7365e7e246317380f5884d79663e7fcaa89795d7b10e88378c33265a7af06040e3d0bbc6a5864dfa023c6ac1da574242785bbb4ece12b11da52496875e1e384042aad63a3094bf3bc0e40a79960f9f1610940e67e30611d9873d1e6cb9c4cce44c999c49ff52a6400192fd021d7158438d7686a6f66778022c93c544189b684754e7e0f77a4f498609e53104c8aa70632fcc58c757bbc06f6472622dce2729d7296959ce003ec84acd015e352484c42fc29e5aea62fb7977813f7254fd6f62fec638abf292e6c33925b29"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r1}, 0x10)
r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r2}, 0x8)
close(r3)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$PROG_LOAD(0x1c, &(0x7f00000003c0)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f00000003c0)={r0, 0x0, 0x0}, 0x10)
r4 = bpf$PROG_LOAD(0x1c, &(0x7f0000000280)={0x3, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
close(r4)

1.936128729s ago: executing program 2 (id=226):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000001c0)='./bus\x00')
syz_usb_connect(0x0, 0x5a, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000ec13b2106d04f308280b0102030109024800"], 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
ioctl$FS_IOC_FIEMAP(r0, 0xc0189436, &(0x7f0000000440)={0x0, 0x0, 0x3})

1.654861271s ago: executing program 6 (id=229):
openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x800)
socket$netlink(0x10, 0x3, 0x0)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
dup3(r1, r0, 0x0)
r2 = io_uring_setup(0x195e, &(0x7f0000000000))
close_range(r2, 0xffffffffffffffff, 0x0)
socket$inet6(0xa, 0x2, 0x3a)
pipe(&(0x7f0000000140))
socket$nl_route(0x10, 0x3, 0x0)
pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, &(0x7f0000000300)={0x0, 0x3938700}, 0x0)

1.579528251s ago: executing program 6 (id=230):
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='rss_stat\x00', r4}, 0x10)
recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)

1.500963932s ago: executing program 1 (id=231):
syz_usb_connect$printer(0x7, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x7, 0x20, 0x20, [{{0x9, 0x4, 0x0, 0x5, 0x2, 0x7, 0x1, 0x2, 0x7, "", {{{0x9, 0x5, 0x1, 0x2, 0x3ff, 0x0, 0x9, 0xf6}}, [{{0x9, 0x5, 0x82, 0x2, 0x8, 0x2, 0xd, 0x2}}]}}}]}}]}}, &(0x7f0000000280)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x300, 0x80, 0x40, 0x80, 0x40, 0xca}, 0x19, &(0x7f0000000180)={0x5, 0xf, 0x19, 0x2, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x2, 0x4, 0x8, 0xa49}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0xc, 0x1, 0xff, 0x8}]}, 0x1, [{0xb7, &(0x7f00000001c0)=@string={0xb7, 0x3, "121301607c414c6a7638cda7c48d3ae0fd1438c7dcae2177f665a0d0c530ab2cf426fb4d762d0f93f74b079e8a19e795ba48f50bc3dd73d0de2267db32f2d46fcdb8b64ed6aeb938b36c7f203ef6f75f5ac94a98d974399b4d0faeaa3b520e4b1c3801cf1ed2329660255977a551d5dc0d579e4f5ea7e1b4f59b571d537a6de567d2a59b6fbba946ee2e6493d71fa342c926b2202e4ae3d5b876553d837f0461fb28d5265c2e64af87e9b9aa52bbf7b4a6f60b01b5"}}]})
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x0, &(0x7f00000002c0), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000540)='mnt\x00', 0x0, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r0, 0x40086610, &(0x7f0000000080)={@desc={0x1, 0x0, @desc2}})
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x6}, 0x4)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000fc0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$inet(r2, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000080)="3bfdd75fa5717852d59a9367444a2130e72cd4dabc8854532cca0c32a5b9f844a4610c7525650ce3d3b76b15026d93e6dee896115e9364066aa3d14e33ef732b4681335c576902153114bdb9c74b538a71115fb1d1a63d1b04129661b29aab89d0be999a6b7c9bea755adedbf305a79f70b71d3d4c98577b49db4963ce89b0def5e840f459659cb6f86d56b069a5de11d601d348ff88ca6e5e2cfe40176880b33e9e8dbc32ba2e6a99b1b50276dc4f06166000d7069a3cc76f", 0xb9}, {&(0x7f0000000180)="892950e2405ee8629d9384a91c16d1706a3e61f305119f95cac0f1927f4c205b971eb41147cb1f86883d6910e68ac3996551800b3ec64b77f8444b18345a2c8b178eeeba0cde7319a5a46bfe7f5770e019efd9d52069edcced33a758c4e657f3a792dc193a1911b4e82ea800ad7afe03c851a8", 0x73}, {&(0x7f0000000200)="a68cde0d56b170df7710b54f17d9a39c4f98f3547190", 0x20000216}, {&(0x7f0000000240)="45e04400f2b383517a08c397dd0a76e67ecfc8e74573c24dedd3a48fb62418c1412fdcd15e888cb0f5d02e77bfecefda6b064c0bb2b66a9a522e63873dde02330510255eec7dfa1af708cdab59fb71eca786a359a2c3b0cbad35144ec5b069c53f90e43339845dc7fd140c55b0149ab38eb27c140f374bcc2c95b0b121d1a9302f3a01b888243b3fc0d46f0de0", 0x8d}, {&(0x7f0000000300)="87fb74cf4d67adbbd062637f514c1f5eb18d7b442e6457a356c6cb1f71a43dfae773c8489cce5145f92615d4bdb13ef54d6ae90ec7733180fcf5adf3e13fdb05b57b748bd14eda042a97fdd84498304a504a0a159b972e8200c2d0f536a3465ec498ed12b924bd134057df36129d3ebe3dd3ce9f0671e5278143e4afa3d43f444681de1b5f9725fca34fa357fe2154981666fb9dc202fc17a0199eb1c25bdd1005e590e84783ee9894c888998dc25a83c14aeee31d114acfa0bcd235d571cd765f4b9259ba43e6fc30291d8a642146c4771898030b736aeee6b247abb0784b154e104e7dcda401f9b1736fea30a41a4153fe6a9a525bd0a3487571f914f05b590e242341ade289d8f5b842c6be4a93c2755dfd47174def782a2f8f61c068b5a012f02c0801601e860def788121e8808c01fed4c920a3698d0d684920918c95b17f76bbcb4f265c931d8f79560ff8114b70f4dd6791e2ed70cfeb89905791b88be26efe1c5c66b7b50b3d2be0dbc066dfc31618f9507f6f340b85a2f76a6dcac9d6ccc289ace5e5fecd25afe22ffa451f5e365ab33cc985f2e9d7f7fb1be4794740a94215d7db14b0ffcec19e5e3c5ae0d8578ef3b65d2a7a77a11e390a6c3a6b391061c886b961e3c2f42d62047bfe1356a44b840d3d956105f4c0fa95db08c4933f00de77cdc057c28b41fecfc8398c442be1ad065954f6c9dfeb2fd7207e8548a00a1d50bdf522d2abfdafd71723616a34830fbfa8fc81e0c2639cc12f363a4919b7a00ac8189dad3e7e54122a2ef430f623658d5e281c9a19442995bb9b0e3f7d13e3016b6f9523be196bf23bbcc5ec802f43ef8b651d688d9d5a44f35c9847e4c32bce3e9ebed2326adadc76f06a195db32c80b3090d7cd65c9d8518ba4e528c5eb5c7a1c5695b21595fa8a8621734bfda8afddd65e1f37a1990220a00fa9bd2c22b0117ceb08ae6af3c944c2eca924abfddad065d1472d0c3f742a49b1e78c669471873706ad157d831d7482b773f07b0673a6ce1e227a7a4d13744bf459434c0ab1c323a38b1a84cbf1ce9741f2b8fdcc2e073e56171603d035aacd83e71d5132831f4f1e8bf517979f132a33fd03783272e9b8c96dfa4e1d320a58d82acfc8d3d53a5a52daafe4dc8be08f4ad53e11cc21374b6ff4ff5ea2ecc5d3f7c057f74f0098e57d990090475cdaffdef0da917653ed10fb70b94b72e5b4d95cbea0fc1dd2579635ad6ab545ba4d7b6d2f5442bdb78beb6c8ed62942a439117025b4566b48d9f3a17fdf4577e8606a4bc4c26557e58312fd2d1a541ebec3e5ae28eef8b2ab0597083716dd12889335570ee7839530eee879d9b137606cd4dd7103991671b4464bb68529eb19fb7a8845e3491bfbac688a87cf0744f429ea112014402915c4c1f6bae08d689d3cb7d641d7befe8fc74a2242310a9a367a39531b4c86da5b39df524e52f33ff9c40b48cb196ffc9ca855b6e698ade8a83e52b9ddc5031ff09e1907e4f8b0d07e64e1fb8e427f8819a7be907aa216bf8e2a4c7cc87ed53bf9490d4cc788b91f3b9f705e984a7e62c7a495e8421b97c39dc954b35468f17c6682334f4e16308448f457faeffff6d1f818522fa441d3a48168bdb12ffebace436a3915b63076cb6a655718647f87eaaf313b5bbd430421eed3a2215e439600a56eac8c65291eb103326a8034662bd337ab51577d9110ec7151be5cc9c54b2a30891acac5ad006ed537dbeb8f16eecbde7cf4e71373faf3c36b772f6d7ea9346875c8cf1049d49d4f8eb01b946c11e8c8e3ab2015f282167acddcc77fff03e1be9134252af0abfe538b4d25fc4ff874b52b9fb0996b5f32b4141dbd30578ff46e13ef6c63fc1620f62cb11a3dce401993976c272a5f62fde3f2a0e654d19e7a39dcdb622b9526d2a15cc18e6f817c916a00775353dd9c8954e66d0445b59bb0f5e6e3b46447232f52a0e398b057d123ef503afcbd48544db6434d2025bfc8dab72262a4fa5426a03061e7f8966e0086ff8ab5a91ab59f19b830394ee8bc76d6fb4816b8f4cde35b7eb9d3811228d51c54828f97fd1e648196c81bc73ed56249a59f318704e84656a6cedd2b8c1e1808d1cc648749abc643131e494c01336d4a14b8609656f2c972dc23c5c2e43fe40119fb88b5ec2aade35c03646e347354c493de8ab3672ccf94af0df333c6678299129d79be0eec281c5b3858ce3995566a390b674635b356692e3e9c53a089638ba0d69e772b7b410a5ae03de12e7de755ee559e1707b7b8003aabc8e2ce03c01e3183ff2d93262f6d5ceaafecdae66bc7cb3952c5a6571d864d502f281db5a228695badca5d022fdb6da56ab15dc377d1c1f8581ff56e28c2b2a84edb629547d28275c2ed571103b4ca7cdeb0776ba9f9dffcd78d21c3d4caa9289ed199672f4e7b912068c49c817114c37d37ea03954bae87d1ddae3da2ad85feb2fbb735b75a51f7bee5c8d88cc7bf64700d1a46ec6b631ae22ac7b06730a86a26bdcb992e1c7b50142de96b14a8468e4514068a30896fc677fddefaebb125c693a8d460469c7fe535f844781940f66d6abd091191c3122d584f5b0f5b0d443713d7d5186124d73de28aca30b719d4a55e09d259bddbf16995aeb1000880890afbd24d4066b0398985a40999de22ce176348e1c1f57eaf75b92a1e4f1482e89a00ac2cc36b20e36af9ec310599c19a5b1d6f8fadba104c58c801c6633315f82ebfa88faddd0b693e2f827f586c1cc5538e93bcf10f81af6dd7ee727df3b5018c0b4e31e40d040a47503b6ace4d29a1162ce487351825255f5584aff7cbd421f85c3d9fbb3784abd9848f16028b68f0d32ed8bb80106e8cc4acb939ff88bd39976d166b2addebf628b3fcd056da2f60e1b90f7a32702954921908ebccb683622a1f574ceba6951bef5e751c338c8279318dc28e36b9fc2bb17c3ad08aceb00fc388e6db112a738f86a4a1eb11526e1b9d73250b326285ed47c4398d93a3933d9a784249b65ad7d78a1f81d96ef36493ed693045a2150a8eb43cecc0c93e7d20b15b39a0646b081c2923b816365b7fbb41683a41732d942c5aa12faf876ec7f036becde8f3295af6dacff38d076d8e06260fee167703bb610745374a2758a6b88e465ca77d1f3105ae8b6b04a1eb509fb178d6249dbbc84d5d1d069278449a89d03e4a9a395d8170c329a296cfc329798cb9b9f1078d098cf3f989fd4ec53e013fbe917df35292d44fb1f3da4da4432a1847d4721514ade8cda5e5c0b51183580fc35266a970ebba74faeda56d4dcb56df51f96ad237452cedbd0cb2bee112713c3d450835811bf3da9745136d428e148fd0932dc77c8d8e61a16c625241fad8425b4ece394eedd5f165bd94923bfa1172be8edc8a4fcaae5f77ee8cc510192b27964da09c3e84efb4bc7154da1a24da8b7e544b42278d2574687ec76143afa6cf193d52a2a7f4c20ee57b6056a1337d5e408117a6cf1ab49c8980f39597f69902085d3e8d374d44e6ab4ed1185a26be2bc7281e9cfbbeb6bed899aa1924d3faa06d95999fbeaf2337494e0c2c39eef5a73fcde84459a9ea48d4e015d9e5bb5839354967ce02f637bc8678d2595b9a918fc36b927d7501f0ac2e3471ce02b5df355689c87f191ef5390900a41deec29984e45a878ece964b0009aad561316fc3b30ce1b49266d32eb17cd30f3e17e1f59014e8c518940dd0a093d1349c1a7c2581963bbe0ba372b6426e81c33c71b2ec8141c5713e52a37fff0a417a5b259e1420d9fb6a731f5baa0cc494221947895aa8fa14745a986a366bff9d0c239a19f85372497565b5b703da16439019df5f3d29f4247fb528854c9648630f03e9dedde5a08a47728ea6a4d42e62eff6fa3bd402325e0f4387b60171c37c180f958ad80955779c899517e7ea76eed00598e01552eaaf08b723daf9d466e8c57af43a15a46528b1119f5074aa3c51f77357ebe158275bc06b89640d7ce3c0a03af01418d7dc6ae8a1be8ab08c1722d66d1e9277480b8b178447667c024f9b78f8a878a2d7cf8e83e5104f6964b2907a989abafc7d7d0df941abf3d7283b6a11d46c2911a42182ec27ab785d92946e1ee8ef44846d561850d2a98c305c382f36d4cfc9b2bfd3b86ef21a0d187adcafbec8268c7d662a34dda1c83c4967097743133bc8c587edf249f5668c34ddb112fa4eb1bea9c8f6a000f1f34428b54688a5e214a7919868b25dbe930e86a243ecf54afe0b518c647d04873d2cf62cb2ab27f00015537a4fd2ea3dc8777abdf3284622347016566da0b9c406ca8c40694e4013a53fbf2e803d51b0bbe5e9df5fc74f66be618856357ccf803c53ed0e3b3fe79f69f0ede9b565d8f7a8ce5aa8cbb4e8fa61be3fd00ffb07e45065498925c14c0b311942d4ed951ad6237aadb5405bc7b2d79e1fd295b7c2ed8efa883e44c86a5053e2f421c6d4dc0c47d3a05d911db37d6efdb8e50fb3f06139ac147bc7162c21aece79eaf72e9779f19eb5395cec3d15a7594ea70a6b373d98651d2215b210f037ea3f8a57ded74474f6fdb64a08b56af52168da70b30aee03472cd8bee5af04cad7303004a4aba464b99", 0xcb3}], 0x5, &(0x7f0000001480)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @private, @multicast1}}}], 0x20}, 0x0)
recvmsg$unix(r3, &(0x7f0000001140)={0x0, 0x0, &(0x7f0000001040)=[{&(0x7f00000015c0)=""/4096, 0x7ffff000}], 0x1, 0x0, 0x2}, 0x40000100)

715.701876ms ago: executing program 6 (id=232):
r0 = getpid()
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
syz_open_dev$loop(&(0x7f00000001c0), 0x100000, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="3400000021000100000000000000000002000000faff000000000000080018004e284e220500160000000000080017004e224e24"], 0x34}}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=@updpolicy={0xb8, 0x19, 0xfd3649826d894c67, 0x0, 0x0, {{@in=@dev, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x2b}}}, 0xb8}}, 0x0)

713.169336ms ago: executing program 3 (id=242):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='rss_stat\x00', r1}, 0x10)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f00007fd000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffe000/0x2000)=nil)
madvise(&(0x7f00003c1000/0x1000)=nil, 0xdfc3efff, 0x15)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0)

626.669466ms ago: executing program 3 (id=233):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x1})
close(r1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000006100)='cmdline\x00')
read$char_usb(r3, &(0x7f0000000100)=""/124, 0xfffffd77)

596.213467ms ago: executing program 6 (id=234):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.stat\x00', 0x26e1, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000002c7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r2}, 0x8)
ioctl$SIOCSIFHWADDR(r0, 0x89f0, &(0x7f0000000900)={'bridge0\x00', @random='\x00\x00\x00 \x00'})

581.507137ms ago: executing program 6 (id=235):
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000002440)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a7ff070000000000004da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05dfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f9ff86086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace85c370183f23cf0838fb5a1d75c145feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00000000000000000000000000000000000000000000000000000096e4a7b57a867432217cf0be18b96865ee3dca3a03a5e0d3060705c499776bb3e8c442aa1d3b26842c96080c4c251b8cbc5de68938316e95857b0e3cdb14d4a93d49dd4f7a08639ee6943861886fabfac35f9aab09c77bc495b5c7116de70619c5ac798f1974d7a6e9b80ac4bab0f1657488278a40480731b7f51ff921e8ad8a1986b6da1660c40875504d1265679a718dc9a1400ac15ce81696f712a1074ac47de09e95d64eb72a186f11bf360e5841a283841762a0cda06ac7c74520427465c128763e3258169d32bce06dbf95fcf8e19ffdb7c56fb5e236f2422f631ead769969699318140ad2b431b21f88bf824e1590524a0aea10ad2c5f961533e78d8e46da0e6ef484d25bd09f6de08e398485d95c51f3a5dc76dbdea7b2d236d819018b22467116b359e8c38147565203c75a4a2789019e7e4bf06a2b3779cea3206cc2d10e5a458b81"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x1, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, 0x0, 0x808)
ioctl$int_in(0xffffffffffffffff, 0x5421, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
getrandom(&(0x7f0000000040)=""/133, 0xfffffffffffffdde, 0x0)

566.021517ms ago: executing program 5 (id=236):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
dup3(r1, r0, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000001c0))
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0x4c, 0x0, &(0x7f0000000200)=[@acquire, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000380)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
lseek(r3, 0x851, 0x0)

540.485257ms ago: executing program 5 (id=237):
r0 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
preadv(r0, 0x0, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0)
r2 = gettid()
fcntl$setownex(r1, 0xf, &(0x7f0000000080)={0x2, r2})
fcntl$setlease(r1, 0x400, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/locks\x00', 0x0, 0x0)
truncate(&(0x7f0000000040)='./file0\x00', 0x0)
read$FUSE(r3, &(0x7f0000000300)={0x2020}, 0x2020)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r4, 0xffffffffffffffff, 0x0)

467.611607ms ago: executing program 5 (id=238):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$incfs(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000340), 0x0, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000040)='.\x00', 0xffffffffffffff9c, &(0x7f00000006c0)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000000c0)='./bus\x00')
r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
mkdirat(r1, &(0x7f0000000300)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
rename(&(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f00000000c0)='./file0\x00')

436.889427ms ago: executing program 5 (id=239):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000038c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da97e22f4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ad0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bff3b89c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c2ed01faa7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497dad64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6fba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd2310801570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb414c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a000000000000000000000000000000000000000000000000000000a0cc2b89ce1525748ce167cbabb881f060599a6a59f645edca1d5c24b2f6b8c997a8f3e1b7679984a566d98d4d31198ee4c5ea7be0d99cf89bba4a6fd0bec12e7792bec3c5038e13b1982f80cdecd07f8908a983a7c9fb81c2ba7f7e87c991f30e50d1b3bbe4cf2a2f5d4571b6568ada51bc121c9139d2a8e0638c84066b1759081802"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
bpf$BPF_PROG_TEST_RUN(0x12, 0x0, 0x0)
pipe(&(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
splice(r4, 0x0, r5, 0x0, 0xf3a, 0x0)
close(r2)
tee(r1, r5, 0x8000000000081, 0x0)
close(r3)
socket$nl_route(0x10, 0x3, 0x0)

389.474808ms ago: executing program 3 (id=240):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
mount$bind(0x0, 0x0, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setscheduler(0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000008, 0x50, 0xffffffffffffffff, 0x5738d000)
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$cgroup(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000340)={[], [{@appraise_type}, {@fscontext={'fscontext', 0x3d, 'user_u'}}]})

306.782918ms ago: executing program 2 (id=241):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f00000004c0)='cpuset.memory_spread_page\x00', 0x2, 0x0)
write$cgroup_int(r1, &(0x7f0000000040)=0x3ff, 0x12)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{}, 0x0, 0x0}, 0x20)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x5, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b06, &(0x7f0000000080)={'wlan1\x00', @random="02000000000a"})
mkdirat$cgroup(r0, &(0x7f00000000c0)='syz1\x00', 0x1ff)

279.318108ms ago: executing program 2 (id=243):
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='rss_stat\x00', r4}, 0x10)
recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)

0s ago: executing program 6 (id=244):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f0000157000/0x2000)=nil, 0x1fffff, 0x0, 0x0, 0x0)
remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0x20001000, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = epoll_create(0xeb5)
r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000000c0))
epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r1, &(0x7f0000000000)={0xd71255fac0de869})
epoll_pwait(r0, &(0x7f00000001c0)=[{}], 0x1, 0x3, 0x0, 0x54)
socket$inet_udp(0x2, 0x2, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.37' (ED25519) to the list of known hosts.
[   20.057118][   T30] audit: type=1400 audit(1732036699.196:66): avc:  denied  { integrity } for  pid=280 comm="syz-executor" lockdown_reason="debugfs access" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=lockdown permissive=1
[   20.080524][   T30] audit: type=1400 audit(1732036699.216:67): avc:  denied  { mounton } for  pid=280 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   20.081606][  T280] cgroup: Unknown subsys name 'net'
[   20.102985][   T30] audit: type=1400 audit(1732036699.216:68): avc:  denied  { mount } for  pid=280 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   20.129889][   T30] audit: type=1400 audit(1732036699.246:69): avc:  denied  { unmount } for  pid=280 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   20.130046][  T280] cgroup: Unknown subsys name 'devices'
[   20.327922][  T280] cgroup: Unknown subsys name 'hugetlb'
[   20.333317][  T280] cgroup: Unknown subsys name 'rlimit'
[   20.494169][   T30] audit: type=1400 audit(1732036699.626:70): avc:  denied  { setattr } for  pid=280 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=250 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   20.506339][  T283] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
Setting up swapspace version 1, size = 127995904 bytes
[   20.517154][   T30] audit: type=1400 audit(1732036699.626:71): avc:  denied  { mounton } for  pid=280 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   20.550064][   T30] audit: type=1400 audit(1732036699.626:72): avc:  denied  { mount } for  pid=280 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   20.550099][  T280] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   20.573078][   T30] audit: type=1400 audit(1732036699.666:73): avc:  denied  { relabelto } for  pid=283 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   20.606706][   T30] audit: type=1400 audit(1732036699.666:74): avc:  denied  { write } for  pid=283 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   20.632185][   T30] audit: type=1400 audit(1732036699.686:75): avc:  denied  { read } for  pid=280 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   21.034462][  T292] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.041458][  T292] bridge0: port 1(bridge_slave_0) entered disabled state
[   21.048690][  T292] device bridge_slave_0 entered promiscuous mode
[   21.056296][  T292] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.063125][  T292] bridge0: port 2(bridge_slave_1) entered disabled state
[   21.070373][  T292] device bridge_slave_1 entered promiscuous mode
[   21.130471][  T289] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.137337][  T289] bridge0: port 1(bridge_slave_0) entered disabled state
[   21.144533][  T289] device bridge_slave_0 entered promiscuous mode
[   21.158416][  T289] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.165250][  T289] bridge0: port 2(bridge_slave_1) entered disabled state
[   21.172544][  T289] device bridge_slave_1 entered promiscuous mode
[   21.178883][  T290] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.185710][  T290] bridge0: port 1(bridge_slave_0) entered disabled state
[   21.192998][  T290] device bridge_slave_0 entered promiscuous mode
[   21.207332][  T290] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.214177][  T290] bridge0: port 2(bridge_slave_1) entered disabled state
[   21.221425][  T290] device bridge_slave_1 entered promiscuous mode
[   21.257407][  T291] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.264250][  T291] bridge0: port 1(bridge_slave_0) entered disabled state
[   21.271433][  T291] device bridge_slave_0 entered promiscuous mode
[   21.277881][  T293] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.284713][  T293] bridge0: port 1(bridge_slave_0) entered disabled state
[   21.291955][  T293] device bridge_slave_0 entered promiscuous mode
[   21.307428][  T291] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.314271][  T291] bridge0: port 2(bridge_slave_1) entered disabled state
[   21.321462][  T291] device bridge_slave_1 entered promiscuous mode
[   21.327765][  T293] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.334592][  T293] bridge0: port 2(bridge_slave_1) entered disabled state
[   21.341911][  T293] device bridge_slave_1 entered promiscuous mode
[   21.474251][  T292] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.481113][  T292] bridge0: port 2(bridge_slave_1) entered forwarding state
[   21.503575][  T293] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.510436][  T293] bridge0: port 2(bridge_slave_1) entered forwarding state
[   21.517531][  T293] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.524307][  T293] bridge0: port 1(bridge_slave_0) entered forwarding state
[   21.538322][  T290] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.545152][  T290] bridge0: port 2(bridge_slave_1) entered forwarding state
[   21.552266][  T290] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.559062][  T290] bridge0: port 1(bridge_slave_0) entered forwarding state
[   21.583213][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[   21.590604][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[   21.597998][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   21.605310][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[   21.612484][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[   21.619585][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[   21.647537][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   21.655511][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.662348][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   21.670307][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   21.678410][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.685242][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   21.709325][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   21.717102][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   21.738031][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   21.745493][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   21.752993][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   21.760460][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   21.767901][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   21.775794][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.782561][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   21.790035][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   21.798064][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.804908][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   21.812801][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   21.820769][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.827606][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   21.855390][  T290] device veth0_vlan entered promiscuous mode
[   21.864871][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   21.873128][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   21.881278][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   21.889735][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   21.897573][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   21.904711][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   21.912139][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   21.920852][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   21.928964][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.935796][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   21.943062][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   21.950973][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.957808][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   21.964961][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   21.972970][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.979799][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   21.987096][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   21.995007][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.001756][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   22.008915][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   22.016659][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   22.024323][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   22.032080][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   22.039825][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   22.048052][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.054885][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   22.074673][  T290] device veth1_macvtap entered promiscuous mode
[   22.082361][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   22.091478][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   22.100231][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   22.108001][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   22.122579][  T293] device veth0_vlan entered promiscuous mode
[   22.134622][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   22.142773][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   22.150934][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   22.159192][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   22.167461][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   22.175026][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   22.182815][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   22.190640][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   22.198333][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   22.206054][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   22.213799][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   22.221012][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   22.238487][  T291] device veth0_vlan entered promiscuous mode
[   22.248421][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   22.256870][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   22.264914][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   22.273636][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   22.282002][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   22.289900][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   22.297823][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   22.305788][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   22.314028][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   22.322094][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   22.330351][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   22.338410][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   22.346568][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   22.353796][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   22.367148][  T292] device veth0_vlan entered promiscuous mode
[   22.377603][  T291] device veth1_macvtap entered promiscuous mode
[   22.384258][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   22.392454][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   22.400587][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   22.408144][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   22.415732][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   22.423609][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   22.431337][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   22.439221][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   22.446634][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   22.454097][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   22.461443][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   22.469603][  T289] device veth0_vlan entered promiscuous mode
[   22.479250][  T293] device veth1_macvtap entered promiscuous mode
[   22.493925][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   22.501433][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   22.509605][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   22.517898][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   22.525967][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   22.534331][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   22.542278][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   22.551141][  T292] device veth1_macvtap entered promiscuous mode
[   22.562631][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   22.573701][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   22.583547][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   22.593141][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   22.601576][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   22.612874][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   22.620950][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   22.645802][  T289] device veth1_macvtap entered promiscuous mode
[   22.663300][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   22.672121][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   22.682095][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   22.682158][  T321] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   22.690687][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   22.714720][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   22.751062][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   22.767096][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   22.775466][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   22.790169][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   22.851881][  T335] ------------[ cut here ]------------
[   22.869354][  T335] WARNING: CPU: 0 PID: 335 at fs/inode.c:364 inc_nlink+0x12b/0x130
[   22.877433][  T335] Modules linked in:
[   22.881369][  T335] CPU: 0 PID: 335 Comm: syz.4.5 Not tainted 5.15.167-syzkaller-00348-g2e66050fb753 #0
[   22.893229][  T335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[   22.904875][  T335] RIP: 0010:inc_nlink+0x12b/0x130
[   22.910715][  T335] Code: f0 ff e9 30 ff ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 41 ff ff ff 4c 89 ff e8 cf ee f0 ff e9 34 ff ff ff e8 f5 95 ae ff <0f> 0b eb 80 90 55 48 89 e5 41 57 41 56 53 48 89 fb 49 bf 00 00 00
[   22.931988][  T335] RSP: 0018:ffffc90000b8f8c0 EFLAGS: 00010283
[   22.938150][  T335] RAX: ffffffff81c1c16b RBX: 0000000000000000 RCX: 0000000000040000
[   22.946010][  T335] RDX: ffffc90002553000 RSI: 0000000000002d06 RDI: 0000000000002d07
[   22.954860][  T335] RBP: ffffc90000b8f8f0 R08: ffffffff81c1c0e4 R09: ffffed1024c0f0d8
[   22.969300][  T335] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff110223f0db3
[   22.985687][  T335] R13: dffffc0000000000 R14: ffff888111f86d50 R15: ffff888111f86d98
[   23.000169][  T335] FS:  00007f4d8b5236c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[   23.010593][  T335] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   23.018287][  T335] CR2: 00007fe7e76daf98 CR3: 000000011e213000 CR4: 00000000003506b0
[   23.030561][  T335] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   23.039714][  T335] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   23.048572][  T335] Call Trace:
[   23.051942][  T335]  <TASK>
[   23.052382][  T344] loop0: detected capacity change from 0 to 2048
[   23.054723][  T335]  ? show_regs+0x58/0x60
[   23.065229][  T335]  ? __warn+0x160/0x2f0
[   23.074097][  T335]  ? inc_nlink+0x12b/0x130
[   23.082452][  T335]  ? report_bug+0x3d9/0x5b0
[   23.089712][  T335]  ? inc_nlink+0x12b/0x130
[   23.094044][  T335]  ? handle_bug+0x41/0x70
[   23.099132][  T335]  ? exc_invalid_op+0x1b/0x50
[   23.103714][  T335]  ? asm_exc_invalid_op+0x1b/0x20
[   23.116543][  T335]  ? inc_nlink+0xa4/0x130
[   23.121002][  T335]  ? inc_nlink+0x12b/0x130
[   23.121029][  T335]  ? inc_nlink+0x12b/0x130
[   23.121047][  T335]  v9fs_vfs_mkdir_dotl+0x48e/0x590
[   23.121066][  T335]  ? v9fs_vfs_symlink_dotl+0x580/0x580
[   23.121090][  T335]  ? selinux_inode_mkdir+0x22/0x30
[   23.121111][  T335]  ? security_inode_mkdir+0xbc/0x100
[   23.121132][  T335]  vfs_mkdir+0x3f6/0x610
[   23.121151][  T335]  open_or_create_special_dir+0xed/0x1d0
[   23.121170][  T335]  incfs_mount_fs+0x49b/0xa30
[   23.121187][  T335]  ? incfs_unlink+0x90/0x90
[   23.121203][  T335]  ? vfs_parse_fs_string+0x18c/0x220
[   23.121219][  T335]  ? cap_capable+0x1d2/0x270
[   23.121234][  T335]  legacy_get_tree+0xf1/0x190
[   23.121249][  T335]  ? incfs_unlink+0x90/0x90
[   23.121265][  T335]  vfs_get_tree+0x88/0x290
[   23.121281][  T335]  do_new_mount+0x2ba/0xb30
[   23.121297][  T335]  ? do_move_mount_old+0x160/0x160
[   23.121313][  T335]  ? security_capable+0x87/0xb0
[   23.121331][  T335]  ? ns_capable+0x89/0xe0
[   23.121346][  T335]  path_mount+0x671/0x1070
[   23.121363][  T335]  __se_sys_mount+0x2c4/0x3b0
[   23.121379][  T335]  ? __x64_sys_mount+0xd0/0xd0
[   23.121395][  T335]  ? __kasan_check_write+0x14/0x20
[   23.121412][  T335]  ? switch_fpu_return+0x15f/0x2e0
[   23.121429][  T335]  __x64_sys_mount+0xbf/0xd0
[   23.121446][  T335]  x64_sys_call+0x49d/0x9a0
[   23.121462][  T335]  do_syscall_64+0x3b/0xb0
[   23.121476][  T335]  ? clear_bhb_loop+0x35/0x90
[   23.121499][  T335]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   23.121516][  T335] RIP: 0033:0x7f4d8c8aa759
[   23.121530][  T335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   23.121544][  T335] RSP: 002b:00007f4d8b523038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   23.121564][  T335] RAX: ffffffffffffffda RBX: 00007f4d8ca61f80 RCX: 00007f4d8c8aa759
[   23.121670][  T335] RDX: 0000000020000040 RSI: 0000000020000100 RDI: 0000000020000140
[   23.121683][  T335] RBP: 00007f4d8c91d75e R08: 0000000000000000 R09: 0000000000000000
[   23.121694][  T335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   23.121704][  T335] R13: 0000000000000000 R14: 00007f4d8ca61f80 R15: 00007ffedfe67668
[   23.121718][  T335]  </TASK>
[   23.121731][  T335] ---[ end trace f7bef6f2c27bea80 ]---
[   23.123523][  T335] incfs_lookup_dentry err:-14
[   23.140295][  T353] hub 1-0:1.0: USB hub found
[   23.141893][  T335] incfs: Can't find or create .incomplete dir in ./file0
[   23.147923][  T349] loop2: detected capacity change from 0 to 128
[   23.152032][  T335] incfs: mount failed -14
[   23.176281][  T353] hub 1-0:1.0: 1 port detected
[   23.180054][  T344] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   23.206183][  T355] loop1: detected capacity change from 0 to 256
[   23.216183][  T349] EXT4-fs (loop2): Ignoring removed bh option
[   23.235306][  T355] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xb5fb52fc, utbl_chksum : 0xe619d30d)
[   23.280702][  T349] EXT4-fs (loop2): Ignoring removed orlov option
[   23.302651][  T344] EXT4-fs warning (device loop0): ext4_read_inode_bitmap:149: Cannot read inode bitmap - block_group = 0, inode_bitmap = 3171692
[   23.314752][  T346] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2758444543 (5516889086 ns) > initial count (4205064 ns). Using initial count to start timer.
[   23.320310][  T344] EXT4-fs error (device loop0) in ext4_free_inode:362: Out of memory
[   23.336547][  T349] EXT4-fs (loop2): Ignoring removed oldalloc option
[   23.354290][  T344] EXT4-fs warning (device loop0): ext4_read_block_bitmap_nowait:485: Cannot get buffer for block bitmap - block_group = 0, block_bitmap = 1768304430
[   23.470029][  T349] EXT4-fs (loop2): mounted filesystem without journal. Opts: abort,bh,resuid=0x0000000000000000,orlov,norecovery,stripe=0x0000000000000200,oldalloc,data_err=abort,,errors=continue. Quota mode: none.
[   23.489495][  T354] EXT4-fs warning (device loop0): ext4_read_block_bitmap_nowait:485: Cannot get buffer for block bitmap - block_group = 0, block_bitmap = 1768304430
[   23.497138][  T344] EXT4-fs (loop0): Delayed block allocation failed for inode 13 at logical offset 16 with max blocks 18 with error 117
[   23.505804][  T349] ext4 filesystem being mounted at /2/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   23.561936][  T344] EXT4-fs (loop0): This should not happen!! Data will be lost
[   23.561936][  T344] 
[   23.607796][  T292] EXT4-fs error (device loop0): ext4_map_blocks:629: inode #2: block 16: comm syz-executor: lblock 0 mapped to illegal pblock 16 (length 1)
[   23.653325][  T292] EXT4-fs warning (device loop0): htree_dirblock_to_tree:1083: inode #2: lblock 0: comm syz-executor: error -117 reading directory block
[   23.672238][  T292] EXT4-fs error (device loop0): __ext4_get_inode_loc:4351: comm syz-executor: Invalid inode table block 4 in block_group 0
[   23.686080][  T292] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5834: Corrupt filesystem
[   23.695557][  T292] EXT4-fs error (device loop0): ext4_dirty_inode:6038: inode #2: comm syz-executor: mark_inode_dirty error
[   23.712569][    T8] EXT4-fs error (device loop0): __ext4_get_inode_loc:4351: comm kworker/u4:0: Invalid inode table block 4 in block_group 0
[   23.725653][    T8] EXT4-fs error (device loop0): __ext4_get_inode_loc:4351: comm kworker/u4:0: Invalid inode table block 4 in block_group 0
[   23.777477][  T369] loop1: detected capacity change from 0 to 4096
[   23.808086][  T360] loop4: detected capacity change from 0 to 40427
[   23.819418][  T369] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option
[   23.830472][  T369] EXT4-fs (loop1): mounted filesystem without journal. Opts: bsdgroups,grpquota,init_itable,user_xattr,nomblk_io_submit,,errors=continue. Quota mode: writeback.
[   23.849683][  T369] EXT4-fs error (device loop1): ext4_do_update_inode:5205: inode #15: comm syz.1.18: corrupted inode contents
[   23.864304][  T292] syz-executor (292) used greatest stack depth: 20512 bytes left
[   23.876250][  T369] EXT4-fs error (device loop1): ext4_dirty_inode:6038: inode #15: comm syz.1.18: mark_inode_dirty error
[   23.891853][  T360] F2FS-fs (loop4): invalid crc value
[   23.905539][  T369] EXT4-fs error (device loop1): ext4_do_update_inode:5205: inode #15: comm syz.1.18: corrupted inode contents
[   23.913492][  T360] F2FS-fs (loop4): Found nat_bits in checkpoint
[   23.927914][  T369] EXT4-fs error (device loop1): __ext4_ext_dirty:183: inode #15: comm syz.1.18: mark_inode_dirty error
[   23.946594][  T369] EXT4-fs error (device loop1): ext4_do_update_inode:5205: inode #15: comm syz.1.18: corrupted inode contents
[   23.988564][  T369] EXT4-fs error (device loop1): __ext4_ext_dirty:183: inode #15: comm syz.1.18: mark_inode_dirty error
[   24.006528][  T360] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   24.038211][  T289] attempt to access beyond end of device
[   24.038211][  T289] loop4: rw=2049, want=45104, limit=40427
[   24.051068][  T369] EXT4-fs error (device loop1): ext4_do_update_inode:5205: inode #15: comm syz.1.18: corrupted inode contents
[   24.064965][  T369] EXT4-fs error (device loop1): ext4_truncate:4303: inode #15: comm syz.1.18: mark_inode_dirty error
[   24.077831][  T369] EXT4-fs error (device loop1) in ext4_setattr:5606: Corrupt filesystem
[   24.089750][  T375] EXT4-fs error (device loop1): ext4_do_update_inode:5205: inode #15: comm syz.1.18: corrupted inode contents
[   24.115788][  T384] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.124177][  T384] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.131576][  T384] device bridge_slave_0 entered promiscuous mode
[   24.149328][  T384] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.181600][  T393] loop4: detected capacity change from 0 to 256
[   24.188017][  T384] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.195269][  T384] device bridge_slave_1 entered promiscuous mode
[   24.214928][  T290] EXT4-fs warning (device loop1): ext4_evict_inode:286: couldn't mark inode dirty (err -117)
[   24.240320][  T393] request_module fs-cifs succeeded, but still no fs?
[   24.307160][  T395] xt_bpf: check failed: parse error
[   24.338966][  T384] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.345816][  T384] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.352939][  T384] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.359717][  T384] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.415951][  T317] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.424907][  T317] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.444227][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   24.451839][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   24.470790][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   24.479029][  T317] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.485881][  T317] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.493480][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   24.502133][  T317] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.508994][  T317] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.526860][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   24.548418][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   24.560193][  T412] xt_hashlimit: size too large, truncated to 1048576
[   24.568577][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   24.577691][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   24.585543][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   24.593290][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   24.603478][  T384] device veth0_vlan entered promiscuous mode
[   24.649785][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   24.661129][  T384] device veth1_macvtap entered promiscuous mode
[   24.673900][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   24.690997][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   24.717603][    T8] device bridge_slave_1 left promiscuous mode
[   24.723548][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.748297][    T8] device bridge_slave_0 left promiscuous mode
[   24.759614][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.771609][    T8] device veth1_macvtap left promiscuous mode
[   24.779757][    T8] device veth0_vlan left promiscuous mode
[   25.104174][  T381] loop2: detected capacity change from 0 to 131072
[   25.136359][  T381] =======================================================
[   25.136359][  T381] WARNING: The mand mount option has been deprecated and
[   25.136359][  T381]          and is ignored by this kernel. Remove the mand
[   25.136359][  T381]          option from the mount to silence this warning.
[   25.136359][  T381] =======================================================
[   25.187266][   T63] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   25.199355][  T381] F2FS-fs (loop2): Invalid log sectorsize (67108873)
[   25.206703][  T381] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[   25.258770][  T452] loop1: detected capacity change from 0 to 8192
[   25.266593][  T381] F2FS-fs (loop2): invalid crc value
[   25.273199][  T381] F2FS-fs (loop2): Found nat_bits in checkpoint
[   25.279381][  T396] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[   25.309933][  T381] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[   25.316856][  T381] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[   25.336802][   T30] kauditd_printk_skb: 134 callbacks suppressed
[   25.336814][   T30] audit: type=1400 audit(1732036704.476:210): avc:  denied  { mount } for  pid=451 comm="syz.1.47" name="/" dev="loop1" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[   25.377861][  T452] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 2074)
[   25.386780][  T452] FAT-fs (loop1): Filesystem has been set read-only
[   25.405052][   T30] audit: type=1400 audit(1732036704.536:211): avc:  denied  { map } for  pid=380 comm="syz.2.21" path="/6/file0/bus" dev="loop2" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   25.428322][   T30] audit: type=1400 audit(1732036704.536:212): avc:  denied  { unmount } for  pid=290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[   25.476229][   T63] usb 4-1: Using ep0 maxpacket: 32
[   25.501187][  T466] loop1: detected capacity change from 0 to 1024
[   25.530698][   T30] audit: type=1400 audit(1732036704.666:213): avc:  denied  { bind } for  pid=467 comm="syz.4.53" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   25.556209][  T396] usb 6-1: Using ep0 maxpacket: 16
[   25.574771][  T466] EXT4-fs (loop1): Test dummy encryption mode enabled
[   25.582162][  T466] EXT4-fs (loop1): Ignoring removed orlov option
[   25.596212][   T63] usb 4-1: config 0 has an invalid interface number: 67 but max is 0
[   25.606167][   T63] usb 4-1: config 0 has no interface number 0
[   25.613946][  T466] EXT4-fs (loop1): mounted filesystem without journal. Opts: test_dummy_encryption,debug_want_extra_isize=0x0000000000000084,stripe=0x0000000000000007,commit=0x0000000000000005,orlov,barrier=0x0000000000000005,max_batch_time=0x0000000000000000,data_err=abort,,errors=continue. Quota mode: writeback.
[   25.614233][  T473] netlink: 4 bytes leftover after parsing attributes in process `syz.4.54'.
[   25.659340][   T30] audit: type=1400 audit(1732036704.796:214): avc:  denied  { create } for  pid=465 comm="syz.1.51" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[   25.669052][  T473] netlink: 4 bytes leftover after parsing attributes in process `syz.4.54'.
[   25.691595][   T30] audit: type=1400 audit(1732036704.796:215): avc:  denied  { create } for  pid=471 comm="syz.4.54" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[   25.711646][   T30] audit: type=1400 audit(1732036704.796:216): avc:  denied  { write } for  pid=471 comm="syz.4.54" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[   25.732785][  T466] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni"
[   25.742059][  T396] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   25.768036][   T30] audit: type=1400 audit(1732036704.906:217): avc:  denied  { write } for  pid=465 comm="syz.1.51" name="bus" dev="loop1" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[   25.791556][   T30] audit: type=1400 audit(1732036704.926:218): avc:  denied  { add_name } for  pid=465 comm="syz.1.51" name=2E02 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[   25.793789][  T396] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[   25.811301][   T63] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[   25.833139][  T466] fscrypt: AES-256-XTS using implementation "xts-aes-aesni"
[   25.840502][   T63] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   25.846723][   T30] audit: type=1400 audit(1732036704.976:219): avc:  denied  { append } for  pid=465 comm="syz.1.51" path="/11/file0/bus/cpuacct.usage_sys" dev="loop1" ino=20 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   25.852444][   T63] usb 4-1: Product: syz
[   25.876851][   T63] usb 4-1: Manufacturer: syz
[   25.881645][   T63] usb 4-1: SerialNumber: syz
[   25.887284][   T63] usb 4-1: config 0 descriptor??
[   25.926624][   T63] smsc95xx v2.0.0
[   26.016533][  T396] usb 6-1: New USB device found, idVendor=046d, idProduct=08f0, bcdDevice=50.0d
[   26.026173][  T396] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   26.033969][  T396] usb 6-1: Product: syz
[   26.038850][  T396] usb 6-1: Manufacturer: syz
[   26.043922][  T396] usb 6-1: SerialNumber: syz
[   26.049688][  T396] usb 6-1: config 0 descriptor??
[   26.356213][  T396] usb 6-1: USB disconnect, device number 2
[   26.366466][   T63] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[   26.377090][   T63] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[   26.866772][  T509] loop4: detected capacity change from 0 to 1024
[   26.912776][  T509] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,noauto_da_alloc,jqfmt=vfsold,stripe=0x0000000000000003,noauto_da_alloc,auto_da_alloc=0x0000000000000005,resuid=0x0000000000000000,dioread_lock,jqfmt=vfsv1,,errors=continue. Quota mode: none.
[   27.074567][  T528] loop5: detected capacity change from 0 to 2048
[   27.185646][  T528] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   27.303492][  T540] kvm: emulating exchange as write
[   27.369242][  T547] loop4: detected capacity change from 0 to 512
[   27.479719][  T547] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[   27.496242][   T63] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000104: -71
[   27.512075][   T63] smsc95xx: probe of 4-1:0.67 failed with error -71
[   27.521191][   T63] usb 4-1: USB disconnect, device number 2
[   27.565017][  T547] EXT4-fs error (device loop4): ext4_orphan_get:1401: inode #17: comm syz.4.77: iget: bad i_size value: -6917529027641081756
[   27.599525][  T558] device vlan2 entered promiscuous mode
[   27.606431][  T547] EXT4-fs error (device loop4): ext4_orphan_get:1406: comm syz.4.77: couldn't read orphan inode 17 (err -117)
[   27.627900][  T558] device bridge0 entered promiscuous mode
[   27.635907][  T547] EXT4-fs (loop4): mounted filesystem without journal. Opts: delalloc,bsddf,nouid32,,errors=continue. Quota mode: writeback.
[   27.654293][  T558] bridge0: port 3(vlan2) entered blocking state
[   27.666197][  T558] bridge0: port 3(vlan2) entered disabled state
[   27.695101][  T558] device bridge0 left promiscuous mode
[   27.919856][  T571] loop1: detected capacity change from 0 to 256
[   27.956172][  T312] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   27.989173][  T575] device pim6reg1 entered promiscuous mode
[   28.029953][  T580] tipc: Started in network mode
[   28.034634][  T580] tipc: Node identity ac1414aa, cluster identity 4711
[   28.044658][  T580] tipc: New replicast peer: 100.1.1.1
[   28.051239][  T580] tipc: Enabled bearer <udp:syz2>, priority 10
[   28.101360][  T585] device pim6reg1 entered promiscuous mode
[   28.196197][  T312] usb 5-1: Using ep0 maxpacket: 16
[   28.306167][   T20] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[   28.316353][  T312] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   28.333068][  T312] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[   28.346077][  T312] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[   28.355170][  T312] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   28.363690][  T312] usb 5-1: config 0 descriptor??
[   28.576219][   T20] usb 6-1: Using ep0 maxpacket: 32
[   28.606458][  T396] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   28.746263][   T20] usb 6-1: config 0 has an invalid interface number: 67 but max is 0
[   28.754180][   T20] usb 6-1: config 0 has no interface number 0
[   28.847919][  T312] microsoft 0003:045E:07DA.0001: invalid report_count 60852
[   28.855057][  T312] microsoft 0003:045E:07DA.0001: item 0 2 1 9 parsing failed
[   28.862784][  T312] microsoft 0003:045E:07DA.0001: parse failed
[   28.868790][  T312] microsoft: probe of 0003:045E:07DA.0001 failed with error -22
[   28.886218][  T396] usb 3-1: Using ep0 maxpacket: 32
[   28.956255][   T20] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[   28.965154][   T20] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   28.973138][   T20] usb 6-1: Product: syz
[   28.977361][   T20] usb 6-1: Manufacturer: syz
[   28.981762][   T20] usb 6-1: SerialNumber: syz
[   28.991703][   T20] usb 6-1: config 0 descriptor??
[   29.016553][  T396] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[   29.024424][  T396] usb 3-1: config 0 has no interface number 0
[   29.030383][  T396] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   29.041399][   T20] smsc95xx v2.0.0
[   29.044862][   T20] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[   29.061564][  T396] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   29.071168][   T20] smsc95xx: probe of 6-1:0.67 failed with error -22
[   29.072318][   T63] usb 5-1: USB disconnect, device number 2
[   29.077577][  T396] usb 3-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[   29.093367][  T396] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   29.108619][  T396] usb 3-1: config 0 descriptor??
[   29.166171][   T26] tipc: Node number set to 2886997162
[   29.321699][  T611] usb 6-1: USB disconnect, device number 3
[   29.403350][  T640] loop3: detected capacity change from 0 to 512
[   29.477667][  T643] loop1: detected capacity change from 0 to 2048
[   29.484262][  T640] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   29.497196][  T640] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   29.508117][  T640] EXT4-fs (loop3): 1 truncate cleaned up
[   29.513621][  T640] EXT4-fs (loop3): mounted filesystem without journal. Opts: noinit_itable,dioread_lock,noauto_da_alloc,lazytime,nombcache,max_batch_time=0x000000000000000a,,errors=continue. Quota mode: none.
[   29.532926][  T101]  loop1: p1 < > p4
[   29.538017][  T101] loop1: p4 size 8388608 extends beyond EOD, truncated
[   29.546889][  T643]  loop1: p1 < > p4
[   29.550988][  T643] loop1: p4 size 8388608 extends beyond EOD, truncated
[   29.581165][  T610] loop2: detected capacity change from 0 to 1024
[   29.598655][  T101]  loop1: p1 < > p4
[   29.602771][  T101] loop1: p4 size 8388608 extends beyond EOD, truncated
[   29.634048][  T610] EXT4-fs (loop2): mounted filesystem without journal. Opts: nombcache,abort,dioread_lock,norecovery,discard,lazytime,noload,usrquota,noauto_da_alloc,,errors=continue. Quota mode: writeback.
[   29.679764][  T655] loop4: detected capacity change from 0 to 1024
[   29.688358][  T101]  loop1: p1 < > p4
[   29.692294][  T101] loop1: p4 size 8388608 extends beyond EOD, truncated
[   29.699792][  T655] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option
[   29.707275][  T655] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   29.721872][  T655] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,delalloc,resuid=0x0000000000000000,errors=remount-ro,dioread_nolock,max_dir_size_kb=0x0000000000000009,nomblk_io_submit,data_err=abort,. Quota mode: writeback.
[   29.801351][  T656] udevd[656]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory
[   29.814226][  T373] udevd[373]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory
[   29.828415][  T663] loop3: detected capacity change from 0 to 8192
[   29.869967][  T666] loop5: detected capacity change from 0 to 512
[   29.898239][  T666] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   29.909310][  T666] ext4 filesystem being mounted at /14/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   29.909427][  T315] udevd[315]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory
[   29.922626][  T666] EXT4-fs error (device loop5): ext4_validate_block_bitmap:429: comm syz.5.121: bg 0: block 18: invalid block bitmap
[   29.941166][  T396] uclogic 0003:28BD:0094.0002: pen parameters not found
[   29.942408][  T656] udevd[656]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory
[   29.976178][  T396] uclogic 0003:28BD:0094.0002: interface is invalid, ignoring
[   29.976941][  T666] EXT4-fs error (device loop5): ext4_acquire_dquot:6187: comm syz.5.121: Failed to acquire dquot type 1
[   30.005102][  T315] udevd[315]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory
[   30.016551][  T671] EXT4-fs error (device loop5): ext4_acquire_dquot:6187: comm syz.5.121: Failed to acquire dquot type 1
[   30.016885][  T656] udevd[656]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory
[   30.059695][  T666] syz.5.121 (666) used greatest stack depth: 18816 bytes left
[   30.171065][   T26] usb 3-1: USB disconnect, device number 2
[   30.220677][  T685] bridge0: port 1(bridge_slave_0) entered blocking state
[   30.227649][  T685] bridge0: port 1(bridge_slave_0) entered disabled state
[   30.234991][  T685] device bridge_slave_0 entered promiscuous mode
[   30.244523][  T685] bridge0: port 2(bridge_slave_1) entered blocking state
[   30.251425][  T685] bridge0: port 2(bridge_slave_1) entered disabled state
[   30.258984][  T685] device bridge_slave_1 entered promiscuous mode
[   30.298531][  T702] syz.5.133[702] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   30.298597][  T702] syz.5.133[702] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   30.340257][  T685] bridge0: port 2(bridge_slave_1) entered blocking state
[   30.358062][  T685] bridge0: port 2(bridge_slave_1) entered forwarding state
[   30.361463][   T30] kauditd_printk_skb: 103 callbacks suppressed
[   30.361476][   T30] audit: type=1400 audit(1732036709.476:319): avc:  denied  { name_bind } for  pid=703 comm="syz.5.135" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[   30.365138][  T685] bridge0: port 1(bridge_slave_0) entered blocking state
[   30.372092][   T30] audit: type=1400 audit(1732036709.496:320): avc:  denied  { node_bind } for  pid=703 comm="syz.5.135" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   30.392259][  T685] bridge0: port 1(bridge_slave_0) entered forwarding state
[   30.429913][  T706] loop5: detected capacity change from 0 to 128
[   30.444157][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   30.451432][   T30] audit: type=1400 audit(1732036709.496:321): avc:  denied  { nlmsg_write } for  pid=703 comm="syz.5.135" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[   30.472658][  T317] bridge0: port 1(bridge_slave_0) entered disabled state
[   30.479931][  T317] bridge0: port 2(bridge_slave_1) entered disabled state
[   30.486271][  T312] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   30.506835][   T45] device bridge_slave_1 left promiscuous mode
[   30.512772][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[   30.525457][   T45] device bridge_slave_0 left promiscuous mode
[   30.531837][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[   30.541847][   T45] device veth1_macvtap left promiscuous mode
[   30.548557][   T45] device veth0_vlan left promiscuous mode
[   30.558198][  T706] attempt to access beyond end of device
[   30.558198][  T706] loop5: rw=34817, want=1041, limit=128
[   30.609339][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   30.617387][  T317] bridge0: port 1(bridge_slave_0) entered blocking state
[   30.624226][  T317] bridge0: port 1(bridge_slave_0) entered forwarding state
[   30.631528][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   30.639753][  T317] bridge0: port 2(bridge_slave_1) entered blocking state
[   30.646616][  T317] bridge0: port 2(bridge_slave_1) entered forwarding state
[   30.653705][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   30.661430][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   30.673801][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   30.684594][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   30.694970][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   30.702658][  T713] syz.3.137[713] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   30.702724][  T713] syz.3.137[713] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   30.707571][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   30.733362][  T685] device veth0_vlan entered promiscuous mode
[   30.745819][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   30.755454][  T685] device veth1_macvtap entered promiscuous mode
[   30.769565][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   30.783529][  T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   30.831825][  T716] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[   30.846341][  T312] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   30.857564][  T312] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   30.867349][  T312] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[   30.876687][  T312] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   30.894014][  T312] usb 2-1: config 0 descriptor??
[   30.894874][  T728] kvm: pic: non byte read
[   30.909897][  T728] kvm: pic: non byte read
[   30.916973][  T728] kvm: pic: non byte read
[   30.917501][   T30] audit: type=1400 audit(1732036710.046:322): avc:  denied  { execute } for  pid=731 comm="syz.6.144" path="/1/bus/bus" dev="overlay" ino=29 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[   30.921461][  T728] kvm: pic: level sensitive irq not supported
[   30.945247][  T728] kvm: pic: non byte read
[   30.956623][  T728] kvm: pic: level sensitive irq not supported
[   30.956692][  T728] kvm: pic: non byte read
[   30.967121][  T728] kvm: pic: non byte read
[   30.971518][  T728] kvm: pic: non byte read
[   30.975921][  T728] kvm: pic: non byte read
[   30.980683][  T728] kvm: pic: non byte read
[   30.985241][  T728] kvm: pic: non byte read
[   30.990302][  T728] kvm: pic: single mode not supported
[   30.990313][  T728] kvm: pic: level sensitive irq not supported
[   30.996796][  T728] kvm: pic: single mode not supported
[   31.011460][  T739] loop5: detected capacity change from 0 to 128
[   31.186212][   T20] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   31.314789][  T746] loop5: detected capacity change from 0 to 40427
[   31.350261][  T746] F2FS-fs (loop5): fault_injection options not supported
[   31.365669][  T746] F2FS-fs (loop5): invalid crc value
[   31.371988][  T746] F2FS-fs (loop5): Found nat_bits in checkpoint
[   31.379608][  T312] pyra 0003:1E7D:2CF6.0003: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.1-1/input0
[   31.404818][  T746] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[   31.430073][   T30] audit: type=1400 audit(1732036710.566:323): avc:  denied  { create } for  pid=745 comm="syz.5.148" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=fifo_file permissive=1
[   31.456275][   T30] audit: type=1400 audit(1732036710.586:324): avc:  denied  { rename } for  pid=745 comm="syz.5.148" name="file0" dev="loop5" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=fifo_file permissive=1
[   31.478880][   T30] audit: type=1400 audit(1732036710.586:325): avc:  denied  { remove_name } for  pid=745 comm="syz.5.148" name="file2" dev="loop5" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[   31.501022][  T384] attempt to access beyond end of device
[   31.501022][  T384] loop5: rw=2049, want=45112, limit=40427
[   31.532313][   T30] audit: type=1400 audit(1732036710.586:326): avc:  denied  { unlink } for  pid=745 comm="syz.5.148" name="file2" dev="loop5" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=sock_file permissive=1
[   31.561897][   T30] audit: type=1400 audit(1732036710.586:327): avc:  denied  { rename } for  pid=745 comm="syz.5.148" name="file2" dev="loop5" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=sock_file permissive=1
[   31.585956][   T30] audit: type=1400 audit(1732036710.586:328): avc:  denied  { unlink } for  pid=745 comm="syz.5.148" name="file0" dev="loop5" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=fifo_file permissive=1
[   31.586564][   T20] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[   31.617028][   T20] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   31.632668][   T20] usb 3-1: config 0 descriptor??
[   31.912073][  T758] loop3: detected capacity change from 0 to 512
[   31.924800][  T763] loop6: detected capacity change from 0 to 128
[   31.957789][  T763] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   31.968320][  T763] ext4 filesystem being mounted at /5/éq‰Y’3aK supports timestamps until 2038-01-19 (0x7fffffff)
[   31.987502][  T758] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[   31.997626][  T758] EXT4-fs (loop3): failed to initialize system zone (-117)
[   32.004667][  T758] EXT4-fs (loop3): mount failed
[   32.046266][  T312] pyra 0003:1E7D:2CF6.0003: couldn't init struct pyra_device
[   32.053603][  T312] pyra 0003:1E7D:2CF6.0003: couldn't install mouse
[   32.060773][  T312] pyra: probe of 0003:1E7D:2CF6.0003 failed with error -32
[   32.066307][   T20] usb 3-1: Cannot read MAC address
[   32.073085][   T20] MOSCHIP usb-ethernet driver: probe of 3-1:0.0 failed with error -61
[   32.106330][  T770] loop3: detected capacity change from 0 to 512
[   32.207662][  T770] EXT4-fs (loop3): mounted filesystem without journal. Opts: usrquota,grpjquota=,nodelalloc,,errors=continue. Quota mode: writeback.
[   32.221249][  T770] ext4 filesystem being mounted at /33/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   32.240267][  T770] EXT4-fs error (device loop3): ext4_acquire_dquot:6187: comm syz.3.155: Failed to acquire dquot type 1
[   32.291170][  T479] usb 3-1: USB disconnect, device number 3
[   32.316181][  T310] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[   32.356446][  T778] loop3: detected capacity change from 0 to 512
[   32.427583][  T778] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   32.438472][  T778] ext4 filesystem being mounted at /35/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   32.471715][  T778] EXT4-fs error (device loop3): ext4_do_update_inode:5205: inode #19: comm syz.3.157: corrupted inode contents
[   32.483514][  T778] EXT4-fs error (device loop3): ext4_dirty_inode:6038: inode #19: comm syz.3.157: mark_inode_dirty error
[   32.494848][  T778] EXT4-fs error (device loop3): ext4_do_update_inode:5205: inode #19: comm syz.3.157: corrupted inode contents
[   32.506836][  T778] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2960: inode #19: comm syz.3.157: mark_inode_dirty error
[   32.518702][  T778] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2963: inode #19: comm syz.3.157: mark inode dirty (error -117)
[   32.532210][  T778] EXT4-fs warning (device loop3): ext4_evict_inode:303: xattr delete (err -117)
[   32.706229][  T310] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   32.717017][  T310] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   32.726990][  T310] usb 7-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[   32.735920][  T310] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   32.747028][  T310] usb 7-1: config 0 descriptor??
[   32.796218][   T20] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[   32.808551][  T611] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   32.815752][  T611] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   32.823299][  T611] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   32.830523][  T611] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   32.837842][  T611] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   32.845041][  T611] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   32.852295][  T611] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   32.859518][  T611] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   32.867182][  T611] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   32.874418][  T611] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   32.881899][  T611] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   32.889309][  T611] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   32.896699][  T611] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   32.903938][  T611] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   32.911336][  T611] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   32.918841][  T611] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   32.926060][  T611] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   32.933460][  T611] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   32.940815][  T611] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   32.948180][  T611] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   32.955407][  T611] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   32.962794][  T611] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   32.970146][  T611] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   32.977467][  T611] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   32.984690][  T611] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   32.992917][  T611] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   33.000285][  T611] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   33.007764][  T611] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   33.014982][  T611] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   33.022951][  T611] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   33.032287][  T611] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   33.039469][  T799] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready
[   33.047002][   T20] usb 6-1: Using ep0 maxpacket: 32
[   33.051936][  T611] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   33.059142][  T611] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   33.066476][  T611] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   33.073693][  T611] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   33.080901][  T611] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   33.088447][  T611] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   33.095632][  T611] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   33.102886][  T611] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   33.110124][  T611] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   33.117345][  T611] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   33.124451][  T611] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   33.131814][  T611] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[   33.140277][  T611] hid-generic 0000:0000:0000.0004: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[   33.166246][   T20] usb 6-1: config index 0 descriptor too short (expected 29220, got 36)
[   33.171220][  T804] loop3: detected capacity change from 0 to 256
[   33.174499][   T20] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[   33.189273][   T20] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81
[   33.198578][   T20] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[   33.208604][   T20] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[   33.218281][   T20] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[   33.231335][  T310] hid (null): bogus close delimiter
[   33.237119][   T20] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[   33.245976][   T20] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   33.254886][   T20] usb 6-1: config 0 descriptor??
[   33.392022][    T6] usb 2-1: USB disconnect, device number 2
[   33.407974][  T808] device vlan2 entered promiscuous mode
[   33.446241][  T310] usb 7-1: language id specifier not provided by device, defaulting to English
[   33.527718][   T20] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 4 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[   33.672178][  T819] loop3: detected capacity change from 0 to 512
[   33.737428][  T312] usb 6-1: USB disconnect, device number 4
[   33.756154][    C1] usblp0: nonzero read bulk status received: -108
[   33.797264][  T819] EXT4-fs error (device loop3): ext4_orphan_get:1401: inode #16: comm syz.3.173: iget: bad extended attribute block 128
[   33.811581][  T819] EXT4-fs error (device loop3): ext4_orphan_get:1406: comm syz.3.173: couldn't read orphan inode 16 (err -117)
[   33.823672][  T819] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   33.834928][  T819] ext4 filesystem being mounted at /46/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   33.939031][  T783] usblp0: removed
[   34.086201][  T310] uclogic 0003:256C:006D.0005: failed retrieving string descriptor #100: -71
[   34.100359][  T310] uclogic 0003:256C:006D.0005: failed retrieving pen parameters: -71
[   34.124500][  T310] uclogic 0003:256C:006D.0005: failed probing pen v1 parameters: -71
[   34.148597][  T310] uclogic 0003:256C:006D.0005: failed probing parameters: -71
[   34.163472][  T310] uclogic: probe of 0003:256C:006D.0005 failed with error -71
[   34.180585][  T310] usb 7-1: USB disconnect, device number 2
[   34.270186][  T828] syz.3.175[828] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   34.270362][  T828] syz.3.175[828] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   34.316712][  T832] loop3: detected capacity change from 0 to 16
[   34.373532][  T832] erofs: (device loop3): mounted with root inode @ nid 36.
[   34.379108][  T834] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability
[   34.383137][   T48] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[9000]
[   34.412125][  T836] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[   34.413836][  T832] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[   34.440489][  T832] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[   34.488520][  T841] netlink: 4 bytes leftover after parsing attributes in process `syz.5.181'.
[   34.547634][  T841] netlink: 12 bytes leftover after parsing attributes in process `syz.5.181'.
[   34.595981][   T20] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[   34.610449][   T20] hid-generic 0000:0000:0000.0006: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[   34.787898][  T865] syz.3.186[865] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   34.787967][  T865] syz.3.186[865] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   34.805084][  T867] loop6: detected capacity change from 0 to 128
[   34.870750][  T867] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   34.885566][  T867] ext4 filesystem being mounted at /10/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   34.906139][  T310] usb 3-1: new full-speed USB device number 4 using dummy_hcd
[   34.951145][  T867] EXT4-fs (loop6): resizing filesystem from 64 to 1 blocks
[   34.972401][  T867] EXT4-fs warning (device loop6): ext4_resize_fs:2004: can't shrink FS - resize aborted
[   35.296195][  T310] usb 3-1: unable to get BOS descriptor or descriptor too short
[   35.366198][  T310] usb 3-1: no configurations
[   35.370712][  T310] usb 3-1: can't read configurations, error -22
[   35.752373][   T30] kauditd_printk_skb: 76 callbacks suppressed
[   35.752388][   T30] audit: type=1400 audit(1732036714.886:403): avc:  denied  { name_bind } for  pid=882 comm="syz.2.195" src=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1
[   35.805614][  T885] loop2: detected capacity change from 0 to 512
[   35.878245][  T885] EXT4-fs (loop2): 1 orphan inode deleted
[   35.895032][  T885] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_lock,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,quota,delalloc,usrquota,,errors=continue. Quota mode: writeback.
[   35.918956][  T885] ext4 filesystem being mounted at /28/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   35.952365][   T30] audit: type=1400 audit(1732036715.086:404): avc:  denied  { write } for  pid=888 comm="syz.3.197" name="fd" dev="proc" ino=20691 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[   36.049788][   T30] audit: type=1400 audit(1732036715.086:405): avc:  denied  { add_name } for  pid=888 comm="syz.3.197" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[   36.050117][   T30] audit: type=1400 audit(1732036715.086:406): avc:  denied  { create } for  pid=888 comm="syz.3.197" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[   36.137507][   T30] audit: type=1400 audit(1732036715.086:407): avc:  denied  { associate } for  pid=888 comm="syz.3.197" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[   36.475460][   T30] audit: type=1400 audit(1732036715.606:408): avc:  denied  { read } for  pid=901 comm="syz.5.201" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   36.736000][  T910] device syzkaller0 entered promiscuous mode
[   36.775300][  T912] capability: warning: `syz.1.205' uses deprecated v2 capabilities in a way that may be insecure
[   36.894972][   T30] audit: type=1400 audit(1732036716.026:409): avc:  denied  { write } for  pid=915 comm="syz.3.207" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   36.931143][   T30] audit: type=1400 audit(1732036716.026:410): avc:  denied  { nlmsg_write } for  pid=915 comm="syz.3.207" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   36.980576][   T30] audit: type=1326 audit(1732036716.116:411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=922 comm="syz.3.210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7e8a83759 code=0x7ffc0000
[   37.025809][   T30] audit: type=1326 audit(1732036716.146:412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=922 comm="syz.3.210" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe7e8a83759 code=0x7ffc0000
[   37.994782][  T941] serio: Serial port ptm0
[   38.090217][  T946] loop3: detected capacity change from 0 to 512
[   38.126207][   T63] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[   38.276626][  T955] loop3: detected capacity change from 0 to 1024
[   38.337027][  T955] EXT4-fs (loop3): Test dummy encryption mode enabled
[   38.347003][  T955] EXT4-fs (loop3): Ignoring removed orlov option
[   38.377670][  T955] EXT4-fs (loop3): mounted filesystem without journal. Opts: test_dummy_encryption,debug_want_extra_isize=0x0000000000000084,stripe=0x0000000000000007,commit=0x0000000000000005,orlov,barrier=0x0000000000000008,max_batch_time=0x0000000000000000,data_err=abort,,errors=continue. Quota mode: writeback.
[   38.486246][   T63] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   38.512846][   T63] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   38.566342][   T63] usb 7-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[   38.575278][   T63] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   38.597671][   T63] usb 7-1: config 0 descriptor??
[   38.756212][  T479] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[   38.852930][  T939] loop6: detected capacity change from 0 to 1024
[   38.916177][  T312] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[   38.950169][  T939] EXT4-fs (loop6): Can't support bigalloc feature without extents feature
[   38.950169][  T939] 
[   38.961335][  T939] EXT4-fs (loop6): couldn't mount as ext3 due to feature incompatibilities
[   39.116222][  T479] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   39.127038][  T479] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   39.136592][  T479] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[   39.145462][  T479] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   39.153308][   T63] usbhid 7-1:0.0: can't add hid device: -71
[   39.158988][  T312] usb 4-1: Using ep0 maxpacket: 8
[   39.163869][   T63] usbhid: probe of 7-1:0.0 failed with error -71
[   39.170632][  T479] usb 6-1: config 0 descriptor??
[   39.175914][   T63] usb 7-1: USB disconnect, device number 3
[   39.276240][  T312] usb 4-1: config 0 has no interfaces?
[   39.436253][  T312] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   39.445162][  T312] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   39.454813][  T312] usb 4-1: Product: syz
[   39.458820][  T312] usb 4-1: Manufacturer: syz
[   39.463313][  T312] usb 4-1: SerialNumber: syz
[   39.468459][  T312] usb 4-1: config 0 descriptor??
[   39.647726][  T479] pyra 0003:1E7D:2CF6.0007: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.5-1/input0
[   39.686202][   T63] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[   39.709394][  T310] usb 4-1: USB disconnect, device number 3
[   39.856058][  T983] loop1: detected capacity change from 0 to 128
[   39.891668][  T983] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   39.905701][  T983] ext4 filesystem being mounted at /49/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   39.917629][  T983] EXT4-fs (loop1): resizing filesystem from 64 to 1 blocks
[   39.924656][  T983] EXT4-fs warning (device loop1): ext4_resize_fs:2004: can't shrink FS - resize aborted
[   39.926230][   T63] usb 3-1: Using ep0 maxpacket: 16
[   40.056248][   T63] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   40.066258][   T63] usb 3-1: config 0 has no interfaces?
[   40.226297][   T63] usb 3-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[   40.235234][   T63] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   40.243007][   T63] usb 3-1: Product: syz
[   40.247021][   T63] usb 3-1: Manufacturer: syz
[   40.251382][   T63] usb 3-1: SerialNumber: syz
[   40.256501][   T63] usb 3-1: config 0 descriptor??
[   40.296264][  T479] pyra 0003:1E7D:2CF6.0007: couldn't init struct pyra_device
[   40.304580][  T479] pyra 0003:1E7D:2CF6.0007: couldn't install mouse
[   40.311403][  T479] pyra: probe of 0003:1E7D:2CF6.0007 failed with error -71
[   40.319281][  T479] usb 6-1: USB disconnect, device number 5
[   40.504433][   T39] usb 3-1: USB disconnect, device number 6
[   40.920556][  T384] ------------[ cut here ]------------
[   40.926036][  T384] WARNING: CPU: 0 PID: 384 at fs/inode.c:307 drop_nlink+0xc1/0x110
[   40.934644][  T384] Modules linked in:
[   40.938548][  T384] CPU: 0 PID: 384 Comm: syz-executor Tainted: G        W         5.15.167-syzkaller-00348-g2e66050fb753 #0
[   40.950040][  T384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[   40.968267][  T384] RIP: 0010:drop_nlink+0xc1/0x110
[   40.973597][  T384] Code: 1e 48 8d bb b8 04 00 00 be 08 00 00 00 e8 e7 f4 f0 ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 df 99 ae ff <0f> 0b eb 88 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 62 ff ff ff 4c
[   40.993700][  T384] RSP: 0018:ffffc900009d7b08 EFLAGS: 00010293
[   40.999860][  T384] RAX: ffffffff81c1bd81 RBX: 0000000000000000 RCX: ffff8881122ebb40
[   41.008681][   T30] kauditd_printk_skb: 41 callbacks suppressed
[   41.008703][   T30] audit: type=1400 audit(1732036720.136:454): avc:  denied  { read } for  pid=1005 comm="syz.3.240" name="msr" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[   41.046286][  T384] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   41.054239][  T384] RBP: ffffc900009d7b30 R08: ffffffff81c1bd04 R09: 0000000000000003
[   41.063108][ T1009] SELinux: security_context_str_to_sid(user_u) failed for (dev ?, type ?) errno=-22
[   41.076520][  T384] R10: fffff5200013af50 R11: dffffc0000000001 R12: dffffc0000000000
[   41.086402][  T384] R13: 1ffff11024b40469 R14: ffff888125a02300 R15: ffff888125a02348
[   41.094273][  T384] FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[   41.107411][ T1009] cgroup: Unknown subsys name 'appraise_type'
[   41.116171][   T30] audit: type=1400 audit(1732036720.136:455): avc:  denied  { open } for  pid=1005 comm="syz.3.240" path="/dev/cpu/0/msr" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[   41.126211][  T384] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   41.149618][  T384] CR2: 0000000020d8f000 CR3: 000000011fe8c000 CR4: 00000000003506a0
[   41.163544][  T384] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   41.171878][  T384] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   41.180041][  T384] Call Trace:
[   41.183535][  T384]  <TASK>
[   41.186573][  T384]  ? show_regs+0x58/0x60
[   41.192110][  T384]  ? __warn+0x160/0x2f0
[   41.196419][  T384]  ? drop_nlink+0xc1/0x110
[   41.201042][  T384]  ? report_bug+0x3d9/0x5b0
[   41.206717][  T384]  ? drop_nlink+0xc1/0x110
[   41.211048][  T384]  ? handle_bug+0x41/0x70
[   41.215291][  T384]  ? exc_invalid_op+0x1b/0x50
[   41.219885][  T384]  ? asm_exc_invalid_op+0x1b/0x20
[   41.224842][  T384]  ? drop_nlink+0x44/0x110
[   41.229214][  T384]  ? drop_nlink+0xc1/0x110
[   41.233617][  T384]  ? drop_nlink+0xc1/0x110
[   41.237917][  T384]  ? drop_nlink+0xc1/0x110
[   41.242267][  T384]  shmem_rmdir+0x59/0x90
[   41.246525][  T384]  vfs_rmdir+0x324/0x470
[   41.250692][  T384]  incfs_kill_sb+0x113/0x230
[   41.255202][  T384]  deactivate_locked_super+0xad/0x110
[   41.260473][  T384]  deactivate_super+0xbe/0xf0
[   41.265071][  T384]  cleanup_mnt+0x45c/0x510
[   41.270001][  T384]  __cleanup_mnt+0x19/0x20
[   41.274401][  T384]  task_work_run+0x129/0x190
[   41.278916][  T384]  do_exit+0xc48/0x2ca0
[   41.283084][  T384]  ? __kasan_check_read+0x11/0x20
[   41.288031][  T384]  ? put_task_struct+0x80/0x80
[   41.292797][  T384]  ? ksys_write+0x24f/0x2c0
[   41.297244][  T384]  ? exc_page_fault+0x47a/0x7f0
[   41.302118][  T384]  do_group_exit+0x141/0x310
[   41.306627][  T384]  __x64_sys_exit_group+0x3f/0x40
[   41.311579][  T384]  x64_sys_call+0x610/0x9a0
[   41.315995][  T384]  do_syscall_64+0x3b/0xb0
[   41.320341][  T384]  ? clear_bhb_loop+0x35/0x90
[   41.324990][  T384]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   41.330992][  T384] RIP: 0033:0x7ff0e89dc759
[   41.335379][  T384] Code: Unable to access opcode bytes at RIP 0x7ff0e89dc72f.
[   41.342709][  T384] RSP: 002b:00007ffce5e472e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   41.354133][  T384] RAX: ffffffffffffffda RBX: 00007ff0e8a4f66e RCX: 00007ff0e89dc759
[   41.362166][  T384] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[   41.370149][  T384] RBP: 0000000000000016 R08: 00007ffce5e45086 R09: 00007ffce5e485a0
[   41.378209][  T384] R10: 000000000000000a R11: 0000000000000246 R12: 00007ffce5e485a0
[   41.386266][  T384] R13: 00007ff0e8a4f5fc R14: 000055555b6034a8 R15: 00007ffce5e4a750
[   41.394275][  T384]  </TASK>
[   41.397185][  T384] ---[ end trace f7bef6f2c27bea81 ]---
[   41.402930][  T384] ==================================================================
[   41.410810][  T384] BUG: KASAN: null-ptr-deref in ihold+0x20/0x60
[   41.416883][  T384] Write of size 4 at addr 0000000000000170 by task syz-executor/384
[   41.424687][  T384] 
[   41.426882][  T384] CPU: 1 PID: 384 Comm: syz-executor Tainted: G        W         5.15.167-syzkaller-00348-g2e66050fb753 #0
[   41.438053][  T384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[   41.447950][  T384] Call Trace:
[   41.451073][  T384]  <TASK>
[   41.453851][  T384]  dump_stack_lvl+0x151/0x1c0
[   41.458363][  T384]  ? io_uring_drop_tctx_refs+0x190/0x190
[   41.463831][  T384]  ? disable_trace_on_warning+0xa/0x70
[   41.469128][  T384]  ? __sanitizer_cov_trace_const_cmp2+0x90/0x90
[   41.474355][ T1016] mmap: syz.6.244 (1016) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst.
[   41.475198][  T384]  kasan_report+0x16f/0x1c0
[   41.475221][  T384]  ? ihold+0x20/0x60
[   41.494905][  T384]  ? ihold+0x20/0x60
[   41.498633][  T384]  kasan_check_range+0x293/0x2a0
[   41.503410][  T384]  __kasan_check_write+0x14/0x20
[   41.508182][  T384]  ihold+0x20/0x60
[   41.511739][  T384]  vfs_rmdir+0x201/0x470
[   41.515823][  T384]  incfs_kill_sb+0x113/0x230
[   41.520247][  T384]  deactivate_locked_super+0xad/0x110
[   41.525452][  T384]  deactivate_super+0xbe/0xf0
[   41.529973][  T384]  cleanup_mnt+0x45c/0x510
[   41.534219][  T384]  __cleanup_mnt+0x19/0x20
[   41.538471][  T384]  task_work_run+0x129/0x190
[   41.542985][  T384]  do_exit+0xc48/0x2ca0
[   41.546985][  T384]  ? __kasan_check_read+0x11/0x20
[   41.551842][  T384]  ? put_task_struct+0x80/0x80
[   41.556444][  T384]  ? ksys_write+0x24f/0x2c0
[   41.560775][  T384]  ? exc_page_fault+0x47a/0x7f0
[   41.565465][  T384]  do_group_exit+0x141/0x310
[   41.569890][  T384]  __x64_sys_exit_group+0x3f/0x40
[   41.574748][  T384]  x64_sys_call+0x610/0x9a0
[   41.579088][  T384]  do_syscall_64+0x3b/0xb0
[   41.583342][  T384]  ? clear_bhb_loop+0x35/0x90
[   41.587862][  T384]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   41.593634][ T1019] incfs_lookup_dentry err:-14
[   41.593666][  T384] RIP: 0033:0x7ff0e89dc759
[   41.598321][ T1019] incfs: Can't find or create .incomplete dir in ./file0
[   41.602434][  T384] Code: Unable to access opcode bytes at RIP 0x7ff0e89dc72f.
[   41.602445][  T384] RSP: 002b:00007ffce5e472e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   41.611174][ T1019] incfs: mount failed -14
[   41.616493][  T384] RAX: ffffffffffffffda RBX: 00007ff0e8a4f66e RCX: 00007ff0e89dc759
[   41.616509][  T384] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[   41.616519][  T384] RBP: 0000000000000016 R08: 00007ffce5e45086 R09: 00007ffce5e485a0
[   41.616530][  T384] R10: 000000000000000a R11: 0000000000000246 R12: 00007ffce5e485a0
[   41.616540][  T384] R13: 00007ff0e8a4f5fc R14: 000055555b6034a8 R15: 00007ffce5e4a750
[   41.616554][  T384]  </TASK>
[   41.616559][  T384] ==================================================================
[   41.616565][  T384] Disabling lock debugging due to kernel taint
[   41.617159][  T384] BUG: kernel NULL pointer dereference, address: 0000000000000170
[   41.692611][  T384] #PF: supervisor write access in kernel mode
[   41.698516][  T384] #PF: error_code(0x0002) - not-present page
[   41.704324][  T384] PGD 119ca1067 P4D 119ca1067 PUD 10fcc1067 PMD 0 
[   41.710661][  T384] Oops: 0002 [#1] PREEMPT SMP KASAN
[   41.715697][  T384] CPU: 1 PID: 384 Comm: syz-executor Tainted: G    B   W         5.15.167-syzkaller-00348-g2e66050fb753 #0
[   41.726891][  T384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[   41.736788][  T384] RIP: 0010:ihold+0x25/0x60
[   41.741126][  T384] Code: 00 00 00 00 00 55 48 89 e5 41 56 53 49 89 fe e8 f1 91 ae ff 49 8d be 70 01 00 00 be 04 00 00 00 e8 d0 ec f0 ff bb 01 00 00 00 <f0> 41 0f c1 9e 70 01 00 00 ff c3 bf 02 00 00 00 89 de e8 74 95 ae
[   41.760570][  T384] RSP: 0018:ffffc900009d7b48 EFLAGS: 00010246
[   41.766473][  T384] RAX: ffff8881122ebb00 RBX: 0000000000000001 RCX: ffff8881122ebb40
[   41.774278][  T384] RDX: 0000000000000000 RSI: 0000000000000282 RDI: 00000000ffffffff
[   41.782091][  T384] RBP: ffffc900009d7b58 R08: ffffffff8141991b R09: 0000000000000003
[   41.789901][  T384] R10: fffffbfff0e9a64c R11: dffffc0000000001 R12: dffffc0000000000
[   41.797712][  T384] R13: ffff888111dae330 R14: 0000000000000000 R15: 1ffff110223b5c6c
[   41.805524][  T384] FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[   41.814292][  T384] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   41.820714][  T384] CR2: 0000000000000170 CR3: 000000011fe7e000 CR4: 00000000003506a0
[   41.828529][  T384] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   41.836339][  T384] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   41.844147][  T384] Call Trace:
[   41.847272][  T384]  <TASK>
[   41.850500][  T384]  ? __die_body+0x62/0xb0
[   41.854651][  T384]  ? __die+0x7e/0x90
[   41.858381][  T384]  ? page_fault_oops+0x7f9/0xa90
[   41.863153][  T384]  ? _raw_spin_unlock+0x4d/0x70
[   41.867845][  T384]  ? kernelmode_fixup_or_oops+0xd0/0xd0
[   41.873222][  T384]  ? __schedule+0xcd4/0x1590
[   41.877649][  T384]  ? exc_page_fault+0x510/0x7f0
[   41.882343][  T384]  ? asm_exc_page_fault+0x27/0x30
[   41.887196][  T384]  ? check_panic_on_warn+0x5b/0xb0
[   41.892142][  T384]  ? ihold+0x25/0x60
[   41.895874][  T384]  ? ihold+0x20/0x60
[   41.899606][  T384]  vfs_rmdir+0x201/0x470
[   41.903688][  T384]  incfs_kill_sb+0x113/0x230
[   41.908114][  T384]  deactivate_locked_super+0xad/0x110
[   41.913330][  T384]  deactivate_super+0xbe/0xf0
[   41.917836][  T384]  cleanup_mnt+0x45c/0x510
[   41.922086][  T384]  __cleanup_mnt+0x19/0x20
[   41.926338][  T384]  task_work_run+0x129/0x190
[   41.930773][  T384]  do_exit+0xc48/0x2ca0
[   41.934760][  T384]  ? __kasan_check_read+0x11/0x20
[   41.939620][  T384]  ? put_task_struct+0x80/0x80
[   41.944217][  T384]  ? ksys_write+0x24f/0x2c0
[   41.948560][  T384]  ? exc_page_fault+0x47a/0x7f0
[   41.953252][  T384]  do_group_exit+0x141/0x310
[   41.957672][  T384]  __x64_sys_exit_group+0x3f/0x40
[   41.962536][  T384]  x64_sys_call+0x610/0x9a0
[   41.966870][  T384]  do_syscall_64+0x3b/0xb0
[   41.971126][  T384]  ? clear_bhb_loop+0x35/0x90
[   41.975637][  T384]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   41.981362][  T384] RIP: 0033:0x7ff0e89dc759
[   41.985616][  T384] Code: Unable to access opcode bytes at RIP 0x7ff0e89dc72f.
[   41.992821][  T384] RSP: 002b:00007ffce5e472e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   42.001066][  T384] RAX: ffffffffffffffda RBX: 00007ff0e8a4f66e RCX: 00007ff0e89dc759
[   42.008878][  T384] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[   42.016687][  T384] RBP: 0000000000000016 R08: 00007ffce5e45086 R09: 00007ffce5e485a0
[   42.024497][  T384] R10: 000000000000000a R11: 0000000000000246 R12: 00007ffce5e485a0
[   42.032310][  T384] R13: 00007ff0e8a4f5fc R14: 000055555b6034a8 R15: 00007ffce5e4a750
[   42.040124][  T384]  </TASK>
[   42.042995][  T384] Modules linked in:
[   42.046732][  T384] CR2: 0000000000000170
[   42.050716][  T384] ---[ end trace f7bef6f2c27bea82 ]---
[   42.056015][  T384] RIP: 0010:ihold+0x25/0x60
[   42.060343][  T384] Code: 00 00 00 00 00 55 48 89 e5 41 56 53 49 89 fe e8 f1 91 ae ff 49 8d be 70 01 00 00 be 04 00 00 00 e8 d0 ec f0 ff bb 01 00 00 00 <f0> 41 0f c1 9e 70 01 00 00 ff c3 bf 02 00 00 00 89 de e8 74 95 ae
[   42.079790][  T384] RSP: 0018:ffffc900009d7b48 EFLAGS: 00010246
[   42.085688][  T384] RAX: ffff8881122ebb00 RBX: 0000000000000001 RCX: ffff8881122ebb40
[   42.093501][  T384] RDX: 0000000000000000 RSI: 0000000000000282 RDI: 00000000ffffffff
[   42.101311][  T384] RBP: ffffc900009d7b58 R08: ffffffff8141991b R09: 0000000000000003
[   42.109120][  T384] R10: fffffbfff0e9a64c R11: dffffc0000000001 R12: dffffc0000000000
[   42.116934][  T384] R13: ffff888111dae330 R14: 0000000000000000 R15: 1ffff110223b5c6c
[   42.124742][  T384] FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[   42.133506][  T384] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   42.139931][  T384] CR2: 0000000000000170 CR3: 000000011fe7e000 CR4: 00000000003506a0
[   42.147753][  T384] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   42.155554][  T384] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   42.163375][  T384] Kernel panic - not syncing: Fatal exception
[   42.169447][  T384] Kernel Offset: disabled
[   42.173565][  T384] Rebooting in 86400 seconds..