last executing test programs:

10.76430252s ago: executing program 1 (id=4179):
syz_mount_image$vfat(&(0x7f0000000200), &(0x7f0000000080)='./file0\x00', 0xa08886, &(0x7f0000000000)=ANY=[@ANYRES32], 0x9, 0x2bc, &(0x7f0000000880)="$eJzs3E1oE2kYwPEnabftdmkTlmVhF3b32e1ld1mGJueFNkgrYqCijVQLwtRONGRMQiZEU6SJIPTiwYtfZxVECgXxIAilHjxJi/TmwVtvPVhPFhFH0mnth0krNWmU/n+H9iXP+zzzvvNOhuQNzOL/V88l444RN3Pib/OJv1dKsuyToPhlTUn+OT/1/LdjJ04ejkSjfUdV+yODobCqdv4xPXxx8q+Z3A/HH3Y+bpXZ4KnFpfDC7M+zvyy+HzybcDThaCqdU1NH0umcOWJbOnrdSRqqR2zLdCxNpBwruyket9OZTEHN1GhHeyZrOY6aqYImrYLm0prLFtQ8YyZSahiGdrQLtjeZvxWpHo3dX3ZdWco9c93WkriuW36xbQ+HhwZbWX/X3bD+Vxo9JOyhDTf1NhF7Ih/Lx7z/XjwSl4TYYkm3BOSdlK8R9/aUu3KplP9eCE9F5/99+kRVgzJuF1fzi/lY0+b8kAQk6OV4vHb/oWhfSD2b87+Tdi/fJ76VUgH5qXJ+uGJ+i/zdteH4hgRk/rSkxZa56T/fLAxM3FjLHw+pHhiIbsn/XkbXT9O91w1ZHQAAAAAAAAAAdsfQjyru3xvlDpfHVLVjS9zLr/T7wNb9+e6K+/PN8mtzY+cOAAAAAMB+4RTGkqZtW9kvbJS/yteizjfX8MsOfe5c+vyCv/dv36erp2mu90UpU/d5+aWWBd8O7Ta9Veo2U1ndfdqpc1ON3ynrjVc1qeNbHV/1PgeHXz7YsU7LJ+enmpn635UAAAAA1MP6h/4eKcYf5YtD/11r9JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANhvdvHIsbmblUJabvx4t1Ko2rF5/D8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPgafAgAAP//VQPMOQ==")
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000840)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f00000003c0), 0xffffffffffffffff)
read$FUSE(0xffffffffffffffff, &(0x7f0000002480)={0x2020}, 0x2020)
sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000001040)={0x0, 0x0, &(0x7f0000001000)={&(0x7f0000000040)=ANY=[@ANYBLOB="d8010000", @ANYRES16, @ANYBLOB="010000000000fbdbdf25010000000800050001000000060006004e220000140002007767320000000000000000000000000024000300a0cb879a47f5bc644c0e693fa6d031c74a1553b6e901b9ff2f518c78042fb5427c0108800c01008006000500070000002400020086650b35f0b4c2dc04a95e352f55e8204db1e72262099a4daa6bd5d598d1ecdb24000100d1732899f611cd8994034d7f413dc957630e5493c285aca40065cb6311be696b1400040002004e24ac1e0001000000000000000008000300000000009c0009801c"], 0x1d8}}, 0x0)
ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000400))
unshare(0x64000600)

9.606415895s ago: executing program 1 (id=4185):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=r2, @ANYBLOB="743c36d78da5d8ec"], 0x20}}, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x7, 0x19, &(0x7f0000000940)=@raw=[@btf_id={0x18, 0x2, 0x3, 0x0, 0x1}, @map_idx={0x18, 0x8, 0x5, 0x0, 0xc}, @alu={0x7, 0x0, 0x8, 0xa, 0xe, 0xfffffffffffffff4, 0x1}, @exit, @func={0x85, 0x0, 0x1, 0x0, 0x2}, @ringbuf_query, @jmp={0x5, 0x0, 0x5, 0x0, 0x7, 0xffffffffffffffe0, 0x18}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4749}}], &(0x7f0000000140)='syzkaller\x00', 0x3000000, 0xe5, &(0x7f0000000480)=""/229, 0x41100, 0x20, '\x00', r2, 0x15, 0xffffffffffffffff, 0x8, &(0x7f0000000340)={0x3, 0x4}, 0x8, 0x10, &(0x7f0000000600)={0x2, 0xe, 0x9, 0x1}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000003c0)=[0xffffffffffffffff, 0x1, 0xffffffffffffffff], &(0x7f0000000dc0), 0x10, 0x27f}, 0x90)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000006c0)={r3, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r4=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd2, 0x8, 0xffffffffffffff20, 0x0}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0xb, &(0x7f0000000000)=@framed={{}, [@printk={@u, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x19}}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x0, 0x9, 0x1}, 0x48)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r8 = dup(r7)
ioctl$TIOCL_SETSEL(r8, 0x541c, &(0x7f0000001900)={0x2, {0x2, 0x0, 0x0, 0x101}})
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r6, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20)
r9 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r9, &(0x7f0000000100)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}, 0x1c)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000640)={{0xffffffffffffffff, <r10=>0xffffffffffffffff}, &(0x7f0000000400), &(0x7f0000000440)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000c80)={0xc, 0x12, &(0x7f0000000a40)=@raw=[@tail_call={{0x18, 0x2, 0x1, 0x0, r10}}, @call={0x85, 0x0, 0x0, 0x39}, @cb_func={0x18, 0x7, 0x4, 0x0, 0xffffffffffffffff}, @map_idx_val={0x18, 0x5, 0x6, 0x0, 0x9, 0x0, 0x0, 0x0, 0x2}, @map_idx_val={0x18, 0x2, 0x6, 0x0, 0xd, 0x0, 0x0, 0x0, 0x5}, @btf_id={0x18, 0x1, 0x3, 0x0, 0x2}, @cb_func={0x18, 0x2, 0x4, 0x0, 0xfffffffffffffffc}, @initr0={0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x100}], &(0x7f0000000700)='syzkaller\x00', 0x7fff, 0x7c, &(0x7f0000000b00)=""/124, 0x40e00, 0x4, '\x00', r4, 0x26, r0, 0x8, &(0x7f0000000b80)={0x1000005, 0x5}, 0x8, 0x10, &(0x7f0000000bc0)={0x3, 0x7, 0x2, 0x10000}, 0x10, r5, r3, 0x4, &(0x7f0000000c00)=[r6], &(0x7f0000000c40)=[{0x0, 0x3, 0x9, 0x5}, {0x5, 0x1, 0x8, 0x3}, {0x4, 0x2, 0xb, 0x7}, {0x3, 0x1, 0x0, 0xf}], 0x10, 0xfffff801}, 0x90)

9.563387868s ago: executing program 1 (id=4186):
pipe2(&(0x7f0000000080), 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'lo\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000780)=@newqdisc={0x90, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x60, 0x2, {{}, [@TCA_NETEM_LOSS={0x44, 0xd, 0x0, 0x1, [@NETEM_LOSS_GI={0x18}, @NETEM_LOSS_GE={0x14}, @NETEM_LOSS_GE={0x14, 0x2, {0x0, 0x0, 0x0, 0x3ff}}]}]}}}]}, 0x90}}, 0x0)

9.5470399s ago: executing program 1 (id=4187):
syz_mount_image$ext4(&(0x7f0000000700)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x8002, &(0x7f00000000c0), 0x7, 0x4a9, &(0x7f0000000b40)="$eJzs3E9sFFUYAPBvtru0gEhFREHUIhobjS0UFA5eMJp40MSIBz02bSFIoYbWRAjRkhg8GhLvxqNXD17Vm/Fk4hUPHkwMCTFcAE9jZnem3e6flrbbLri/X7L0vZk3+963b97s23m7BNCzhrJ/koiHIuJ6ROysZZcWGKr9uXPr8sTdW5cnYj5NT/6TVMvdzvK54rjteWa4FFH6Iml4wprZi5fOjk9PT13I86Nz5z4enb146eUz58ZPT52eOj92/PjRI4ePvTr2yuqDalFfFtftfZ/N7N/71ofX3pkoF9sH8r/1cXTKUAy1akrV852urMt21KWTchcbwqpk53/WXZXq+N8ZfaHzoFekaZr2t989nza60rQFeGAl0e0WAN1RvNFnn3+LxyZNPe4LN0/UPgBlcd/JH7U95SjlZSoNn287aSgiPpj/95vsEcvdh/hzgxoAAPScn04UM8HG+V8p9tSVezhfQxmMiEciYldEPBoRuyPisYhq2ccj4onGCpKIdJn6dzfkm+c/pRvriW8l2fzvtXxta+n8r5j9xWBfntsRUUyYpw7lr8lwVPpPnZmeOrxMHT+/8ftX7fbVz/+yR1Z/MRfM23Gj3HCDbnJ8bnzNATe4eSViX7kx/qScdVyxEpBExN6I2LeK5x2sS5958bv9C5nK0nIrx1+VtlxH68BSRfptxAu1/p+PJf2/WGOy/Prk6EBMTx0azc6CQy3r+PW3q++2q3/F+H/4q/GQN4/9eHK9YS/I+n9b3fkfxfrtYvyDSUSysF47u/o6rv7xZfV5hw4271vr+b8leb+a3pJv+3R8bu7C4YgtydvN28cWjy3yRfks/uGDrcf/rvyY7JV4MiKyk/ipiHg6Ip7J234gIp6NiBahLfjl9ec+arfvHs//DZPFP9ny+rek/xfX69eQ6Dt74PrdNhePe+v/o9XUcL6l9fUvWXKJuNcGduAlBAAAgPteKarf/S+NLKRLpZGR2j2g3bGtND0zO/fSqZlPzk/WfiMwGJVScaerdj+4khT3Pwfr8mMN+SP5feOv+7ZW8yMTM9OT3Q4eetz26phPmsZ/5u++brcO2HB+8gO9a6Xxv+faJjUE2HTe/6F31Y3/+TZF5n1TBv6fvP9D72o1/j9fwzHAgyU1lqGnGf/Qu8rx3kK61NWWAJvN+z/0pPX8rn/lRNrfetdANBeOgY1pxtYWdXUlkc2sulL71rUcVfxvCm3LRGl1T9gfzbv6otMhVyJixcKn93T85E/z78p3uge/35Rx2irRlcsRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAx/0XAAD//8p53a4=")
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x2, 0x4, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000007000000000000000018110000", @ANYRES32=r0, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0xc2)
getdents(r2, 0x0, 0x58)

9.049617741s ago: executing program 1 (id=4193):
r0 = syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501020000000000090582020002"], 0x0)
syz_usb_disconnect(r0)
r1 = syz_usb_connect(0x0, 0x4a, &(0x7f00000000c0)=ANY=[], 0x0)
syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000))
pipe2$9p(&(0x7f0000000180)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff"], 0x15)
r4 = dup(r3)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r4])
write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r6}, 0x10)
write$FUSE_DIRENTPLUS(r4, &(0x7f00000005c0)={0xb8, 0x0, 0x0, [{{}, {0x0, 0x0, 0x9, 0x0, 'trans=fd,'}}]}, 0xb8)
write$FUSE_INIT(r4, &(0x7f0000000240)={0x50}, 0x50)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
mount$incfs(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_ep_write$ath9k_ep1(r1, 0x82, 0x88, &(0x7f0000000040)=ANY=[])
r7 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
poll(&(0x7f0000000040)=[{r7, 0x14}], 0x1, 0xffff4c7b)

7.512434566s ago: executing program 4 (id=4207):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
close(0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x2d)
vmsplice(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f00000000c0)="f6", 0x1}], 0x1, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
socket$key(0xf, 0x3, 0x2)
splice(0xffffffffffffffff, 0x0, r4, 0x0, 0xfdef, 0x0)
prlimit64(0x0, 0x0, &(0x7f0000000140)={0x200000008, 0x8b}, 0x0)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TCSETS(r5, 0x5402, &(0x7f0000004500)={0x0, 0x0, 0x0, 0x0, 0x0, "1241b72d7fffff5b000f000000462200"})

6.97884793s ago: executing program 4 (id=4208):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000401e04012810000000000109022400010000000009040000020300000009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000540)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="0000f0000000f0"], 0x0, 0x0, 0x0, 0x0}, 0x0)

6.460806952s ago: executing program 0 (id=4216):
socket(0x0, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x0, 0x0, 0x0, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
syz_emit_ethernet(0x86, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x2, 0x0, 0x78, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x0, 0x883e, 0x75, 0x0, @wg=@response={0x2, 0x0, 0x0, "018cf684687c2dc12327f770be1c584e0d3c9d4087873521d65bf3d86ee02011", "7bedef4e728067fa120094372df68c75", {"6eeb460c188d1d4caf89c6b0f382357f", "7e8973dec9e6b2a8b7ce38984ed92e1a"}}}}}}}, 0x0)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
io_uring_setup(0x2ac7, &(0x7f0000000000)={0x0, 0x0, 0x2})
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010100000000105801000100000000000109022400010000002009040000010300000009210000000122dc0109058903"], 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@dellink={0x20, 0x11, 0x101, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0)
setsockopt$packet_drop_memb(0xffffffffffffffff, 0x107, 0x2, &(0x7f00000005c0)={r4, 0x1, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3}]}, &(0x7f0000000080)='syzkaller\x00', 0x6, 0x94, &(0x7f00000000c0)=""/148}, 0x80)
syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x0, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io(r1, &(0x7f0000000340)={0x2c, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0}, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000700000000000000000000850000002300000095"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x8f, &(0x7f00000002c0)=""/143}, 0x80)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000580)={&(0x7f0000000380)="297dd2ec2d50c0555105248c61b8d297936d0fea8170f03fc83ab5836239e1c1a56e99095f731f04e6cbfa10a48feaaf8a928bcc91c29e584fdf1a1cdfdf1c663c5afe62208a06f297f9e9b06a73088d1dca25aee52a1bc74ff9467c882d380c6aaf54862d4f0cc24b1e303f41e38835a4ee751a61b2bc5889f65f64", &(0x7f0000000400)=""/186, &(0x7f00000004c0)="8063", &(0x7f0000000500)="07e84e2aa062fb830a3de0a32c693b34136fab14c75de04a3b6a4a77cf849366d94a8eba0fac0bf68231141399db4c390002d14da04be9cfd1aaf0ae54ab5f1dd840edc948102b009ddefabbe6ed922bdb8053d160dad07a6a4e286ae2308d349be424e658dd3d20c10a58bf2830f3507cd5b3fe69d3c256", 0x9, r0, 0x4}, 0x38)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10)
chmod(&(0x7f0000000040)='./file0\x00', 0x0)

5.576445094s ago: executing program 1 (id=4217):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x6}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0xf)
ioctl$TCFLSH(r2, 0x400455c8, 0x40000000004)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10)
bind$bt_hci(r3, &(0x7f00000003c0)={0x1f, 0xffff, 0x2}, 0x6)

4.352491314s ago: executing program 0 (id=4220):
syz_mount_image$ext4(&(0x7f0000000bc0)='ext4\x00', &(0x7f0000000240)='./file1\x00', 0x4000, &(0x7f00000000c0)={[{@bsdgroups}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}, {@i_version}, {@user_xattr}, {@nomblk_io_submit}]}, 0x2, 0xbb8, &(0x7f00000017c0)="$eJzs3M1rXFUbAPDn3kymaZv3nfTlRawbIyItiNOkkmKLYCsVNy4E3QoN6aSETD9IIjVpFhP9B0RdC24EtSgu7LobRbdutN0qLoQisVEQ0cidjyQ2mTS1M70x/f3gzD3nnpl5nmcuM/cemJkA7luD2U0asT8iTiURpeb+NCKK9V5fRK1xv6XF+bFfF+fHklhefumnJJKIuLk4P9Z6rqS53dsc9EXE188m8b831sednp2bHK1WK1PN8aGZsxcOTc/OPTFxdvRM5Uzl3PCRp0YOjxwZOjrSsVp/++74lV8eef6H2u8f/nH557ffT+J49Dfn1tbRKYMxuPKarFWIiNFOB8tJT7OetXUmhds8KO1yUgAAtJWuuYZ7IErRE6sXb6X4/JtckwMAAAA6YrknYhkAAADY4RLrfwAAANjhWt8DuLk4P9Zq+X4j4d66cSIiBhr1LzVbY6YQtfq2L3ojYs/NJNb+rDVpPOyuDUbE99ePfpK16NLvkDdTW4iIBzc6/km9/oH6r7jX159GxFAH4g/eMv431X+8A/Hzrh+A+9PVE40T2frzX7py/RMbnP8KG5y7/om8z3+t67+lddd/q/X3tLn+e3GLMS598O7FdnNZ/U9fee7jVsviZ9u7KuoO3FiIeKiwUf3JSv1Jm/pPbTFG6c+LlXZzede//F7Egdi4/pZk8/8nOjQ+Ua0MNW43jLHw1chH7eLnXX92/Pe0qb/1/0/tjv+FLcZ45eTJT9ftvL7a3bz+9Mdi8nK9V2zueW10ZmZqOKKYvLB+/+HNc2ndp/UcWf0HH938/b9R/dlnQq35OmRrgYXmNhu/fkvMZy5f+qxdPq31X57H/3Sb47+2/i8L64//m1uM8dgXbx1sN7d2/Zu1LH5rLQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALWlE9EeSllf6aVouR+yNiP/HnrR6fnrm8fHzr547nc1FDERvOj5RrQxFRKkxTrLxcL2/Oj58y/jJiNgXEe+UdtfH5bHz1dN5Fw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCKvRHRH0lajog0IpZKaVou550VAAAA0HEDeScAAAAAdJ31PwAAAOx81v8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB02b6Hr15LIqJ2bHe9ZYrNud5cMwO6Lc07ASA3PXknAOSmkHcCQG7ucI3vcgF2oOQ2831tZ3Z1PBcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtq8D+69eSyKidmx3vWWKzbneXDMDui3NOwEgNz2bTRbuXR7AvectDvcva3wguc183+p9an+f2dW1nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYfvrrLUnLEVFs7iuXI/4TEQPRm4xPVCtDEfHfiPi21LsrGw/nnDMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACdNz07NzlarVamsk4azc7KHp3VTtJ4xWrbJR+du+wUY1uksU07eX8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQh+nZucnRarUyNZ13JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDepmfnJker1cpUFzt51wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQH7+CgAA//9gfgp0")
unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0) (fail_nth: 6)

3.67574461s ago: executing program 2 (id=4221):
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'syztnl2\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x28, 0x4, 0x0, 0x0, 0xa0, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x1c, 0x0, 0x0, 0x0, [0x401, 0x1000, 0x5, 0x0, 0x5, 0x0]}, @timestamp_prespec={0x44, 0x34, 0xc0, 0x3, 0x0, [{@multicast1}, {@dev={0xac, 0x14, 0x14, 0x32}, 0x659}, {@broadcast, 0x8000}, {@empty}, {@multicast1, 0xffd200}, {@private, 0x7}]}, @timestamp_prespec={0x44, 0x2c, 0x0, 0x3, 0x0, [{@dev, 0x7}, {@multicast2}, {@private=0xa010101}, {@rand_addr, 0x800}, {@broadcast, 0x52b1}]}, @noop, @noop, @lsrr={0x83, 0xb, 0x0, [@private, @rand_addr]}]}}}}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r4, 0xae9a)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
sendto$inet(0xffffffffffffffff, &(0x7f0000000e40)="bd3119fab037020de607352a978727cdd46a7ad7671829c16bb1339d3f711b7c5da66f48a8b5842dad66eedf75899eb65d733423ca5651013e1db97f5d192e302ac583ccd19e1e8a3e7812af51f0eea31c5e05cec737cc11a38936d67d4c7cd78351177f51dab5ebe8523e54dd8db33ab6214499c610051df74b67669c9b554b25c70c3238ffaa908675df728ef76e7ae5ee938e025ed07603ec4cc86ee67be10ef6087e7ff0017b358ebee016f08b756cfd2645ccdf335d8b62b630939ba724776a5f2caa487586527f2066b2845e52758b6da2ce07de99165195af70ea9659005901a0f28e90b49a0803ab10698ade4c07337535c2600c45b8c497ab6863ad984815f375df57e5940e5322d90d66c84937e9b7f2356a6e16a026b2393670d370759a4567a87fd2a4d0d5857b9e2559a5a0a857b845f0e1495e8d9b574b0f4d1a55ec8d93c148a50c5c4228c653be69a7d728fa497ee129ec4e7b821ce041be389d37efd40b81a9704e5182b9cdca1f2d3312351e9edaa8ac96088c465a953e0ec3e8f26aa17ea3e1913b4d147141d1aef80b3ed959d14fad4ead4de92e10f0faca7acdce7c712ab95a11ff4c72798565f0794d7bc50f5082b52b34a1de7c5609e31e1fcc05fc7dbd73973b5dfc92896f57f5b76fd9df5067eb273f0960560df3dfd00ba068e28812244f700d76da4197bb332245f00112b73659c63dfb854eb8eed1a9881e5c49399b2c6932b540d3464d470cabb6", 0x216, 0x0, 0x0, 0x0)

3.67546509s ago: executing program 4 (id=4222):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYRESDEC=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000de0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
accept$nfc_llcp(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = getpid()
sched_setscheduler(r3, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
lseek(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socket(0x1e, 0x4, 0x0)

3.316024749s ago: executing program 0 (id=4226):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0))
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000030000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xb, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b708000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000680)={{r1}, &(0x7f0000000540), &(0x7f0000000580)='%pI4   \x00'}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r2}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/18, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000005000/0x4000)=nil)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000200000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='hrtimer_init\x00', r6}, 0x10)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r7, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

3.196353419s ago: executing program 2 (id=4228):
pipe2(&(0x7f0000000080), 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'lo\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000780)=@newqdisc={0x90, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x60, 0x2, {{}, [@TCA_NETEM_LOSS={0x44, 0xd, 0x0, 0x1, [@NETEM_LOSS_GI={0x18}, @NETEM_LOSS_GE={0x14}, @NETEM_LOSS_GE={0x14, 0x2, {0x0, 0x0, 0x0, 0x3ff}}]}]}}}]}, 0x90}}, 0x0)

3.173042241s ago: executing program 2 (id=4230):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000440)=ANY=[@ANYBLOB="ff55238879622670546da7e935a41101fe05a1356ddd69bce12eb4dc948314a6f90b117df8780e5718afc61b8a90805ac69aeb395dab4a671524b7bad7f6340f0734526f27545b7efbfc3b39212ac677e070ce71e749216d7fea73b5d8caca915b4b8c6d85c32d59571ba4bb71f323467e3b42b35e80d789ea71f1144fb93a", @ANYRESHEX, @ANYRES32], &(0x7f0000000100)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x20000}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r1 = timerfd_create(0x0, 0x0) (async)
clock_gettime(0x0, &(0x7f00000000c0)={<r2=>0x0, <r3=>0x0})
timerfd_settime(r1, 0x0, &(0x7f0000000400)={{r2, r3+60000000}}, &(0x7f00000001c0))
mkdir(&(0x7f0000000100)='./file0\x00', 0x279) (async, rerun: 32)
r4 = socket$nl_sock_diag(0x10, 0x3, 0x4) (rerun: 32)
sendmsg$SOCK_DESTROY(r4, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000040)={0x4c, 0x15, 0x1, 0x0, 0x0, {0xa, 0x4}, [@INET_DIAG_REQ_BYTECODE={0x35, 0x1, "28faed00119f5465a120a9bbe2e91064b914034ecc864a5b5285997338ab3a6be732b06185ebbe74d6e5eda221a6fb66f2"}]}, 0x4c}}, 0x0) (async, rerun: 64)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) (rerun: 64)
r5 = open(&(0x7f0000000300)='./file0\x00', 0x622000, 0xada66a977c02d739) (async)
writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000180)='0', 0x1}], 0x1) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x6}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
r6 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x4) (async)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
ioctl$BTRFS_IOC_INO_LOOKUP(r5, 0xd0009412, 0x0) (async)
connect$unix(r7, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) (async)
sendmmsg$unix(r8, &(0x7f00000bd000), 0x318, 0x0) (async, rerun: 64)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (rerun: 64)
getsockopt$inet_tcp_buf(r5, 0x6, 0x21, &(0x7f0000003600)=""/4115, &(0x7f0000000340)=0x1013) (async, rerun: 32)
sched_setaffinity(r6, 0x8, &(0x7f00000003c0)=0xae) (async, rerun: 32)
r9 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$SO_BINDTODEVICE(r9, 0x1, 0x19, &(0x7f0000000000)='veth1_virt_wifi\x00', 0x10)
connect$inet6(r9, &(0x7f0000000380)={0xa, 0x0, 0x0, @mcast2}, 0x1c)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000040)='./mnt\x00', 0x80, &(0x7f0000000200), 0xbe, 0x251, &(0x7f0000000540)="$eJzs3T9oJGUcBuB3ZnfvzN0ipzaCqAciooFwdoLN2SgcyHGICCqciNgoFyEm2CVWNhZaq6SyCWJntJQ0wUYRrKKmiI2gwcJgocXK7iQSszFRN85I5nlgdmZ2/vy+Yef9ZpuZCdBaF5JcTtJJMp2kl6TYv8LFariwO7s8tX49GQye+KkYrVfNV/a2O59kKclDSdbKIi91k4XVZ7Z+2Xjsvjfne/e+v/r0VK0HuWt7a/PxnfeuvvHRlQcXvvjqh6tFLqf/p+M6ecUh33WL5Nb/otj/RNFtugX8Hdde+/DrYe5vS3LPKP+9lKl+vLfmzqz18sC7f7Xt2z9+eUedbQVO3mDQG14DlwZA65RJ+inKmSTVdFnOzFT/4b/pnCtfnp17dfrF2fkbLzTdUwEnpZtsPvrJ2Y/PH8j/950q/8Dp1U82n7y28u1weqfTdGuAWtxZjYb5n35u8f7IP7TKGfmHVhvL/8WmWwTUxfUf2kv+ob3kH9pL/uEU6x29WP6hveQf2kv+ob325x8AaJfB2abvQAaa0nT/AwAAAAAAAAAAAAAAAAAAjFueWr++N9RV87N3ku1HqpcRj9fvjN5HnNw0+jz3czFc7Q9FtdlEnr17wh1M6IM67r4+4jmwN39XQ/0jfH5Xs/UXbyRLrye51O2On3/F7vn3791yzPLe8xMW+IeKA/MPP1Vv/YN+W2m2/pWN5NNh/3PpsP6nzO2j8eH9T//4Rywf65VfJ9wBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtfk9AAD//5VnbW8=")
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040))

3.148756733s ago: executing program 2 (id=4231):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000100)={0x0, 0x0}, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_REG(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x14, r5, 0x1}, 0x14}}, 0x0)

1.996308187s ago: executing program 4 (id=4232):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa20000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000100)={0x0, 0x0}, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_REG(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x14, r6, 0x1}, 0x14}}, 0x0)

1.728981649s ago: executing program 2 (id=4234):
openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r3 = socket$inet(0x2, 0x1, 0x0)
bind$inet(r3, &(0x7f0000e15000)={0x2, 0x4e20, @multicast2}, 0x10)
listen(r3, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000003080)={0x2020}, 0x2020)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
recvmmsg(r4, &(0x7f0000001580)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
recvmmsg(r4, &(0x7f0000002f40)=[{{0x0, 0x0, &(0x7f0000002740)=[{0x0}, {&(0x7f0000000140)=""/114, 0x72}, {&(0x7f0000001480)=""/217, 0xd9}, {0x0}, {&(0x7f0000001600)=""/103, 0x67}, {0x0}, {0x0}, {&(0x7f0000002680)=""/178, 0xb2}], 0x8}}], 0x1, 0x40000000, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x0, 0x0, 0x10001, 0x0, 0x1}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r5}, 0x0, 0x0}, 0x20)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

1.181824173s ago: executing program 0 (id=4235):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000100)={0x0, 0x0}, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_REG(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x14, r4, 0x1}, 0x14}}, 0x0)

1.084412441s ago: executing program 2 (id=4236):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000c80)=ANY=[@ANYBLOB="12010000000000406d0422c200000000000109022400010000"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x52)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={0x0, r1}, 0x10)
getrlimit(0xb, &(0x7f0000000040))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_deliver\x00'}, 0x10)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x24}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffff00f68700", @ANYRES32=r5, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000940)=@newqdisc={0x78, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x4c, 0x2, [@TCA_TBF_RATE64={0xc, 0x4, 0x4e1e2563543d84f9}, @TCA_TBF_PBURST={0x8, 0x7, 0x1cdf}, @TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0xffff, 0x0, 0x3}, 0x766c, 0x81}}, @TCA_TBF_PRATE64={0xc, 0x5, 0xcb59372f370e8465}]}}]}, 0x78}}, 0x0)
bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @remote}, 0x14)
sendto$inet6(r2, &(0x7f0000000800)="4103082c1116480401020200c52cf7c25975e005b02f000706892f000300897c6b118777faffffff3066090cb600c5471d130a66321a54e7df305fbe258161b6fd8f2428652265d94c6fdbaefc57376a57c2feffff188be9427c323ef024a37016d2a7f9ab6e7941a6fc4f95aa73c1dfff4941f6503b5bd8c91db22cd33795481c94085fa12cdc679ac2a5d7b5d99b93fb07acb0da680e78b74c74aae8d7690d5986a9af81622a0ac210bc7b5ca5fed11cb54d046642670041e846bb184ff5d39fe8516d2d2a8d84e6e7dfcb2b8a8023444db513a3d7a124b59f0a5cd36489dbbb75cce3145d0ea3c3aa21af7cbcbc7a7575db782e757ca543109f5ddcec4930aa91f4119ea3d1f56140cb86cfe0724b23904ef5d05c725ee23918a502b1afe09fb0757d", 0xfc13, 0x880, 0x0, 0xfffffffffffffef0)

1.084169502s ago: executing program 4 (id=4237):
syz_mount_image$ext4(&(0x7f0000000700)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x8002, &(0x7f00000000c0), 0x7, 0x4a9, &(0x7f0000000b40)="$eJzs3E9sFFUYAPBvtru0gEhFREHUIhobjS0UFA5eMJp40MSIBz02bSFIoYbWRAjRkhg8GhLvxqNXD17Vm/Fk4hUPHkwMCTFcAE9jZnem3e6flrbbLri/X7L0vZk3+963b97s23m7BNCzhrJ/koiHIuJ6ROysZZcWGKr9uXPr8sTdW5cnYj5NT/6TVMvdzvK54rjteWa4FFH6Iml4wprZi5fOjk9PT13I86Nz5z4enb146eUz58ZPT52eOj92/PjRI4ePvTr2yuqDalFfFtftfZ/N7N/71ofX3pkoF9sH8r/1cXTKUAy1akrV852urMt21KWTchcbwqpk53/WXZXq+N8ZfaHzoFekaZr2t989nza60rQFeGAl0e0WAN1RvNFnn3+LxyZNPe4LN0/UPgBlcd/JH7U95SjlZSoNn287aSgiPpj/95vsEcvdh/hzgxoAAPScn04UM8HG+V8p9tSVezhfQxmMiEciYldEPBoRuyPisYhq2ccj4onGCpKIdJn6dzfkm+c/pRvriW8l2fzvtXxta+n8r5j9xWBfntsRUUyYpw7lr8lwVPpPnZmeOrxMHT+/8ftX7fbVz/+yR1Z/MRfM23Gj3HCDbnJ8bnzNATe4eSViX7kx/qScdVyxEpBExN6I2LeK5x2sS5958bv9C5nK0nIrx1+VtlxH68BSRfptxAu1/p+PJf2/WGOy/Prk6EBMTx0azc6CQy3r+PW3q++2q3/F+H/4q/GQN4/9eHK9YS/I+n9b3fkfxfrtYvyDSUSysF47u/o6rv7xZfV5hw4271vr+b8leb+a3pJv+3R8bu7C4YgtydvN28cWjy3yRfks/uGDrcf/rvyY7JV4MiKyk/ipiHg6Ip7J234gIp6NiBahLfjl9ec+arfvHs//DZPFP9ny+rek/xfX69eQ6Dt74PrdNhePe+v/o9XUcL6l9fUvWXKJuNcGduAlBAAAgPteKarf/S+NLKRLpZGR2j2g3bGtND0zO/fSqZlPzk/WfiMwGJVScaerdj+4khT3Pwfr8mMN+SP5feOv+7ZW8yMTM9OT3Q4eetz26phPmsZ/5u++brcO2HB+8gO9a6Xxv+faJjUE2HTe/6F31Y3/+TZF5n1TBv6fvP9D72o1/j9fwzHAgyU1lqGnGf/Qu8rx3kK61NWWAJvN+z/0pPX8rn/lRNrfetdANBeOgY1pxtYWdXUlkc2sulL71rUcVfxvCm3LRGl1T9gfzbv6otMhVyJixcKn93T85E/z78p3uge/35Rx2irRlcsRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAx/0XAAD//8p53a4=")
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x2, 0x4, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000007000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000fdffffff7b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0xc2)
getdents(r2, 0x0, 0x58)

522.119727ms ago: executing program 4 (id=4240):
syz_mount_image$vfat(&(0x7f0000000200), &(0x7f0000000080)='./file0\x00', 0xa08886, &(0x7f0000000000)=ANY=[@ANYRES32], 0x9, 0x2bc, &(0x7f0000000880)="$eJzs3E1oE2kYwPEnabftdmkTlmVhF3b32e1ld1mGJueFNkgrYqCijVQLwtRONGRMQiZEU6SJIPTiwYtfZxVECgXxIAilHjxJi/TmwVtvPVhPFhFH0mnth0krNWmU/n+H9iXP+zzzvvNOhuQNzOL/V88l444RN3Pib/OJv1dKsuyToPhlTUn+OT/1/LdjJ04ejkSjfUdV+yODobCqdv4xPXxx8q+Z3A/HH3Y+bpXZ4KnFpfDC7M+zvyy+HzybcDThaCqdU1NH0umcOWJbOnrdSRqqR2zLdCxNpBwruyket9OZTEHN1GhHeyZrOY6aqYImrYLm0prLFtQ8YyZSahiGdrQLtjeZvxWpHo3dX3ZdWco9c93WkriuW36xbQ+HhwZbWX/X3bD+Vxo9JOyhDTf1NhF7Ih/Lx7z/XjwSl4TYYkm3BOSdlK8R9/aUu3KplP9eCE9F5/99+kRVgzJuF1fzi/lY0+b8kAQk6OV4vHb/oWhfSD2b87+Tdi/fJ76VUgH5qXJ+uGJ+i/zdteH4hgRk/rSkxZa56T/fLAxM3FjLHw+pHhiIbsn/XkbXT9O91w1ZHQAAAAAAAAAAdsfQjyru3xvlDpfHVLVjS9zLr/T7wNb9+e6K+/PN8mtzY+cOAAAAAMB+4RTGkqZtW9kvbJS/yteizjfX8MsOfe5c+vyCv/dv36erp2mu90UpU/d5+aWWBd8O7Ta9Veo2U1ndfdqpc1ON3ynrjVc1qeNbHV/1PgeHXz7YsU7LJ+enmpn635UAAAAA1MP6h/4eKcYf5YtD/11r9JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANhvdvHIsbmblUJabvx4t1Ko2rF5/D8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPgafAgAAP//VQPMOQ==")
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000840)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f00000003c0), 0xffffffffffffffff)
read$FUSE(0xffffffffffffffff, &(0x7f0000002480)={0x2020}, 0x2020)
sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000001040)={0x0, 0x0, &(0x7f0000001000)={&(0x7f0000000040)=ANY=[@ANYBLOB="d8010000", @ANYRES16, @ANYBLOB="010000000000fbdbdf25010000000800050001000000060006004e220000140002007767320000000000000000000000000024000300a0cb879a47f5bc644c0e693fa6d031c74a1553b6e901b9ff2f518c78042fb5427c0108800c01008006000500070000002400020086650b35f0b4c2dc04a95e352f55e8204db1e72262099a4daa6bd5d598d1ecdb24000100d1732899f611cd8994034d7f413dc957630e5493c285aca40065cb6311be696b1400040002004e24ac1e0001000000000000000008000300000000009c0009801c"], 0x1d8}}, 0x0)
ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000400))
unshare(0x64000600)

432.105175ms ago: executing program 3 (id=4244):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
unshare(0x22020400)
finit_module(r0, 0x0, 0x0)

431.892045ms ago: executing program 3 (id=4245):
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x800, &(0x7f0000000100)=ANY=[@ANYBLOB='iocharset=cp850,umask=00000000000000000000011,iocharset=cp863,discard,allow_utime=00000000000000000051165,errors=remount-ro,gid=', @ANYRESHEX=0x0, @ANYBLOB="2c6572726f72733d72656d6f756e742d726f2c646973636172642c6572726f72733d636f6e74696e75652c0002195a6ea80d47a1847f55f30c451953e5ec619fc31f63a083cf1f605c2b8eb48067df0d2d849aa86e17e1904eb6e356f72e752a091fc5af99cae0ad0af2a7cee2ed8010eab70848eb449dd912d2daa1f9166dc990ea0fb79f51a03173c695d6b06c247a0ed089afbe20f6b0cf0fb9879a9a374f873d873e102bab7ee9bef73d12b76ded3ad6686474a116ab7776fc4be5b339f7019a2ad458692bbf77ff33e294f77e17fc23e1420eebbc55cb4da685fa3c0f799300"/241], 0x3, 0x150f, &(0x7f0000002100)="$eJzs3Am4TlX7MPD7Xmvt4zhJTycZDmute/Mkw3KSJEOSDEmSJEmmhKSTvJKQOIQkHZKQDIdkOIRkOHHSMc/zGJIkSZIpU7K+6xSft7f63v/7f/te/+t/7t917etZ97P2vfbaz/0Ma2/Dd50H12hUs2oDIoJ/C/76kAwAsQDQHwCuA4AAAMrGl43P6s8pMfnfOwj7az2SdrVnwK4mrn/2xvXP3rj+2RvXP3vj+mdvXP/sjeufvXH9GcvONk4tcD1v2Xfj+//ZGf/+/y9ysNTor1aXurHLv5DC9c/euP7/awX/lZ24/tkb1z974/pnb1z/7CDHn/Zw/bM3rj9j2dnVvv/M29Xdrvb7jzHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcZY9nDWX6EA4HL7as+LMcYYY4wxxhhjfx2f42rPgDHGGGOMMcYYY///IQiQoCCAGMgBsZAT4kAAwLWQG66DCFwP8XAD5IEbIS/kg/xQABKgIBQCDQYsEIRQGIpAFG6ConAzFIPiUAJKgoNSkAi3QGm4FcrAbVAWbodycAeUhwpQESrBnVAZ7oIqcDdUhXugGlSHGlAT7oVacB/UhvuhDjwAdeFBqAcPQX14GBrAI9AQHoVG8Bg0hsehCTSFZtAcWvy38l+C7vAy9ICekAy9oDe8An2gL/SDV6E/vAYD4HUYCG9ACgyCwfAmDIG3YCi8DcNgOIyAd2AkvAujYDSMgbGQCuNgPLwHE+B9mAiTYDJMgTSYCtPgA5gOM2AmfAiz4COYDXNgLsyDdPgY5sMCyIBPYCF8CpmwCBbDElgKy2A5rICVsApWwxpYC+tgPWyAjbAJNsMW2ArbYDvsgJ3wGeyC3bAHPoe98MW/mH/mH/K7ICCgQIEKFcZgDMZiLMZhHObCXJgbc2MEIxiP8ZgH82BezIv5MT8mYAIWwkJo0CAhYWEsjFGMYlEsisWwGJbAEujQYSImYmm8FctgGSyLZbEclsPyWAErYCWshJWxMlbBKlgVq2I1rIY1sAbei/diL6yNtbEO1sG6WPfy7SlsgA2wITbERtgIG2NjbIJNsBk2wxbYAltiS2yFrbANtsG22BbbYTtMwiRsj+2xA3bAjtgRO2En7IydsQt2xa74Ug7Al/Fl7InVRC/sjb2xD6bk6Iev4qv4Gg7A1/F1fANTcBAOxjfxTXwLh+JpHIbDcQSOwMriXRyFo5HEWEzFVByP43ECTsCJOAkn4RRMw6k4DafhdJyBM/BDnIUf4Uc4B+fgPEzHdJyPCzADM3AhnsFMXISLcQkuxWW4FFfgSlyBq3ENrsZ1uA434AbchJtwC27BbbgNd6ACwM9wN+7GFNyLe3Ef7sP9uB8P4AE8iAfxEB7Cw3gYj+ARPIpH8RgexxN4HE/hKTyNZ/AsnsXzeB4v4AsJ3zTcUXxVCogsSigRI2JErIgVcSJO5BK5RG6RW0RERMSLeJFH5BF5RV6RX+QXCSJBFBKFhBFGkAhjAEBERVQUFUVFMVFMlBAlhBNOJIpEUVqUFmVEGVFW3C7KiTtEeVFBtHaVRCVRWbRxVcTdoqqoKqqJ6qKGqClqilqilqgtaos6oo6oK+qKeuIhUV/0wn74iMiqTCMxCBuLwdhENBXy0jdYSzEUW4nWoo14SgzHYdhOtHRJ4lnRXozCDuJvYjQ+LzqJsdhZvCi6iK6im3hJdBetXA/RU0zEXqK3mIJ9RF/RT7wqpmN18SHOyllDvCFSxCAxWLwp5uFbYqh4WwwTw8UI8Y4YKd4Vo8RoMUaMFalinBgv3hMTxPtiopgkJospIk1MFdPEB2K6mCFmig/FLPGRmC3miLlinkgXH4v5YoHIEJ+IheJTkSkWicViiVgqlonlYoVYKVaJ1WKNWCvWifVig9goNonNYovYKraJ7WKH2Ck+E7vEbrFHfC72ii/EPvGl2C++EgfE1+Kg+EYcEt+Kw+I7cUR8L46KH8QxcVycECfFKfGjOC3OiLPinDgvfhIXxM/iovACJEohpVQykDEyh4yVOWWcvEbmksGlV/d6GS9vkHnkjTKvzCfzywIyQRaUhaSWRlpJMpSFZREZlTfJovJmWUwWlyVkSelkKZkob5Gl5a2yjLxNlpW3y3LyDlleVpAVZSV5p6ws75IQ+fUY1WR1WUPWlPfKWvI+WVveL+vIB2Rd+aCsJx+S9eXDsoF8RDaUj8pG8jHZWD4um8imsplsLlvIJ2RL+aRsJVvLNvIp2VY+LdvJZ2SSfFa2l/7SW+R52Um+IDvLF2UX2VV2kz/Li9LLHrKnBOgle8tXZB/ZV/aTr8r+8jU5QL4uB8o3ZIocJAfLN+UQ+ZYcKt+Ww+RwOUK+I0fKd+UoOVqOkWNlqhwnx8v35AT5vpwoJ8nJcopMk1Nlv0sjzZTyn+a/9wf5A385+ga5UW6Sm+UWuVVuk9vlDrlT7pS75C65R+6Re+VeuU/uk/vlfnlAHpAH5UF5SB6Sh+VheUQekUflUXlMHpfn5El5Sv4oT8sz8ow8J8/L8/LCpdcAFCqhpFIqUDEqh4pVOVWcukblUteq3Oo6FVHXq3h1g8qjblR5VT6VXxVQCaqgKqS0MsoqUqEqrIqoqLoJL71hVAlVUjlVSiWqW/6VfFVU3ayKqeK/yb88v+Q/mV8L1UK1VC1VK9VKtVFtVFvVVrVT7VSSSlLtVXvVQXVQHVVH1Ul1Up1VZ9VFdVHdVDfVXXVXPVQPlaySVW/1iuqj+qp+6lXVX72mBqgBaqAaqFJUihqsBqshaogaqoaqYWqYGqFGqJFqpBqlRqkxaoxKValqvBqvJqgJaqKaqCarySpNpalpapqarqarmWqmmqVmqdlqtpqr5qp0la7mq/kqQ2WohWqhylSL1CK1RC1Ry9QytUKtUKvUKrVGrVHr1DqVqTaqjWqz2qy2qq1qu9qudqqdapfapfaoPWqv2qv2qX1qv9qvDqgD6qDqBYfUIXVYHVZH1BF1VB1Vx9QxdUKdUKfUKXVanVZn1Vl1Xp1XF9QFdVFdzFr2BSIQgQpUEBPEBLFBbBAXxAW5glxB7iB3EAkiQXwQH+QJbgzyBvmC/EGBICEoGBQKdGACG4hLRY8GNwVFg5uDYkHxoERQMnBBqSAxuCUoHdwalAluC8oGtwflgjuC8kGFoGJQKbgzqBzcFVQJ7g6qBvcE1YLqQY2gZnBvUCu4L6gd3B/UCR4I6gYPBvWCh4L6wcNBg+CRoGHwaNAoeCxoHDweNAmaBs2C5kGLv3R870/ne9L10D11su6le+tXdB/dt8q1ALq/fk0P0K/rgfoNnaIH6cH6TT1Ev6WH6rf1MD1cj9Dv6JH6XT1Kj9Zj9Fidqsfp8fo9PUG/ryfqSXqynqLT9FQ9TX+gp+sZeqb+UM/SH+nZeo6eq+fpdP2xnq8X6Az9iV6oP9WZepFerJfopXqZXq5X6JV6lV6t1+i1ep1erzfojXqT3qy36K16m96ud+id+jO9S+/We/Tneq/+Qu/TX+r9+it9QH+tD+pv9CH9rT6sv9NH9Pf6qP5BH9PH9Ql9Up/SP+rT+ow+q8/p8/onfUH/rC9qn7W4z/p5N8ooE2NiTKyJNXEmzuQyuUxuk9tETMTEm3iTx+QxeU1ek9/kNwkmwRQyhUwWMmQKm8ImaqKmqClqiplipoQpYZxxJtEkmtKmtCljypiypqwpZ8qZ8qa8qWgqmjvNneYuc5e529xt7jH3mOqmuqlpappappapbWqbOqaOqWvqmnqmnqlv6psGpoFpaBqaRqaRaWwamyamiWlmmpkWpoVpaVqaVqaVaWPamLamrWln2pkkk2Tam/amg+lgOpqOppPpZDqbzqaL6WK6mW6mu+luepgeJtkkm96mt+lj+ph+pp/pb/qbAWaAGWgGmhSTYgabwWaIGWKGmqFmmBluRmQtVM27ZpQZbcaYsSbVpJrxZryZYCaYiWaimWwmmzSTZqaZaWa6mW5mmplmlpllZpvZZq6Za9JNuplv5psMk2EWmoUm02SaxWaxWWqWmuVmuVlpVprVZrVZC2vNerPebDQbzWaz2Ww1W812s93sNDvNLrPL7DF7zF6z1+wz+8x+s98cMAfMQXPQHDKHzGFz2BwxR8xRc9QcM8fMCXPCnDKnzGlz2pw1Z815k+/S76U3sTanjbPX2Fz2WpvbXmf/Mc5vC9gEW9AWstrmtfl+ExtrbTFb3JawJa2zpWyiveV3cXlbwVa0leydtrK9y1b5XVzL3mdr2/ttHfuArWnv/U1c1z5o69nHbH1EANvUNrTNbSP7mG1sH7dNbFPbzDa3be3Ttp19xibZZ217+9zv4vl2gV1pV9nVdo3dZXfbs/acPWy/s+ftT7aH7Wn729fsAPu6HWjfsCl20O/iEfYdO9K+a0fZ0XaMHfu7eLKdYtPsVDvNfmCn2xm/i9Ptx3aWzbCz7Rw71877Jc6aU4b9xC60n9pMu8gutkvsUrvMLrcr/u9cl9h1dr3dYHfaz+xmu8VutdvsdrvjlzjrPPbYz+1e+4U9ZL+1++1X9oA9Yg/ab36Js87viP3eHrU/2GP2uD1hT9pT9kd72p755fyzzv2k/dletN4CIQFJUhRQDOWgWMpJcXQN5aJrKTddRxG6nuLpBspDN1Jeykf5qQAlUEEqRJoMWSIKqTAVoSjdRJfX6SWoJDkqRYl0C5WmW6kM3UZl6XYqR3dQeapAFakS3UmV6S6qQndTVbqHqlF1qkE16V6qRfdRbbqf6tADVJcepHr0ENWnh6kBPUIN6VFqRI9RY3qcmlBTakbNqQU9QS3pSWpFrakNPUVt6WlqR89QEj1L7ek56kB/o470PHWiF6gzvUhdqCt1o5eoO71MPagnJVMv6k2vUB/qS/3oVepPr9EAep0G0huUQoNoML1JQ+gtGkpv0zAaTiPoHRpJ79IoGk1jaCyl0jgaT+/RBHqfJtIkmkxTKI2m0jT6gKbTDJpJH9Is+ohm0xyaS/MonT6m+bSAMugTWkifUiYtosW0hJbSMlpOK2glraLVtIbW0jpaTxtoI22izbSFttI22k47aCd9RrtoN+2hz2kvfUH76EvaT1/RAfqaDtI3dIi+pcP0HR2h731P+oGO0XE6QSfpFP1Ip+kMnaVzdJ5+ogv0M10kTxBiKEIZqjAIY8IcYWyYM4wLrwlzhdeGucPrwkh4fRgf3hDmCW8M84b5wvxhgTAhLBgWCnVoQhtSGIaFwyJhNLwpLBreHBYLi4clwpKhC0uFieEtYenw1rBMeFtYNrw9LBfeEZYPK4SPPVApvDOsHN4VVgnvDquG94TVwuphjbBmeG9YK7wvrB3eH9YJHwjLhA+G9cKHwvrhw2GD8JGwYfho2Ch8LGwcPh42CZuGzcLmYYvwibBl+GTYKmwdtgmfCtuGT4ftwmfCpPDZsH343C/9Dy748/7ksFfYO3wlfCX0/n45Nzovmh79ODo/uiCaEf0kujD6aTQzuii6OLokujS6LLo8uiK6Mroqujq6Jro2ui66Proh6n3NHODQCSedcoGLcTlcrMvp4tw1Lpe71uV217mIu97FuxtcHnejy+vyufyugEtwBV0hp51x1pELXWFXxEXdTa6ou9kVc8VdCVfSOVfKJbrmroVr4Vq6J10r19q1cU+5p9zT7mn3jHvGPevau+dcB/c319E97zq5F9wL7kXXxXV13dxLrrsbl/vXz2Sy6+16uz6uj+vn+rn+rr8b4Aa4gW6gS3EpbrAb7Ia4IW6oG+qGuWFuhBvhRrqRbpQb5ca4MS7Vpbrxbryb4Ca4iW6im+wmuzSX5qa5aW66m+4qz/j1KLPdbDfXzXXpLt3Nd1lrxgy30C10mS7TLXaL3VK31C13y91Kt9KtdqvdWrfWrXfr3Ua30W12m91Wt9Vtd9vdTrfT7fLX/Tqo2+v2uX1uv9vvDriv3UH3jTvkvnWH3XfuiPveHXU/uGPuuDvhTrpT7kd32p1xZ905d9795C64n91F511qZFxkfOS9yITI+5GJkUmRyZEpkbTI1Mi0yAeR6ZEZkZmRDyOzIh9FZkfmROZG5kXSIx9H5kcWRDIin0QWRj6NZEYWRRZHlkSWRpZFvC+4OfSFfREf9Tf5ov5mX8wX9yV8Se98KZ/ob/Gl/a2+jL/Nl/W3+3L+Dl/eV/AV/eO+iW/qm/nmvoV/wrf0T/pWvrVv45/ybf3Tvp1/xif5Z317/5zv4P/mO/rnfSf/gu/sX/RdfFffzb/ku/uXfQ/f0yf7Xr63f8X38X19P/+q7+9f8wP8636gf8On+EF+sH/TD/Fv+aH+bT/MD/cjYt7xIy9fIsNYn+rH+fH+PT/Bv+8n+kl+sp/i0/xUP81/4Kf7GX6m/9DP8h/52X6On+vn+XT/sZ/vF/gM/4lf6D/1mX7R5ZvKfrlf4Vf6VX61X+PX+nV+vd/gN/pNfrPf4rf6bX673+F3+s/8Lr/b7/Gf+73+C7/Pf+n3+6/8Af+1P+i/8Yf8t/6w/84f8d/7o/4Hf8wf9yf8SX/K/+hP+zP+rD/nz/uf/AX/s7/I/2aNMcYYY+y/ZNyVpvij/l5/8Jz4u517A8C1Wwoc/Pv+rBXl2ry/tvuKhLYRAHi2Z+dHLm/VqiUnJ1/aN1NCUGQOwOU/CcoSA1fiRdAGnoYkaA2l/3D+fUXX8/RPxo/eDhD3dzmxcCW+Mv6XfzL+E0+NmF8uPBv//xh/DkCxIldycsKVeBG0UVmPraHMn4yfr+U/mX/Or1IBWv1dTi64El+ZfyI8Cc9B0m/2ZIwxxhhjjDHGftVXVOx4+frz8t/4/KPr8wR1JScHXIn/2fU5Y4wxxhhjjDHGrr7nu3Z75omkpNYd//VGlf9WFjf+pza8B7j8jAKAf3NAgP/4WWz6jxwr5dJH5x+7lp7zAfzPKOVf0bjKX0yMMcYYY4yxv9yVRf9vn1dXa0KMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxlg29J/478Su9jkyxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjV9v/CQAA///jmgzN")
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000280)={'#! ', '', [], 0xa, "2b39e704691256d80815fad51e8e2a2f462156c7d0ba6f5f21e8c16edd423406426bd053e28b4e40f7c0a0ba008cd17e729d74be8bb3c33bdf1c6199906eacc93536ca99397baed3c8b62900e8100d2366e3e06d89c317ab163296cd87080fb033c0b546115622394c6063150daeb2f0d016c74e2ed3f41bb6535aec80cb3c34ed2cbb84205d3820c684e6271cfbf6409b181dbcf4230ffbc61ac94cdf5a0467a1fb031ae39a0c4e8410546549080731ec49d5e377e62e52dfa4dd0389"}, 0xc1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x13, r1, 0x0)
write$cgroup_devices(r0, &(0x7f00000000c0)=ANY=[], 0xffdd)

317.805714ms ago: executing program 3 (id=4246):
r0 = openat$selinux_commit_pending_bools(0xffffff9c, &(0x7f0000002400), 0x1, 0x0)
fchown(r0, 0x0, 0x0)

299.327545ms ago: executing program 0 (id=4247):
r0 = openat$selinux_user(0xffffff9c, &(0x7f0000000900), 0x2, 0x0)
dup(r0)

234.959921ms ago: executing program 0 (id=4248):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xfffffffffffffe6b)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0xfffffecc)
ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, &(0x7f00000000c0)={0x2, {0x2, 0xfffd, 0x0, 0x7ff}})
bpf$MAP_CREATE(0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sendmsg$ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000740)=ANY=[@ANYRES16, @ANYBLOB="02002dbd7000ffdbdf2511000000340001801400020076657468305f766c616e00000000000014000200687372300000000000000000000000000800030000000000040001"], 0x4c}, 0x1, 0x0, 0x0, 0x4000}, 0x4010)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000000001000000000000000008500000020000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000080)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000640)="e00200000087dbe9a8c89b6f5bec", 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

234.607001ms ago: executing program 3 (id=4249):
syz_mount_image$vfat(&(0x7f00000005c0), &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000002780)=ANY=[], 0x44, 0x2f6, &(0x7f0000000900)="$eJzs3M9rGmkYwPFHY9SYTfSwLOwuS152L7uXIXH3vCBLAssKu2TjsruFwiSOrThVcSTFUhp76rX/RiXH3AJt+gfk0ltPvZRecin0EmjTKfPDOLamUVtjxO8Hwvs47zy+8/KO4VF8Pfr3/o1SwdIK+i9fiCgJizTlRCTlREEhCXlN1Hsc95qm/DT/6ul3SkQy2ezqulJrmY2f00qpxaWHN2/vfn9Qn/9nb3E/Joepq0cv088Pvzr8+ujtxvWipYqWKlfqSleblWd1fdM0VL5olTSl/jIN3TJUsWwZNa+/UveHlWq1ofRyfiFRrRmWFdPLDVUyGqpeUfVaQ+nX9GJZaZqmFhIyPY6X3KY6aF6utb6uZ4YcdGvIPHx2Bx/trdXaL57HdndPrjW6awIAAJdVp/6vSzju1//H3fV/yG/Dwfrf15SmU////d//f/RR/+9Hg/W/dOr/yrn1v9tfMCvd9b+i/u9b/MNDudbM8PU/JkRtTqS1K51X9N0ru8tuQP0PAAAAAAAAAAAAAAAAAAAAAMAkOLbtpG3bSacNixc7fzF/w0j78bivE6MRXH9vrSPOqrP+UyKwcS8uYt7bzm3nTjf8iUimIEUxxZBlScob937wefHa79nVkHKl5JG54+aL084E8t2tZ0lJ9c5f8fJVd/6sJILjpyUpX/bOT/fMj8qPPwTyNUnKky2piCl5976WGX+Kq3dWlPrtz+x7+XOS77FjDgAAAACASaSpUz3fv2vaWf1efj+fDyz3fH8ekW8i4507AAAAAADTwmrcKummadTODR74Geee/MI/se9n/tRgdoBZDBaEhn/mE3ukc29/RWPwdP/jmZ2LWp2JDyLOTR84kjjz5MX2V0r6HiLm/yqzc+TE9rqi7XN+3fv29fjmfuH/igAAAACMWKfoH/eVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwvS7i58TGPUcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgsngXAAD//wLEF08=")

29.550317ms ago: executing program 3 (id=4250):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="3400000013000100000000000000000007000000", @ANYRES32=r2, @ANYBLOB="000000000000000014001a80100004800c000480040001"], 0x34}}, 0x0)

0s ago: executing program 3 (id=4251):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed}, 0xe)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
socket$can_raw(0x1d, 0x3, 0x1)
connect$bt_l2cap(r0, &(0x7f0000000180)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0xff}, 0x4}, 0xe)

kernel console output (not intermixed with test programs):

ck_lvl+0x151/0x1b7
[  548.786295][T12288]  ? io_uring_drop_tctx_refs+0x190/0x190
[  548.791763][T12288]  dump_stack+0x15/0x17
[  548.795752][T12288]  should_fail+0x3c6/0x510
[  548.800007][T12288]  __should_failslab+0xa4/0xe0
[  548.804608][T12288]  ? security_inode_alloc+0x29/0x120
[  548.809726][T12288]  should_failslab+0x9/0x20
[  548.814070][T12288]  slab_pre_alloc_hook+0x37/0xd0
[  548.818841][T12288]  ? security_inode_alloc+0x29/0x120
[  548.823963][T12288]  kmem_cache_alloc+0x44/0x200
[  548.828564][T12288]  security_inode_alloc+0x29/0x120
[  548.833510][T12288]  inode_init_always+0x76d/0x9d0
[  548.838281][T12288]  ? sockfs_init_fs_context+0xb0/0xb0
[  548.843489][T12288]  new_inode_pseudo+0x93/0x220
[  548.848090][T12288]  __sock_create+0x135/0x760
[  548.852517][T12288]  ? fput+0x1a/0x20
[  548.856168][T12288]  __sys_socket+0x132/0x370
[  548.860501][T12288]  ? sock_create_kern+0x50/0x50
[  548.865189][T12288]  ? debug_smp_processor_id+0x17/0x20
[  548.870398][T12288]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  548.876303][T12288]  __x64_sys_socket+0x7a/0x90
[  548.880816][T12288]  do_syscall_64+0x3d/0xb0
[  548.885065][T12288]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  548.890794][T12288] RIP: 0033:0x7efed3062bd9
[  548.895047][T12288] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  548.914571][T12288] RSP: 002b:00007efed22e4048 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[  548.922814][T12288] RAX: ffffffffffffffda RBX: 00007efed31f0f60 RCX: 00007efed3062bd9
[  548.930626][T12288] RDX: 0000000000000300 RSI: 0000000000000000 RDI: 0000000000000011
[  548.938437][T12288] RBP: 00007efed22e40a0 R08: 0000000000000000 R09: 0000000000000000
[  548.946250][T12288] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  548.954059][T12288] R13: 000000000000004d R14: 00007efed31f0f60 R15: 00007ffd7acaa468
[  548.961876][T12288]  </TASK>
[  548.965281][T12288] socket: no more sockets
[  548.976185][T12284] EXT4-fs (loop4): couldn't mount as ext2 due to feature incompatibilities
[  549.095185][T12303] loop2: detected capacity change from 0 to 128
[  549.101711][T12299] loop0: detected capacity change from 0 to 2048
[  549.482448][T12299] EXT4-fs (loop0): couldn't mount as ext2 due to feature incompatibilities
[  549.870526][   T26] usb 5-1: new high-speed USB device number 59 using dummy_hcd
[  549.901353][T12310] loop3: detected capacity change from 0 to 128
[  550.225189][   T26] usb 5-1: Using ep0 maxpacket: 16
[  550.412646][ T7170] usb 1-1: new high-speed USB device number 79 using dummy_hcd
[  550.826548][   T26] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  550.845691][   T26] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  550.858466][   T26] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  550.867393][   T26] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  550.875847][   T26] usb 5-1: config 0 descriptor??
[  550.955193][ T7170] usb 1-1: Using ep0 maxpacket: 16
[  551.095308][ T7170] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  551.106070][ T7170] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  551.131283][ T7170] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  551.140454][ T7170] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  551.148939][ T7170] usb 1-1: config 0 descriptor??
[  551.359857][   T26] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.0083/input/input75
[  551.446272][   T26] microsoft 0003:045E:07DA.0083: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0
[  551.745973][T12335] loop2: detected capacity change from 0 to 128
[  551.772814][   T26] usb 5-1: USB disconnect, device number 59
[  551.823982][   T30] kauditd_printk_skb: 6 callbacks suppressed
[  551.823997][   T30] audit: type=1400 audit(2000000525.409:2259): avc:  denied  { create } for  pid=12338 comm="syz.3.3747" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  551.851859][   T30] audit: type=1400 audit(2000000525.439:2260): avc:  denied  { setopt } for  pid=12338 comm="syz.3.3747" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  551.871324][   T30] audit: type=1400 audit(2000000525.439:2261): avc:  denied  { connect } for  pid=12338 comm="syz.3.3747" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  551.890985][   T30] audit: type=1400 audit(2000000525.439:2262): avc:  denied  { write } for  pid=12338 comm="syz.3.3747" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  551.911510][   T30] audit: type=1400 audit(2000000525.439:2263): avc:  denied  { read } for  pid=12338 comm="syz.3.3747" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  551.931460][ T7170] usbhid 1-1:0.0: can't add hid device: -71
[  551.937124][ T7170] usbhid: probe of 1-1:0.0 failed with error -71
[  551.943834][ T7170] usb 1-1: USB disconnect, device number 79
[  552.054829][T12343] bridge0: port 1(bridge_slave_0) entered blocking state
[  552.061724][T12343] bridge0: port 1(bridge_slave_0) entered disabled state
[  552.068940][T12343] device bridge_slave_0 entered promiscuous mode
[  552.075916][T12343] bridge0: port 2(bridge_slave_1) entered blocking state
[  552.082754][T12343] bridge0: port 2(bridge_slave_1) entered disabled state
[  552.090151][T12343] device bridge_slave_1 entered promiscuous mode
[  552.150396][T12343] bridge0: port 2(bridge_slave_1) entered blocking state
[  552.157259][T12343] bridge0: port 2(bridge_slave_1) entered forwarding state
[  552.164336][T12343] bridge0: port 1(bridge_slave_0) entered blocking state
[  552.171137][T12343] bridge0: port 1(bridge_slave_0) entered forwarding state
[  552.194571][ T7170] bridge0: port 1(bridge_slave_0) entered disabled state
[  552.220146][ T7170] bridge0: port 2(bridge_slave_1) entered disabled state
[  552.227738][ T7170] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  552.235017][ T7170] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  552.256044][ T7170] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  552.263977][ T7170] bridge0: port 1(bridge_slave_0) entered blocking state
[  552.270839][ T7170] bridge0: port 1(bridge_slave_0) entered forwarding state
[  552.294223][ T7170] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  552.302255][ T7170] bridge0: port 2(bridge_slave_1) entered blocking state
[  552.309097][ T7170] bridge0: port 2(bridge_slave_1) entered forwarding state
[  552.316580][ T7170] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  552.409461][T12350] loop0: detected capacity change from 0 to 128
[  552.416104][ T7170] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  552.449567][T12343] device veth0_vlan entered promiscuous mode
[  552.466669][ T2437] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  552.474849][ T2437] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  552.488756][ T2437] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  552.505657][ T2437] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  552.526897][T12343] device veth1_macvtap entered promiscuous mode
[  552.535592][ T7452] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  552.551216][ T2437] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  552.692433][ T2437] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  553.606590][ T7453] usb 4-1: new high-speed USB device number 64 using dummy_hcd
[  553.682412][T12374] loop1: detected capacity change from 0 to 128
[  554.961732][   T30] audit: type=1400 audit(2000000528.549:2264): avc:  denied  { name_bind } for  pid=12389 comm="syz.2.3761" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[  554.982857][T12385] loop4: detected capacity change from 0 to 2048
[  555.027690][   T30] audit: type=1400 audit(2000000528.619:2265): avc:  denied  { node_bind } for  pid=12389 comm="syz.2.3761" saddr=ff02::1 src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1
[  555.056467][   T30] audit: type=1400 audit(2000000528.619:2266): avc:  denied  { read } for  pid=12389 comm="syz.2.3761" laddr=ff02::1 lport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  555.078665][T12396] loop3: detected capacity change from 0 to 128
[  555.116947][T12385] EXT4-fs (loop4): couldn't mount as ext2 due to feature incompatibilities
[  555.208167][T12402] kvm: pic: non byte write
[  555.237205][ T6760] device bridge_slave_1 left promiscuous mode
[  555.248271][ T6760] bridge0: port 2(bridge_slave_1) entered disabled state
[  555.285671][ T6760] device bridge_slave_0 left promiscuous mode
[  555.313784][ T6760] bridge0: port 1(bridge_slave_0) entered disabled state
[  555.322566][ T6760] device veth1_macvtap left promiscuous mode
[  555.328451][ T6760] device veth0_vlan left promiscuous mode
[  555.478751][T12404] FAULT_INJECTION: forcing a failure.
[  555.478751][T12404] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  555.499516][T12404] CPU: 1 PID: 12404 Comm: syz.1.3764 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0
[  555.509316][T12404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  555.519210][T12404] Call Trace:
[  555.522333][T12404]  <TASK>
[  555.525111][T12404]  dump_stack_lvl+0x151/0x1b7
[  555.529624][T12404]  ? io_uring_drop_tctx_refs+0x190/0x190
[  555.535094][T12404]  ? kmem_cache_free+0x116/0x2e0
[  555.539863][T12404]  ? vsnprintf+0x1dc/0x1c70
[  555.544206][T12404]  dump_stack+0x15/0x17
[  555.548197][T12404]  should_fail+0x3c6/0x510
[  555.552451][T12404]  should_fail_usercopy+0x1a/0x20
[  555.557308][T12404]  _copy_from_user+0x20/0xd0
[  555.561735][T12404]  kstrtouint_from_user+0xca/0x2a0
[  555.566682][T12404]  ? kstrtol_from_user+0x310/0x310
[  555.571630][T12404]  ? snprintf+0xd6/0x120
[  555.575709][T12404]  ? check_stack_object+0x114/0x130
[  555.580742][T12404]  ? __kasan_check_read+0x11/0x20
[  555.585601][T12404]  ? _copy_to_user+0x78/0x90
[  555.590027][T12404]  proc_fail_nth_write+0xa6/0x290
[  555.594889][T12404]  ? selinux_file_permission+0x2c4/0x570
[  555.600357][T12404]  ? proc_fail_nth_read+0x210/0x210
[  555.605389][T12404]  ? fsnotify_perm+0x6a/0x5d0
[  555.609905][T12404]  ? security_file_permission+0x86/0xb0
[  555.615286][T12404]  ? proc_fail_nth_read+0x210/0x210
[  555.620318][T12404]  vfs_write+0x406/0x1110
[  555.624488][T12404]  ? file_end_write+0x1c0/0x1c0
[  555.629172][T12404]  ? __kasan_check_write+0x14/0x20
[  555.634120][T12404]  ? mutex_lock+0xb6/0x1e0
[  555.638371][T12404]  ? wait_for_completion_killable_timeout+0x10/0x10
[  555.644884][T12404]  ? __fdget_pos+0x2e7/0x3a0
[  555.649306][T12404]  ? ksys_write+0x77/0x2c0
[  555.653559][T12404]  ksys_write+0x199/0x2c0
[  555.657728][T12404]  ? __ia32_sys_read+0x90/0x90
[  555.662327][T12404]  ? debug_smp_processor_id+0x17/0x20
[  555.667542][T12404]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  555.673439][T12404]  __x64_sys_write+0x7b/0x90
[  555.677864][T12404]  do_syscall_64+0x3d/0xb0
[  555.682115][T12404]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  555.687930][T12404] RIP: 0033:0x7f8422ab075f
[  555.692185][T12404] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48
[  555.711626][T12404] RSP: 002b:00007f8421cf1040 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  555.719871][T12404] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8422ab075f
[  555.727681][T12404] RDX: 0000000000000001 RSI: 00007f8421cf10b0 RDI: 0000000000000004
[  555.735493][T12404] RBP: 00007f8421cf10a0 R08: 0000000000000000 R09: 0000000000000000
[  555.743304][T12404] R10: 00000000200000c0 R11: 0000000000000293 R12: 0000000000000001
[  555.751115][T12404] R13: 000000000000006e R14: 00007f8422c40110 R15: 00007ffe4b8fe6c8
[  555.758932][T12404]  </TASK>
[  555.762047][ T7453] usb 4-1: device not accepting address 64, error -71
[  555.792174][T12414] syz.1.3769[12414] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  555.792275][T12414] syz.1.3769[12414] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  555.862668][ T2437] usb 5-1: new high-speed USB device number 60 using dummy_hcd
[  555.918453][T12425] loop3: detected capacity change from 0 to 128
[  556.585553][ T2437] usb 5-1: Using ep0 maxpacket: 16
[  556.832712][ T2437] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  557.049100][ T2437] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  557.062499][ T2437] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  557.072636][ T2437] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  557.094395][ T2437] usb 5-1: config 0 descriptor??
[  557.139201][T12455] loop3: detected capacity change from 0 to 128
[  557.163818][T12461] loop1: detected capacity change from 0 to 512
[  557.267679][T12461] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.3785: invalid indirect mapped block 256 (level 2)
[  557.281050][T12461] EXT4-fs (loop1): 2 truncates cleaned up
[  557.286886][T12461] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  557.478141][ T7170] usb 1-1: new high-speed USB device number 80 using dummy_hcd
[  557.573659][T12470] FAULT_INJECTION: forcing a failure.
[  557.573659][T12470] name failslab, interval 1, probability 0, space 0, times 0
[  557.586237][T12470] CPU: 0 PID: 12470 Comm: syz.2.3787 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0
[  557.596021][T12470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  557.605914][T12470] Call Trace:
[  557.609041][T12470]  <TASK>
[  557.611815][T12470]  dump_stack_lvl+0x151/0x1b7
[  557.616327][T12470]  ? io_uring_drop_tctx_refs+0x190/0x190
[  557.621796][T12470]  ? avc_has_perm_noaudit+0x2dd/0x430
[  557.627005][T12470]  dump_stack+0x15/0x17
[  557.630997][T12470]  should_fail+0x3c6/0x510
[  557.635263][T12470]  __should_failslab+0xa4/0xe0
[  557.639848][T12470]  ? fcntl_setlk+0x33/0xcc0
[  557.644189][T12470]  should_failslab+0x9/0x20
[  557.648531][T12470]  slab_pre_alloc_hook+0x37/0xd0
[  557.653302][T12470]  ? fcntl_setlk+0x33/0xcc0
[  557.657641][T12470]  kmem_cache_alloc+0x44/0x200
[  557.662241][T12470]  fcntl_setlk+0x33/0xcc0
[  557.666408][T12470]  ? __kasan_check_write+0x14/0x20
[  557.671354][T12470]  ? _copy_from_user+0x96/0xd0
[  557.675953][T12470]  do_fcntl+0x5b1/0x1420
[  557.680032][T12470]  ? match_file+0x140/0x140
[  557.684374][T12470]  ? kill_fasync+0x250/0x250
[  557.688800][T12470]  ? __fget_files+0x31e/0x380
[  557.693313][T12470]  ? selinux_file_fcntl+0x178/0x1b0
[  557.698348][T12470]  ? security_file_fcntl+0x84/0xb0
[  557.703296][T12470]  __se_sys_fcntl+0xe0/0x1c0
[  557.707721][T12470]  __x64_sys_fcntl+0x7b/0x90
[  557.712146][T12470]  do_syscall_64+0x3d/0xb0
[  557.716400][T12470]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  557.722129][T12470] RIP: 0033:0x7fc781025bd9
[  557.726383][T12470] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  557.745824][T12470] RSP: 002b:00007fc7802a7048 EFLAGS: 00000246 ORIG_RAX: 0000000000000048
[  557.754153][T12470] RAX: ffffffffffffffda RBX: 00007fc7811b3f60 RCX: 00007fc781025bd9
[  557.761966][T12470] RDX: 0000000020000380 RSI: 0000000000000025 RDI: 0000000000000003
[  557.769778][T12470] RBP: 00007fc7802a70a0 R08: 0000000000000000 R09: 0000000000000000
[  557.777587][T12470] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  557.785398][T12470] R13: 000000000000004d R14: 00007fc7811b3f60 R15: 00007ffc75770fe8
[  557.793216][T12470]  </TASK>
[  557.848071][T12478] loop1: detected capacity change from 0 to 128
[  557.904249][ T2437] usbhid 5-1:0.0: can't add hid device: -71
[  557.910134][ T2437] usbhid: probe of 5-1:0.0 failed with error -71
[  557.921931][ T2437] usb 5-1: USB disconnect, device number 60
[  559.481603][T12493] loop4: detected capacity change from 0 to 512
[  559.493650][T12495] loop1: detected capacity change from 0 to 128
[  559.521458][T12493] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.3796: invalid indirect mapped block 256 (level 2)
[  559.534941][T12493] EXT4-fs (loop4): 2 truncates cleaned up
[  559.540755][T12493] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  559.544948][T12509] FAULT_INJECTION: forcing a failure.
[  559.544948][T12509] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  559.554414][ T7170] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  559.577709][T12509] CPU: 0 PID: 12509 Comm: syz.2.3803 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0
[  559.577732][T12509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  559.577742][T12509] Call Trace:
[  559.577748][T12509]  <TASK>
[  559.603292][T12509]  dump_stack_lvl+0x151/0x1b7
[  559.607802][T12509]  ? io_uring_drop_tctx_refs+0x190/0x190
[  559.613359][T12509]  dump_stack+0x15/0x17
[  559.617352][T12509]  should_fail+0x3c6/0x510
[  559.621601][T12509]  should_fail_usercopy+0x1a/0x20
[  559.626463][T12509]  _copy_to_user+0x20/0x90
[  559.630715][T12509]  simple_read_from_buffer+0xc7/0x150
[  559.635924][T12509]  proc_fail_nth_read+0x1a3/0x210
[  559.640783][T12509]  ? proc_fault_inject_write+0x390/0x390
[  559.646257][T12509]  ? fsnotify_perm+0x470/0x5d0
[  559.650900][T12509]  ? security_file_permission+0x86/0xb0
[  559.656232][T12509]  ? proc_fault_inject_write+0x390/0x390
[  559.661703][T12509]  vfs_read+0x27d/0xd40
[  559.665695][T12509]  ? kernel_read+0x1f0/0x1f0
[  559.670120][T12509]  ? __kasan_check_read+0x11/0x20
[  559.674981][T12509]  ? __kasan_check_read+0x11/0x20
[  559.679840][T12509]  ? __fdget_pos+0x2ee/0x3a0
[  559.684266][T12509]  ksys_read+0x199/0x2c0
[  559.688349][T12509]  ? vfs_write+0x1110/0x1110
[  559.692772][T12509]  ? debug_smp_processor_id+0x17/0x20
[  559.697979][T12509]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  559.703883][T12509]  __x64_sys_read+0x7b/0x90
[  559.708221][T12509]  do_syscall_64+0x3d/0xb0
[  559.712475][T12509]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  559.718202][T12509] RIP: 0033:0x7fc7810246bc
[  559.722458][T12509] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48
[  559.741899][T12509] RSP: 002b:00007fc7802a7040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  559.750144][T12509] RAX: ffffffffffffffda RBX: 00007fc7811b3f60 RCX: 00007fc7810246bc
[  559.757952][T12509] RDX: 000000000000000f RSI: 00007fc7802a70b0 RDI: 0000000000000004
[  559.765766][T12509] RBP: 00007fc7802a70a0 R08: 0000000000000000 R09: 0000000000000000
[  559.773575][T12509] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  559.781387][T12509] R13: 000000000000004d R14: 00007fc7811b3f60 R15: 00007ffc75770fe8
[  559.789203][T12509]  </TASK>
[  559.801441][ T7170] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  559.822936][ T7170] usb 1-1: New USB device found, idVendor=18b1, idProduct=0037, bcdDevice= 0.00
[  559.832544][ T7170] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  559.837173][T12514] loop3: detected capacity change from 0 to 2048
[  559.841362][ T7170] usb 1-1: config 0 descriptor??
[  559.863320][   T30] audit: type=1400 audit(2000000533.449:2267): avc:  denied  { bind } for  pid=12512 comm="syz.2.3805" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  559.885596][T12514] EXT4-fs (loop3): couldn't mount as ext2 due to feature incompatibilities
[  559.909937][T12517] loop4: detected capacity change from 0 to 128
[  560.556232][T12528] FAULT_INJECTION: forcing a failure.
[  560.556232][T12528] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  560.569267][T12528] CPU: 1 PID: 12528 Comm: syz.0.3808 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0
[  560.579056][T12528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  560.588951][T12528] Call Trace:
[  560.592073][T12528]  <TASK>
[  560.594851][T12528]  dump_stack_lvl+0x151/0x1b7
[  560.599366][T12528]  ? io_uring_drop_tctx_refs+0x190/0x190
[  560.604834][T12528]  ? kasan_poison+0x5d/0x70
[  560.609172][T12528]  ? __kasan_kmalloc_large+0xad/0xc0
[  560.614292][T12528]  ? kmalloc_order+0xb7/0x160
[  560.618807][T12528]  dump_stack+0x15/0x17
[  560.622798][T12528]  should_fail+0x3c6/0x510
[  560.627053][T12528]  should_fail_usercopy+0x1a/0x20
[  560.631913][T12528]  _copy_from_user+0x20/0xd0
[  560.636339][T12528]  ip_set_mcast_msfilter+0x101/0x380
[  560.641460][T12528]  ip_setsockopt+0x6ae/0x4730
[  560.645975][T12528]  ? ipv4_pktinfo_prepare+0x530/0x530
[  560.651180][T12528]  ? kmem_cache_free+0x116/0x2e0
[  560.655954][T12528]  ? kmem_cache_free+0x116/0x2e0
[  560.660726][T12528]  ? kasan_set_track+0x5d/0x70
[  560.665327][T12528]  ? kasan_set_track+0x4b/0x70
[  560.669926][T12528]  ? kasan_set_free_info+0x23/0x40
[  560.674875][T12528]  ? ____kasan_slab_free+0x126/0x160
[  560.679995][T12528]  ? __kasan_slab_free+0x11/0x20
[  560.684768][T12528]  ? slab_free_freelist_hook+0xbd/0x190
[  560.690149][T12528]  ? kmem_cache_free+0x116/0x2e0
[  560.694924][T12528]  ? avc_has_perm_noaudit+0x348/0x430
[  560.700132][T12528]  ? memcpy+0x56/0x70
[  560.703951][T12528]  ? avc_has_perm_noaudit+0x2dd/0x430
[  560.709156][T12528]  ? _kstrtoull+0x3a0/0x4a0
[  560.713497][T12528]  ? avc_denied+0x1b0/0x1b0
[  560.717836][T12528]  ? kstrtouint_from_user+0x20a/0x2a0
[  560.723047][T12528]  ? avc_has_perm+0x16f/0x260
[  560.727560][T12528]  ? avc_has_perm_noaudit+0x430/0x430
[  560.732764][T12528]  ? proc_fail_nth_write+0x20b/0x290
[  560.737887][T12528]  ? proc_fail_nth_read+0x210/0x210
[  560.742922][T12528]  ? fsnotify_perm+0x6a/0x5d0
[  560.747435][T12528]  ? selinux_socket_setsockopt+0x260/0x360
[  560.753075][T12528]  ? selinux_socket_getsockopt+0x340/0x340
[  560.758718][T12528]  udp_setsockopt+0x8f/0xa0
[  560.763056][T12528]  sock_common_setsockopt+0xa2/0xc0
[  560.768090][T12528]  ? sock_common_recvmsg+0x240/0x240
[  560.773210][T12528]  __sys_setsockopt+0x4dc/0x840
[  560.777898][T12528]  ? fput_many+0x160/0x1b0
[  560.782151][T12528]  ? __ia32_sys_recv+0xb0/0xb0
[  560.786750][T12528]  ? ksys_write+0x260/0x2c0
[  560.791091][T12528]  ? debug_smp_processor_id+0x17/0x20
[  560.796297][T12528]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  560.802200][T12528]  __x64_sys_setsockopt+0xbf/0xd0
[  560.807062][T12528]  do_syscall_64+0x3d/0xb0
[  560.811314][T12528]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  560.817042][T12528] RIP: 0033:0x7efed3062bd9
[  560.821297][T12528] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  560.840736][T12528] RSP: 002b:00007efed22e4048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  560.848982][T12528] RAX: ffffffffffffffda RBX: 00007efed31f0f60 RCX: 00007efed3062bd9
[  560.856791][T12528] RDX: 0000000000000030 RSI: 0000000000000000 RDI: 0000000000000003
[  560.864604][T12528] RBP: 00007efed22e40a0 R08: 0000000000005000 R09: 0000000000000000
[  560.872414][T12528] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  560.880226][T12528] R13: 000000000000004d R14: 00007efed31f0f60 R15: 00007ffd7acaa468
[  560.888042][T12528]  </TASK>
[  560.950151][T12543] loop0: detected capacity change from 0 to 512
[  560.955796][ T7453] usb 3-1: new high-speed USB device number 68 using dummy_hcd
[  560.965634][ T7170] usbhid 1-1:0.0: can't add hid device: -71
[  560.973427][ T7170] usbhid: probe of 1-1:0.0 failed with error -71
[  560.977724][T12543] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.3815: invalid indirect mapped block 256 (level 2)
[  560.980828][ T7170] usb 1-1: USB disconnect, device number 80
[  560.996483][T12543] EXT4-fs (loop0): 2 truncates cleaned up
[  561.004790][T12543] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  561.020645][T12545] ªªªªªª: renamed from vlan0
[  561.028005][   T30] audit: type=1400 audit(2000000534.619:2268): avc:  denied  { ioctl } for  pid=12544 comm="syz.1.3816" path="socket:[75677]" dev="sockfs" ino=75677 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  561.088569][T12552] loop1: detected capacity change from 0 to 128
[  561.105186][T12554] loop4: detected capacity change from 0 to 128
[  561.180607][   T30] audit: type=1400 audit(2000000534.769:2269): avc:  denied  { mounton } for  pid=12557 comm="syz.0.3821" path="/proc/89/task" dev="proc" ino=76955 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  561.203460][   T30] audit: type=1400 audit(2000000534.769:2270): avc:  denied  { write } for  pid=12557 comm="syz.0.3821" name="task" dev="proc" ino=76955 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  561.227748][   T30] audit: type=1400 audit(2000000534.769:2271): avc:  denied  { add_name } for  pid=12557 comm="syz.0.3821" name="hugetlb.2MB.usage_in_bytes" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  561.250210][ T7453] usb 3-1: device descriptor read/64, error -71
[  561.258157][   T30] audit: type=1400 audit(2000000534.769:2272): avc:  denied  { create } for  pid=12557 comm="syz.0.3821" name="hugetlb.2MB.usage_in_bytes" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=file permissive=1
[  561.280133][   T30] audit: type=1400 audit(2000000534.769:2273): avc:  denied  { associate } for  pid=12557 comm="syz.0.3821" name="hugetlb.2MB.usage_in_bytes" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  562.072223][T12575] loop3: detected capacity change from 0 to 128
[  562.199079][T12585] loop4: detected capacity change from 0 to 512
[  562.213407][T12587] loop0: detected capacity change from 0 to 2048
[  562.219905][   T30] audit: type=1400 audit(2000000535.809:2274): avc:  denied  { read } for  pid=12588 comm="syz.1.3833" name="event0" dev="devtmpfs" ino=164 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  562.255223][ T7453] usb 3-1: device descriptor read/64, error -71
[  562.265628][T12587] EXT4-fs (loop0): couldn't mount as ext2 due to feature incompatibilities
[  562.282572][T12585] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.3831: invalid indirect mapped block 256 (level 2)
[  562.296473][T12585] EXT4-fs (loop4): 2 truncates cleaned up
[  562.302433][T12585] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  562.314550][T12594] FAULT_INJECTION: forcing a failure.
[  562.314550][T12594] name failslab, interval 1, probability 0, space 0, times 0
[  562.329718][T12594] CPU: 0 PID: 12594 Comm: syz.1.3834 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0
[  562.339502][T12594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  562.349396][T12594] Call Trace:
[  562.352520][T12594]  <TASK>
[  562.355298][T12594]  dump_stack_lvl+0x151/0x1b7
[  562.359816][T12594]  ? io_uring_drop_tctx_refs+0x190/0x190
[  562.365281][T12594]  dump_stack+0x15/0x17
[  562.369271][T12594]  should_fail+0x3c6/0x510
[  562.373525][T12594]  __should_failslab+0xa4/0xe0
[  562.378126][T12594]  ? security_inode_alloc+0x29/0x120
[  562.383246][T12594]  should_failslab+0x9/0x20
[  562.387587][T12594]  slab_pre_alloc_hook+0x37/0xd0
[  562.392359][T12594]  ? security_inode_alloc+0x29/0x120
[  562.397480][T12594]  kmem_cache_alloc+0x44/0x200
[  562.402079][T12594]  ? slab_post_alloc_hook+0x53/0x2c0
[  562.407210][T12594]  security_inode_alloc+0x29/0x120
[  562.412148][T12594]  inode_init_always+0x76d/0x9d0
[  562.416923][T12594]  new_inode_pseudo+0x93/0x220
[  562.421522][T12594]  create_pipe_files+0x4f/0x6e0
[  562.426211][T12594]  __do_pipe_flags+0x4c/0x210
[  562.430723][T12594]  do_pipe2+0xd0/0x300
[  562.434628][T12594]  ? pipe_fcntl+0x530/0x530
[  562.438968][T12594]  ? debug_smp_processor_id+0x17/0x20
[  562.444474][T12594]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  562.450366][T12594]  __x64_sys_pipe2+0x5a/0x70
[  562.454789][T12594]  do_syscall_64+0x3d/0xb0
[  562.459042][T12594]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  562.464770][T12594] RIP: 0033:0x7f8422ab1bd9
[  562.469026][T12594] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  562.488812][T12594] RSP: 002b:00007f8421d12048 EFLAGS: 00000246 ORIG_RAX: 0000000000000125
[  562.497056][T12594] RAX: ffffffffffffffda RBX: 00007f8422c40038 RCX: 00007f8422ab1bd9
[  562.504870][T12594] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  562.512680][T12594] RBP: 00007f8421d120a0 R08: 0000000000000000 R09: 0000000000000000
[  562.520490][T12594] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  562.528302][T12594] R13: 000000000000006e R14: 00007f8422c40038 R15: 00007ffe4b8fe6c8
[  562.536116][T12594]  </TASK>
[  562.875159][ T7453] usb 3-1: new high-speed USB device number 69 using dummy_hcd
[  562.900514][T12606] loop2: detected capacity change from 0 to 128
[  562.916500][T12610] loop4: detected capacity change from 0 to 128
[  562.935820][T12613] UDC core: couldn't find an available UDC or it's busy: -16
[  562.943915][T12613] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  564.520022][T12644] loop2: detected capacity change from 0 to 128
[  564.542262][T12650] loop1: detected capacity change from 0 to 256
[  564.708021][T12662] loop0: detected capacity change from 0 to 2048
[  564.745257][   T30] audit: type=1400 audit(2000000538.329:2275): avc:  denied  { connect } for  pid=12664 comm="syz.4.3860" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  564.770302][T12665] xt_ecn: cannot match TCP bits for non-tcp packets
[  564.776815][   T30] audit: type=1400 audit(2000000538.359:2276): avc:  denied  { write } for  pid=12664 comm="syz.4.3860" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  564.797667][T12662] EXT4-fs (loop0): couldn't mount as ext2 due to feature incompatibilities
[  564.811803][T12667] loop4: detected capacity change from 0 to 512
[  564.865219][ T7452] usb 2-1: new high-speed USB device number 70 using dummy_hcd
[  564.936664][T12665] fuse: Unknown parameter '0x0000000000000012'
[  565.045993][T12678] loop4: detected capacity change from 0 to 128
[  565.115182][ T7452] usb 2-1: Using ep0 maxpacket: 8
[  565.145388][ T2437] Bluetooth: hci0: command 0x1003 tx timeout
[  565.151266][  T948] Bluetooth: hci0: sending frame failed (-49)
[  565.245204][ T7452] usb 2-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config
[  565.255226][ T7452] usb 2-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d
[  565.264072][ T7452] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  565.312532][ T7452] usb 2-1: config 0 descriptor??
[  565.533949][ T7452] usb 2-1: Found UVC 0.00 device <unnamed> (05ac:8501)
[  565.561025][ T7452] usb 2-1: No valid video chain found.
[  565.662833][T12685] loop2: detected capacity change from 0 to 128
[  565.749893][ T7170] usb 2-1: USB disconnect, device number 70
[  566.162154][T12710] loop4: detected capacity change from 0 to 128
[  566.184336][   T30] audit: type=1400 audit(2000000539.769:2277): avc:  denied  { bind } for  pid=12706 comm="syz.0.3875" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  566.352809][   T30] audit: type=1400 audit(2000000539.939:2278): avc:  denied  { unlink } for  pid=12343 comm="syz-executor" name="file0" dev="loop1" ino=1048766 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  566.507957][T12717] FAULT_INJECTION: forcing a failure.
[  566.507957][T12717] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  566.520897][T12717] CPU: 1 PID: 12717 Comm: syz.0.3877 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0
[  566.530644][T12717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  566.540542][T12717] Call Trace:
[  566.543664][T12717]  <TASK>
[  566.546439][T12717]  dump_stack_lvl+0x151/0x1b7
[  566.550953][T12717]  ? io_uring_drop_tctx_refs+0x190/0x190
[  566.556423][T12717]  ? ___ratelimit+0xb2/0x5a0
[  566.560846][T12717]  dump_stack+0x15/0x17
[  566.564840][T12717]  should_fail+0x3c6/0x510
[  566.569094][T12717]  should_fail_usercopy+0x1a/0x20
[  566.573955][T12717]  copy_fpstate_to_sigframe+0x708/0x9a0
[  566.579341][T12717]  ? fpregs_set+0x6f0/0x6f0
[  566.583677][T12717]  ? __kasan_check_read+0x11/0x20
[  566.588534][T12717]  ? preempt_schedule_common+0xbe/0xf0
[  566.593831][T12717]  ? preempt_schedule+0xd9/0xe0
[  566.598514][T12717]  ? schedule_preempt_disabled+0x20/0x20
[  566.603982][T12717]  ? sysvec_reschedule_ipi+0x7d/0x150
[  566.609388][T12717]  ? asm_sysvec_reschedule_ipi+0x1b/0x20
[  566.614847][T12717]  ? fpu__alloc_mathframe+0x89/0x150
[  566.619976][T12717]  get_sigframe+0x378/0x4b0
[  566.624307][T12717]  ? restore_sigcontext+0x710/0x710
[  566.629342][T12717]  arch_do_signal_or_restart+0x2ad/0x1680
[  566.634898][T12717]  ? force_sig_fault+0x127/0x1d0
[  566.639669][T12717]  ? get_sigframe_size+0x10/0x10
[  566.644442][T12717]  ? preempt_schedule_irq+0xe7/0x140
[  566.649564][T12717]  ? page_fault_oops+0xa90/0xa90
[  566.654335][T12717]  ? __bad_area_nosemaphore+0x316/0x490
[  566.659715][T12717]  ? asm_sysvec_reschedule_ipi+0x1b/0x20
[  566.665189][T12717]  exit_to_user_mode_loop+0xa0/0xe0
[  566.670217][T12717]  exit_to_user_mode_prepare+0x5a/0xa0
[  566.675511][T12717]  irqentry_exit_to_user_mode+0x9/0x20
[  566.680805][T12717]  irqentry_exit+0x12/0x40
[  566.685180][T12717]  exc_page_fault+0x47a/0x830
[  566.689695][T12717]  asm_exc_page_fault+0x27/0x30
[  566.694380][T12717] RIP: 0033:0x7efed2f336e7
[  566.698632][T12717] Code: c4 0f 85 83 03 00 00 48 8b 04 24 89 5c 24 14 c6 80 d0 00 00 00 01 80 3d 02 f0 de 00 00 74 12 48 8b 04 24 48 8b 80 a8 00 00 00 <48> c7 00 00 00 00 00 48 8b 1c 24 48 c7 83 88 00 00 00 ff ff ff ff
[  566.718078][T12717] RSP: 002b:00007efed2281070 EFLAGS: 00010202
[  566.723978][T12717] RAX: 0000000000000000 RBX: 0000000000000006 RCX: 0000000000000000
[  566.731787][T12717] RDX: 00007efed22810a0 RSI: 00007efed22810a0 RDI: 00007efed22810a0
[  566.739602][T12717] RBP: 00007efed22810a0 R08: 0000000000000000 R09: 00007efed2280e07
[  566.747411][T12717] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  566.755227][T12717] R13: 000000000000006e R14: 00007efed31f11e8 R15: 00007ffd7acaa468
[  566.763035][T12717]  </TASK>
[  567.225181][ T7170] Bluetooth: hci0: command 0x1001 tx timeout
[  567.231225][  T948] Bluetooth: hci0: sending frame failed (-49)
[  567.250806][T12755] loop0: detected capacity change from 0 to 128
[  567.253477][T12757] loop2: detected capacity change from 0 to 256
[  567.276538][   T30] audit: type=1400 audit(2000000540.869:2279): avc:  denied  { mounton } for  pid=12756 comm="syz.2.3892" path="/65/file0/file2" dev="loop2" ino=1048769 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=file permissive=1
[  567.533559][T12757] SELinux: security_context_str_to_sid(unconfined_u) failed for (dev ?, type ?) errno=-22
[  567.543696][T12757] SELinux:  duplicate or incompatible mount options
[  567.547280][T12766] loop4: detected capacity change from 0 to 128
[  567.557018][   T30] audit: type=1400 audit(2000000541.149:2280): avc:  denied  { mounton } for  pid=12756 comm="syz.2.3892" path="/65/file0/file0" dev="loop2" ino=1048770 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=dir permissive=1
[  568.017526][ T5284] usb 3-1: new high-speed USB device number 70 using dummy_hcd
[  568.204406][T12783] loop0: detected capacity change from 0 to 128
[  568.230717][   T30] audit: type=1400 audit(2000000541.819:2281): avc:  denied  { create } for  pid=12784 comm="syz.1.3904" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  568.251814][   T30] audit: type=1400 audit(2000000541.839:2282): avc:  denied  { setopt } for  pid=12784 comm="syz.1.3904" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  568.265419][ T5284] usb 3-1: Using ep0 maxpacket: 8
[  568.405971][ T5284] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  568.715247][ T5284] usb 3-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d
[  568.731900][ T5284] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105
[  568.752884][ T5284] usb 3-1: SerialNumber: syz
[  568.762431][T12799] loop4: detected capacity change from 0 to 512
[  568.771547][ T5284] usb 3-1: config 0 descriptor??
[  568.815495][ T5284] usb 3-1: Found UVC 0.00 device <unnamed> (05ac:8501)
[  568.822204][ T5284] uvcvideo 3-1:0.0: Entity type for entity Output 255 was not initialized!
[  568.831297][ T5284] usb 3-1: Failed to create links for entity 255
[  568.845161][ T5284] usb 3-1: Failed to register entities (-22).
[  568.858485][T12799] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue. Quota mode: writeback.
[  568.874364][T12799] ext4 filesystem being mounted at /48/bus supports timestamps until 2038 (0x7fffffff)
[  569.000864][T12807] netlink: 3 bytes leftover after parsing attributes in process `syz.4.3908'.
[  569.015674][T12757] FAULT_INJECTION: forcing a failure.
[  569.015674][T12757] name failslab, interval 1, probability 0, space 0, times 0
[  569.028214][T12757] CPU: 0 PID: 12757 Comm: syz.2.3892 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0
[  569.038001][T12757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  569.047895][T12757] Call Trace:
[  569.051017][T12757]  <TASK>
[  569.053795][T12757]  dump_stack_lvl+0x151/0x1b7
[  569.058307][T12757]  ? io_uring_drop_tctx_refs+0x190/0x190
[  569.063785][T12757]  dump_stack+0x15/0x17
[  569.067769][T12757]  should_fail+0x3c6/0x510
[  569.072024][T12757]  __should_failslab+0xa4/0xe0
[  569.076623][T12757]  should_failslab+0x9/0x20
[  569.080960][T12757]  slab_pre_alloc_hook+0x37/0xd0
[  569.085736][T12757]  __kmalloc+0x6d/0x270
[  569.089726][T12757]  ? kmem_cache_alloc_trace+0x115/0x210
[  569.095109][T12757]  ? alloc_pipe_info+0x204/0x4b0
[  569.099881][T12757]  alloc_pipe_info+0x204/0x4b0
[  569.104483][T12757]  splice_direct_to_actor+0xa15/0xbe0
[  569.109689][T12757]  ? kstrtol_from_user+0x310/0x310
[  569.114635][T12757]  ? avc_policy_seqno+0x1b/0x70
[  569.119324][T12757]  ? selinux_file_permission+0x2c4/0x570
[  569.124790][T12757]  ? do_splice_direct+0x3c0/0x3c0
[  569.129651][T12757]  ? fsnotify_perm+0x6a/0x5d0
[  569.134166][T12757]  ? pipe_to_sendpage+0x340/0x340
[  569.139025][T12757]  ? security_file_permission+0x86/0xb0
[  569.144408][T12757]  ? rw_verify_area+0xa7/0x1c0
[  569.149005][T12757]  do_splice_direct+0x27f/0x3c0
[  569.153697][T12757]  ? splice_direct_to_actor+0xbe0/0xbe0
[  569.159074][T12757]  ? fsnotify_perm+0x6a/0x5d0
[  569.163590][T12757]  ? security_file_permission+0x86/0xb0
[  569.168970][T12757]  do_sendfile+0x616/0xfe0
[  569.173223][T12757]  ? do_preadv+0x350/0x350
[  569.177472][T12757]  ? __kasan_check_write+0x14/0x20
[  569.182420][T12757]  ? fput_many+0x160/0x1b0
[  569.186675][T12757]  ? ksys_write+0x260/0x2c0
[  569.191016][T12757]  __x64_sys_sendfile64+0x1ce/0x230
[  569.196050][T12757]  ? __ia32_sys_sendfile+0x240/0x240
[  569.201170][T12757]  ? debug_smp_processor_id+0x17/0x20
[  569.206377][T12757]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  569.212277][T12757]  ? exit_to_user_mode_prepare+0x39/0xa0
[  569.217747][T12757]  do_syscall_64+0x3d/0xb0
[  569.222000][T12757]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  569.227727][T12757] RIP: 0033:0x7fc781025bd9
[  569.231983][T12757] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  569.251421][T12757] RSP: 002b:00007fc7802a7048 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  569.259665][T12757] RAX: ffffffffffffffda RBX: 00007fc7811b3f60 RCX: 00007fc781025bd9
[  569.267477][T12757] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 000000000000000a
[  569.275289][T12757] RBP: 00007fc7802a70a0 R08: 0000000000000000 R09: 0000000000000000
[  569.283101][T12757] R10: 0000000080000000 R11: 0000000000000246 R12: 0000000000000001
[  569.290913][T12757] R13: 000000000000004d R14: 00007fc7811b3f60 R15: 00007ffc75770fe8
[  569.298727][T12757]  </TASK>
[  569.305560][ T7452] Bluetooth: hci0: command 0x1009 tx timeout
[  569.390527][T12815] loop1: detected capacity change from 0 to 128
[  569.475606][ T5284] usb 3-1: USB disconnect, device number 70
[  570.258420][T12834] loop0: detected capacity change from 0 to 256
[  570.299623][T12834] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  570.343635][   T30] audit: type=1400 audit(2000000543.929:2283): avc:  denied  { setattr } for  pid=12833 comm="syz.0.3919" name="file0" dev="loop0" ino=1048780 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  570.371701][T12834] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  570.372277][T12844] loop1: detected capacity change from 0 to 512
[  570.386126][T12834] 9pnet: Insufficient options for proto=fd
[  570.413021][T12842] bridge0: port 1(bridge_slave_0) entered blocking state
[  570.419882][T12842] bridge0: port 1(bridge_slave_0) entered disabled state
[  570.428163][T12842] device bridge_slave_0 entered promiscuous mode
[  570.434773][T12842] bridge0: port 2(bridge_slave_1) entered blocking state
[  570.441729][T12842] bridge0: port 2(bridge_slave_1) entered disabled state
[  570.451984][T12842] device bridge_slave_1 entered promiscuous mode
[  570.459250][T12844] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue. Quota mode: writeback.
[  570.475094][T12844] ext4 filesystem being mounted at /47/bus supports timestamps until 2038 (0x7fffffff)
[  570.547747][T12842] bridge0: port 2(bridge_slave_1) entered blocking state
[  570.554612][T12842] bridge0: port 2(bridge_slave_1) entered forwarding state
[  570.561721][T12842] bridge0: port 1(bridge_slave_0) entered blocking state
[  570.568487][T12842] bridge0: port 1(bridge_slave_0) entered forwarding state
[  570.589557][ T7311] bridge0: port 1(bridge_slave_0) entered disabled state
[  570.596753][ T7311] bridge0: port 2(bridge_slave_1) entered disabled state
[  570.603891][ T7311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  570.611152][ T7311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  570.615048][T12857] netlink: 3 bytes leftover after parsing attributes in process `syz.1.3924'.
[  570.633476][ T7311] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  570.641612][ T7311] bridge0: port 1(bridge_slave_0) entered blocking state
[  570.648497][ T7311] bridge0: port 1(bridge_slave_0) entered forwarding state
[  570.665253][ T5284] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  570.673459][ T5284] bridge0: port 2(bridge_slave_1) entered blocking state
[  570.680318][ T5284] bridge0: port 2(bridge_slave_1) entered forwarding state
[  570.687874][ T5284] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  570.697079][ T5284] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  570.717632][ T7453] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  570.729788][ T7453] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  570.737962][ T7453] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  570.745964][ T7453] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  570.753586][T12842] device veth0_vlan entered promiscuous mode
[  570.769603][ T7453] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  570.779064][T12842] device veth1_macvtap entered promiscuous mode
[  570.789907][ T7453] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  570.803966][ T7453] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  570.852287][T12863] FAULT_INJECTION: forcing a failure.
[  570.852287][T12863] name failslab, interval 1, probability 0, space 0, times 0
[  570.865072][T12863] CPU: 0 PID: 12863 Comm: syz.2.3928 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0
[  570.874873][T12863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  570.884762][T12863] Call Trace:
[  570.887888][T12863]  <TASK>
[  570.890665][T12863]  dump_stack_lvl+0x151/0x1b7
[  570.895180][T12863]  ? io_uring_drop_tctx_refs+0x190/0x190
[  570.900646][T12863]  dump_stack+0x15/0x17
[  570.904640][T12863]  should_fail+0x3c6/0x510
[  570.908977][T12863]  __should_failslab+0xa4/0xe0
[  570.913578][T12863]  ? __alloc_skb+0xbe/0x550
[  570.917917][T12863]  should_failslab+0x9/0x20
[  570.922262][T12863]  slab_pre_alloc_hook+0x37/0xd0
[  570.927030][T12863]  ? __alloc_skb+0xbe/0x550
[  570.931369][T12863]  kmem_cache_alloc+0x44/0x200
[  570.935970][T12863]  ? ip_skb_dst_mtu+0x630/0x630
[  570.940656][T12863]  __alloc_skb+0xbe/0x550
[  570.944831][T12863]  __ip_append_data+0x2453/0x3730
[  570.949688][T12863]  ? ip_skb_dst_mtu+0x630/0x630
[  570.954371][T12863]  ? ip_setup_cork+0x8d0/0x8d0
[  570.958973][T12863]  ? lock_sock_nested+0x266/0x300
[  570.963833][T12863]  ip_append_data+0x120/0x190
[  570.968344][T12863]  ? ip_skb_dst_mtu+0x630/0x630
[  570.973028][T12863]  udp_sendmsg+0x594/0x2aa0
[  570.977370][T12863]  ? avc_denied+0x1b0/0x1b0
[  570.981709][T12863]  ? ip_skb_dst_mtu+0x630/0x630
[  570.986396][T12863]  ? avc_has_perm+0x16f/0x260
[  570.990915][T12863]  ? udp_cmsg_send+0x3a0/0x3a0
[  570.995513][T12863]  ? proc_fail_nth_write+0x20b/0x290
[  571.000630][T12863]  ? inet_send_prepare+0x5e/0x4a0
[  571.005489][T12863]  inet_sendmsg+0xa1/0xc0
[  571.009740][T12863]  ? inet_send_prepare+0x4a0/0x4a0
[  571.014690][T12863]  __sys_sendto+0x564/0x720
[  571.019030][T12863]  ? __ia32_sys_getpeername+0x90/0x90
[  571.024234][T12863]  ? mutex_unlock+0xb2/0x260
[  571.028663][T12863]  ? fput_many+0x160/0x1b0
[  571.032917][T12863]  ? debug_smp_processor_id+0x17/0x20
[  571.038123][T12863]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  571.044025][T12863]  __x64_sys_sendto+0xe5/0x100
[  571.048625][T12863]  do_syscall_64+0x3d/0xb0
[  571.052877][T12863]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  571.058605][T12863] RIP: 0033:0x7fc0a9697bd9
[  571.062860][T12863] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  571.082300][T12863] RSP: 002b:00007fc0a8919048 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  571.090546][T12863] RAX: ffffffffffffffda RBX: 00007fc0a9825f60 RCX: 00007fc0a9697bd9
[  571.098356][T12863] RDX: 0000000000006200 RSI: 0000000020000c80 RDI: 0000000000000005
[  571.106170][T12863] RBP: 00007fc0a89190a0 R08: 0000000000000000 R09: 0000000000000000
[  571.113984][T12863] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  571.121794][T12863] R13: 000000000000000b R14: 00007fc0a9825f60 R15: 00007ffda49884b8
[  571.129614][T12863]  </TASK>
[  571.483703][ T2437] usb 5-1: new high-speed USB device number 61 using dummy_hcd
[  571.566349][  T663] device bridge_slave_1 left promiscuous mode
[  571.572362][  T663] bridge0: port 2(bridge_slave_1) entered disabled state
[  571.594918][  T663] device bridge_slave_0 left promiscuous mode
[  571.607677][T12878] FAULT_INJECTION: forcing a failure.
[  571.607677][T12878] name failslab, interval 1, probability 0, space 0, times 0
[  571.620384][  T663] bridge0: port 1(bridge_slave_0) entered disabled state
[  571.628748][  T663] device veth1_macvtap left promiscuous mode
[  571.641382][  T663] device veth0_vlan left promiscuous mode
[  571.671456][T12878] CPU: 1 PID: 12878 Comm: syz.1.3932 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0
[  571.681260][T12878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  571.691156][T12878] Call Trace:
[  571.694279][T12878]  <TASK>
[  571.697059][T12878]  dump_stack_lvl+0x151/0x1b7
[  571.701570][T12878]  ? io_uring_drop_tctx_refs+0x190/0x190
[  571.707187][T12878]  dump_stack+0x15/0x17
[  571.711174][T12878]  should_fail+0x3c6/0x510
[  571.715426][T12878]  __should_failslab+0xa4/0xe0
[  571.720025][T12878]  ? new_inode_pseudo+0x7c/0x220
[  571.724800][T12878]  should_failslab+0x9/0x20
[  571.729139][T12878]  slab_pre_alloc_hook+0x37/0xd0
[  571.733911][T12878]  ? new_inode_pseudo+0x7c/0x220
[  571.738686][T12878]  kmem_cache_alloc+0x44/0x200
[  571.743284][T12878]  ? strncpy_from_user+0x2b6/0x2d0
[  571.748353][T12878]  new_inode_pseudo+0x7c/0x220
[  571.752952][T12878]  create_pipe_files+0x4f/0x6e0
[  571.757637][T12878]  ? bpf_probe_read_compat_str+0x15c/0x180
[  571.763279][T12878]  __do_pipe_flags+0x4c/0x210
[  571.767792][T12878]  do_pipe2+0xd0/0x300
[  571.771696][T12878]  ? pipe_fcntl+0x530/0x530
[  571.776040][T12878]  ? __bpf_trace_sys_enter+0x62/0x70
[  571.781156][T12878]  __x64_sys_pipe2+0x5a/0x70
[  571.785584][T12878]  do_syscall_64+0x3d/0xb0
[  571.789836][T12878]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  571.795564][T12878] RIP: 0033:0x7f8422ab1bd9
[  571.799818][T12878] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  571.819261][T12878] RSP: 002b:00007f8421cf1048 EFLAGS: 00000246 ORIG_RAX: 0000000000000125
[  571.827506][T12878] RAX: ffffffffffffffda RBX: 00007f8422c40110 RCX: 00007f8422ab1bd9
[  571.835314][T12878] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  571.843129][T12878] RBP: 00007f8421cf10a0 R08: 0000000000000000 R09: 0000000000000000
[  571.850939][T12878] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  571.858751][T12878] R13: 000000000000006e R14: 00007f8422c40110 R15: 00007ffe4b8fe6c8
[  571.866567][T12878]  </TASK>
[  572.047309][ T2437] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  572.098966][ T2437] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  572.133660][ T2437] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  572.170907][ T2437] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  572.187939][ T2437] usb 5-1: config 0 descriptor??
[  572.277578][T12896] FAULT_INJECTION: forcing a failure.
[  572.277578][T12896] name failslab, interval 1, probability 0, space 0, times 0
[  572.290400][T12896] CPU: 0 PID: 12896 Comm: syz.0.3941 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0
[  572.300188][T12896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  572.310084][T12896] Call Trace:
[  572.313207][T12896]  <TASK>
[  572.315985][T12896]  dump_stack_lvl+0x151/0x1b7
[  572.320497][T12896]  ? io_uring_drop_tctx_refs+0x190/0x190
[  572.325964][T12896]  dump_stack+0x15/0x17
[  572.329954][T12896]  should_fail+0x3c6/0x510
[  572.334206][T12896]  __should_failslab+0xa4/0xe0
[  572.338807][T12896]  ? getname_flags+0xba/0x520
[  572.343319][T12896]  should_failslab+0x9/0x20
[  572.347660][T12896]  slab_pre_alloc_hook+0x37/0xd0
[  572.352431][T12896]  ? getname_flags+0xba/0x520
[  572.356949][T12896]  kmem_cache_alloc+0x44/0x200
[  572.361546][T12896]  getname_flags+0xba/0x520
[  572.365886][T12896]  user_path_at_empty+0x2d/0x1a0
[  572.370661][T12896]  path_getxattr+0xac/0x240
[  572.375001][T12896]  ? fput+0x1a/0x20
[  572.378646][T12896]  ? bpf_trace_run1+0x1c0/0x1c0
[  572.383334][T12896]  ? setxattr+0x2e0/0x2e0
[  572.387500][T12896]  ? __bpf_trace_sys_enter+0x62/0x70
[  572.392619][T12896]  __x64_sys_lgetxattr+0x9e/0xb0
[  572.397394][T12896]  do_syscall_64+0x3d/0xb0
[  572.401647][T12896]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  572.407374][T12896] RIP: 0033:0x7efed3062bd9
[  572.411628][T12896] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  572.431068][T12896] RSP: 002b:00007efed22e4048 EFLAGS: 00000246 ORIG_RAX: 00000000000000c0
[  572.439315][T12896] RAX: ffffffffffffffda RBX: 00007efed31f0f60 RCX: 00007efed3062bd9
[  572.447126][T12896] RDX: 0000000000000000 RSI: 0000000020000480 RDI: 00000000200001c0
[  572.454936][T12896] RBP: 00007efed22e40a0 R08: 0000000000000000 R09: 0000000000000000
[  572.462752][T12896] R10: 00000000000000f9 R11: 0000000000000246 R12: 0000000000000001
[  572.470558][T12896] R13: 000000000000004d R14: 00007efed31f0f60 R15: 00007ffd7acaa468
[  572.478378][T12896]  </TASK>
[  572.533154][T12894] fuse: Unknown parameter 'group_i00000000000000000000'
[  572.671610][   T30] audit: type=1400 audit(2000000546.259:2284): avc:  denied  { audit_write } for  pid=12922 comm="syz.0.3953" capability=29  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  572.675379][ T2437] hid (null): bogus close delimiter
[  572.692853][   T30] audit: type=1107 audit(2000000546.259:2285): pid=12922 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg=''
[  572.795194][ T5284] usb 2-1: new high-speed USB device number 71 using dummy_hcd
[  572.875208][ T7453] usb 3-1: new high-speed USB device number 71 using dummy_hcd
[  572.895190][ T2437] usb 5-1: language id specifier not provided by device, defaulting to English
[  573.115183][ T7453] usb 3-1: Using ep0 maxpacket: 32
[  573.155205][ T5284] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  573.165980][ T5284] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  573.175452][ T5284] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  573.188105][ T5284] usb 2-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.10
[  573.196887][ T5284] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  573.205564][ T5284] usb 2-1: config 0 descriptor??
[  573.245214][ T7453] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  573.256464][ T7453] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  573.266111][ T7453] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  573.274964][ T7453] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  573.315952][ T7453] hub 3-1:4.0: USB hub found
[  573.326641][ T2437] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.0084/input/input76
[  573.344002][ T2437] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.0084/input/input77
[  573.358643][ T2437] uclogic 0003:256C:006D.0084: input,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.4-1/input0
[  573.443705][T12930] bridge0: port 1(bridge_slave_0) entered blocking state
[  573.450686][T12930] bridge0: port 1(bridge_slave_0) entered disabled state
[  573.457962][T12930] device bridge_slave_0 entered promiscuous mode
[  573.468009][T12930] bridge0: port 2(bridge_slave_1) entered blocking state
[  573.474838][T12930] bridge0: port 2(bridge_slave_1) entered disabled state
[  573.482168][T12930] device bridge_slave_1 entered promiscuous mode
[  573.521771][T12930] bridge0: port 2(bridge_slave_1) entered blocking state
[  573.528611][T12930] bridge0: port 2(bridge_slave_1) entered forwarding state
[  573.535200][ T7453] hub 3-1:4.0: 2 ports detected
[  573.535715][T12930] bridge0: port 1(bridge_slave_0) entered blocking state
[  573.547187][T12930] bridge0: port 1(bridge_slave_0) entered forwarding state
[  573.547873][T12866] loop4: detected capacity change from 0 to 256
[  573.573430][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  573.581301][    T6] bridge0: port 1(bridge_slave_0) entered disabled state
[  573.588657][    T6] bridge0: port 2(bridge_slave_1) entered disabled state
[  573.608288][T12866] exfat: Deprecated parameter 'namecase'
[  573.613785][T12866] exfat: Deprecated parameter 'utf8'
[  573.614416][T12930] device veth0_vlan entered promiscuous mode
[  573.635300][  T322] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  573.643443][  T322] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  573.651208][  T322] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  573.658457][  T322] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  573.665738][  T322] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  573.673662][  T322] bridge0: port 1(bridge_slave_0) entered blocking state
[  573.677443][T12866] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  573.680501][  T322] bridge0: port 1(bridge_slave_0) entered forwarding state
[  573.700462][ T5284] prodikeys 0003:041E:2801.0085: unexpected long global item
[  573.708352][ T5284] prodikeys 0003:041E:2801.0085: hid parse failed
[  573.714730][  T322] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  573.722620][ T5284] prodikeys: probe of 0003:041E:2801.0085 failed with error -22
[  573.730302][  T322] bridge0: port 2(bridge_slave_1) entered blocking state
[  573.736735][ T7170] usb 5-1: USB disconnect, device number 61
[  573.737159][  T322] bridge0: port 2(bridge_slave_1) entered forwarding state
[  573.750481][  T322] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  573.758389][  T322] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  573.777228][T12930] device veth1_macvtap entered promiscuous mode
[  573.783984][  T322] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  573.797174][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  573.808707][ T7452] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  573.843410][T12939] FAULT_INJECTION: forcing a failure.
[  573.843410][T12939] name failslab, interval 1, probability 0, space 0, times 0
[  573.856174][T12939] CPU: 0 PID: 12939 Comm: syz.0.3958 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0
[  573.865963][T12939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  573.875858][T12939] Call Trace:
[  573.878981][T12939]  <TASK>
[  573.881758][T12939]  dump_stack_lvl+0x151/0x1b7
[  573.886272][T12939]  ? io_uring_drop_tctx_refs+0x190/0x190
[  573.891742][T12939]  dump_stack+0x15/0x17
[  573.895731][T12939]  should_fail+0x3c6/0x510
[  573.899985][T12939]  __should_failslab+0xa4/0xe0
[  573.904588][T12939]  ? fuse_get_req+0x3d2/0xae0
[  573.909097][T12939]  should_failslab+0x9/0x20
[  573.913437][T12939]  slab_pre_alloc_hook+0x37/0xd0
[  573.918213][T12939]  ? fuse_get_req+0x3d2/0xae0
[  573.922724][T12939]  kmem_cache_alloc+0x44/0x200
[  573.927332][T12939]  fuse_get_req+0x3d2/0xae0
[  573.931674][T12939]  ? _raw_spin_unlock_irqrestore+0x5c/0x80
[  573.937309][T12939]  ? fuse_simple_request+0x1a20/0x1a20
[  573.942600][T12939]  ? io_schedule+0x120/0x120
[  573.947026][T12939]  ? fuse_alloc_forget+0x46/0x50
[  573.951801][T12939]  ? fuse_lookup_name+0x179/0xac0
[  573.956666][T12939]  ? fuse_lookup+0x2da/0x27c0
[  573.961172][T12939]  ? lookup_one_qstr_excl+0x143/0x290
[  573.966382][T12939]  ? filename_create+0x28e/0x530
[  573.971155][T12939]  ? do_mknodat+0x1a4/0x5c0
[  573.975495][T12939]  ? __x64_sys_mknod+0x8e/0xa0
[  573.980094][T12939]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  573.985998][T12939]  fuse_simple_request+0x124/0x1a20
[  573.991037][T12939]  ? fuse_put_request+0x2d0/0x2d0
[  573.995894][T12939]  ? __kasan_kmalloc+0x9/0x10
[  574.000403][T12939]  ? kmem_cache_alloc_trace+0x115/0x210
[  574.005786][T12939]  ? fuse_alloc_forget+0x46/0x50
[  574.010560][T12939]  fuse_lookup_name+0x3ed/0xac0
[  574.015247][T12939]  ? fuse_invalid_attr+0x110/0x110
[  574.020194][T12939]  ? wait_for_completion_killable_timeout+0x10/0x10
[  574.026617][T12939]  ? is_bpf_text_address+0x172/0x190
[  574.031739][T12939]  fuse_lookup+0x2da/0x27c0
[  574.036079][T12939]  ? __kasan_check_write+0x14/0x20
[  574.041027][T12939]  ? fuse_perm_getattr+0x60/0x60
[  574.045797][T12939]  ? stack_trace_save+0x113/0x1c0
[  574.050657][T12939]  ? __stack_depot_save+0x40d/0x470
[  574.055706][T12939]  ? __kasan_check_write+0x14/0x20
[  574.060638][T12939]  ? _raw_spin_lock+0xa4/0x1b0
[  574.065241][T12939]  ? _raw_spin_trylock_bh+0x190/0x190
[  574.070447][T12939]  ? fuse_dentry_init+0x4f/0x90
[  574.075140][T12939]  ? __d_alloc+0x502/0x6c0
[  574.079387][T12939]  ? _raw_spin_unlock+0x4d/0x70
[  574.084072][T12939]  ? d_alloc+0x199/0x1d0
[  574.088152][T12939]  lookup_one_qstr_excl+0x143/0x290
[  574.093188][T12939]  filename_create+0x28e/0x530
[  574.097786][T12939]  ? kern_path_create+0x1a0/0x1a0
[  574.102647][T12939]  do_mknodat+0x1a4/0x5c0
[  574.106814][T12939]  ? may_open+0x440/0x440
[  574.110980][T12939]  __x64_sys_mknod+0x8e/0xa0
[  574.115406][T12939]  do_syscall_64+0x3d/0xb0
[  574.119657][T12939]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  574.125387][T12939] RIP: 0033:0x7efed3062bd9
[  574.129640][T12939] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  574.149080][T12939] RSP: 002b:00007efed22e4048 EFLAGS: 00000246 ORIG_RAX: 0000000000000085
[  574.157325][T12939] RAX: ffffffffffffffda RBX: 00007efed31f0f60 RCX: 00007efed3062bd9
[  574.165139][T12939] RDX: 0000000000000700 RSI: 0000000000002002 RDI: 00000000200002c0
[  574.172949][T12939] RBP: 00007efed22e40a0 R08: 0000000000000000 R09: 0000000000000000
[  574.180761][T12939] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  574.188573][T12939] R13: 000000000000004d R14: 00007efed31f0f60 R15: 00007ffd7acaa468
[  574.196385][T12939]  </TASK>
[  574.211394][ T7452] usb 2-1: USB disconnect, device number 71
[  574.375603][ T6760] device bridge_slave_1 left promiscuous mode
[  574.381652][ T6760] bridge0: port 2(bridge_slave_1) entered disabled state
[  574.388922][ T6760] device bridge_slave_0 left promiscuous mode
[  574.394863][ T6760] bridge0: port 1(bridge_slave_0) entered disabled state
[  574.402488][ T6760] device veth1_macvtap left promiscuous mode
[  574.408315][ T6760] device veth0_vlan left promiscuous mode
[  574.626522][T12966] loop0: detected capacity change from 0 to 512
[  574.780220][T12966] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue. Quota mode: writeback.
[  574.798739][T12966] ext4 filesystem being mounted at /76/bus supports timestamps until 2038 (0x7fffffff)
[  574.816151][T12976] loop1: detected capacity change from 0 to 128
[  574.831320][T12979] FAULT_INJECTION: forcing a failure.
[  574.831320][T12979] name failslab, interval 1, probability 0, space 0, times 0
[  574.844571][T12979] CPU: 1 PID: 12979 Comm: syz.3.3970 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0
[  574.854355][T12979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  574.864250][T12979] Call Trace:
[  574.867374][T12979]  <TASK>
[  574.870153][T12979]  dump_stack_lvl+0x151/0x1b7
[  574.874665][T12979]  ? io_uring_drop_tctx_refs+0x190/0x190
[  574.880134][T12979]  dump_stack+0x15/0x17
[  574.884124][T12979]  should_fail+0x3c6/0x510
[  574.888383][T12979]  __should_failslab+0xa4/0xe0
[  574.892979][T12979]  ? getname_flags+0xba/0x520
[  574.897499][T12979]  should_failslab+0x9/0x20
[  574.901924][T12979]  slab_pre_alloc_hook+0x37/0xd0
[  574.906700][T12979]  ? getname_flags+0xba/0x520
[  574.911212][T12979]  kmem_cache_alloc+0x44/0x200
[  574.915815][T12979]  getname_flags+0xba/0x520
[  574.920151][T12979]  user_path_at_empty+0x2d/0x1a0
[  574.925059][T12979]  __se_sys_mount+0x285/0x3b0
[  574.928203][T12981] netlink: 3 bytes leftover after parsing attributes in process `syz.0.3966'.
[  574.929567][T12979]  ? fput+0x1a/0x20
[  574.929590][T12979]  ? __x64_sys_mount+0xd0/0xd0
[  574.946581][T12979]  ? debug_smp_processor_id+0x17/0x20
[  574.951788][T12979]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  574.957690][T12979]  __x64_sys_mount+0xbf/0xd0
[  574.962119][T12979]  do_syscall_64+0x3d/0xb0
[  574.966368][T12979]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  574.972096][T12979] RIP: 0033:0x7f8fcf766bd9
[  574.976351][T12979] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  574.995791][T12979] RSP: 002b:00007f8fce9e8048 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  575.004035][T12979] RAX: ffffffffffffffda RBX: 00007f8fcf8f4f60 RCX: 00007f8fcf766bd9
[  575.011852][T12979] RDX: 0000000020000040 RSI: 0000000020000000 RDI: 0000000000000000
[  575.019664][T12979] RBP: 00007f8fce9e80a0 R08: 0000000020000540 R09: 0000000000000000
[  575.027470][T12979] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  575.035280][T12979] R13: 000000000000000b R14: 00007f8fcf8f4f60 R15: 00007fffdf4be9b8
[  575.043096][T12979]  </TASK>
[  575.206543][  T322] usb 3-1: USB disconnect, device number 71
[  575.225268][ T7453] hub 3-1:4.0: hub_ext_port_status failed (err = -71)
[  575.465710][ T7170] usb 4-1: new high-speed USB device number 66 using dummy_hcd
[  575.515941][T12995] loop4: detected capacity change from 0 to 2048
[  575.526506][T12995] EXT4-fs (loop4): Ignoring removed orlov option
[  575.547495][T12995] EXT4-fs (loop4): mounted filesystem without journal. Opts: orlov,errors=remount-ro,. Quota mode: none.
[  575.714285][T13021] FAULT_INJECTION: forcing a failure.
[  575.714285][T13021] name failslab, interval 1, probability 0, space 0, times 0
[  575.726903][T13021] CPU: 0 PID: 13021 Comm: syz.4.3985 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0
[  575.736696][T13021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  575.746591][T13021] Call Trace:
[  575.749712][T13021]  <TASK>
[  575.752493][T13021]  dump_stack_lvl+0x151/0x1b7
[  575.757005][T13021]  ? io_uring_drop_tctx_refs+0x190/0x190
[  575.762475][T13021]  ? avc_has_perm_noaudit+0x2dd/0x430
[  575.767677][T13021]  ? avc_has_perm_noaudit+0x348/0x430
[  575.772883][T13021]  dump_stack+0x15/0x17
[  575.776877][T13021]  should_fail+0x3c6/0x510
[  575.781132][T13021]  __should_failslab+0xa4/0xe0
[  575.785730][T13021]  ? __alloc_skb+0xbe/0x550
[  575.790068][T13021]  should_failslab+0x9/0x20
[  575.794408][T13021]  slab_pre_alloc_hook+0x37/0xd0
[  575.799183][T13021]  ? __alloc_skb+0xbe/0x550
[  575.803523][T13021]  kmem_cache_alloc+0x44/0x200
[  575.808123][T13021]  __alloc_skb+0xbe/0x550
[  575.812289][T13021]  pfkey_sendmsg+0x1c6/0xfb0
[  575.816716][T13021]  ? avc_has_perm_noaudit+0x430/0x430
[  575.821923][T13021]  ? pfkey_release+0x340/0x340
[  575.826522][T13021]  ? selinux_socket_sendmsg+0x243/0x340
[  575.831913][T13021]  ? stack_trace_save+0x1c0/0x1c0
[  575.836766][T13021]  ? selinux_socket_accept+0x5b0/0x5b0
[  575.842058][T13021]  ? arch_stack_walk+0xf3/0x140
[  575.846746][T13021]  ? bsearch+0x96/0xc0
[  575.850655][T13021]  ? search_extable+0xf0/0xf0
[  575.855163][T13021]  ? strncpy_from_user+0x209/0x2d0
[  575.860111][T13021]  ? check_stack_object+0x114/0x130
[  575.865148][T13021]  ? security_socket_sendmsg+0x82/0xb0
[  575.870439][T13021]  ? pfkey_release+0x340/0x340
[  575.875039][T13021]  ____sys_sendmsg+0x59e/0x8f0
[  575.879640][T13021]  ? __sys_sendmsg_sock+0x40/0x40
[  575.884500][T13021]  ? import_iovec+0xe5/0x120
[  575.888927][T13021]  ___sys_sendmsg+0x252/0x2e0
[  575.893440][T13021]  ? __sys_sendmsg+0x260/0x260
[  575.898041][T13021]  ? exc_page_fault+0x47a/0x830
[  575.902731][T13021]  ? __fdget+0x1bc/0x240
[  575.906807][T13021]  __sys_sendmmsg+0x2bf/0x530
[  575.911329][T13021]  ? __ia32_sys_sendmsg+0x90/0x90
[  575.916187][T13021]  ? __bpf_trace_sys_enter+0x62/0x70
[  575.921304][T13021]  __x64_sys_sendmmsg+0xa0/0xb0
[  575.925992][T13021]  do_syscall_64+0x3d/0xb0
[  575.930241][T13021]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  575.935970][T13021] RIP: 0033:0x7f4b38ee9bd9
[  575.940221][T13021] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  575.959663][T13021] RSP: 002b:00007f4b3816b048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  575.967908][T13021] RAX: ffffffffffffffda RBX: 00007f4b39077f60 RCX: 00007f4b38ee9bd9
[  575.975721][T13021] RDX: 00000000000002c8 RSI: 00000000200000c0 RDI: 0000000000000006
[  575.983530][T13021] RBP: 00007f4b3816b0a0 R08: 0000000000000000 R09: 0000000000000000
[  575.991342][T13021] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  575.999154][T13021] R13: 000000000000004d R14: 00007f4b39077f60 R15: 00007fffb01f1da8
[  576.006971][T13021]  </TASK>
[  576.105759][ T7170] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  576.126906][ T7170] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  576.137980][ T7170] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  576.147379][ T7170] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  576.170612][ T7170] usb 4-1: config 0 descriptor??
[  576.202106][T13033] bridge0: port 1(bridge_slave_0) entered blocking state
[  576.209298][T13033] bridge0: port 1(bridge_slave_0) entered disabled state
[  576.225293][T13033] device bridge_slave_0 entered promiscuous mode
[  576.233022][T13033] bridge0: port 2(bridge_slave_1) entered blocking state
[  576.245150][T13033] bridge0: port 2(bridge_slave_1) entered disabled state
[  576.252229][T13033] device bridge_slave_1 entered promiscuous mode
[  576.301198][T13033] bridge0: port 2(bridge_slave_1) entered blocking state
[  576.308047][T13033] bridge0: port 2(bridge_slave_1) entered forwarding state
[  576.315138][T13033] bridge0: port 1(bridge_slave_0) entered blocking state
[  576.321923][T13033] bridge0: port 1(bridge_slave_0) entered forwarding state
[  576.342172][ T7453] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  576.349832][ T7453] bridge0: port 1(bridge_slave_0) entered disabled state
[  576.356977][ T7453] bridge0: port 2(bridge_slave_1) entered disabled state
[  576.365737][ T2437] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  576.373704][ T2437] bridge0: port 1(bridge_slave_0) entered blocking state
[  576.380547][ T2437] bridge0: port 1(bridge_slave_0) entered forwarding state
[  576.395080][  T322] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  576.405993][  T322] bridge0: port 2(bridge_slave_1) entered blocking state
[  576.412856][  T322] bridge0: port 2(bridge_slave_1) entered forwarding state
[  576.420496][T13046] loop0: detected capacity change from 0 to 128
[  576.444906][  T322] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  576.465033][  T322] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  576.479201][T13033] device veth0_vlan entered promiscuous mode
[  576.487054][ T7453] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  576.497653][ T7453] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  576.505774][ T7453] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  576.512899][ T7453] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  576.526229][ T2437] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  576.535018][T13033] device veth1_macvtap entered promiscuous mode
[  576.547415][ T7452] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  576.556462][ T7452] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  576.776470][ T7170] hid (null): bogus close delimiter
[  577.012152][ T7170] usb 4-1: language id specifier not provided by device, defaulting to English
[  577.303602][T13071] loop4: detected capacity change from 0 to 512
[  577.339058][T13075] loop0: detected capacity change from 0 to 512
[  577.363946][T13071] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  577.374971][T13071] ext4 filesystem being mounted at /71/file0 supports timestamps until 2038 (0x7fffffff)
[  577.407432][T13075] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.4001: invalid indirect mapped block 256 (level 2)
[  577.420929][T13075] EXT4-fs (loop0): 2 truncates cleaned up
[  577.426837][T13075] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  577.456580][ T7170] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.0086/input/input78
[  577.487304][   T10] device bridge_slave_1 left promiscuous mode
[  577.496987][   T10] bridge0: port 2(bridge_slave_1) entered disabled state
[  577.504145][ T7170] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.0086/input/input79
[  577.519912][ T7170] uclogic 0003:256C:006D.0086: input,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.3-1/input0
[  577.533525][   T10] device bridge_slave_0 left promiscuous mode
[  577.545021][   T10] bridge0: port 1(bridge_slave_0) entered disabled state
[  577.574422][   T10] device veth1_macvtap left promiscuous mode
[  577.582352][   T10] device veth0_vlan left promiscuous mode
[  577.742294][T13085] loop1: detected capacity change from 0 to 2048
[  577.787917][T12989] loop3: detected capacity change from 0 to 256
[  577.805433][T12989] exfat: Deprecated parameter 'namecase'
[  577.812921][T12989] exfat: Deprecated parameter 'utf8'
[  577.836127][T13085] EXT4-fs (loop1): couldn't mount as ext2 due to feature incompatibilities
[  577.852257][T12989] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  578.009242][   T30] audit: type=1326 audit(2000000551.599:2286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13089 comm="syz.4.4004" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4b38ee9bd9 code=0x0
[  578.058654][ T7452] usb 4-1: USB disconnect, device number 66
[  578.075171][  T322] usb 3-1: new high-speed USB device number 72 using dummy_hcd
[  578.275206][ T2437] usb 2-1: new high-speed USB device number 72 using dummy_hcd
[  578.435268][  T322] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  578.446055][  T322] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  578.455555][  T322] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  578.468146][  T322] usb 3-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.10
[  578.476959][  T322] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  578.485364][  T322] usb 3-1: config 0 descriptor??
[  578.545200][ T2437] usb 2-1: Using ep0 maxpacket: 16
[  578.685213][ T2437] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  578.700149][T13109] loop4: detected capacity change from 0 to 128
[  578.706295][ T2437] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  578.728708][ T2437] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  578.729571][T13111] loop3: detected capacity change from 0 to 512
[  578.737610][ T2437] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  578.751912][ T2437] usb 2-1: config 0 descriptor??
[  578.830513][T13117] FAULT_INJECTION: forcing a failure.
[  578.830513][T13117] name failslab, interval 1, probability 0, space 0, times 0
[  578.849098][T13117] CPU: 0 PID: 13117 Comm: syz.0.4015 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0
[  578.858887][T13117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  578.868783][T13117] Call Trace:
[  578.871905][T13117]  <TASK>
[  578.874682][T13117]  dump_stack_lvl+0x151/0x1b7
[  578.879196][T13117]  ? io_uring_drop_tctx_refs+0x190/0x190
[  578.884667][T13117]  ? avc_has_perm_noaudit+0x2dd/0x430
[  578.889871][T13117]  dump_stack+0x15/0x17
[  578.893865][T13117]  should_fail+0x3c6/0x510
[  578.898116][T13117]  __should_failslab+0xa4/0xe0
[  578.902717][T13117]  ? xfrm_state_alloc+0x26/0x2d0
[  578.907498][T13117]  should_failslab+0x9/0x20
[  578.909008][T13111] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.4012: invalid indirect mapped block 256 (level 2)
[  578.911832][T13117]  slab_pre_alloc_hook+0x37/0xd0
[  578.925507][T13111] EXT4-fs (loop3): 2 truncates cleaned up
[  578.929711][T13117]  ? xfrm_state_alloc+0x26/0x2d0
[  578.935281][T13111] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  578.940037][T13117]  kmem_cache_alloc+0x44/0x200
[  578.955405][T13117]  xfrm_state_alloc+0x26/0x2d0
[  578.960003][T13117]  xfrm_add_sa+0xf8f/0x3460
[  578.964344][T13117]  ? __nla_validate+0x50/0x50
[  578.968860][T13117]  ? xfrm_user_rcv_msg+0x7d0/0x7d0
[  578.973803][T13117]  xfrm_user_rcv_msg+0x4f3/0x7d0
[  578.978575][T13117]  ? xfrm_netlink_rcv+0x90/0x90
[  578.983263][T13117]  ? avc_has_perm+0x16f/0x260
[  578.987772][T13117]  ? ____kasan_kmalloc+0xed/0x110
[  578.992633][T13117]  ? avc_has_perm_noaudit+0x430/0x430
[  578.997842][T13117]  ? do_syscall_64+0x3d/0xb0
[  579.002269][T13117]  netlink_rcv_skb+0x1cf/0x410
[  579.006871][T13117]  ? xfrm_netlink_rcv+0x90/0x90
[  579.011555][T13117]  ? netlink_ack+0xb10/0xb10
[  579.015981][T13117]  ? mutex_lock+0xb6/0x1e0
[  579.020234][T13117]  ? wait_for_completion_killable_timeout+0x10/0x10
[  579.026658][T13117]  ? __netlink_lookup+0x37b/0x3a0
[  579.031517][T13117]  xfrm_netlink_rcv+0x72/0x90
[  579.036032][T13117]  netlink_unicast+0x8df/0xac0
[  579.040630][T13117]  ? netlink_detachskb+0x90/0x90
[  579.045409][T13117]  ? security_netlink_send+0x7b/0xa0
[  579.050532][T13117]  netlink_sendmsg+0xa0a/0xd20
[  579.055131][T13117]  ? netlink_getsockopt+0x560/0x560
[  579.060161][T13117]  ? kasan_set_track+0x5d/0x70
[  579.064759][T13117]  ? security_socket_sendmsg+0x82/0xb0
[  579.070058][T13117]  ? netlink_getsockopt+0x560/0x560
[  579.075087][T13117]  ____sys_sendmsg+0x59e/0x8f0
[  579.079689][T13117]  ? __sys_sendmsg_sock+0x40/0x40
[  579.084548][T13117]  ? import_iovec+0xe5/0x120
[  579.088975][T13117]  ___sys_sendmsg+0x252/0x2e0
[  579.093489][T13117]  ? __sys_sendmsg+0x260/0x260
[  579.098095][T13117]  ? __fdget+0x1bc/0x240
[  579.102167][T13117]  __se_sys_sendmsg+0x19a/0x260
[  579.106855][T13117]  ? __x64_sys_sendmsg+0x90/0x90
[  579.111632][T13117]  ? ksys_write+0x260/0x2c0
[  579.115970][T13117]  ? debug_smp_processor_id+0x17/0x20
[  579.121174][T13117]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  579.127076][T13117]  __x64_sys_sendmsg+0x7b/0x90
[  579.131676][T13117]  do_syscall_64+0x3d/0xb0
[  579.135931][T13117]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  579.141658][T13117] RIP: 0033:0x7efed3062bd9
[  579.145911][T13117] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  579.165354][T13117] RSP: 002b:00007efed22e4048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  579.173597][T13117] RAX: ffffffffffffffda RBX: 00007efed31f0f60 RCX: 00007efed3062bd9
[  579.181496][T13117] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000004
[  579.189307][T13117] RBP: 00007efed22e40a0 R08: 0000000000000000 R09: 0000000000000000
[  579.197118][T13117] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  579.204929][T13117] R13: 000000000000004d R14: 00007efed31f0f60 R15: 00007ffd7acaa468
[  579.212745][T13117]  </TASK>
[  579.462918][ T2437] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0087/input/input80
[  579.475980][  T322] prodikeys 0003:041E:2801.0088: unexpected long global item
[  579.484808][  T322] prodikeys 0003:041E:2801.0088: hid parse failed
[  579.502889][  T322] prodikeys: probe of 0003:041E:2801.0088 failed with error -22
[  579.546338][ T2437] microsoft 0003:045E:07DA.0087: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[  580.436759][  T322] usb 2-1: USB disconnect, device number 72
[  580.442576][    T6] usb 3-1: USB disconnect, device number 72
[  581.055190][   T30] audit: type=1326 audit(2000000554.629:2287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13144 comm="syz.0.4023" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efed3062bd9 code=0x0
[  581.396235][T13164] loop1: detected capacity change from 0 to 128
[  581.404957][   T30] audit: type=1400 audit(2000000554.989:2288): avc:  denied  { ioctl } for  pid=13163 comm="syz.2.4028" path="socket:[80480]" dev="sockfs" ino=80480 ioctlcmd=0x8922 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  581.446903][T13159] loop4: detected capacity change from 0 to 4096
[  581.491542][T13159] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  582.185757][T13182] loop2: detected capacity change from 0 to 128
[  582.365611][T13193] loop1: detected capacity change from 0 to 2048
[  582.467199][T13193] EXT4-fs (loop1): couldn't mount as ext2 due to feature incompatibilities
[  582.479374][T13204] loop0: detected capacity change from 0 to 4096
[  582.527188][T13204] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  582.945182][ T2437] usb 2-1: new high-speed USB device number 73 using dummy_hcd
[  583.215138][ T2437] usb 2-1: Using ep0 maxpacket: 16
[  583.335215][ T2437] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  583.345961][ T2437] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  583.358553][ T2437] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  583.367370][ T2437] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  583.376010][ T2437] usb 2-1: config 0 descriptor??
[  583.851700][T13227] loop3: detected capacity change from 0 to 128
[  583.882471][ T2437] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0089/input/input81
[  584.084847][ T2437] microsoft 0003:045E:07DA.0089: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[  584.954304][  T322] usb 2-1: USB disconnect, device number 73
[  585.197312][T13242] loop2: detected capacity change from 0 to 512
[  585.272313][T13242] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.4053: invalid indirect mapped block 256 (level 2)
[  585.287165][T13242] EXT4-fs (loop2): 2 truncates cleaned up
[  585.292689][T13242] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  585.317240][T13250] syz.0.4056[13250] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  585.317309][T13250] syz.0.4056[13250] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  586.162055][T13283] loop3: detected capacity change from 0 to 512
[  586.237023][T13283] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.4066: invalid indirect mapped block 256 (level 2)
[  586.254337][T13290] loop0: detected capacity change from 0 to 128
[  586.279094][T13283] EXT4-fs (loop3): 2 truncates cleaned up
[  586.287905][T13283] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  586.377814][T13294] loop2: detected capacity change from 0 to 2048
[  586.437725][T13294] EXT4-fs (loop2): couldn't mount as ext2 due to feature incompatibilities
[  586.826075][ T7452] usb 4-1: new high-speed USB device number 67 using dummy_hcd
[  587.105160][ T7453] usb 3-1: new high-speed USB device number 73 using dummy_hcd
[  587.251358][T13323] loop0: detected capacity change from 0 to 128
[  587.255224][ T7452] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  587.268291][ T7452] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  587.278221][ T7452] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  587.287300][ T7452] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  587.298030][ T7452] usb 4-1: config 0 descriptor??
[  587.365169][ T7453] usb 3-1: Using ep0 maxpacket: 16
[  587.555884][ T7453] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  587.567454][ T7453] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  587.589923][ T7453] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  588.005713][ T7453] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  588.006310][ T7452] hid (null): bogus close delimiter
[  588.232319][ T7453] usb 3-1: config 0 descriptor??
[  588.296656][ T7452] usb 4-1: language id specifier not provided by device, defaulting to English
[  588.441340][T13350] loop1: detected capacity change from 0 to 128
[  588.585208][ T7170] usb 1-1: new high-speed USB device number 81 using dummy_hcd
[  588.764617][ T7453] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.008B/input/input82
[  588.786830][ T7452] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.008A/input/input83
[  588.846207][ T7453] microsoft 0003:045E:07DA.008B: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0
[  588.857915][ T7452] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.008A/input/input84
[  588.859851][ T7452] uclogic 0003:256C:006D.008A: input,hidraw1: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.3-1/input0
[  588.935217][ T7170] usb 1-1: Using ep0 maxpacket: 32
[  589.039990][T13296] loop3: detected capacity change from 0 to 256
[  589.065285][ T7170] usb 1-1: config index 0 descriptor too short (expected 29220, got 36)
[  589.073569][ T7170] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  589.082204][T13296] exfat: Deprecated parameter 'namecase'
[  589.082313][ T7170] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81
[  589.087883][T13296] exfat: Deprecated parameter 'utf8'
[  589.096762][ T7170] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  589.111078][ T7170] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  589.120646][ T7170] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  589.143916][ T7453] usb 3-1: USB disconnect, device number 73
[  589.179521][T13296] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  589.186923][T13356] loop4: detected capacity change from 0 to 128
[  589.245218][ T7170] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  589.254131][ T7170] usb 1-1: New USB device strings: Mfr=64, Product=0, SerialNumber=0
[  589.262464][ T7170] usb 1-1: Manufacturer: syz
[  589.270754][ T7170] usb 1-1: config 0 descriptor??
[  589.353079][  T322] usb 4-1: USB disconnect, device number 67
[  589.382409][T13358] loop1: detected capacity change from 0 to 128
[  589.668133][ T7170] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 81 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  589.741046][ T7170] usb 1-1: USB disconnect, device number 81
[  589.747655][ T7170] usblp0: removed
[  592.385560][  T312] usb 2-1: new high-speed USB device number 74 using dummy_hcd
[  592.487279][T13413] loop2: detected capacity change from 0 to 128
[  592.795292][  T312] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  592.816046][  T312] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  592.843907][  T312] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  592.882746][T13419] loop0: detected capacity change from 0 to 128
[  592.897259][  T312] usb 2-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.10
[  592.929395][  T312] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  592.960377][  T312] usb 2-1: config 0 descriptor??
[  593.986022][  T312] prodikeys 0003:041E:2801.008C: unexpected long global item
[  594.011407][  T312] prodikeys 0003:041E:2801.008C: hid parse failed
[  594.037326][  T312] prodikeys: probe of 0003:041E:2801.008C failed with error -22
[  594.203935][  T312] usb 2-1: USB disconnect, device number 74
[  595.224860][T13454] loop3: detected capacity change from 0 to 128
[  595.509591][T13460] loop0: detected capacity change from 0 to 128
[  595.890285][T13464] loop2: detected capacity change from 0 to 128
[  596.298608][T13469] loop3: detected capacity change from 0 to 128
[  597.737791][T13484] loop0: detected capacity change from 0 to 512
[  597.831158][T13484] EXT4-fs (loop0): Unrecognized mount option "oldalloc.min_batch_time=0x0000000000000004" or missing value
[  598.640270][T13503] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=13503 comm=syz.3.4131
[  598.666461][   T30] audit: type=1400 audit(2000000572.259:2289): avc:  denied  { read } for  pid=13502 comm="syz.3.4131" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  598.815171][ T7453] usb 1-1: new high-speed USB device number 82 using dummy_hcd
[  598.858022][T13514] loop1: detected capacity change from 0 to 128
[  598.952827][T13518] loop2: detected capacity change from 0 to 512
[  599.045939][T13518] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.4136: invalid indirect mapped block 256 (level 2)
[  599.059322][T13518] EXT4-fs (loop2): 2 truncates cleaned up
[  599.064842][T13518] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  599.333823][T13524] loop2: detected capacity change from 0 to 128
[  599.494585][T13531] loop3: detected capacity change from 0 to 512
[  599.555869][T13531] EXT4-fs (loop3): Unrecognized mount option "oldalloc.min_batch_time=0x0000000000000004" or missing value
[  599.781289][T13536] FAULT_INJECTION: forcing a failure.
[  599.781289][T13536] name failslab, interval 1, probability 0, space 0, times 0
[  599.795703][T13536] CPU: 1 PID: 13536 Comm: syz.1.4141 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0
[  599.805495][T13536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  599.815389][T13536] Call Trace:
[  599.818515][T13536]  <TASK>
[  599.821290][T13536]  dump_stack_lvl+0x151/0x1b7
[  599.825803][T13536]  ? io_uring_drop_tctx_refs+0x190/0x190
[  599.831270][T13536]  ? __alloc_skb+0x10c/0x550
[  599.835698][T13536]  ? unix_stream_connect+0x457/0x1510
[  599.840906][T13536]  ? __sys_connect+0x38b/0x410
[  599.845509][T13536]  ? __x64_sys_connect+0x7a/0x90
[  599.850280][T13536]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  599.856181][T13536]  dump_stack+0x15/0x17
[  599.860175][T13536]  should_fail+0x3c6/0x510
[  599.864429][T13536]  __should_failslab+0xa4/0xe0
[  599.869027][T13536]  ? getname_kernel+0x59/0x2e0
[  599.873634][T13536]  should_failslab+0x9/0x20
[  599.877966][T13536]  slab_pre_alloc_hook+0x37/0xd0
[  599.882739][T13536]  ? getname_kernel+0x59/0x2e0
[  599.887338][T13536]  kmem_cache_alloc+0x44/0x200
[  599.891942][T13536]  getname_kernel+0x59/0x2e0
[  599.896365][T13536]  kern_path+0x23/0x1a0
[  599.900360][T13536]  unix_find_other+0xdb/0x860
[  599.904876][T13536]  ? __unix_set_addr+0x3c0/0x3c0
[  599.909647][T13536]  ? sock_wmalloc+0xca/0x130
[  599.914072][T13536]  unix_stream_connect+0x4af/0x1510
[  599.919110][T13536]  ? unix_bind+0x8d0/0x8d0
[  599.923358][T13536]  ? selinux_socket_connect+0x25/0x30
[  599.928569][T13536]  ? security_socket_connect+0x82/0xb0
[  599.933865][T13536]  ? unix_bind+0x8d0/0x8d0
[  599.938114][T13536]  __sys_connect+0x38b/0x410
[  599.942543][T13536]  ? fput_many+0x160/0x1b0
[  599.946795][T13536]  ? __sys_connect_file+0x170/0x170
[  599.951830][T13536]  ? debug_smp_processor_id+0x17/0x20
[  599.957035][T13536]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  599.963022][T13536]  __x64_sys_connect+0x7a/0x90
[  599.967623][T13536]  do_syscall_64+0x3d/0xb0
[  599.971877][T13536]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[  599.977519][T13536]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  599.983247][T13536] RIP: 0033:0x7f8422ab1bd9
[  599.987502][T13536] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  600.006941][T13536] RSP: 002b:00007f8421d33048 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  600.015186][T13536] RAX: ffffffffffffffda RBX: 00007f8422c3ff60 RCX: 00007f8422ab1bd9
[  600.022996][T13536] RDX: 000000000000006e RSI: 0000000020000280 RDI: 0000000000000003
[  600.030811][T13536] RBP: 00007f8421d330a0 R08: 0000000000000000 R09: 0000000000000000
[  600.038620][T13536] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  600.044159][ T7453] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  600.046429][T13536] R13: 000000000000004d R14: 00007f8422c3ff60 R15: 00007ffe4b8fe6c8
[  600.046450][T13536]  </TASK>
[  600.068015][ T7453] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  600.077540][ T7453] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  600.090190][ T7453] usb 1-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.10
[  600.099088][ T7453] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  600.109485][ T7453] usb 1-1: config 0 descriptor??
[  600.807862][ T7453] prodikeys 0003:041E:2801.008D: unexpected long global item
[  600.825260][ T7453] prodikeys 0003:041E:2801.008D: hid parse failed
[  600.831557][ T7453] prodikeys: probe of 0003:041E:2801.008D failed with error -22
[  600.837474][T13554] loop3: detected capacity change from 0 to 512
[  600.970139][T13558] FAULT_INJECTION: forcing a failure.
[  600.970139][T13558] name failslab, interval 1, probability 0, space 0, times 0
[  600.982668][ T7452] usb 1-1: USB disconnect, device number 82
[  601.000661][T13558] CPU: 1 PID: 13558 Comm: syz.1.4148 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0
[  601.010458][T13558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  601.020353][T13558] Call Trace:
[  601.023474][T13558]  <TASK>
[  601.026254][T13558]  dump_stack_lvl+0x151/0x1b7
[  601.030766][T13558]  ? io_uring_drop_tctx_refs+0x190/0x190
[  601.036233][T13558]  ? __kasan_slab_alloc+0xc3/0xe0
[  601.041095][T13558]  ? dst_alloc+0x164/0x1e0
[  601.045348][T13558]  ? ip_route_output_flow+0x144/0x310
[  601.050553][T13558]  ? raw_sendmsg+0xf40/0x1ec0
[  601.055067][T13558]  ? inet_sendmsg+0xa1/0xc0
[  601.059415][T13558]  ? vfs_write+0xd5d/0x1110
[  601.063749][T13558]  dump_stack+0x15/0x17
[  601.067741][T13558]  should_fail+0x3c6/0x510
[  601.071993][T13558]  __should_failslab+0xa4/0xe0
[  601.076593][T13558]  ? __alloc_skb+0xbe/0x550
[  601.080932][T13558]  should_failslab+0x9/0x20
[  601.085273][T13558]  slab_pre_alloc_hook+0x37/0xd0
[  601.090048][T13558]  ? __alloc_skb+0xbe/0x550
[  601.094473][T13558]  kmem_cache_alloc+0x44/0x200
[  601.099073][T13558]  __alloc_skb+0xbe/0x550
[  601.103240][T13558]  __ip_append_data+0x2453/0x3730
[  601.108102][T13558]  ? rt_set_nexthop+0x5f9/0x7c0
[  601.112788][T13558]  ? raw_send_hdrinc+0x1380/0x1380
[  601.117734][T13558]  ? ip_setup_cork+0x8d0/0x8d0
[  601.122334][T13558]  ? __kasan_check_read+0x11/0x20
[  601.127197][T13558]  ? ip_setup_cork+0x567/0x8d0
[  601.131793][T13558]  ip_append_data+0x120/0x190
[  601.136308][T13558]  ? raw_send_hdrinc+0x1380/0x1380
[  601.141256][T13558]  raw_sendmsg+0x1292/0x1ec0
[  601.145691][T13558]  ? compat_raw_ioctl+0x10/0x10
[  601.150369][T13558]  ? selinux_socket_sendmsg+0x243/0x340
[  601.155751][T13558]  ? inet_send_prepare+0x5e/0x4a0
[  601.160610][T13558]  inet_sendmsg+0xa1/0xc0
[  601.164775][T13558]  ? inet_send_prepare+0x4a0/0x4a0
[  601.169724][T13558]  sock_write_iter+0x39b/0x530
[  601.174322][T13558]  ? sock_read_iter+0x480/0x480
[  601.179012][T13558]  ? iov_iter_init+0x53/0x190
[  601.183523][T13558]  vfs_write+0xd5d/0x1110
[  601.187689][T13558]  ? kmem_cache_free+0x2c3/0x2e0
[  601.192467][T13558]  ? file_end_write+0x1c0/0x1c0
[  601.197151][T13558]  ? __fdget_pos+0x209/0x3a0
[  601.201572][T13558]  ? ksys_write+0x77/0x2c0
[  601.205827][T13558]  ksys_write+0x199/0x2c0
[  601.209997][T13558]  ? __ia32_sys_read+0x90/0x90
[  601.214593][T13558]  ? debug_smp_processor_id+0x17/0x20
[  601.219800][T13558]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  601.225704][T13558]  __x64_sys_write+0x7b/0x90
[  601.230130][T13558]  do_syscall_64+0x3d/0xb0
[  601.234390][T13558]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  601.240113][T13558] RIP: 0033:0x7f8422ab1bd9
[  601.244364][T13558] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  601.263806][T13558] RSP: 002b:00007f8421d33048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  601.272052][T13558] RAX: ffffffffffffffda RBX: 00007f8422c3ff60 RCX: 00007f8422ab1bd9
[  601.279862][T13558] RDX: 0000000000000078 RSI: 0000000000000000 RDI: 0000000000000003
[  601.287670][T13558] RBP: 00007f8421d330a0 R08: 0000000000000000 R09: 0000000000000000
[  601.295484][T13558] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  601.303291][T13558] R13: 000000000000004d R14: 00007f8422c3ff60 R15: 00007ffe4b8fe6c8
[  601.311107][T13558]  </TASK>
[  601.331221][T13554] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.4147: invalid indirect mapped block 256 (level 2)
[  601.340010][T13567] loop2: detected capacity change from 0 to 512
[  601.350835][T13554] EXT4-fs (loop3): 2 truncates cleaned up
[  601.357018][T13554] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  601.406500][T13567] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  601.430419][T13567] ext4 filesystem being mounted at /30/file0 supports timestamps until 2038 (0x7fffffff)
[  601.444370][T13567] EXT4-fs error (device loop2): ext4_do_update_inode:5191: inode #2: comm syz.2.4151: corrupted inode contents
[  601.456123][T13567] EXT4-fs error (device loop2): ext4_dirty_inode:6024: inode #2: comm syz.2.4151: mark_inode_dirty error
[  601.473862][T13567] EXT4-fs error (device loop2): ext4_do_update_inode:5191: inode #2: comm syz.2.4151: corrupted inode contents
[  601.682730][T13580] loop3: detected capacity change from 0 to 512
[  601.729390][T13567] EXT4-fs error (device loop2): __ext4_ext_dirty:183: inode #2: comm syz.2.4151: mark_inode_dirty error
[  601.744524][T13580] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.4154: invalid indirect mapped block 256 (level 2)
[  601.759452][T13580] EXT4-fs (loop3): 2 truncates cleaned up
[  601.772412][T13580] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  601.782235][T13583] loop4: detected capacity change from 0 to 128
[  601.979732][T13603] loop3: detected capacity change from 0 to 512
[  601.982385][T13605] syz.0.4164[13605] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  601.986075][T13605] syz.0.4164[13605] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  602.324985][T13603] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.4163: invalid indirect mapped block 256 (level 2)
[  602.383451][T13603] EXT4-fs (loop3): 2 truncates cleaned up
[  602.395218][T13603] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  602.845219][ T7452] usb 4-1: new high-speed USB device number 68 using dummy_hcd
[  602.891126][   T30] audit: type=1400 audit(2000000576.479:2290): avc:  denied  { ioctl } for  pid=13628 comm="syz.2.4171" path="socket:[82267]" dev="sockfs" ino=82267 ioctlcmd=0x8904 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  603.115228][ T7452] usb 4-1: Using ep0 maxpacket: 16
[  603.180148][T13637] loop2: detected capacity change from 0 to 2048
[  603.215146][  T312] usb 1-1: new high-speed USB device number 83 using dummy_hcd
[  603.245202][ T7452] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  603.247406][T13637] EXT4-fs (loop2): couldn't mount as ext2 due to feature incompatibilities
[  603.256810][ T7452] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  603.274823][ T7452] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  603.287595][ T7452] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  603.296517][ T7452] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  603.305294][ T7452] usb 4-1: config 0 descriptor??
[  603.455181][ T7170] usb 2-1: new high-speed USB device number 75 using dummy_hcd
[  603.647903][T13639] loop4: detected capacity change from 0 to 512
[  603.655200][  T312] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  603.665925][  T312] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  603.675201][  T322] usb 3-1: new high-speed USB device number 74 using dummy_hcd
[  603.675878][  T312] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  603.695454][  T312] usb 1-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.10
[  603.701836][T13639] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.4176: invalid indirect mapped block 256 (level 2)
[  603.704232][  T312] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  603.704869][  T312] usb 1-1: config 0 descriptor??
[  603.720252][T13639] EXT4-fs (loop4): 2 truncates cleaned up
[  603.725191][ T7170] usb 2-1: Using ep0 maxpacket: 16
[  603.730143][T13639] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  603.796076][ T7452] microsoft 0003:045E:07DA.008E: No inputs registered, leaving
[  603.803770][ T7452] microsoft 0003:045E:07DA.008E: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0
[  603.815038][ T7452] microsoft 0003:045E:07DA.008E: no inputs found
[  603.821213][ T7452] microsoft 0003:045E:07DA.008E: could not initialize ff, continuing anyway
[  603.915148][  T322] usb 3-1: Using ep0 maxpacket: 16
[  604.003283][T13615] loop3: detected capacity change from 0 to 1024
[  604.035195][ T7170] usb 2-1: New USB device found, idVendor=067b, idProduct=27a1, bcdDevice=90.6b
[  604.035223][  T322] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  604.044131][ T7170] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  604.055036][  T322] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  604.062834][ T7170] usb 2-1: Product: syz
[  604.078806][T13615] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (29950!=20869)
[  604.079148][ T7170] usb 2-1: Manufacturer: syz
[  604.091181][T13615] EXT4-fs (loop3): invalid journal inode
[  604.092978][ T7170] usb 2-1: SerialNumber: syz
[  604.098439][  T322] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  604.103644][ T7170] usb 2-1: config 0 descriptor??
[  604.116936][T13615] EXT4-fs (loop3): can't get journal size
[  604.122568][  T322] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  604.122877][T13615] EXT4-fs error (device loop3): ext4_protect_reserved_inode:182: inode #2: comm syz.3.4166: blocks 48-48 from inode overlap system zone
[  604.131513][  T322] usb 3-1: config 0 descriptor??
[  604.146529][T13615] EXT4-fs (loop3): failed to initialize system zone (-117)
[  604.155896][T13615] EXT4-fs (loop3): mount failed
[  604.156206][ T7170] plusb: probe of 2-1:0.0 failed with error -22
[  604.196013][  T312] prodikeys 0003:041E:2801.008F: unexpected long global item
[  604.203351][  T312] prodikeys 0003:041E:2801.008F: hid parse failed
[  604.209621][  T312] prodikeys: probe of 0003:041E:2801.008F failed with error -22
[  604.415399][  T312] usb 1-1: USB disconnect, device number 83
[  604.631564][  T322] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.0090/input/input86
[  604.705985][  T322] microsoft 0003:045E:07DA.0090: input,hidraw1: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0
[  604.934740][  T312] usb 2-1: USB disconnect, device number 75
[  604.946626][T13651] loop1: detected capacity change from 0 to 128
[  605.029431][ T7453] usb 3-1: USB disconnect, device number 74
[  605.177008][T13657] syz.4.4182[13657] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  605.177066][T13657] syz.4.4182[13657] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  605.445421][  T322] usb 1-1: new high-speed USB device number 84 using dummy_hcd
[  605.574541][ T7453] usb 4-1: USB disconnect, device number 68
[  605.592910][T13663] loop3: detected capacity change from 0 to 128
[  606.099237][  T322] usb 1-1: Using ep0 maxpacket: 32
[  606.169732][T13676] loop1: detected capacity change from 0 to 512
[  606.215176][  T322] usb 1-1: config index 0 descriptor too short (expected 29220, got 36)
[  606.227671][  T322] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  606.256304][  T322] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81
[  606.273904][  T322] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  606.295909][  T322] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  606.545911][  T322] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  606.569288][T13676] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.4187: invalid indirect mapped block 256 (level 2)
[  606.582945][T13676] EXT4-fs (loop1): 2 truncates cleaned up
[  606.602866][T13676] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  606.645184][  T322] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  606.658720][  T322] usb 1-1: New USB device strings: Mfr=64, Product=0, SerialNumber=0
[  606.676163][  T322] usb 1-1: Manufacturer: syz
[  606.685326][  T322] usb 1-1: config 0 descriptor??
[  607.059850][   T30] audit: type=1400 audit(2000000580.649:2291): avc:  denied  { append } for  pid=13699 comm="syz.4.4195" name="loop7" dev="devtmpfs" ino=119 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  607.237120][T13708] netlink: 44 bytes leftover after parsing attributes in process `syz.4.4196'.
[  607.253733][T13708] netlink: 43 bytes leftover after parsing attributes in process `syz.4.4196'.
[  607.272801][T13708] netlink: 'syz.4.4196': attribute type 5 has an invalid length.
[  607.285207][T13708] netlink: 43 bytes leftover after parsing attributes in process `syz.4.4196'.
[  607.345888][T13698] overlayfs: failed to resolve './file0': -2
[  607.359632][  T322] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 84 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  607.371015][  T322] usb 1-1: USB disconnect, device number 84
[  607.378844][  T322] usblp0: removed
[  607.531502][ T7453] usb 2-1: new high-speed USB device number 76 using dummy_hcd
[  607.557458][T13719] netlink: 'syz.4.4200': attribute type 2 has an invalid length.
[  607.716877][T13740] loop0: detected capacity change from 0 to 512
[  607.774645][T13740] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.4203: invalid indirect mapped block 256 (level 2)
[  607.802674][T13740] EXT4-fs (loop0): 2 truncates cleaned up
[  607.817551][T13740] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  608.035627][   T10] device bridge_slave_1 left promiscuous mode
[  608.041580][   T10] bridge0: port 2(bridge_slave_1) entered disabled state
[  608.049147][   T10] device bridge_slave_0 left promiscuous mode
[  608.055076][   T10] bridge0: port 1(bridge_slave_0) entered disabled state
[  608.063281][   T10] device veth1_macvtap left promiscuous mode
[  608.069121][   T10] device veth0_vlan left promiscuous mode
[  608.219538][T13749] bridge0: port 1(bridge_slave_0) entered blocking state
[  608.226721][T13749] bridge0: port 1(bridge_slave_0) entered disabled state
[  608.233977][T13749] device bridge_slave_0 entered promiscuous mode
[  608.241002][T13749] bridge0: port 2(bridge_slave_1) entered blocking state
[  608.248067][T13749] bridge0: port 2(bridge_slave_1) entered disabled state
[  608.255432][T13749] device bridge_slave_1 entered promiscuous mode
[  608.265168][ T7453] usb 2-1: Using ep0 maxpacket: 32
[  608.265269][   T26] usb 4-1: new high-speed USB device number 69 using dummy_hcd
[  608.344372][T13749] bridge0: port 2(bridge_slave_1) entered blocking state
[  608.351238][T13749] bridge0: port 2(bridge_slave_1) entered forwarding state
[  608.358328][T13749] bridge0: port 1(bridge_slave_0) entered blocking state
[  608.365115][T13749] bridge0: port 1(bridge_slave_0) entered forwarding state
[  608.385165][ T7453] usb 2-1: config index 0 descriptor too short (expected 29220, got 36)
[  608.393314][ T7453] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  608.423684][ T7452] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  608.425138][ T7453] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81
[  608.439583][ T7452] bridge0: port 1(bridge_slave_0) entered disabled state
[  608.447927][ T7452] bridge0: port 2(bridge_slave_1) entered disabled state
[  608.465152][ T7453] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  608.475303][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  608.484702][ T7453] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  608.487012][  T312] bridge0: port 1(bridge_slave_0) entered blocking state
[  608.501027][  T312] bridge0: port 1(bridge_slave_0) entered forwarding state
[  608.508492][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  608.516809][  T312] bridge0: port 2(bridge_slave_1) entered blocking state
[  608.518148][ T7453] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  608.523653][  T312] bridge0: port 2(bridge_slave_1) entered forwarding state
[  608.544091][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  608.564606][T13749] device veth0_vlan entered promiscuous mode
[  608.565146][ T7453] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  608.589796][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  608.599492][ T7453] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  608.599886][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  608.622061][ T7453] usb 2-1: config 0 descriptor??
[  608.625513][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  608.639615][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  608.655588][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  608.673793][T13749] device veth1_macvtap entered promiscuous mode
[  608.680004][   T26] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  608.693284][   T26] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  608.733006][   T26] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 253
[  608.747680][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  608.756539][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  608.764754][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  608.825219][   T26] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  608.834066][   T26] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  608.842286][   T26] usb 4-1: Manufacturer: syz
[  608.855390][   T26] usb 4-1: config 0 descriptor??
[  608.885757][ T7453] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 76 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  608.898413][ T7453] usb 2-1: USB disconnect, device number 76
[  608.905665][   T26] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  608.907165][ T7453] usblp0: removed
[  608.975152][  T322] usb 3-1: new high-speed USB device number 75 using dummy_hcd
[  609.066777][T13774] loop0: detected capacity change from 0 to 512
[  609.167627][T13774] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.4214: invalid indirect mapped block 256 (level 2)
[  609.181118][T13774] EXT4-fs (loop0): 2 truncates cleaned up
[  609.186772][T13774] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  609.215159][  T322] usb 3-1: Using ep0 maxpacket: 16
[  609.335193][  T322] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[  609.345941][  T322] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  609.354717][  T322] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  609.363147][  T322] usb 3-1: config 0 descriptor??
[  609.465158][ T7453] usb 2-1: new high-speed USB device number 77 using dummy_hcd
[  609.515160][    T6] usb 1-1: new high-speed USB device number 85 using dummy_hcd
[  609.606218][T13768] loop2: detected capacity change from 0 to 128
[  609.697007][T13768] FAT-fs (loop2): Unrecognized mount option "" or missing value
[  609.705241][ T7453] usb 2-1: Using ep0 maxpacket: 32
[  609.755151][    T6] usb 1-1: Using ep0 maxpacket: 16
[  609.825261][ T7453] usb 2-1: config index 0 descriptor too short (expected 29220, got 36)
[  609.833442][ T7453] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  609.841922][ T7453] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81
[  609.850631][ T7453] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  609.860102][ T7453] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  609.869665][ T7453] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  609.882487][    T6] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[  609.893124][ T7453] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  609.901942][    T6] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  609.911510][ T7453] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  609.919337][    T6] usb 1-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  609.928346][    T6] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  609.936334][ T7453] usb 2-1: config 0 descriptor??
[  609.943306][    T6] usb 1-1: config 0 descriptor??
[  609.985726][T13768] UDC core: couldn't find an available UDC or it's busy: -16
[  609.993551][T13768] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  610.005347][  T322] hid (null): bogus close delimiter
[  610.011779][  T322] hid (null): usage index exceeded
[  610.017581][  T322] hid-generic 0003:0158:0100.0091: unknown main item tag 0x0
[  610.024777][  T322] hid-generic 0003:0158:0100.0091: unknown main item tag 0x0
[  610.032022][  T322] hid-generic 0003:0158:0100.0091: bogus close delimiter
[  610.038847][  T322] hid-generic 0003:0158:0100.0091: item 0 0 2 10 parsing failed
[  610.046466][  T322] hid-generic: probe of 0003:0158:0100.0091 failed with error -22
[  610.095723][ T7453] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 77 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  610.108724][ T7453] usb 2-1: USB disconnect, device number 77
[  610.114965][ T7453] usblp0: removed
[  610.186296][T13780] UDC core: couldn't find an available UDC or it's busy: -16
[  610.193488][T13780] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  610.235799][  T322] usb 3-1: USB disconnect, device number 75
[  610.425325][    T6] hid (null): bogus close delimiter
[  610.431141][    T6] hid (null): unknown global tag 0x68
[  610.438819][    T6] hid (null): invalid report_size 27745
[  610.446007][    T6] hid-generic 0003:0158:0100.0092: unknown main item tag 0x0
[  610.453293][    T6] hid-generic 0003:0158:0100.0092: unknown main item tag 0x0
[  610.460443][    T6] hid-generic 0003:0158:0100.0092: bogus close delimiter
[  610.467262][    T6] hid-generic 0003:0158:0100.0092: item 0 0 2 10 parsing failed
[  610.474823][    T6] hid-generic: probe of 0003:0158:0100.0092 failed with error -22
[  610.637719][  T312] usb 1-1: USB disconnect, device number 85
[  610.988531][  T312] usb 4-1: USB disconnect, device number 69
[  611.006667][T13792] loop3: detected capacity change from 0 to 128
[  611.344600][T13795] loop0: detected capacity change from 0 to 4096
[  611.577291][T13795] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[  611.591317][T13795] EXT4-fs (loop0): mounted filesystem without journal. Opts: bsdgroups,min_batch_time=0x0000000000000004,i_version,user_xattr,nomblk_io_submit,,errors=continue. Quota mode: writeback.
[  611.616048][T13795] FAULT_INJECTION: forcing a failure.
[  611.616048][T13795] name failslab, interval 1, probability 0, space 0, times 0
[  611.628493][T13795] CPU: 1 PID: 13795 Comm: syz.0.4220 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0
[  611.638252][T13795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  611.648146][T13795] Call Trace:
[  611.651267][T13795]  <TASK>
[  611.654046][T13795]  dump_stack_lvl+0x151/0x1b7
[  611.658559][T13795]  ? io_uring_drop_tctx_refs+0x190/0x190
[  611.664029][T13795]  ? stack_trace_save+0x113/0x1c0
[  611.668888][T13795]  dump_stack+0x15/0x17
[  611.672879][T13795]  should_fail+0x3c6/0x510
[  611.677135][T13795]  __should_failslab+0xa4/0xe0
[  611.681732][T13795]  ? __es_insert_extent+0x72a/0x17c0
[  611.686854][T13795]  should_failslab+0x9/0x20
[  611.691193][T13795]  slab_pre_alloc_hook+0x37/0xd0
[  611.695968][T13795]  ? __es_insert_extent+0x72a/0x17c0
[  611.701087][T13795]  kmem_cache_alloc+0x44/0x200
[  611.705690][T13795]  ? do_unlinkat+0x2ba/0x920
[  611.710114][T13795]  __es_insert_extent+0x72a/0x17c0
[  611.715061][T13795]  ? _raw_write_lock+0xa4/0x170
[  611.719749][T13795]  ? _raw_write_trylock+0x1a0/0x1a0
[  611.724783][T13795]  ext4_es_cache_extent+0x460/0x690
[  611.729817][T13795]  ? __es_insert_extent+0x17c0/0x17c0
[  611.735024][T13795]  ? __kasan_kmalloc+0x9/0x10
[  611.739536][T13795]  ? ext4_find_extent+0x370/0xdb0
[  611.744400][T13795]  ext4_find_extent+0x5b9/0xdb0
[  611.749086][T13795]  ext4_ext_map_blocks+0x269/0x74a0
[  611.754121][T13795]  ? down_read+0xa9b/0x1360
[  611.758457][T13795]  ? ext4_ext_release+0x10/0x10
[  611.763146][T13795]  ? is_bpf_text_address+0x172/0x190
[  611.768265][T13795]  ? stack_trace_save+0x1c0/0x1c0
[  611.773127][T13795]  ? __down_common+0x550/0x550
[  611.777726][T13795]  ? unwind_get_return_address+0x4d/0x90
[  611.783193][T13795]  ? arch_stack_walk+0xf3/0x140
[  611.787885][T13795]  ? _raw_read_unlock+0x25/0x40
[  611.792566][T13795]  ? ext4_es_lookup_extent+0x33b/0x940
[  611.797863][T13795]  ext4_map_blocks+0x41d/0x1e00
[  611.802552][T13795]  ? ext4_issue_zeroout+0x250/0x250
[  611.807583][T13795]  ? 0xffffffffa0026490
[  611.811574][T13795]  ? is_bpf_text_address+0x172/0x190
[  611.816698][T13795]  ext4_getblk+0x19f/0x700
[  611.820948][T13795]  ? ext4_get_block_unwritten+0x40/0x40
[  611.826332][T13795]  ? stack_trace_save+0x113/0x1c0
[  611.831190][T13795]  ext4_bread_batch+0x67/0x4c0
[  611.835792][T13795]  __ext4_find_entry+0xfbe/0x1af0
[  611.840652][T13795]  ? d_alloc+0x4b/0x1d0
[  611.844643][T13795]  ? do_syscall_64+0x3d/0xb0
[  611.849070][T13795]  ? ext4_ci_compare+0x660/0x660
[  611.853845][T13795]  ? ext4_fname_setup_ci_filename+0x70/0x480
[  611.859659][T13795]  ? generic_set_encrypted_ci_d_ops+0x91/0xf0
[  611.865561][T13795]  ext4_lookup+0x3c6/0xaa0
[  611.869815][T13795]  ? ext4_add_entry+0x12b0/0x12b0
[  611.874675][T13795]  ? slab_post_alloc_hook+0x72/0x2c0
[  611.879804][T13795]  ? __kasan_check_write+0x14/0x20
[  611.884742][T13795]  ? _raw_spin_lock+0xa4/0x1b0
[  611.889343][T13795]  ? __d_alloc+0x4dd/0x6c0
[  611.893595][T13795]  ? _raw_spin_unlock+0x4d/0x70
[  611.898284][T13795]  ? d_alloc+0x199/0x1d0
[  611.902362][T13795]  lookup_one_qstr_excl+0x143/0x290
[  611.907400][T13795]  do_unlinkat+0x2ba/0x920
[  611.911668][T13795]  ? fsnotify_link_count+0x100/0x100
[  611.916775][T13795]  __x64_sys_unlinkat+0xcd/0xf0
[  611.921455][T13795]  do_syscall_64+0x3d/0xb0
[  611.925709][T13795]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  611.931442][T13795] RIP: 0033:0x7efed3062bd9
[  611.935691][T13795] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  611.955136][T13795] RSP: 002b:00007efed22e4048 EFLAGS: 00000246 ORIG_RAX: 0000000000000107
[  611.963377][T13795] RAX: ffffffffffffffda RBX: 00007efed31f0f60 RCX: 00007efed3062bd9
[  611.971189][T13795] RDX: 0000000000000000 RSI: 0000000020000380 RDI: ffffffffffffff9c
[  611.979000][T13795] RBP: 00007efed22e40a0 R08: 0000000000000000 R09: 0000000000000000
[  611.986810][T13795] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  611.994622][T13795] R13: 000000000000004d R14: 00007efed31f0f60 R15: 00007ffd7acaa468
[  612.002438][T13795]  </TASK>
[  612.017479][T13795] EXT4-fs error (device loop0): ext4_do_update_inode:5191: inode #15: comm syz.0.4220: corrupted inode contents
[  612.118282][   T26] Bluetooth: hci0: command 0x1003 tx timeout
[  612.124249][T13795] EXT4-fs error (device loop0): ext4_dirty_inode:6024: inode #15: comm syz.0.4220: mark_inode_dirty error
[  612.135598][  T948] Bluetooth: hci0: sending frame failed (-49)
[  612.165276][T13795] EXT4-fs error (device loop0): ext4_do_update_inode:5191: inode #15: comm syz.0.4220: corrupted inode contents
[  612.225525][T13795] EXT4-fs error (device loop0): __ext4_ext_dirty:183: inode #15: comm syz.0.4220: mark_inode_dirty error
[  612.265893][T13813] loop3: detected capacity change from 0 to 512
[  612.273121][T13795] EXT4-fs error (device loop0): ext4_do_update_inode:5191: inode #15: comm syz.0.4220: corrupted inode contents
[  612.322980][T13795] EXT4-fs error (device loop0): __ext4_ext_dirty:183: inode #15: comm syz.0.4220: mark_inode_dirty error
[  612.344051][T13795] EXT4-fs error (device loop0): ext4_do_update_inode:5191: inode #15: comm syz.0.4220: corrupted inode contents
[  612.358183][T13795] EXT4-fs error (device loop0): ext4_truncate:4292: inode #15: comm syz.0.4220: mark_inode_dirty error
[  612.374312][T13795] EXT4-fs error (device loop0): ext4_evict_inode:294: comm syz.0.4220: couldn't truncate inode 15 (err -117)
[  612.392489][T13813] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.4225: invalid indirect mapped block 256 (level 2)
[  612.406222][T13813] EXT4-fs (loop3): 2 truncates cleaned up
[  612.411758][T13813] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  614.449847][ T7453] Bluetooth: hci0: command 0x1001 tx timeout
[  614.455789][  T948] Bluetooth: hci0: sending frame failed (-49)
[  614.626547][T13861] loop4: detected capacity change from 0 to 512
[  615.114076][T13865] device pim6reg1 entered promiscuous mode
[  615.147371][T13861] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.4237: invalid indirect mapped block 256 (level 2)
[  615.160751][T13861] EXT4-fs (loop4): 2 truncates cleaned up
[  615.166369][T13861] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  615.216181][T13876] loop4: detected capacity change from 0 to 128
[  615.238551][   T30] audit: type=1400 audit(2000000588.829:2292): avc:  denied  { sys_module } for  pid=13879 comm="syz.3.4244" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  615.259943][  T322] usb 3-1: new high-speed USB device number 76 using dummy_hcd
[  615.270334][T13882] loop3: detected capacity change from 0 to 256
[  615.327716][T13882] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x9e99708d, utbl_chksum : 0xe619d30d)
[  615.463554][T13891] loop3: detected capacity change from 0 to 128
[  615.535761][T13891] FAT-fs (loop3): bogus logical sector size 12
[  615.555124][T13891] FAT-fs (loop3): Can't find a valid FAT filesystem
[  615.625508][  T322] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  615.635506][  T322] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  615.644311][  T322] usb 3-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  615.653888][  T322] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  615.695941][  T322] usb 3-1: config 0 descriptor??
[  615.777698][T13900] BUG: unable to handle page fault for address: ffffffffff600000
[  615.785234][T13900] #PF: supervisor read access in kernel mode
[  615.791044][T13900] #PF: error_code(0x0001) - permissions violation
[  615.797296][T13900] PGD 6812067 P4D 6812067 PUD 6814067 PMD 6816067 PTE 8000000006809165
[  615.805368][T13900] Oops: 0001 [#1] PREEMPT SMP KASAN
[  615.810401][T13900] CPU: 0 PID: 13900 Comm: syz.0.4252 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0
[  615.820217][T13900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  615.830104][T13900] RIP: 0010:copy_from_kernel_nofault+0x86/0x2e0
[  615.836181][T13900] Code: 48 89 55 d0 0f 85 ea 01 00 00 ff 02 bf 07 00 00 00 4c 89 ee e8 8b 92 d6 ff 49 83 fd 07 76 5c 4d 89 fe 49 83 c5 f8 49 83 c7 08 <49> 8b 1c 24 4c 89 f0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 80
[  615.855622][T13900] RSP: 0018:ffffc90000cb7b10 EFLAGS: 00010292
[  615.861523][T13900] RAX: 0000000000000002 RBX: 00007ffffffff000 RCX: ffff88810a0f0000
[  615.869337][T13900] RDX: ffff88810a0f0b90 RSI: 0000000000000008 RDI: 0000000000000007
[  615.877147][T13900] RBP: ffffc90000cb7b48 R08: ffffffff8199a955 R09: ffffed102141e001
[  615.884959][T13900] R10: 0000000000000000 R11: dffffc0000000001 R12: ffffffffff600000
[  615.892772][T13900] R13: 0000000000000000 R14: ffffc90000cb7ba8 R15: ffffc90000cb7bb0
[  615.900579][T13900] FS:  00007efed22e46c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[  615.909349][T13900] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  615.915769][T13900] CR2: ffffffffff600000 CR3: 000000010baee000 CR4: 00000000003506b0
[  615.923591][T13900] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  615.931396][T13900] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  615.939202][T13900] Call Trace:
[  615.942328][T13900]  <TASK>
[  615.945111][T13900]  ? __die_body+0x62/0xb0
[  615.949271][T13900]  ? __die+0x7e/0x90
[  615.953001][T13900]  ? page_fault_oops+0x7f9/0xa90
[  615.957776][T13900]  ? kernelmode_fixup_or_oops+0x270/0x270
[  615.963336][T13900]  ? security_file_alloc+0x29/0x120
[  615.968363][T13900]  ? kmem_cache_alloc+0xf5/0x200
[  615.973141][T13900]  ? exc_page_fault+0x521/0x830
[  615.977823][T13900]  ? errseq_sample+0x44/0x70
[  615.982258][T13900]  ? asm_exc_page_fault+0x27/0x30
[  615.987114][T13900]  ? copy_from_kernel_nofault+0x75/0x2e0
[  615.992582][T13900]  ? copy_from_kernel_nofault+0x86/0x2e0
[  615.998048][T13900]  bpf_probe_read_compat+0x112/0x180
[  616.003170][T13900]  bpf_prog_baa065642a502c00+0x64/0xb2c
[  616.008549][T13900]  __bpf_prog_test_run_raw_tp+0xa0/0x1d0
[  616.014018][T13900]  ? bpf_prog_test_run_raw_tp+0x4c5/0x6c0
[  616.019574][T13900]  bpf_prog_test_run_raw_tp+0x4cd/0x6c0
[  616.024953][T13900]  ? bpf_prog_test_run_tracing+0x710/0x710
[  616.030594][T13900]  ? __kasan_check_write+0x14/0x20
[  616.035541][T13900]  ? fput_many+0x160/0x1b0
[  616.039795][T13900]  ? bpf_prog_test_run_tracing+0x710/0x710
[  616.045458][T13900]  bpf_prog_test_run+0x3b0/0x630
[  616.050213][T13900]  ? bpf_prog_query+0x220/0x220
[  616.054895][T13900]  ? selinux_bpf+0xd2/0x100
[  616.059235][T13900]  ? security_bpf+0x82/0xb0
[  616.063577][T13900]  __sys_bpf+0x525/0x760
[  616.067743][T13900]  ? bpf_link_show_fdinfo+0x2d0/0x2d0
[  616.072952][T13900]  ? __kasan_check_read+0x11/0x20
[  616.077812][T13900]  __x64_sys_bpf+0x7c/0x90
[  616.082062][T13900]  do_syscall_64+0x3d/0xb0
[  616.086315][T13900]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  616.092045][T13900] RIP: 0033:0x7efed3062bd9
[  616.096297][T13900] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  616.115739][T13900] RSP: 002b:00007efed22e4048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  616.123983][T13900] RAX: ffffffffffffffda RBX: 00007efed31f0f60 RCX: 00007efed3062bd9
[  616.131794][T13900] RDX: 0000000000000050 RSI: 0000000020000680 RDI: 000000000000000a
[  616.139608][T13900] RBP: 00007efed30d1aa1 R08: 0000000000000000 R09: 0000000000000000
[  616.147418][T13900] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  616.155229][T13900] R13: 000000000000004d R14: 00007efed31f0f60 R15: 00007ffd7acaa468
[  616.163045][T13900]  </TASK>
[  616.165912][T13900] Modules linked in:
[  616.169650][T13900] CR2: ffffffffff600000
[  616.173633][T13900] ---[ end trace eea51d6a87ec230c ]---
[  616.178925][T13900] RIP: 0010:copy_from_kernel_nofault+0x86/0x2e0
[  616.185000][T13900] Code: 48 89 55 d0 0f 85 ea 01 00 00 ff 02 bf 07 00 00 00 4c 89 ee e8 8b 92 d6 ff 49 83 fd 07 76 5c 4d 89 fe 49 83 c5 f8 49 83 c7 08 <49> 8b 1c 24 4c 89 f0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 80
[  616.204443][T13900] RSP: 0018:ffffc90000cb7b10 EFLAGS: 00010292
[  616.210342][T13900] RAX: 0000000000000002 RBX: 00007ffffffff000 RCX: ffff88810a0f0000
[  616.218153][T13900] RDX: ffff88810a0f0b90 RSI: 0000000000000008 RDI: 0000000000000007
[  616.225964][T13900] RBP: ffffc90000cb7b48 R08: ffffffff8199a955 R09: ffffed102141e001
[  616.233776][T13900] R10: 0000000000000000 R11: dffffc0000000001 R12: ffffffffff600000
[  616.241590][T13900] R13: 0000000000000000 R14: ffffc90000cb7ba8 R15: ffffc90000cb7bb0
[  616.249400][T13900] FS:  00007efed22e46c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[  616.258167][T13900] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  616.264588][T13900] CR2: ffffffffff600000 CR3: 000000010baee000 CR4: 00000000003506b0
[  616.272403][T13900] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  616.280212][T13900] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  616.288033][T13900] Kernel panic - not syncing: Fatal exception
[  616.294074][T13900] Kernel Offset: disabled
[  616.298198][T13900] Rebooting in 86400 seconds..