last executing test programs:

18.269598856s ago: executing program 0 (id=6928):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="0000080000000000000000000000000004000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x4, 0x17, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000000000008500000008000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24c01, 0x0)
io_setup(0x205, &(0x7f0000000200)=<r6=>0x0)
io_submit(r6, 0x1, &(0x7f0000000780)=[&(0x7f0000000440)={0xfffffffe, 0x20011004, 0x4, 0x1, 0x0, r5, &(0x7f00000000c0)=' ', 0x1}])
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{0xffffffffffffffff, <r7=>0xffffffffffffffff}, &(0x7f0000000b00), &(0x7f0000000300)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x200000000000008e, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000f5ec0000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000040000007b8af8ff00000100bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
writev(0xffffffffffffffff, &(0x7f0000000880)=[{&(0x7f0000000540)="0a081abfb443298b48e0b88996c20459f8a089780ddecfb30457d2ec430ddbe8ac99b0b85d0acbc6033fae8326e27bbc4adafd156b8b9535ba9a77923855e0f5fd95f57999f867ada860bd1fe1a84c3591f0812f0c1a9baa5194e7", 0x5b}, {&(0x7f00000005c0)="6ff816ac3ac3f42e69398788c6bd4a7bb9296183312bb3735f3e4c3182a206923c29138f4bc18d14a80285d5f5858c24956b33a4a4aa9e0190ff15d0dc254fd3f3c0aadb565ef9d11f5a74b714a967fb43d66d", 0x53}, {&(0x7f0000000640)="de5b1c106ffdd71c0f8fa3667bbaa96748bd2fc51bf2782b996b40d4e692310bcd31ecaf80c20e36ccd0655b6530736fc8170bf6b4019eded63ca7025047e1e08aaa49679a54bfd8bb560a12bd08fff46ee9b376f437e2fe8200c14f8e2fdd498ae22d9f85bb2570fbb34176f8105c7f874a59c66221e4956e498c4b77c1cef80b6a2ec92e8be09902c051384c2575762dcbea1caf82ad5eac202dcfc09f6a479dae556546861735e73d061f8d964fa5a09e630af07a14dfec6279dac6ab963aa616c39ea25c976bd7f962af867eabd0783276d6de82d3ae0fcdb659f3d31d611c58dda868827832de4866d21fdc4e76d31ac0ef547a08a4c98b1ce2a2b0", 0xfe}, {&(0x7f0000000740)}, {0x0}], 0x5)
r8 = socket$inet6(0xa, 0x80803, 0x87)
connect$inet6(r8, &(0x7f00000003c0)={0xa, 0x2, 0x7, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7}, 0x1c)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="180000005c83995f000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=@newlink={0x2c, 0x10, 0x801, 0x0, 0x3, {}, [@IFLA_XDP={0x4}, @IFLA_GROUP={0x8}]}, 0x2c}}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffffffffffff2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000980)='sys_exit\x00', r10}, 0x10)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x1, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0a00000004000000110f00000500000000000000d62a96ba3dce703ef6594064c33d67753e0698fe969e39742183f5ac813b6aaa8dde7ed7ffee0d61b5db905a6f696193f19591ecfc75e3be2143f4268e89372700000000000000009fbc3862eec3d1f235b5afcca6173109071f546be561a1f1338bcfc5e457024d14138621813d482961d8aa9606e84a7c1d037310ddda64acdf41bcbf70c167167b87a1c8da86a4079e9a149ec2acc1527bc793d542b05a68269ef6ee4f286b3a440517acd52c5630ae65195397964ac392d9866caf64dc3a7b482f", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)

17.340652834s ago: executing program 0 (id=6932):
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)=0xc, 0xffffff34)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5)
pipe2$9p(&(0x7f0000000240), 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000008000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x15)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
close(r5)
sendmsg$NL80211_CMD_REQ_SET_REG(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000580)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="b0000000600618e829a83308f5fc90fb6aab504f87c3172c6d6267db3bc87a96bd295fecba3423d92e4bcc4b1653e8ab5bed20fa114bdbe5d9758b41b7d5c1e172a495949e286417f85300c3ad48440a685758f417f6d7646a7571644e0d432a8ade1823bf9f67b291a58b8495709de5f81773befc64fb75b26a220a36f917d5cdc1c71041d503cc083efd65", @ANYRES16=0x0, @ANYBLOB="020029bd7000ffdbdf251b0000000600210062000000060021006200000008009a000000000008000100080000007000228014000080080005000000000008000500ffffffff1c000080080004000000c00108000700e50000000800060046f200003c000080080001006309000008000300030000000800010003000000080002008cc100000800050004000000080006000000008008000500ff7f00000400cc0008009a0002000000"], 0xb0}, 0x1, 0x0, 0x0, 0x8000000}, 0x20040080)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000780)={0x328, 0x0, 0x100, 0x70bd29, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_TX_RATES={0x1b0, 0x5a, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x18, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x5, 0x3, 0x7, 0x0, 0x200, 0x8, 0xa, 0xffff]}}]}, @NL80211_BAND_5GHZ={0x30, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x2, 0x1, 0x5, 0x100, 0x7fff, 0xfff8, 0x3, 0x9]}}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}]}, @NL80211_BAND_6GHZ={0xc0, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HT={0x3a, 0x2, [{0x4, 0x4}, {0x7, 0x9}, {0x1, 0x5}, {0x7, 0xa}, {0x3, 0x7}, {0x1, 0x4}, {0x1, 0x4}, {}, {0x2}, {0x2}, {0x6, 0x3}, {0x0, 0x8}, {0x6, 0x2}, {0x7}, {0x4, 0x3}, {0x3, 0x7}, {0x0, 0x4}, {0x5}, {0x0, 0x9}, {0x3, 0x8}, {0x5, 0x9}, {0x4, 0x8}, {0x2, 0xa}, {0x4}, {0x4, 0x6}, {0x0, 0x7}, {0x2, 0x4}, {0x1, 0x3}, {0x4, 0x1}, {0x1, 0xa}, {0x2, 0x5}, {0x0, 0x1}, {}, {0x0, 0x1}, {0x5, 0x4}, {0x0, 0x5}, {0x7, 0x17}, {0x7, 0x8}, {0x4, 0x8}, {}, {0x1, 0x2}, {0x6, 0x8}, {0x3, 0x4}, {0x7, 0x8}, {0x5, 0x8}, {0x4, 0x2}, {0x0, 0x3}, {0x4}, {0x5, 0x8}, {0x7, 0x4}, {0x1}, {0x1, 0x5}, {0x5, 0x7}, {0x6, 0x1}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x8e60, 0xb, 0x0, 0x2, 0x5, 0x5, 0x2, 0x2]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x5, 0x3, 0x5, 0x2, 0x5, 0x2, 0x1, 0x3]}}, @NL80211_TXRATE_HT={0x4d, 0x2, [{0x3, 0xa}, {0x2, 0x5}, {0x7, 0x1}, {0x1, 0x6}, {0x6, 0x8}, {0x0, 0x1}, {0x5, 0xa}, {0x0, 0x7}, {0x7, 0x1}, {0x5, 0x6}, {0x0, 0x5}, {0x2, 0x7}, {0x3, 0xa}, {0x2, 0x2}, {0x3, 0x5}, {0x6, 0x4}, {0x5, 0x3}, {0x5, 0x7}, {0x5, 0x7}, {0x0, 0x2}, {0x6, 0x5}, {0x0, 0x2}, {0x5, 0xa}, {0x2, 0x4}, {0x4, 0x7}, {0x6, 0x2}, {0x1, 0x4}, {0x4}, {0x0, 0x5}, {0x4, 0x2}, {0x6, 0x5}, {0x6}, {0x0, 0x1}, {0x6, 0x7}, {0x3, 0x7}, {0x0, 0x7}, {0x7, 0x7}, {0x5, 0x4}, {0x7}, {0x5, 0x4}, {0x5, 0x7}, {0x3, 0x8}, {0x0, 0x5}, {}, {0x2, 0x3}, {0x7, 0x7}, {0x7}, {0x5, 0x2}, {0x0, 0x4}, {0x7, 0x2}, {0x5, 0x5}, {0x2, 0x5}, {0x0, 0x7}, {0x3, 0xa}, {0x6, 0x3}, {0x1, 0x4}, {0x0, 0x3}, {0x5, 0x3}, {0x1, 0x7}, {0x1, 0x7}, {0x7, 0x8}, {0x6, 0x3}, {0x1, 0x5}, {0x1, 0xa}, {0x1, 0x9}, {0x1}, {0x5, 0x7}, {0x2, 0x5}, {0x1, 0x4}, {0x4, 0x1}, {0x4, 0x3}, {0x0, 0x2}, {0x4}]}]}, @NL80211_BAND_2GHZ={0xa4, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x8001, 0x3, 0xa126, 0x6, 0x7ff, 0xff, 0x2, 0x100]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x9, 0x5a0, 0x673, 0x84, 0x0, 0x5, 0x4, 0x9]}}, @NL80211_TXRATE_HT={0x4b, 0x2, [{0x4, 0x5}, {0x6, 0x6}, {0x1}, {0x6, 0x2}, {0x0, 0x6}, {0x5, 0x7}, {0x7}, {0x0, 0x4}, {0x0, 0x9}, {0x4, 0x4}, {0x6, 0x5}, {0x3, 0x1}, {0x4, 0x6}, {0x3, 0x6}, {0x1, 0x5}, {0x6, 0x3}, {0x3}, {0x0, 0x6}, {0x4, 0x2}, {0x6, 0x1}, {0x6, 0x5}, {0x2, 0x8}, {0x3, 0xa}, {0x3, 0x6}, {0x2, 0x5}, {}, {0x1, 0x7}, {0x6, 0x1d}, {0x2, 0x1}, {0x2, 0x3}, {0x7, 0xa}, {0x0, 0x3}, {0x1, 0x4}, {0x0, 0x4}, {0x4, 0x4}, {0x4, 0x2}, {0x1, 0xa}, {0x3, 0x2}, {0x4, 0x8}, {0x1, 0x5}, {0x6, 0x8}, {}, {0x4, 0x5}, {0x4, 0x2}, {0x0, 0x3}, {0x1, 0x2}, {0x5}, {0x5, 0xa}, {0x1, 0x9}, {0x3, 0xa}, {0x1, 0x9}, {0x3, 0x1}, {0x2, 0x6}, {0x1, 0x2}, {0x3, 0x4}, {0x3, 0x2}, {0x6, 0x3}, {0x5, 0x6}, {0x6, 0x9}, {0x4}, {0x1, 0x9}, {0x1}, {0x5, 0x5}, {0x7, 0xa}, {0x2, 0x1}, {0x1, 0x1}, {0x3}, {0x2, 0x2}, {0x0, 0x9}, {0x1, 0x3}, {0x5, 0x4}]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x1ff, 0x2, 0x5, 0x3, 0x4, 0x3, 0x6, 0x5]}}]}]}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0xffffffff}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @beacon=[@NL80211_ATTR_BEACON_TAIL={0x126, 0xf, [@peer_mgmt={0x75, 0x16, {0x1, 0x2800, @void, @val=0x15, @val="ff456de771cab53dcc4b2bce9b0a6b39"}}, @gcr_ga={0xbd, 0x6, @device_b}, @prep={0x83, 0x1f, {{}, 0x6, 0xfd, @device_b, 0x3, @void, 0x9ef, 0x93b, @device_b}}, @random_vendor={0xdd, 0xdf, "b97bf28b253071dc9ead35e56d03ad4e1c7fe66023e94c3a89a6adecd9308aaaba4f75c87e6adce453596619f7168d9c6490fd247d2db45cf1dfb4cc1ecb705897d7a900a90c4931caaeefad41baf3b4dc6417889ccfdbc9e631761573d27e0742833e1155df2dd77155b0d8e10d49219201174bcc7ea7b5367225080e7aad0a7ed2069ffeadbdcc4219d1779390b216976115d292bac933025127b0723885a2f965f3e00732a9b86a8186fd7c9a2c34177213765c8cbaa03e276be74e67c13250452f4df8b4a8d2162a6b4cab3af381953fdea448089865f3679cc7965fb4"}]}, @NL80211_ATTR_IE_ASSOC_RESP={0x20, 0x80, [@ht={0x2d, 0x1a, {0x0, 0x1, 0x5, 0x0, {0xbd2, 0x75c, 0x0, 0x7, 0x0, 0x0, 0x1, 0x1}, 0x8, 0x3, 0x6}}]}], @NL80211_ATTR_HIDDEN_SSID={0x8}]}, 0x328}, 0x1, 0x0, 0x0, 0x840}, 0x4000)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)={0x18, r7, 0x1, 0x0, 0x0, {0x15}, [@TIPC_NLA_BEARER={0x4}]}, 0x18}}, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000040))
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0x1, &(0x7f00000000c0)=@ccm_128={{0x305}, '\x00', "bcbd13b603e0f7b3bfa8909ef43c0aeb", "0000fd9f", "b08068ebca17ab00"}, 0x28)
connect$inet6(r8, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)

16.932764079s ago: executing program 0 (id=6937):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
unshare(0x60600)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000180), 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
openat(r0, &(0x7f00000001c0)='./file0/file0\x00', 0xa4b40, 0x88)
r3 = syz_usb_connect(0x0, 0x10b, &(0x7f0000000000)=ANY=[@ANYBLOB="05010900b24b6a10e6040300770100000001090224000b010000000904000302ccd4280009050b02000000040009058a02"], 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r4, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000c00)={0x0, r2}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r5}, 0x10)
syz_usb_control_io$hid(r3, 0x0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x0)
r6 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x4b4, 0xde61, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x8, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x4, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x2}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r6, 0x0, 0x0)
syz_usb_control_io(r6, &(0x7f0000000400)={0x2c, &(0x7f0000000280)=ANY=[@ANYBLOB="002107000000a329"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000200)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x20, 0x46d, 0xc09b, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x5, 0x10, 0x40, [{{0x9, 0x4, 0x0, 0x9, 0x1, 0x3, 0x1, 0x1, 0x8, {0x9, 0x21, 0x81, 0x40, 0x1, {0x22, 0xe06}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0x1, 0x1, 0x1}}, [{{0x9, 0x5, 0x2, 0x3, 0x20, 0xa0, 0x5, 0x3}}]}}}]}}]}}, &(0x7f0000000bc0)={0xa, &(0x7f0000000980)={0xa, 0x6, 0x201, 0x1, 0x9, 0x5, 0x8, 0x7}, 0x2b, &(0x7f00000009c0)={0x5, 0xf, 0x2b, 0x4, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0xc, 0x5, 0x2, 0xbf}, @wireless={0xb, 0x10, 0x1, 0xc, 0x52, 0xd3, 0x0, 0xe, 0x4}, @ext_cap={0x7, 0x10, 0x2, 0x0, 0xf, 0x6, 0x7}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x4, 0x1, 0x40, 0xa1}]}, 0x3, [{0x4c, &(0x7f0000000a00)=@string={0x4c, 0x3, "ba03013815ac6b0c8556ea58fb939a558eb44a3cee11d7452124572e1172da3fe27ae2e41a331bb1c4183cf2115c995426abd4669d56fe23ea40c55db7e6bd6fb9c19f1b819721c39818"}}, {0x7a, &(0x7f0000000a80)=@string={0x7a, 0x3, "29ad5f55067e9def2ba248aa2a4a161193063c4677a5b5eb2c22a2ae462c77d2493b082e4cb9bb3cca074fc62056570ce4fda22b31512b1f24bf7954c75741c9756c5c17a68c8f2b11e101850163ea7f8434b18c500f3be869b7419aa3901385c98df7f8c62e26b9eae60f8ffb9295b201c31f07bfae9a1f"}}, {0x9f, &(0x7f0000000b00)=@string={0x9f, 0x3, "9f886044930ffd17b6a67a3dce5da2a29288b6888e01543fc2e1c5fe28e46ae2bd9779cc3b533d59b800c7241f38668663cc7194befe9c60c78212afa822024736203d75328625e021585ab82e897f3a641aa2dc2514243c3a7044ef1914bafcc980b3d1a0b4721253e2e797a87d0f434d23a446fac7eecb81efc91d403c7f0b29c1d99d121eca7e170f04c3bbd15edddd913540b0f5a1e732bd47f256"}}]})
syz_usb_control_io(r6, &(0x7f0000000440)={0x2c, &(0x7f0000000040)={0x20, 0xe, 0xbe, {0xbe, 0x30, "0c6c6f8a04433760d40f91daa121ebee527c5f53e0c00e321dc859f38d9cf1e79aadf142e437b742518c7d60dad7de3dc5ba6878a9480faab0acdc0d086eb6e804891b7d87b0731d3820c5b33ea3d79f6cc0951bfa368ffbc4002198300d73ec0375c306eaeb8f398cd460602ae07f27e54ac9e755c00dabac3e1f1e660ce23d4e7188fd745c945bb43e0de1e2e32be437725ee49f85a1aede878e95a782538a3d6a48013d3993e965be593f5deabb20396f6bbb75c48a5844fd1280"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4}}, &(0x7f00000002c0)={0x0, 0xf, 0x9f, {0x5, 0xf, 0x9f, 0x6, [@generic={0x62, 0x10, 0x2, "ab81226221c0123801b73179701890171c6e317a73351dea2c937142719b4a6b52fe189f4b3a801d495d943a44902efec205dbf1f37b10caaecc2312eea4508294f9428c6269bc6a591c43983771bb52290cc68abde9c80e4a31988a6e6f85"}, @ptm_cap={0x3}, @ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0x7, "3b914cba2c96ddd16feb233e598dfb8c"}, @ss_container_id={0x14, 0x10, 0x4, 0x80, "a7c6f1aca3edbc9b765b403abd1c8be4"}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x2, 0x0, 0x6, 0xd}]}}, &(0x7f0000000380)={0x20, 0x29, 0xf, {0xf, 0x29, 0x5, 0x4, 0x4, 0x9, "0ba71a5b", "faddc232"}}, &(0x7f00000003c0)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x5, 0x4, 0x3e, 0x9, 0x5, 0x9, 0x1}}}, &(0x7f00000008c0)={0x84, &(0x7f0000000480)={0x40, 0x14, 0x4e, "b0a8c18f372ea7f20b8ca2a4454c39f0d146d7f1cfc9e72e455f0e83c1ff2c8d0ecccdcf25fd5115a6586d90491032f6e31f79d1f9e8a59af3d577eb654b9acecd2df5ec570162c6ad13b5803569"}, &(0x7f0000000500)={0x0, 0xa, 0x1}, &(0x7f0000000540)={0x0, 0x8, 0x1, 0x5}, &(0x7f0000000580)={0x20, 0x0, 0x4, {0x0, 0x3}}, &(0x7f00000005c0)={0x20, 0x0, 0x8, {0x80, 0x1, [0xf00f]}}, &(0x7f0000000600)={0x40, 0x7, 0x2, 0xcfe}, &(0x7f0000000640)={0x40, 0x9, 0x1, 0x75}, &(0x7f0000000680)={0x40, 0xb, 0x2, "47e8"}, &(0x7f00000006c0)={0x40, 0xf, 0x2, 0x5621}, &(0x7f0000000700)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, &(0x7f0000000740)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000780)={0x40, 0x19, 0x2, 'v\\'}, &(0x7f00000007c0)={0x40, 0x1a, 0x2, 0x8}, &(0x7f0000000800)={0x40, 0x1c, 0x1, 0x1}, &(0x7f0000000840)={0x40, 0x1e, 0x1, 0x9}, &(0x7f0000000880)={0x40, 0x21, 0x1, 0x8}})

14.621528163s ago: executing program 0 (id=6942):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000107d1e502d0000ecff000109022400010000300009040000010300020009210700b90122070009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000380)={0x2c, &(0x7f0000000780)=ANY=[@ANYBLOB='\x00\x00\a'], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001780)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00010000850000000d000000b7000000000000009500000000000000496cf2827fb43a431ca711fcc9cdfa146ec56175037958e271f60d25b7937f02c8695e5a1b2cdf41dc10d1e8bf076d83923dd29c034055b67dafe6c8dc3d5d78c07fa1f7e4d5b318e2ec0e0700897a74a0091ff110026e6d2ef831ab7ea0c34f17e3ad6ef3bb622003b538dfd8e012e79578e51bc53099e90fbdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e060e3670ef0e789f93781965f1328d6704902cbe7bc0476619f28d99cd0aa7b73340cc2160a1fe3c184b751c51160fbce841f8a97be6148ba532e6ea09c346dfebd31a08b32808b80200000000009dd27080e71113610e10d859e8327ef01fb6c86adac12233f9a1fb9c2aec61ce63a3462fd50117b89a9ab759b4eea0c4e95767d42b4e54861d0227dbfd2ed8576a3f7f3deadd7130856f756436303767d2e24f29e5dad9796edb697a6ea0180aabc18cae2ed4b4390af9a9ceafd07ed0030000002cab154ad029a119ca3c972780870014605c83d7d11c3c975d5aec84222fff0d7216fdb0d3a0ec4bfae563112f4b391aafe234870072858dc06e7c337642d3e5a815212f5e16c1b30c3a2a71bc85018e5ff2c910496f18afc9ffc2cc788bee1b47683db01a46939868d75211bbae0e7313bff5d4c391ddece00fc772dd6b4d4d0a917b239fe12280fc92c88c5b8dcdcc22ee1747790a8992533ac2a9f5a699593f084419cae0b4183fb01c73f99857399537f5dc2acb72c7eae993fc9eb22d130665b6341da114f08cd0509d380578673fffffff7f23877a6b24db0e067345560942fa629fbef2461c96a08707671215c302fae29187d4f5c06a960fd37c10223fdae7ed04935c3c90d3add8eebc8619d73415e6adcda2130f5011e48455b588b90dfae158b92e50adab988dd8e12baf5cc9398c88607a08009c2977aab37d9a44cfc1c7b4000000000000fa47742f6c5b9c4b11e7d7262a1457c39495c826b956ba859adfe3c177b91bd7d5ca1664fe2f3ced8468911806e8916dc15e21644db60c2499d5d16d7d915836ab26c169482008ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aae73835d5a3cda9e90d76c1993e0799d4894ee7f8249dc1e3428d2129369ee1b85afa1a5be5f6eb2eea0d0df414b315f65112412392191fa83ee830548f11e1038debd64cbe359454a3f2239cfe35f81b7aded448859968ff0e90500d0b07c0dd00490f167e6d5c1109681739dc33f75b20428d6474a0a91ee90b8de802c6b538622e6bbcb80f87b415263c401e64ed69a2f75409000000000000001d695c4559b82cabac3cccadc1e1c19af4e03020abf5ff0433d660f20898d2a045d009a0ffb20a77c9af2b80c05184a66d30bbea2ca45a4d6d6d1e6e79aef42355a500587b603306a5af8d867d80a07f10d82eafb03062e95196d5e3ff010000000000000be959096ea948cfa8e7194123e918914a71ad5a8521fb9553bc60f7d9719b55b3abb6bba3d113a680a8d46fe074c83fbe378a3889e8145b2eaceab05ef932c6e4f8ef0ed0d818a7b76d839cf3c63ebb4380b168c38fa32e49563cfee3a7f0fc18bfa32c418cef875fb49e2989177a1bcd1e30280bc586e79a5dd8076c248e7d6e97b3ce267dd4e27b6ef206660090bb2164474cef378f97ca33fc03000000000000001547053453d0c9aec91a24079b21d52fb5516bf0c28ef37aa76442f6083dc99cd61afaf6be45d7b00d3639f2f10ac2d5c759c3e5468f5874c24411d415b6b085fb73a2c7c3852e0e658ffeb4e863428a792bee94f6cd895424360e0464f9d7ea425f2fa6aac029d15af607ad83532ff181c985f54b39370c06e63055b4d6a36fa98a44e379d28307c9912fb097601f3f88a2ca6fd1f9320cfe7fc8e9f7f15f02e177ce23f43a154b42e26f037e8a01377cbd3f509e6e540c9ba9c2a589ac5d8ad67a65e9a44c576dc24452eaa9d819e2b04bdd1c000000070000000000000000000000005333c6199c12dcd92689192727a7267c47cf897853d160100b39b613faefe16bed1fc105dddd77ab929b837d54aa17eb9fbdc2bdc0e98ae2c3f23a6131e2879f04ff01000030b92dd493be66c2242f8184733b80ba28e824910844df31f3d4bb2f89049c5f6d63d56995747639964217aacfe548bc869098aa8e07e51dbc9e2d4db3c5f79fd355222ec2a00cf7f2ccd6dd6d2dc2a815d8314221a5472f1318a9dfbec5a759579caf3262129b14e99040b5d91398e17df85c25ccae973eecc7d187168d5c9cd848d566cc17587641ed01889c927da38d83314480b15e23138c5b877a72bd4cf74a299df4fbfc8e6ea96939f15d254d9033c5a45706bda78ab60200000000000000000000000000000000000000706f78f0a2ea9667fb5b951808545a46830970c2dfae01adbda7d29bf1f7abdaf52e0de6f9d7150808ed086642e64ebf98762b34338b80e41b704c3eefaf0bb5f7d895de17a10b0a0ea15ccc0d7a830b6eb33b6b61675511d693ef5e3c44bbf71cabc5175d879e7499f8baae2a1a09cf38da73297764fbc0e723e1cc3abb12e3076982ed32c94a2ce3e6f37c47e983da4ca5c96187db5a2a2e1742bc93a65d7187126126b3a80f17dd2f7dbbe82d104ede9ba6925afc2ee6cb94f56f1363cad635abf8f983292c49c0ebf5005154c7b58a3a2a2e5a00d2f953a86d2fd92b8661264f781e3fb02d05a28f3f17b64d0258853d45cb5ebde10cd3d82eeed2f1ed925b7cf400304932c5ed0a362b235ce37e1f17700f7d1fecf8be8a2c5d25a9c60657560d05441387ff158a018d19a286c56d0886eb59d509ee89cc2df52881d005b2e5c27563ba54e4153c132d0366a9660000000000000009c1aaec93ec0f925921fb2e9eb202a29bef28224dbabe723de5c584bc398a8792e493048c87f60a51a391e95921218149403558fd13c649f90b0911d57eeb298b590581eba1ce383b539ab80fd15445987b1bb4eb512545e1ab65fef310e10b1ee362b51c72f82edf2f502ddf52567775e34a56d1be892f1e62b08950d517fa6fb1b0ef2edf1b67f8644786116b037d4a36fdd30b000063e58c856ec44cbbc2d370553f832af9480215e09aaa3843fe360b1c293a14627f2cfbe278f31d0abc0f5aaa10926dbbfe8a4b131c13a73d4e6d065c2c0fed3ab8442520ce0e0ad7d2d177377ab197ace3ef8b1c24ceb0bdee84bd6e6317633938dd19dc42de7f8f860eca6d9c74525fcd3497526df4c13e3ba5f0d75365a4542ae9440d2fede416d618cdaaf7e038879c5d177b3876fda4121e15a00adb976064a93e8d000000000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x1000}, 0x4)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x1000}, 0x4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xfe, 0x0, &(0x7f0000000100)="b9ff03006044238cb89e14f088a81bffffff00004000632977fbac141442e934a0a662079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000}, 0x2c)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x5)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
ioctl$EVIOCSABS20(0xffffffffffffffff, 0x401845e0, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="006f4531fc3783bef500000000000000000000000040000000000000cb07e1315a3969e5f7e6fba8810000009ecf3aeb4c4e358be52c4af03a7e0c"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r7, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r8}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
r9 = socket(0x1, 0x803, 0x0)
getsockname$packet(r9, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)

10.685596453s ago: executing program 0 (id=6960):
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0x8, &(0x7f0000000200)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0ff5b14104fe62cc60e413905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf2364149215108333719acd97cfa107d40224edc5465a93df8513a32ec450bebc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe511195418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4929330142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da8c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000dd11e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15f2a169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f000010000000000000905ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400bee3dfc8fb24f67c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341b74abaa7c95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb232bbdb9dc33cbd7643866fde41f94290c2a5ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595270fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f76dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d2e959efc71f665c4d75cf2458e3322c9062ece84c99a061997a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99f0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d164118e4cbe02400000000ff0700000000cc9d8046c216c1f895778cb25122a2a998de44aeadea2a40da8daccf080842a4867217373934bbd42dcb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcd62981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba495aea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b60000000000001700d6d5210d7560eb92d6a97a27602b81f76386f1535b1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294059323e7a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd704e4214de5946932d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1fc8df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1785eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba891cea599b079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be2f5656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fd78f9743af932cd6db49a47613808bad959719c0000000000378a921c7f7f6933c2e24c7e800003c9e8095e02985f28de0bbc76d58dd92606b1ef6486c85fa3e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6968d12418a4d2a0d086d8438d415d713acebc5b014e61a543a5a391f03daca80f08f0e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e112645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c000000000000000000000000000000a1c3da144589dcaddb71cf9374843e23f992a237a9040747e0434a8a643990b4059a98411ce867d1af7e8ea89f49e6f564d4dce8a7d6939a9214a7f39e83bd247e03a09dba000000000000000000000000aaf033d47249c8444bc13844cbf1be617d82b269e5ea0c0d525603c0ec543ea581f63893ae414a6683e941fdbdff03cfc5f8744583c0aa766a65321f907927a59d75b47f06895e8471ebc2840ce5bd054df223fb09b9c739ad64cfcfd2d498"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0, r0}, 0x18)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
syz_mount_image$vfat(&(0x7f0000000200), &(0x7f0000000080)='./file0\x00', 0xa08886, &(0x7f0000000240)=ANY=[@ANYBLOB="23833373c1c39d45f178ba82e710e00f097b6913513b690c0d5b88171429444f80ca813f0d116c232cd0f32f2a73b895ee2053d3ba52a25707a5ac5c725db8fa9f8f31e94bbbfb3d1de4f31e15aaea4b59fa0849187b3e90dbf7c9574a5ab7c7725952e1241523edf66be8e62e028ab4413906aa611a9aeddb23a2bb41c65c31"], 0x9, 0x2a8, &(0x7f0000000500)="$eJzs3F9IU38Yx/HHPz/1Z+hGRFBQPeVNRRzcrgMdoRENjHJhCcExz2rstI2dsZqEWxB400U3/buuIEIQoosgELvoKpTwrovuvPMiu0oiOjGnudnUMnWS79fF9rDn+zl8z58dtu9g08fvXouGHSNspqS6oUqq2yUns1XilWpZkJMj10fe7zt34eLpQDDYcVa1M9Dt86tq84HR3pvDh8ZSO86/bH5dL+PeS9Mz/qnx3eN7pr93X404GnE0Fk+pqX3xeMrssy3tv+9EDdUztmU6lkZijpUs6YfteCKRUTPW39SYSFqOo2Yso1Ero6m4ppIZNa+YkZgahqFNjYKVDacfBZbvhp7Puq7MpN65bn1OXNfNv9iwidNDhc2df9ctOv93Kj0lbKKim3qDiD2UDqVDhedCPxCWiNhiSat45JvkrxH38Yg7d6nkH2/4R4KTR9++UVWvDNrZ+Xw2HaopzfvEI95CpqBQd54Kdvi0oDT/nzQW5/3ikV3l8/6y+To53FKUN8Qjk5clLrZMjB78MtU19GAhP+hTPdEVXJL/X/oXD9OzzxU6PwAAAAAAAAAArIWhP5VdvzfyA24PqGrTkn4hX+73gaXr861l1+drZW9tZfcdAAAAAIDtwskMRE3btpJ/WeS/yq/Hdv694smt3x+8v3PlMS1tNRPtH3KJrbBff1B87dkS0ygtZH71abXBNev8TlksPq3Ldqrm57f8mJO9H1+sup26X47PcsY2/q4EAAAAYCMsfuhvk2z4VTrbc+xepecEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB2s4a/HJt4WK6l+WLn03KtSu8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADASn4EAAD//xAR0Ao=")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000002085000000700000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r6 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000001740), 0x48240, 0x0)
write$uinput_user_dev(r6, &(0x7f0000001780)={'syz0\x00', {0x8000, 0xbb, 0x6, 0x8}, 0x29, [0x800, 0x4, 0x7, 0xdc820000, 0xe66, 0x5, 0x9, 0x4, 0x2, 0x8, 0x2, 0x4, 0x9, 0x6, 0xfffffffe, 0x1, 0xe9, 0xc, 0x4, 0xe5bf, 0x2, 0x8000, 0xc, 0x4c, 0x341, 0x1, 0x5560, 0xfffffeff, 0xe02, 0x0, 0x4, 0x69, 0x1, 0x5, 0x3, 0x1f, 0xf40, 0x4, 0x4, 0x3c0c, 0xc0000000, 0x3f1, 0x4, 0x2, 0x9, 0x10, 0x3, 0xd, 0x5, 0x5, 0x16, 0x6, 0xaa, 0x1, 0x2, 0x2, 0x0, 0xfffffffc, 0xffff, 0x2, 0x3, 0x6, 0x9668, 0x8], [0x2c, 0x10, 0x7fff, 0x6, 0xfffffffd, 0x62a, 0x8, 0x3, 0x800, 0x5, 0x7000000, 0x4, 0xb669, 0xe3, 0x4, 0x3, 0x8, 0xfffffff9, 0xf330393, 0x6a7, 0x5, 0x2, 0x7, 0x3, 0x6, 0x1, 0x6, 0xff, 0x0, 0x8, 0x9, 0x100, 0x101, 0x7, 0x5, 0x9, 0x0, 0x10, 0x1, 0x9, 0x7, 0x20ff7964, 0x7, 0x8, 0x0, 0x3, 0xa, 0x7, 0x7, 0x10000, 0x7, 0x6, 0x9, 0x0, 0x8, 0x7c, 0x0, 0x4, 0x4, 0x2, 0x7, 0x2, 0x4, 0x3], [0x0, 0x4, 0x10001, 0x2873, 0xe682, 0xa1d, 0x958b, 0x7c9, 0x3, 0x3, 0x28e, 0x1, 0x0, 0x7, 0xe, 0x0, 0xd0, 0xbac, 0x6, 0x6, 0x3, 0x4, 0x0, 0x80000001, 0x10001, 0x780, 0x4, 0x9, 0x4, 0x3, 0x8, 0x7, 0x6, 0x8000, 0x2d, 0x723, 0xf, 0x4, 0x3, 0x9, 0x6, 0xffff, 0xfffffffe, 0x4, 0x7, 0x3, 0xb, 0xfffffff9, 0xfffffff9, 0x0, 0xad, 0x7d, 0x2, 0x2, 0xfffffffa, 0x7fff, 0x8, 0x6, 0x1, 0x1, 0x5, 0x0, 0x2, 0xfffff001], [0x4, 0x0, 0xfffffff8, 0x8, 0x0, 0x9, 0xa3e0, 0xc3, 0x1, 0x236c, 0x7fff, 0x5, 0x8, 0x6, 0x1, 0x6, 0x0, 0x1, 0xd, 0x80, 0x4, 0x0, 0x0, 0x9, 0x7fff, 0xb117, 0xffffffff, 0x8, 0x8000, 0x4a6d, 0x5, 0x2, 0x7, 0x2, 0x3, 0x6, 0xc, 0x3, 0x9, 0x3, 0x8, 0x2, 0x80000000, 0x5, 0x9, 0x6, 0x580, 0x1ff, 0x8, 0x4, 0x6, 0x5, 0x4, 0x8, 0x0, 0xfffff800, 0x6, 0x3a985367, 0x10, 0x7, 0xef, 0x7, 0x4, 0x9]}, 0x45c)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
r7 = syz_open_dev$vcsa(&(0x7f0000000cc0), 0x7, 0x200)
write$binfmt_elf64(r7, &(0x7f0000000d00)={{0x7f, 0x45, 0x4c, 0x46, 0x10, 0x9, 0x6, 0x0, 0x3, 0x2, 0x3, 0xba7, 0x26, 0x40, 0x11c, 0x100, 0x400, 0x38, 0x4, 0x1, 0x8001, 0x8}, [{0x1, 0x200, 0x5e, 0x0, 0x8, 0x9, 0xc, 0x2}, {0x6474e553, 0x7, 0x100000000, 0x4, 0x0, 0x2, 0xff, 0x5}, {0x4, 0x10001, 0x8000, 0x8, 0x260a, 0x1, 0x6, 0x8000}, {0x3, 0x80000001, 0x0, 0x3, 0x8, 0x10, 0xb1, 0x401}], "55b006b4cd1a95be25ea643eccc3", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0xa2e)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r8 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_FILL_RING(r8, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4)
bind$xdp(r8, &(0x7f0000000100), 0x10)
r9 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r9, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r9, 0x400455c8, 0x0)
ioctl$sock_bt_hci(r1, 0x400448ca, 0x0)

4.021235873s ago: executing program 4 (id=7010):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xae2}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x4, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_SETMODE(r3, 0x5602, &(0x7f0000000280))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x100000}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000200)='jbd2_write_superblock\x00', r1}, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000100)={0x2, &(0x7f0000000500)=[{0x80, 0x3, 0x0, 0x2}, {0x16}]})
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r4)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000200)='jbd2_write_superblock\x00', r5}, 0x10)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r6 = inotify_init1(0x0)
fcntl$setown(r6, 0x8, 0xffffffffffffffff)
fcntl$getownex(r6, 0x10, &(0x7f0000000140)={0x0, <r7=>0x0})
r8 = syz_open_procfs(r7, &(0x7f0000000040)='fd/4\x00')
r9 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r9, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)
r10 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xd, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r10}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmmsg$inet(r9, &(0x7f0000004540)=[{{&(0x7f0000000040)={0x2, 0x4e22, @multicast1}, 0x10, 0x0}}, {{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000180)="15b26f226e2966667482d50703b0a8d92ccd9e69d5cc4cb3d467a670b237a9225fb56c0f7ea725dee27c4bb43bb50c6748c83b71d59f0537405dfab648c096607340fac939a2efd31cbe2f8ca29c409e87ea0974b7bceff9afef5dffd691575f5115f2f961ad488e3386036913e98181a6034febaab853a3e928b9035b0e3a8e1cb393c70f6d0448970e0af2476f8b923ee09c19deca55d58f70e8eeff55dda6381cb96afe97196c0af0a8fd450a1447a1a521e2c211fb84cbcf4aebd31298972ec6be", 0xc3}, {&(0x7f0000000d80)="7d68e6de85f9b0cbc9d710267f321ec64eab043ecad9af7e01e9463218ec45924a99867163e468d36a682fadd749caa325e685d75559a87139e02fae7271be8f55671cfd32a09896278d1941370174720838039d0989bc3394b8a4c4f4a30f0496be313d6d60fe47966c634a3ee1f659e8ef310647725bda0130d5de5028220a4cf5fc808a75694738ee26cb21302b4bba4265b845a5d5dce706d9820c6936b122f9658446d74a9016b94424971dd443a6907eb5c73b6b200e92b23f2c36a214729b0bc231511e4c", 0xc8}, {&(0x7f0000000380)="73fd71361e8d6c80ae1bc9953e2a4aeac7a314273066fc7f65a51969b46df1774bb0be94ccd4824f2d57ad2cd37242b1258402395481f9f07e067652e52aa8ccefcd0962ba0c48757b68d493f3ad702e65d4daa7dfc1605a173185472ae12470eea64c70ef4e64793b8a830447de0f423bef3964934eef4243cac42939ba6fa68d821b9373b5f3e2c26e7ca75ed8fb3203aef3a6637cecdd0251532b99537e02f604058f50e66c8a657d59beeed127695475f082d3d2b9790181fc987ad000ac00887d1506be89f388ecb405660b4ea196ee8f5a92b12ec43bbf49567db613d478ebe2358364f7600bf4f80ef4b2756fb13416c4fa22880cc96a03f07888575aedb001d5a74bb2f906797912b5ac080a0a3d361425f1a92ab03bbe65d5dcb235f43b5ad1162a16ebdc647baac013bf076945126cdd5a080853976a97ad55184601102fbb8df86b21aa8162858d74465c5fb7dc766602a3567f6eaf441f85ec50ca7fb3a4fdb450d1420531da25d01a412958a5e3895c59542238cf8e188e7fb5641eb24a5f1819bf8d2e9dd6c1d0e93564d723e311db9cd268bb1e477036e822b135cdbaf40f812aa7db01d22c829ab01ae24997dae96ddeed49e62d285701d5419e3f94a8b95790cf5a296ed15bffae1f71470c6a6eda872528844a2df42590d898630263cab5cccec57b7cea365ad8c91bfbe7cb419635ce6bf340a56115c0ad922b6fade9538e543bc5def2a85d35ab16d20c219c4733837be2c14ba4d3d32c3a6882ce6857626f55109b4cdcb634425d710bf3108f9b31b4af0cc17a58e49e871a56126dd8bed08e038ba64008587237b3442d28032e52fc9fae1a5784ba59d0edfa03d38352724903ed6f6970b3f4dfa6e40bf933b6765c6ee648174765f1e8ec71b80cac86abd065a3005b40a43a665707cc590997c5048183006a9dd8026d39def05950183b3d4f12f4e1644ef78cddac7c5569985c2c232bb350f28857675339e53f63a868704d2e0b38993dc57a02d3e297fc9a5b9384622841018c303a05bac25d509df5a2d0e3232927283fcc3ec67e4fa7b71d22f115cf693851dcceab4bce38cbfbb32829e211cdcb6a359e14fe416663541050d340aef2555dbd292bd9cbab8fcf20378149cc994569c2bc95fb33fd2d9321b8ac8e5160b02e202492f470eb719a8f2ac3a4be37ea0918b54b14789b7aa228d47f7b13fd9af608740c5a8fe02109a7cc0e555b22628ef790e513ecadfd338d30aed8ca219e64ee4fb0bd0e21e5101bf2072ffa071eb1aa0454caccc015ff1e166813f819a142b56a22e4ff387bb319288a0ef747c6fc8fdee3a0e193b0d086eb816e97e0322fcdaa30da61cd26ac9d8d0748fccd911ce0fd4adc953e9486e137fe66bc8aedfd5b78c562ebfc578ac9f96a453311766564541e16955e30b95914e9411a0b4cd95e0d8732d5ff7a4f921ef41d986a195334266585353b16b9449955523913a30c087532bcb899f733af3abea59baea174cf04359547a633b5f8a582ae3ef12a1d0125bef8c6e8c9fb589d3597c5ab3879491b0c5e3607203f06836a6805d3f7979c4325f9fecb2aceddedb272237132460cda812ef7d613a585898d59f92ef68ec95f12b47b440f6d899ecbfab48055e0c1605ba4cd9dbc17c4cbfec8a953ebbd38c45a6737a57ee58e21a20e530171137968ae4f0d0366cdb0b9d6a4667b011fcd7cd9e77364e5221989d8f0d80793260e748e3bd394849c090c744f6044328304cd6f02e941c5405647daffc1fd2f2864b37f92bbf4931c8e4a7c6bafd0ea79d39d330e70e6776bf6a926de227e5a43653bba04883e98d67bb64aa86e8bf271ba87604bc598e47f2992c7618ad25068860a481554b53352c7339de7e79c3bd1aed5bef8f398432858c888a5d8651969ea40eb3d486e9fe61d49b20500fdfd1548f567da970103d36730657c35d03d2c36b142665f62203b1fb12d616478cfef6f38b34cda87a634dd06d359f33e98b94a5e5b46b2a8d73126352d1d5b65af75055455cc903e384c41876fbdff935d047284d9d203b147a6ba0e9cb50beef7798886c33d2f2f0c0d9abe0e32c7c809f8b0b28fc59471987353c862a311776b8275bf319d5cb9a59f8f103b6e567ef5dd8859973cc3fe41e356bf5bd3186240e49286977eca36a8ad44185973b276cd7958b73e14a221b7fd567818bebf54ad27ee95161bd2aeeb356482ff467500a7d36f0464f58a591ec6b728f984ec78d0abe14c6d3411ac3ffc4c3179d1f95d029f26cceb545723519d3d4209a2b1243e78767273c13dc2bd320512674b6f1a50313bae7b9d16aebb476dbc829e8fd8dd46a1696efaff5795cf75de57c90f05ed9ef4a5cdfbf20d3d9ed95fb4114b1d5c9ade0856212e7ba330ce5bccf2c993dff89112b28bd3b17d3fcfacef7590f62bf948977dd79e2d8025946c80bf263e34035409b5ba1443d4929727180761bd56d258c3670a0aa4de21111fc3172367582de2d164ff3a18d0696b8dd8e5c1423b2ea1e2c0cfe141e4cf04f8cdaed48976b94c40d6a581300458661bbdbfeeb4969af6319eb1798843d0872f68f0c6537bbc9c7dd1e9b0564bf442d8d25f8aa884aba1df074d374f99750d9227bb821ba0355f60de2829a5c8cd47c89d29a2e3d7d53d59db5c3ace8f484664202c210c68a3b33076fb00d59938e84fbad6d6618c0bb89cf94035fa2de4da351e0d71df416450ea7ec3af33aa5c0313c63e654bd79c73b39dc1933636956761058d76648746daca469f8fce62c17a8160cdefc6a927eef9ec4a8dd684e46f35282546ce2362ab8afedd39bf699fd7c2cde538f52ea43c08558f42ba77b2986b800c45fa76a130b30919b3e1d504573e3c1e7dd2dc5d81379df53d736511f1da4ad8791e46adb27bb5c38129e89edda0aed99dcc03fe400f7d05d48e3e9e17744e8487f8ac464c86f7332211fb9799e9d27a6832d5f17ccd1a2da255f6da047e4728dd80860c04391bca4b7833f0346866401ec20033bcf6dfa85fd1520de5a03b4f9f6f5d2f8d7b6e7d7df1cbe5c05e23e080cf335639c94c48aaeb0bfebbe79530d67d35fb101c91839954c0e50dd4b90a86428b22b0be1e906fee30f68d7ce4bf9c68eafe695f07f5e4e4d473d77104b7b1b5dcfeb84e8c83624c0068d4e1cccfe740f8e5d5699603f8481ef2a1f2d4b8fd2314c5cb1985fe34cf8ede7d2e8bddea269422490903489c7f5951114d7ccb29a19455a987d538955712a460243105b25ccb6e6f34c370a6bbb234bee150dbcea5188e45305253f1014f7c0b5d60d517d2d05707f5ca9249a921d6c5307caf41deca0509b49102d801320db65c00f6e1c05fb8c2e1cc554673bf6168dd64086b19af28eec508fd0c304837e802173ac9947c4d73929c61d9632ab929a25f2a04350954612c2de705c1c25215284fe933fc8ccfd30ab3fc9ff5e04dd68d4720d95a29d6da176ac9d332c9ce77358f3c262777ea828fe6473638bc77be2aa586a3733e275744bc42c3742c1ad8f89d25c31958902f2f498c58fc85e9b78fb7a331734cb081cfa9ccfd262df927c0ff46983f8765af4add3532de2b91f2436df028", 0x9fd}], 0x3, 0x0, 0x0, 0xfffffdef}}, {{0x0, 0x0, &(0x7f00000017c0)=[{&(0x7f0000001700)="c9", 0x1}], 0x300}}], 0x3, 0x240080e4)
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r8, 0x40086610, &(0x7f0000000180)={@id={0x40000, 0x0, @b}})

3.166034505s ago: executing program 4 (id=7013):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000580)='kmem_cache_free\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x6, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000840)='kmem_cache_free\x00', r2}, 0x18)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x14, &(0x7f0000000200)=0x5, 0x4)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000040)=0x200, 0x4)
sendto$packet(0xffffffffffffffff, &(0x7f00000000c0)="3f040e03f007120006001e0089e9aaa911d7c2290f0086dd1327c9167c64114a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xb318, 0x0, &(0x7f0000000540)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14)
r3 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_int(r3, 0x29, 0x31, &(0x7f0000000200)=0x8, 0x4)
bind$inet6(r3, &(0x7f0000f65000)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
sendto$inet6(r3, 0x0, 0x0, 0x20000002, &(0x7f00000001c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
pipe2$9p(&(0x7f0000002180)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
write$P9_RVERSION(r5, &(0x7f0000000200)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r7 = dup(r5)
write$FUSE_BMAP(r7, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r7, &(0x7f0000000700)=ANY=[@ANYBLOB="3801"], 0x138)
write$FUSE_DIRENTPLUS(r7, &(0x7f0000000880)=ANY=[@ANYBLOB="2001"], 0x120)
write$FUSE_DIRENTPLUS(r7, &(0x7f00000004c0)=ANY=[@ANYBLOB="1c"], 0x10)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r5])
lgetxattr(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000480)=ANY=[@ANYBLOB='user.t'], 0x0, 0xf9)

3.154091326s ago: executing program 4 (id=7014):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x6, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r0}, 0x18)
pipe2$9p(&(0x7f0000002180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000200)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r3, &(0x7f0000000700)=ANY=[@ANYBLOB="3801"], 0x138)
write$FUSE_DIRENTPLUS(r3, &(0x7f0000000880)=ANY=[@ANYBLOB="2001"], 0x120)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
lgetxattr(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000480)=ANY=[@ANYBLOB='user.t'], 0x0, 0xf9)

3.128487008s ago: executing program 4 (id=7015):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000017b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r2}, 0x10)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)

3.10643906s ago: executing program 4 (id=7016):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYRESDEC=0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x8, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
syz_emit_ethernet(0x4a, &(0x7f00000004c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000880)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd600a3ff200140600fe8000000000000000000000000000bbfe8000000000000000000000000000aa00000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780000e380659173706e23283111eb8badeea77cf0026bc550d3cb8e2dc459b170652e07124cb6da1eb3bf60214e22c68c2b8a8d832722fc50b6da53a81ba9f4f563595b14a97c904d17aeac3c4e22372f3197e056b3a51a1be9ceba75c4a0f0f8c85ad575446124bfedfe6a3935a17cf1671f25afc1d69521e25794ffdf2e479303"], 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000003d62a00850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f000000850000000700000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x21000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file2\x00', 0x200801f, &(0x7f00000000c0), 0xfe, 0x4ec, &(0x7f0000000380)="$eJzs3VFrHFsdAPD/THa9TZvr5qoP14JtsZWkaDdJY9vgQ1UQfSqo9b3GZBtCNtmSbNomFE3xAwgiKviiT74IfgBB+hFEKOi7qChFW33woTqyu7MxTXeTlG52vdnfD07nnNnZ/Z9/hz2ZMzPsBDC0LkTEZERkWZZdjohSvj7NS+y0SmO7F88fLTRKEll2+29JJPm69me9ky/P5G87FRFf/0rEt5LX425sba/MV6uV9bw9VV9NXmbZ9pXl1fmlylJlbXZ25vrcjblrc9M9yXM8Im5+6c8//N7Pv3zz15958Ic7f538divBlr159FIr9WLz/6KtEBHrxxFsQArNDFuuDbgvAAAcrHG8/5GI+GREXI5SjDSP5gAAAICTJPv8WLxMWtf/AAAAgJMpjYixSNJyfr/vWKRpudy6h/djcTqt1jbqn85Ku+cLxqOY3l2uVqbzewfGo5g02jP5Pbbt9tV97dmIeC8iflAabbbLC7Xq4kDPfAAAAMDwOLNv/v/PUmv+DwAAAJww44PuAAAAAHDszP8BAADg5DP/BwAAgBPtq7duNUrWfv714v2tzZXa/SuLlY2V8urmQnmhtn6vvFSrLTV/s2/1sM+r1mr3Phtrmw+n6pWN+tTG1vad1drmWv3O8iuPwAYAAAD66L3zT36fRMTO50bTiMiSPa8VI7KRvRsX+t8/4Pikb7Lxn46vH0D/jQy6A8DAOKSH4VUcdAeAgTtsHOh6885vet8XAADgeEx8fPf6f7MAw+PJs+YiSQbdEaDvXP+H4eX6Hwyv4kFHACYFcOKlR/iqv/31/yx7o04BAAA9N9YsSVrO5wFjkablcsS7zccCFJO7y9XKdER8OCJ+Vyq+02jPNN+ZOD0AAAAAAAAAAAAAAAAAAAAAAAAAAEeUZUlkXYzubgMAAAB8kEWkf0ny539NlC6N7T8/8KHkX6XmMiIe/OT2jx7O1+vrM431f99dX/9xvv5qv89eAAAAAJ205+nteTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9NKL548W2qWfcZ99MSLGO8UvxKnm8lQUI+L0P5Io7HlfEhEjPYi/8zgi3u8UP2l0K8bzXuyPn0bE6IDjn+lBfBhmTxrjzxc6ff/SuNBcdv7+FfLytrqPf+nu+DfSZfx7t9MHpq+vOvv0l1Nd4z+OOFvoPP604ydd4l88Yo7f/Mb2drfXsp9FTHT8+5O8EmsqKdyb2tjavrK8Or9UWaqszc7OXJ+7MXdtbnrq7nK1kv/bMcb3P/Gr/xyU/+ku8ccPyf/SEfP/99OHzz/aqhb3vVSMn2bZ5MXO+//9LvHbf/s+le/uRnuiXd9p1fc694vfnjt/QP6LXfI/bP9PHjH/y1/77h+PuCkA0AcbW9sr89VqZV1F5dgqo9HHoPNx0Dbtg9g+9Oc7eaj/i13wxpUBDkoAAMCx+N9B/6B7AgAAAAAAAAAAAAAAAAAAAMPrsJ8Bix78nNj+mDuDSRUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4ED/DQAA///T9Mzo")
syz_mount_image$fuse(&(0x7f0000000240), &(0x7f0000000280)='./file2\x00', 0x0, &(0x7f0000000a80), 0x0, 0x0, 0x0)
fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000080)={0x2})
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCETHTOOL(r6, 0x8946, 0x0)
r7 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000000000106d049cc200000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r8, 0x8971, &(0x7f0000000a00)={'batadv_slave_1\x00'})
syz_usb_control_io$hid(r7, 0x0, 0x0)
syz_usb_control_io$hid(r7, &(0x7f0000001440)={0x24, 0x0, 0x0, &(0x7f00000013c0)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0x0, "1d670d6f"}]}}, 0x0}, 0x0)
syz_usb_control_io$hid(r7, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700)
r9 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r10=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@dellink={0x20, 0x11, 0x101, 0x0, 0x0, {0x0, 0x0, 0x0, r10}}, 0x20}}, 0x0)

2.894452857s ago: executing program 2 (id=7018):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000540)='kfree\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_SURVEY(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="a903000000000000000032"], 0x1c}}, 0x0)

2.870898329s ago: executing program 2 (id=7019):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x1, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000800)={{r1}, &(0x7f0000000780), &(0x7f00000007c0)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r4 = epoll_create1(0x0)
poll(&(0x7f0000000480)=[{r4}], 0x1, 0x100)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000000))
close_range(r0, 0xffffffffffffffff, 0x0)

2.604757012s ago: executing program 2 (id=7021):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000431000/0x1000)=nil, 0x1000, 0xb635773f06ebbeee, 0x2010, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000440)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000004000000000000000000850000002300000095"], &(0x7f0000000180)='GPL\x00', 0x4, 0x8f, &(0x7f00000002c0)=""/143, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000380)='sched_switch\x00', r2}, 0x10)
mount$bind(0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$inet6(r3, &(0x7f0000000340)={&(0x7f0000000240)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}}, 0x1c, 0x0, 0x0, &(0x7f0000000300)=[@pktinfo={{0x12, 0x11, 0x67, {@rand_addr=' \x01\x00'}}}], 0x28}, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000840)=@mangle={'mangle\x00', 0x64, 0x6, 0x538, 0x100, 0x1d8, 0x100, 0x100, 0x2a8, 0x490, 0x490, 0x490, 0x490, 0x490, 0x6, 0x0, {[{{@ipv6={@empty, @loopback, [], [], 'gre0\x00', 'bond0\x00'}, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@srh={{0x30}}]}, @common=@unspec=@CONNSECMARK={0x28}}, {{@uncond, 0x0, 0xa8, 0xd8}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x3c0}}, {{@ipv6={@mcast2, @private1, [], [], 'pim6reg1\x00', 'vlan1\x00'}, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4=@remote, @ipv6=@mcast1}}}, {{@ipv6={@private0, @remote, [], [], 'tunl0\x00', 'bond_slave_0\x00'}, 0x0, 0xa8, 0xd0}, @HL={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x598)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r5}, 0x10)
move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
stat(&(0x7f00000005c0)='./file0\x00', &(0x7f0000000600))
socket(0x10, 0x3, 0x0)
r6 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$GIO_UNIMAP(r6, 0x4b66, 0x0)
process_vm_writev(0x0, &(0x7f0000000040)=[{&(0x7f00000014c0)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/122, 0x7a}, {&(0x7f00000003c0)=""/84, 0x54}], 0x3, &(0x7f0000000580)=[{&(0x7f00000004c0)=""/82, 0x52}], 0x1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)

2.085107545s ago: executing program 1 (id=7023):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000540)='kfree\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_SURVEY(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="a903000000000000000032"], 0x1c}}, 0x0)

2.050837698s ago: executing program 1 (id=7024):
r0 = socket$netlink(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x1, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r3 = epoll_create1(0x0)
poll(&(0x7f0000000480)=[{r3}], 0x1, 0x100)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000000))
close_range(r0, 0xffffffffffffffff, 0x0)

1.78507847s ago: executing program 1 (id=7025):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000580)='kmem_cache_free\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x6, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000840)='kmem_cache_free\x00', r2}, 0x18)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x14, &(0x7f0000000200)=0x5, 0x4)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000040)=0x200, 0x4)
sendto$packet(0xffffffffffffffff, &(0x7f00000000c0)="3f040e03f007120006001e0089e9aaa911d7c2290f0086dd1327c9167c64114a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xb318, 0x0, &(0x7f0000000540)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14)
r3 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_int(r3, 0x29, 0x31, &(0x7f0000000200)=0x8, 0x4)
bind$inet6(r3, &(0x7f0000f65000)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
sendto$inet6(r3, 0x0, 0x0, 0x20000002, &(0x7f00000001c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
pipe2$9p(&(0x7f0000002180)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
write$P9_RVERSION(r5, &(0x7f0000000200)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r7 = dup(r5)
write$FUSE_BMAP(r7, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r7, &(0x7f0000000700)=ANY=[@ANYBLOB="3801"], 0x138)
write$FUSE_DIRENTPLUS(r7, &(0x7f0000000880)=ANY=[@ANYBLOB="2001"], 0x120)
write$FUSE_DIRENTPLUS(r7, &(0x7f00000004c0)=ANY=[@ANYBLOB="1c"], 0x10)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r5])
lgetxattr(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000480)=ANY=[@ANYBLOB='user.t'], 0x0, 0xf9)

1.771150381s ago: executing program 1 (id=7026):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x6, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000840)='kmem_cache_free\x00', r0}, 0x18)
pipe2$9p(0x0, 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r1 = dup(0xffffffffffffffff)
write$FUSE_BMAP(r1, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r1, &(0x7f0000000700)=ANY=[@ANYBLOB="3801"], 0x138)
write$FUSE_DIRENTPLUS(r1, &(0x7f0000000880)=ANY=[@ANYBLOB="2001"], 0x120)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX])
lgetxattr(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000480)=ANY=[@ANYBLOB='user.t'], 0x0, 0xf9)

1.736768885s ago: executing program 2 (id=7027):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000017b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r2}, 0x10)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)

1.712749866s ago: executing program 3 (id=7028):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xae2}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x4, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_SETMODE(r3, 0x5602, &(0x7f0000000280))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x100000}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000200)='jbd2_write_superblock\x00', r1}, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000100)={0x2, &(0x7f0000000500)=[{0x80, 0x3, 0x0, 0x2}, {0x16}]})
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r4)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000200)='jbd2_write_superblock\x00', r5}, 0x10)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r6 = inotify_init1(0x0)
fcntl$setown(r6, 0x8, 0xffffffffffffffff)
fcntl$getownex(r6, 0x10, &(0x7f0000000140)={0x0, <r7=>0x0})
r8 = syz_open_procfs(r7, &(0x7f0000000040)='fd/4\x00')
r9 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r9, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)
r10 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xd, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r10}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={0x0, r11}, 0x18)
sendmmsg$inet(r9, &(0x7f0000004540)=[{{&(0x7f0000000040)={0x2, 0x4e22, @multicast1}, 0x10, 0x0}}, {{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000180)="15b26f226e2966667482d50703b0a8d92ccd9e69d5cc4cb3d467a670b237a9225fb56c0f7ea725dee27c4bb43bb50c6748c83b71d59f0537405dfab648c096607340fac939a2efd31cbe2f8ca29c409e87ea0974b7bceff9afef5dffd691575f5115f2f961ad488e3386036913e98181a6034febaab853a3e928b9035b0e3a8e1cb393c70f6d0448970e0af2476f8b923ee09c19deca55d58f70e8eeff55dda6381cb96afe97196c0af0a8fd450a1447a1a521e2c211fb84cbcf4aebd31298972ec6be", 0xc3}, {&(0x7f0000000d80)="7d68e6de85f9b0cbc9d710267f321ec64eab043ecad9af7e01e9463218ec45924a99867163e468d36a682fadd749caa325e685d75559a87139e02fae7271be8f55671cfd32a09896278d1941370174720838039d0989bc3394b8a4c4f4a30f0496be313d6d60fe47966c634a3ee1f659e8ef310647725bda0130d5de5028220a4cf5fc808a75694738ee26cb21302b4bba4265b845a5d5dce706d9820c6936b122f9658446d74a9016b94424971dd443a6907eb5c73b6b200e92b23f2c36a214729b0bc231511e4c", 0xc8}, {&(0x7f0000000380)="73fd71361e8d6c80ae1bc9953e2a4aeac7a314273066fc7f65a51969b46df1774bb0be94ccd4824f2d57ad2cd37242b1258402395481f9f07e067652e52aa8ccefcd0962ba0c48757b68d493f3ad702e65d4daa7dfc1605a173185472ae12470eea64c70ef4e64793b8a830447de0f423bef3964934eef4243cac42939ba6fa68d821b9373b5f3e2c26e7ca75ed8fb3203aef3a6637cecdd0251532b99537e02f604058f50e66c8a657d59beeed127695475f082d3d2b9790181fc987ad000ac00887d1506be89f388ecb405660b4ea196ee8f5a92b12ec43bbf49567db613d478ebe2358364f7600bf4f80ef4b2756fb13416c4fa22880cc96a03f07888575aedb001d5a74bb2f906797912b5ac080a0a3d361425f1a92ab03bbe65d5dcb235f43b5ad1162a16ebdc647baac013bf076945126cdd5a080853976a97ad55184601102fbb8df86b21aa8162858d74465c5fb7dc766602a3567f6eaf441f85ec50ca7fb3a4fdb450d1420531da25d01a412958a5e3895c59542238cf8e188e7fb5641eb24a5f1819bf8d2e9dd6c1d0e93564d723e311db9cd268bb1e477036e822b135cdbaf40f812aa7db01d22c829ab01ae24997dae96ddeed49e62d285701d5419e3f94a8b95790cf5a296ed15bffae1f71470c6a6eda872528844a2df42590d898630263cab5cccec57b7cea365ad8c91bfbe7cb419635ce6bf340a56115c0ad922b6fade9538e543bc5def2a85d35ab16d20c219c4733837be2c14ba4d3d32c3a6882ce6857626f55109b4cdcb634425d710bf3108f9b31b4af0cc17a58e49e871a56126dd8bed08e038ba64008587237b3442d28032e52fc9fae1a5784ba59d0edfa03d38352724903ed6f6970b3f4dfa6e40bf933b6765c6ee648174765f1e8ec71b80cac86abd065a3005b40a43a665707cc590997c5048183006a9dd8026d39def05950183b3d4f12f4e1644ef78cddac7c5569985c2c232bb350f28857675339e53f63a868704d2e0b38993dc57a02d3e297fc9a5b9384622841018c303a05bac25d509df5a2d0e3232927283fcc3ec67e4fa7b71d22f115cf693851dcceab4bce38cbfbb32829e211cdcb6a359e14fe416663541050d340aef2555dbd292bd9cbab8fcf20378149cc994569c2bc95fb33fd2d9321b8ac8e5160b02e202492f470eb719a8f2ac3a4be37ea0918b54b14789b7aa228d47f7b13fd9af608740c5a8fe02109a7cc0e555b22628ef790e513ecadfd338d30aed8ca219e64ee4fb0bd0e21e5101bf2072ffa071eb1aa0454caccc015ff1e166813f819a142b56a22e4ff387bb319288a0ef747c6fc8fdee3a0e193b0d086eb816e97e0322fcdaa30da61cd26ac9d8d0748fccd911ce0fd4adc953e9486e137fe66bc8aedfd5b78c562ebfc578ac9f96a453311766564541e16955e30b95914e9411a0b4cd95e0d8732d5ff7a4f921ef41d986a195334266585353b16b9449955523913a30c087532bcb899f733af3abea59baea174cf04359547a633b5f8a582ae3ef12a1d0125bef8c6e8c9fb589d3597c5ab3879491b0c5e3607203f06836a6805d3f7979c4325f9fecb2aceddedb272237132460cda812ef7d613a585898d59f92ef68ec95f12b47b440f6d899ecbfab48055e0c1605ba4cd9dbc17c4cbfec8a953ebbd38c45a6737a57ee58e21a20e530171137968ae4f0d0366cdb0b9d6a4667b011fcd7cd9e77364e5221989d8f0d80793260e748e3bd394849c090c744f6044328304cd6f02e941c5405647daffc1fd2f2864b37f92bbf4931c8e4a7c6bafd0ea79d39d330e70e6776bf6a926de227e5a43653bba04883e98d67bb64aa86e8bf271ba87604bc598e47f2992c7618ad25068860a481554b53352c7339de7e79c3bd1aed5bef8f398432858c888a5d8651969ea40eb3d486e9fe61d49b20500fdfd1548f567da970103d36730657c35d03d2c36b142665f62203b1fb12d616478cfef6f38b34cda87a634dd06d359f33e98b94a5e5b46b2a8d73126352d1d5b65af75055455cc903e384c41876fbdff935d047284d9d203b147a6ba0e9cb50beef7798886c33d2f2f0c0d9abe0e32c7c809f8b0b28fc59471987353c862a311776b8275bf319d5cb9a59f8f103b6e567ef5dd8859973cc3fe41e356bf5bd3186240e49286977eca36a8ad44185973b276cd7958b73e14a221b7fd567818bebf54ad27ee95161bd2aeeb356482ff467500a7d36f0464f58a591ec6b728f984ec78d0abe14c6d3411ac3ffc4c3179d1f95d029f26cceb545723519d3d4209a2b1243e78767273c13dc2bd320512674b6f1a50313bae7b9d16aebb476dbc829e8fd8dd46a1696efaff5795cf75de57c90f05ed9ef4a5cdfbf20d3d9ed95fb4114b1d5c9ade0856212e7ba330ce5bccf2c993dff89112b28bd3b17d3fcfacef7590f62bf948977dd79e2d8025946c80bf263e34035409b5ba1443d4929727180761bd56d258c3670a0aa4de21111fc3172367582de2d164ff3a18d0696b8dd8e5c1423b2ea1e2c0cfe141e4cf04f8cdaed48976b94c40d6a581300458661bbdbfeeb4969af6319eb1798843d0872f68f0c6537bbc9c7dd1e9b0564bf442d8d25f8aa884aba1df074d374f99750d9227bb821ba0355f60de2829a5c8cd47c89d29a2e3d7d53d59db5c3ace8f484664202c210c68a3b33076fb00d59938e84fbad6d6618c0bb89cf94035fa2de4da351e0d71df416450ea7ec3af33aa5c0313c63e654bd79c73b39dc1933636956761058d76648746daca469f8fce62c17a8160cdefc6a927eef9ec4a8dd684e46f35282546ce2362ab8afedd39bf699fd7c2cde538f52ea43c08558f42ba77b2986b800c45fa76a130b30919b3e1d504573e3c1e7dd2dc5d81379df53d736511f1da4ad8791e46adb27bb5c38129e89edda0aed99dcc03fe400f7d05d48e3e9e17744e8487f8ac464c86f7332211fb9799e9d27a6832d5f17ccd1a2da255f6da047e4728dd80860c04391bca4b7833f0346866401ec20033bcf6dfa85fd1520de5a03b4f9f6f5d2f8d7b6e7d7df1cbe5c05e23e080cf335639c94c48aaeb0bfebbe79530d67d35fb101c91839954c0e50dd4b90a86428b22b0be1e906fee30f68d7ce4bf9c68eafe695f07f5e4e4d473d77104b7b1b5dcfeb84e8c83624c0068d4e1cccfe740f8e5d5699603f8481ef2a1f2d4b8fd2314c5cb1985fe34cf8ede7d2e8bddea269422490903489c7f5951114d7ccb29a19455a987d538955712a460243105b25ccb6e6f34c370a6bbb234bee150dbcea5188e45305253f1014f7c0b5d60d517d2d05707f5ca9249a921d6c5307caf41deca0509b49102d801320db65c00f6e1c05fb8c2e1cc554673bf6168dd64086b19af28eec508fd0c304837e802173ac9947c4d73929c61d9632ab929a25f2a04350954612c2de705c1c25215284fe933fc8ccfd30ab3fc9ff5e04dd68d4720d95a29d6da176ac9d332c9ce77358f3c262777ea828fe6473638bc77be2aa586a3733e275744bc42c3742c1ad8f89d25c31958902f2f498c58fc85e9b78fb7a331734cb081cfa9ccfd262df927c0ff46983f8765af4add3532de2b91f2436df028", 0x9fd}], 0x3, 0x0, 0x0, 0xfffffdef}}, {{0x0, 0x0, &(0x7f00000017c0)=[{&(0x7f0000001700)="c9", 0x1}], 0x300}}], 0x3, 0x240080e4)
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r8, 0x40086610, &(0x7f0000000180)={@id={0x40000, 0x0, @b}})

1.701391858s ago: executing program 2 (id=7029):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000431000/0x1000)=nil, 0x1000, 0xb635773f06ebbeee, 0x2010, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000440)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000004000000000000000000850000002300000095"], &(0x7f0000000180)='GPL\x00', 0x4, 0x8f, &(0x7f00000002c0)=""/143, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000380)='sched_switch\x00', r3}, 0x10)
mount$bind(0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$inet6(r4, &(0x7f0000000340)={&(0x7f0000000240)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}}, 0x1c, 0x0, 0x0, &(0x7f0000000300)=[@pktinfo={{0x12, 0x11, 0x67, {@rand_addr=' \x01\x00'}}}], 0x28}, 0x0)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000840)=@mangle={'mangle\x00', 0x64, 0x6, 0x560, 0x100, 0x1d8, 0x100, 0x100, 0x2a8, 0x490, 0x490, 0x490, 0x490, 0x490, 0x6, 0x0, {[{{@ipv6={@empty, @loopback, [], [], 'gre0\x00', 'bond0\x00'}, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@srh={{0x30}}]}, @common=@unspec=@CONNSECMARK={0x28}}, {{@uncond, 0x0, 0xa8, 0xd8}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x3c0}}, {{@ipv6={@mcast2, @private1, [], [], 'pim6reg1\x00', 'vlan1\x00'}, 0x0, 0xd0, 0x118, 0x0, {}, [@common=@hl={{0x28}}]}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4=@remote, @ipv6=@mcast1}}}, {{@ipv6={@private0, @remote, [], [], 'tunl0\x00', 'bond_slave_0\x00'}, 0x0, 0xa8, 0xd0}, @HL={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5c0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000808500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r7}, 0x10)
move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
stat(&(0x7f00000005c0)='./file0\x00', &(0x7f0000000600))
socket(0x10, 0x3, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x1)

1.687894359s ago: executing program 1 (id=7030):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000540)='kfree\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_SURVEY(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="a903000000000000000032"], 0x1c}}, 0x0)

1.662508441s ago: executing program 1 (id=7031):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYRESDEC=0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x8, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
syz_emit_ethernet(0x4a, &(0x7f00000004c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000880)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd600a3ff200140600fe8000000000000000000000000000bbfe8000000000000000000000000000aa00000000", @ANYRES32=0x41424344, @ANYBLOB="5000000090780000e380659173706e23283111eb8badeea77cf0026bc550d3cb8e2dc459b170652e07124cb6da1eb3bf60214e22c68c2b8a8d832722fc50b6da53a81ba9f4f563595b14a97c904d17aeac3c4e22372f3197e056b3a51a1be9ceba75c4a0f0f8c85ad575446124bfedfe6a3935a17cf1671f25afc1d69521e25794ffdf2e47930323c19a7c"], 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000003d62a00850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f000000850000000700000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x21000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file2\x00', 0x200801f, &(0x7f00000000c0), 0xfe, 0x4ec, &(0x7f0000000380)="$eJzs3VFrHFsdAPD/THa9TZvr5qoP14JtsZWkaDdJY9vgQ1UQfSqo9b3GZBtCNtmSbNomFE3xAwgiKviiT74IfgBB+hFEKOi7qChFW33woTqyu7MxTXeTlG52vdnfD07nnNnZ/Z9/hz2ZMzPsBDC0LkTEZERkWZZdjohSvj7NS+y0SmO7F88fLTRKEll2+29JJPm69me9ky/P5G87FRFf/0rEt5LX425sba/MV6uV9bw9VV9NXmbZ9pXl1fmlylJlbXZ25vrcjblrc9M9yXM8Im5+6c8//N7Pv3zz15958Ic7f538divBlr159FIr9WLz/6KtEBHrxxFsQArNDFuuDbgvAAAcrHG8/5GI+GREXI5SjDSP5gAAAICTJPv8WLxMWtf/AAAAgJMpjYixSNJyfr/vWKRpudy6h/djcTqt1jbqn85Ku+cLxqOY3l2uVqbzewfGo5g02jP5Pbbt9tV97dmIeC8iflAabbbLC7Xq4kDPfAAAAMDwOLNv/v/PUmv+DwAAAJww44PuAAAAAHDszP8BAADg5DP/BwAAgBPtq7duNUrWfv714v2tzZXa/SuLlY2V8urmQnmhtn6vvFSrLTV/s2/1sM+r1mr3Phtrmw+n6pWN+tTG1vad1drmWv3O8iuPwAYAAAD66L3zT36fRMTO50bTiMiSPa8VI7KRvRsX+t8/4Pikb7Lxn46vH0D/jQy6A8DAOKSH4VUcdAeAgTtsHOh6885vet8XAADgeEx8fPf6f7MAw+PJs+YiSQbdEaDvXP+H4eX6Hwyv4kFHACYFcOKlR/iqv/31/yx7o04BAAA9N9YsSVrO5wFjkablcsS7zccCFJO7y9XKdER8OCJ+Vyq+02jPNN+ZOD0AAAAAAAAAAAAAAAAAAAAAAAAAAEeUZUlkXYzubgMAAAB8kEWkf0ny539NlC6N7T8/8KHkX6XmMiIe/OT2jx7O1+vrM431f99dX/9xvv5qv89eAAAAAJ205+nteTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9NKL548W2qWfcZ99MSLGO8UvxKnm8lQUI+L0P5Io7HlfEhEjPYi/8zgi3u8UP2l0K8bzXuyPn0bE6IDjn+lBfBhmTxrjzxc6ff/SuNBcdv7+FfLytrqPf+nu+DfSZfx7t9MHpq+vOvv0l1Nd4z+OOFvoPP604ydd4l88Yo7f/Mb2drfXsp9FTHT8+5O8EmsqKdyb2tjavrK8Or9UWaqszc7OXJ+7MXdtbnrq7nK1kv/bMcb3P/Gr/xyU/+ku8ccPyf/SEfP/99OHzz/aqhb3vVSMn2bZ5MXO+//9LvHbf/s+le/uRnuiXd9p1fc694vfnjt/QP6LXfI/bP9PHjH/y1/77h+PuCkA0AcbW9sr89VqZV1F5dgqo9HHoPNx0Dbtg9g+9Oc7eaj/i13wxpUBDkoAAMCx+N9B/6B7AgAAAAAAAAAAAAAAAAAAAMPrsJ8Bix78nNj+mDuDSRUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4ED/DQAA///T9Mzo")
syz_mount_image$fuse(&(0x7f0000000240), &(0x7f0000000280)='./file2\x00', 0x0, &(0x7f0000000a80), 0x0, 0x0, 0x0)
fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000080)={0x2})
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCETHTOOL(r6, 0x8946, 0x0)
r7 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000000000106d049cc200000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r8, 0x8971, &(0x7f0000000a00)={'batadv_slave_1\x00'})
syz_usb_control_io$hid(r7, 0x0, 0x0)
syz_usb_control_io$hid(r7, &(0x7f0000001440)={0x24, 0x0, 0x0, &(0x7f00000013c0)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0x0, "1d670d6f"}]}}, 0x0}, 0x0)
syz_usb_control_io$hid(r7, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700)
r9 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r10=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@dellink={0x20, 0x11, 0x101, 0x0, 0x0, {0x0, 0x0, 0x0, r10}}, 0x20}}, 0x0)

872.796597ms ago: executing program 3 (id=7032):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f00000001c0)=[{&(0x7f0000000440)=""/156, 0x9c}, {&(0x7f0000000600)=""/261, 0x105}], 0x2, 0x0, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x410c84, &(0x7f0000000340), 0x0, 0x775, &(0x7f0000001180)="$eJzs3c9rXNUeAPDvnSRNm/a95MGD9+oqIGigdGJqbBVcVFyIYKGga9thMg01k0zJTEoTAlpEcCOouBB007U/6s6tP7b6X7gQS9W0WHEhkTu5t502M2mSJpnqfD5wM+fceyfnfOf+OGfmHu4NoGeNpn8KEYcj4t0kYjibn0TEQDPVH3Fybb1bK8vldEpidfXlX5LmOjdXlsvR8p7UwSzz/4j45q2II4X15dYXl2ZK1WplPsuPN2YvjNcXl46eny1NV6Yrc8cnJiePnXjqxPGdi/W375cOXXvvhcc/P/nHm/+7+s63SZyMQ9my1jh2ymiMZp/JQPoR3uX5nS6sy5JuV4BtSQ/NvrWjPA7HcPQ1UwDAP9nrEbEKAPSYRPsPAD0m/x3g5spyOZ+6+4vE3rr+XETsX4s/v765tqQ/u2a3v3kddOhmcteVkSQiRnag/NGI+PjLVz9Np9il65AA7bxxOSLOjoyuP/8n68YsbNUTGyzbl72O3jPf+Q/2zldp/+fpdv2/wu3+T7Tp/wy2OXa3477H/4EdKGQDaf/v2Zaxbbda4s+M9GW5fzX7fAPJufPVSnpu+3dEjMXAYJqf2KCMsRt/3ui0rLX/9+v7r32Slp++3lmj8FP/4N3vmSo1Sg8Sc6vrlyMe6W8Xf3J7+ycd+r+nN1nGi8+8/VGnZWn8abz5tD7+yEYn7Y7VKxGPtd3+d0a0JRuOTxxv7g7j+U7Rxhc/fDjUqfzW7Z9Oafn5d4G9kG7/oY3jH0lax2vWt17Gd1eGv+607P7xt9//9yWvNNN5P+JSqdGYn4jYl7y0fv6xO+/N8/n6afxjj7Y//jfa/9PvhGc3GX//tZ8/2378uyuNf2pL23/riau3Zvo6lb+57T/ZTI1lczZz/ttsBR/kswMAAAAAAAAAAAAAAAAAAAAAAACAzSpExKFICsXb6UKhWFx7hvd/Y6hQrdUbR87VFuamovms7JEYKOS3uhxuuR/qRHY//Dx/7J78kxHxn4j4YPBAkt9HcarLsQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA7mCH5/+nfhzsdu0AgF2zv9sVAAD2nPYfAHqP9h8Aeo/2HwB6j/YfAHqP9h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBddvrUqXRa/X1luZzmpy4uLszULh6dqtRnirML5WK5Nn+hOF2rTVcrxXJt9n7/r1qrXZiMuYVL441KvTFeX1w6M1tbmGucOT9bmq6cqQzsSVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsDX1xaWZUrVamZfYRmL14ahG9xN92e70sNRnTxPJw1GNHU50+cQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DfxVwAAAP//02Ii/w==")
write$P9_RREADLINK(r0, &(0x7f00000000c0)={0xe, 0x17, 0x2, {0x5, './bus'}}, 0xe)
open(&(0x7f0000000040)='./bus\x00', 0x145142, 0x0)
open(&(0x7f0000000080)='./bus\x00', 0x14113e, 0x0)
creat(&(0x7f0000000000)='./bus\x00', 0x0)
bind$tipc(0xffffffffffffffff, &(0x7f0000000080)=@id={0x1e, 0x3, 0x0, {0x4e24, 0x3}}, 0x10)
r1 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r1, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x0, 0x3}, 0x10)
socket$tipc(0x1e, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_emit_ethernet(0x83, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={0x0}, 0x18)
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000240)='./bus\x00', 0x18502, &(0x7f0000000280)=ANY=[], 0x1, 0x11fb, &(0x7f0000001b80)="$eJzs3E+LW1UYB+C3MWPHaeePWqt1oQfduLp0ZuFKkEGmIBNQaiO0gnDr3GjINQm5YSAitq7c+jnEpTtB/AKz8TO4m43LLsQrJNNOp6ZVF51IfZ7Nfcl5f7n3EAiccE4O3/r2816nyjr5OBpnzkRjGJHupEjRiLte2Z1dr9/Y3W61dq6mdGX72uabKaW1V3/66MvvX/t5fO7DH9Z+PBsHGx8f/rb168HFg0uHf1z7rFulbpX6g3HK083BYJzfLIu01616WUrvl0VeFanbr4rRifFOORgOJynv762uDEdFtZTy/iT1ikkaD9J4NEn5p3m3n7IsS6srwUMt/X1L+7s7dV1H1PVSPB11XdfPxEqci/OxGmtxOyKejefi+bgQL8TFeDFeikvTrtN4fAAAAAAAAAAAAAAAAAAAAPj/eNT5//XYcP4fAAAAAAAAAAAAAAAAAAAATsEH12/sbrdaO1dTWo4ov9lv77dn19n4die6R623m7/H9PT/zKy+8m5r53Ka2oivy1tH+Vv77aeO82UUsTn9O4GjfHM6dje/Ocunk/mzsXJ/fivW48L8+2/NzS/HG6/fl89iPX75JAZRxt703sf5rzZTeue91gP5l6d9AAAA8CTI0j1z1+9Z9rDxWf7e+vpyrMejfx94YH3djPPNxc6diGryRS8vy2J0slj+yyuKf140HtM7N+I/MkHFk18s+puJ03D8oS/6SQAAAAAAAAAAAPg3HvMuwmbM2Vn29mKmCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAn+zAsQAAAACAMH/rNDo2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAoQIAAP//eR7MQg==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x0, &(0x7f0000000180)=0x4ca20000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380))

808.899753ms ago: executing program 2 (id=7033):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000431000/0x1000)=nil, 0x1000, 0xb635773f06ebbeee, 0x2010, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000440)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000004000000000000000000850000002300000095"], &(0x7f0000000180)='GPL\x00', 0x4, 0x8f, &(0x7f00000002c0)=""/143, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000380)='sched_switch\x00', r3}, 0x10)
mount$bind(0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$inet6(r4, &(0x7f0000000340)={&(0x7f0000000240)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}}, 0x1c, 0x0, 0x0, &(0x7f0000000300)=[@pktinfo={{0x12, 0x11, 0x67, {@rand_addr=' \x01\x00'}}}], 0x28}, 0x0)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000840)=@mangle={'mangle\x00', 0x64, 0x6, 0x560, 0x100, 0x1d8, 0x100, 0x100, 0x2a8, 0x490, 0x490, 0x490, 0x490, 0x490, 0x6, 0x0, {[{{@ipv6={@empty, @loopback, [], [], 'gre0\x00', 'bond0\x00'}, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@srh={{0x30}}]}, @common=@unspec=@CONNSECMARK={0x28}}, {{@uncond, 0x0, 0xa8, 0xd8}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x3c0}}, {{@ipv6={@mcast2, @private1, [], [], 'pim6reg1\x00', 'vlan1\x00'}, 0x0, 0xd0, 0x118, 0x0, {}, [@common=@hl={{0x28}}]}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4=@remote, @ipv6=@mcast1}}}, {{@ipv6={@private0, @remote, [], [], 'tunl0\x00', 'bond_slave_0\x00'}, 0x0, 0xa8, 0xd0}, @HL={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5c0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000650018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000808500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={0x0, r7}, 0x18)
move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
stat(&(0x7f00000005c0)='./file0\x00', &(0x7f0000000600))
socket(0x10, 0x3, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x1)

452.777882ms ago: executing program 3 (id=7035):
r0 = openat2(0xffffffffffffffff, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)={0x109600, 0x12, 0x20}, 0x18)
dup(r0)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000300)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000340)=0x14)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES16], &(0x7f0000000100)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', r1, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x8)
r4 = syz_open_pts(r3, 0x208200)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000380), 0x8)
ioctl$TIOCSRS485(r4, 0x542f, &(0x7f00000004c0)={0x5, 0x7ff, 0x5})
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="05000000210000000a0000000800008000100000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000ffffffff000800001000"/28], 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040))
setrlimit(0x40000000000008, &(0x7f0000000000))
ioctl$TCSETSW(0xffffffffffffffff, 0x5403, &(0x7f0000000500)={0xffe528e, 0x2, 0x30000000, 0x0, 0x10, "4f61b190a524c4510dccd6311911c3c24d91c4"})
r7 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r7, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4)
sendmmsg$inet(r7, &(0x7f0000000780)=[{{&(0x7f0000000040)={0x2, 0x4e21, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="ac1414aaffffffff0000000010000000000000000000000007"], 0x30}}], 0x1, 0x4008804)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f0000000580)={[{@quota}, {@sysvgroups}, {@barrier_val={'barrier', 0x3d, 0x3}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@block_validity}, {@jqfmt_vfsv1}]}, 0x3, 0x434, &(0x7f0000000940)="$eJzs289vFFUcAPDvzLZFKNiK+IOCWkVj44+WFlQOXjSaeNDERA94rG0hlYUaWhMhjVZj8GhIvBuPJv4FnvRi1JOJV70bEmJ6AT2tmd2ZdrvdLW3ZdtH9fJKB92be5n2/O/N238zrBtC1hrN/koj9EfF7RAzUqmsbDNf+u7m8OPX38uJUEpXKW38l1XY3lheniqbF6/rzykgakX6WxJEm/c5funxuslyeuZjXxxbOvz82f+nys7PnJ8/OnJ25MHHq1MkT4y88P/FcW/LMYrox9NHc0cOvvXP1janTV9/9+dukyL8hjzYZ3ujgE5VKm7vrrAN15aSng4GwJaWIyE5Xb3X8D0QpVk/eQLz6aUeDA3ZUpVKp9Lc+vFQB/seS6HQEQGcUX/TZ/W+x7dLU445w/aXaDVCW9818qx3piTRv09twf9tOwxFxeumfr7ItduY5BADAGt9n859nms3/0ri/rt3d+drQYETcExEHI+LeiDgUEfdFVNs+EBEPbrH/xkWS9fOf9Nq2EtukbP73Yr62tXb+V8z+YrCU1w5U8+9NzsyWZ47n78lI9O7J6uMb9PHDK7990epY/fwv27L+i7lgHse1nj1rXzM9uTB5OznXu/5JxFBPs/yTlZWAJCIOR8TQNvuYfeqbo62O3Tr/DbRhnanydcSTtfO/FA35F5KN1yfH7oryzPGx4qpY75dfr7zZqv/byr8NsvO/r+n1v5L/YFK/Xju/9T6u/PF5y3ua7V7/fcnb1XJfvu/DyYWFi+MRfcnrtaDr90+svraoF+2z/EeONR//B2P1nTgSEdlF/FBEPBwRj+SxPxoRj0XEsQ3y/+nlx9/bfv47K8t/ekvnf7XQF417mhdK5378bk2ng1vJPzv/J6ulkXzPZj7/NhPX9q5mAAAA+O9JI2J/JOnoSjlNR0drfy9/KPal5bn5hafPzH1wYbr2G4HB6E2LJ10Ddc9Dx/Pb+qI+0VA/kT83/rK0t1ofnZorT3c6eehy/S3Gf+bPUqejA3ac32tB9zL+oXsZ/9C9jH/oXk3G/95OxAHsvmbf/x93IA5g9zWMf8t+0EXc/0P3Mv6hexn/0JXm98atfySvoLCuEOkdEYbCDhU6/ckEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQHv8GAAD//5LX5s8=")
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r9 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_opts(r9, 0x0, 0x4, &(0x7f0000000080)="441f0801000000e8c94ef56491ee54be0e1c2074ed27c1c6fe76cef3e2", 0x1d)
getsockopt$inet_opts(r9, 0x0, 0x4, 0x0, &(0x7f00000000c0))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000e80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='ext4_request_inode\x00', r10}, 0x10)
creat(&(0x7f00000001c0)='./bus\x00', 0x0)
getpgrp(0x0)

335.529552ms ago: executing program 3 (id=7036):
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = open(0x0, 0x14507e, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000f8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r1)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r2 = inotify_init1(0x0)
fcntl$setown(r2, 0x8, 0xffffffffffffffff)
fcntl$getownex(r2, 0x10, &(0x7f0000000140)={0x0, <r3=>0x0})
r4 = syz_open_procfs(r3, &(0x7f0000000600)='fd/4\x00')
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r4, 0x8004587d, &(0x7f0000000180)={@desc={0x1, 0x2000000, @desc3}})
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0xc9d7, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r5, <r6=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000005000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r7}, 0x10)
syz_emit_ethernet(0x36, &(0x7f0000000180)={@link_local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2a}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @dev, @private}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0)

194.041924ms ago: executing program 3 (id=7037):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000580)='kmem_cache_free\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x6, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000840)='kmem_cache_free\x00', r2}, 0x18)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x14, &(0x7f0000000200)=0x5, 0x4)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000040)=0x200, 0x4)
sendto$packet(0xffffffffffffffff, &(0x7f00000000c0)="3f040e03f007120006001e0089e9aaa911d7c2290f0086dd1327c9167c64114a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xb318, 0x0, &(0x7f0000000540)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14)
r3 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_int(r3, 0x29, 0x31, &(0x7f0000000200)=0x8, 0x4)
bind$inet6(r3, &(0x7f0000f65000)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
sendto$inet6(r3, 0x0, 0x0, 0x20000002, &(0x7f00000001c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
pipe2$9p(&(0x7f0000002180)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
write$P9_RVERSION(r5, &(0x7f0000000200)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r7 = dup(r5)
write$FUSE_BMAP(r7, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r7, &(0x7f0000000700)=ANY=[@ANYBLOB="3801"], 0x138)
write$FUSE_DIRENTPLUS(r7, &(0x7f0000000880)=ANY=[@ANYBLOB="2001"], 0x120)
write$FUSE_DIRENTPLUS(r7, &(0x7f00000004c0)=ANY=[@ANYBLOB="1c"], 0x10)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r5])
lgetxattr(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000480)=ANY=[@ANYBLOB='user.t'], 0x0, 0xf9)

184.796535ms ago: executing program 3 (id=7038):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000431000/0x1000)=nil, 0x1000, 0xb635773f06ebbeee, 0x2010, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000440)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000004000000000000000000850000002300000095"], &(0x7f0000000180)='GPL\x00', 0x4, 0x8f, &(0x7f00000002c0)=""/143, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000380)='sched_switch\x00', r2}, 0x10)
mount$bind(0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$inet6(r3, &(0x7f0000000340)={&(0x7f0000000240)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}}, 0x1c, 0x0, 0x0, &(0x7f0000000300)=[@pktinfo={{0x12, 0x11, 0x67, {@rand_addr=' \x01\x00'}}}], 0x28}, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000840)=@mangle={'mangle\x00', 0x64, 0x6, 0x538, 0x100, 0x1d8, 0x100, 0x100, 0x2a8, 0x490, 0x490, 0x490, 0x490, 0x490, 0x6, 0x0, {[{{@ipv6={@empty, @loopback, [], [], 'gre0\x00', 'bond0\x00'}, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@srh={{0x30}}]}, @common=@unspec=@CONNSECMARK={0x28}}, {{@uncond, 0x0, 0xa8, 0xd8}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x3c0}}, {{@ipv6={@mcast2, @private1, [], [], 'pim6reg1\x00', 'vlan1\x00'}, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4=@remote, @ipv6=@mcast1}}}, {{@ipv6={@private0, @remote, [], [], 'tunl0\x00', 'bond_slave_0\x00'}, 0x0, 0xa8, 0xd0}, @HL={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x598)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r5}, 0x10)
move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
stat(&(0x7f00000005c0)='./file0\x00', &(0x7f0000000600))
socket(0x10, 0x3, 0x0)
r6 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$GIO_UNIMAP(r6, 0x4b66, 0x0)
process_vm_writev(0x0, &(0x7f0000000040)=[{&(0x7f00000014c0)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/122, 0x7a}, {&(0x7f00000003c0)=""/84, 0x54}], 0x3, &(0x7f0000000580)=[{&(0x7f00000004c0)=""/82, 0x52}], 0x1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)

4.93769ms ago: executing program 4 (id=7039):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000002180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000700)=ANY=[@ANYBLOB="3801"], 0x138)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000880)=ANY=[@ANYBLOB="2001"], 0x120)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000004c0)=ANY=[@ANYBLOB="1c"], 0x10)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
lgetxattr(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000480)=ANY=[], 0x0, 0x0)

0s ago: executing program 0 (id=7034):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x1, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000800)={{r1}, &(0x7f0000000780), &(0x7f00000007c0)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r2}, 0x18)
r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r4 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000000))
close_range(r0, 0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

hedule+0xcd4/0x1590
[ 1253.164160][T25111]  ? binder_has_work_ilocked+0x4f0/0x4f0
[ 1253.169627][T25111]  ? release_firmware_map_entry+0x190/0x190
[ 1253.175355][T25111]  ? avc_has_extended_perms+0xad7/0x10f0
[ 1253.180824][T25111]  ? __kasan_check_read+0x11/0x20
[ 1253.185687][T25111]  ? preempt_schedule_irq+0xe7/0x140
[ 1253.190804][T25111]  ? __cond_resched+0x20/0x20
[ 1253.195319][T25111]  ? __kasan_check_write+0x14/0x20
[ 1253.200268][T25111]  ? __kasan_check_write+0x14/0x20
[ 1253.205212][T25111]  ? _raw_spin_lock+0xa4/0x1b0
[ 1253.209813][T25111]  ? _raw_spin_trylock_bh+0x190/0x190
[ 1253.215020][T25111]  ? sysvec_reschedule_ipi+0x7d/0x150
[ 1253.220228][T25111]  ? _raw_spin_unlock+0x4d/0x70
[ 1253.224915][T25111]  binder_ioctl+0x371/0x2640
[ 1253.229343][T25111]  ? ioctl_has_perm+0x3f5/0x560
[ 1253.234028][T25111]  ? binder_poll+0x2e0/0x2e0
[ 1253.238455][T25111]  ? has_cap_mac_admin+0x3c0/0x3c0
[ 1253.243399][T25111]  ? irqentry_exit+0x30/0x40
[ 1253.247829][T25111]  ? asm_sysvec_reschedule_ipi+0x1b/0x20
[ 1253.253298][T25111]  ? selinux_file_ioctl+0x3cc/0x540
[ 1253.258330][T25111]  ? __mutex_lock_slowpath+0x10/0x10
[ 1253.263451][T25111]  ? selinux_file_alloc_security+0x120/0x120
[ 1253.269267][T25111]  ? __fget_files+0x31e/0x380
[ 1253.273781][T25111]  ? security_file_ioctl+0x84/0xb0
[ 1253.278729][T25111]  ? binder_poll+0x2e0/0x2e0
[ 1253.283153][T25111]  __se_sys_ioctl+0x114/0x190
[ 1253.287669][T25111]  __x64_sys_ioctl+0x7b/0x90
[ 1253.292094][T25111]  x64_sys_call+0x98/0x9a0
[ 1253.296346][T25111]  do_syscall_64+0x3b/0xb0
[ 1253.300597][T25111]  ? clear_bhb_loop+0x35/0x90
[ 1253.305111][T25111]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1253.310840][T25111] RIP: 0033:0x7fc248d18ff9
[ 1253.315095][T25111] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1253.334535][T25111] RSP: 002b:00007fc247950038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1253.342782][T25111] RAX: ffffffffffffffda RBX: 00007fc248ed1130 RCX: 00007fc248d18ff9
[ 1253.350592][T25111] RDX: 0000000020000300 RSI: 00000000c0306201 RDI: 0000000000000005
[ 1253.358402][T25111] RBP: 00007fc247950090 R08: 0000000000000000 R09: 0000000000000000
[ 1253.366216][T25111] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1253.374027][T25111] R13: 0000000000000000 R14: 00007fc248ed1130 R15: 00007ffc94f88758
[ 1253.381842][T25111]  </TASK>
[ 1253.384859][T25108] binder: 25106:25108 ioctl c0306201 0 returned -14
[ 1253.385102][T25111] binder: 25106:25111 ioctl c0306201 20000300 returned -14
[ 1253.527383][T25123] 9pnet: Insufficient options for proto=fd
[ 1253.587066][T25127] netlink: 80 bytes leftover after parsing attributes in process `syz.2.6673'.
[ 1253.622013][   T30] audit: type=1400 audit(2000000870.007:3683): avc:  denied  { setopt } for  pid=25128 comm="syz.2.6674" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 1253.699785][T25136] loop3: detected capacity change from 0 to 512
[ 1253.746502][T25142] 9pnet: Insufficient options for proto=fd
[ 1253.759327][T25136] EXT4-fs (loop3): revision level too high, forcing read-only mode
[ 1253.775170][T25145] 9pnet: Insufficient options for proto=fd
[ 1253.820758][   T30] audit: type=1400 audit(2000000870.207:3684): avc:  denied  { map } for  pid=25133 comm="syz.2.6675" path="socket:[122642]" dev="sockfs" ino=122642 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[ 1253.912623][T25136] EXT4-fs (loop3): orphan cleanup on readonly fs
[ 1253.919462][T25136] Quota error (device loop3): v2_read_file_info: Free block number too big (0 >= 0).
[ 1253.928834][T25136] EXT4-fs warning (device loop3): ext4_enable_quotas:6422: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[ 1253.943623][T25136] EXT4-fs (loop3): Cannot turn on quotas: error -117
[ 1253.950614][T25136] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.6676: bg 0: block 40: padding at end of block bitmap is not set
[ 1253.967343][T25136] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6185: Corrupt filesystem
[ 1253.976879][T25136] EXT4-fs (loop3): 1 truncate cleaned up
[ 1253.982367][T25136] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[ 1253.998914][T25136] EXT4-fs error (device loop3): ext4_xattr_block_get:546: inode #16: comm syz.3.6676: corrupted xattr block 31
[ 1254.027947][T25136] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop3 ino=16
[ 1254.055604][T25136] EXT4-fs error (device loop3): ext4_xattr_block_get:546: inode #16: comm syz.3.6676: corrupted xattr block 31
[ 1254.103638][T25136] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop3 ino=16
[ 1254.155352][T25136] fuse: Bad value for 'fd'
[ 1254.251767][T25140] loop4: detected capacity change from 0 to 40427
[ 1254.296624][T25159] netlink: 96 bytes leftover after parsing attributes in process `syz.2.6684'.
[ 1254.305791][T25159] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1254.332078][T25140] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[ 1254.339656][T25140] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[ 1254.348798][T25140] F2FS-fs (loop4): invalid crc value
[ 1254.359739][T25140] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 1254.375377][  T340] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[ 1254.386246][T25140] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[ 1254.393093][T25140] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1254.400429][  T952] usb 1-1: new high-speed USB device number 126 using dummy_hcd
[ 1254.665501][  T952] usb 1-1: Using ep0 maxpacket: 32
[ 1254.785302][  T340] usb 4-1: Using ep0 maxpacket: 16
[ 1254.835523][  T952] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1254.861776][  T952] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1254.873427][  T952] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[ 1254.886110][  T952] usb 1-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00
[ 1254.894890][  T952] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1254.905429][  T340] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1254.921336][  T340] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1254.922454][  T952] usb 1-1: config 0 descriptor??
[ 1254.943172][  T340] usb 4-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00
[ 1254.952279][  T340] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1254.964003][  T340] usb 4-1: config 0 descriptor??
[ 1254.982764][T25173] netlink: 80 bytes leftover after parsing attributes in process `syz.4.6686'.
[ 1255.011181][T25176] loop1: detected capacity change from 0 to 512
[ 1255.027619][T25176] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[ 1255.039535][T25176] ext4 filesystem being mounted at /36/file0 supports timestamps until 2038 (0x7fffffff)
[ 1255.072628][T25183] 9pnet: Insufficient options for proto=fd
[ 1255.114811][   T30] audit: type=1326 audit(2000000871.497:3685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25187 comm="syz.4.6691" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc248d18ff9 code=0x0
[ 1255.273832][T25192] 9pnet: Insufficient options for proto=fd
[ 1255.408853][  T952] ntrig 0003:1B96:000A.014D: unknown main item tag 0x0
[ 1255.421862][  T952] ntrig 0003:1B96:000A.014D: unknown main item tag 0x0
[ 1255.428985][  T952] ntrig 0003:1B96:000A.014D: unknown main item tag 0x0
[ 1255.435739][  T952] ntrig 0003:1B96:000A.014D: unknown main item tag 0x0
[ 1255.442425][  T952] ntrig 0003:1B96:000A.014D: unknown main item tag 0x0
[ 1255.458689][  T952] ntrig 0003:1B96:000A.014D: hidraw0: USB HID v0.00 Device [HID 1b96:000a] on usb-dummy_hcd.0-1/input0
[ 1255.479246][  T340] logitech 0003:046D:C29C.014E: unknown main item tag 0x0
[ 1255.488446][  T340] logitech 0003:046D:C29C.014E: hidraw1: USB HID v0.00 Device [HID 046d:c29c] on usb-dummy_hcd.3-1/input0
[ 1255.650285][  T952] usb 1-1: USB disconnect, device number 126
[ 1255.795959][T25202] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6696'.
[ 1256.239781][  T340] logitech 0003:046D:C29C.014E: no inputs found
[ 1256.247352][  T340] usb 4-1: USB disconnect, device number 12
[ 1256.288191][T25214] 9pnet: Insufficient options for proto=fd
[ 1256.394353][T25206] loop4: detected capacity change from 0 to 40427
[ 1256.419184][T25212] netlink: 80 bytes leftover after parsing attributes in process `syz.1.6700'.
[ 1256.618341][T25206] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[ 1256.663742][T25206] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[ 1256.751129][T25206] F2FS-fs (loop4): invalid crc value
[ 1256.780353][T25206] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 1256.816912][T25206] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[ 1256.823926][T25206] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1256.847783][   T30] audit: type=1326 audit(2000000873.237:3686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25232 comm="syz.2.6708" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0838a09ff9 code=0x0
[ 1257.129864][T25243] loop3: detected capacity change from 0 to 512
[ 1257.218140][T25243] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[ 1257.236301][T25243] ext4 filesystem being mounted at /79/file0 supports timestamps until 2038 (0x7fffffff)
[ 1257.430020][T25254] binder_alloc: 25245: binder_alloc_buf, no vma
[ 1257.436261][T25254] binder: 25245:25254 ioctl c0306201 0 returned -14
[ 1257.753037][T25260] FAULT_INJECTION: forcing a failure.
[ 1257.753037][T25260] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1257.765920][T25260] CPU: 1 PID: 25260 Comm: syz.4.6711 Not tainted 5.15.167-syzkaller-02003-g5e4635681cf1 #0
[ 1257.775695][T25260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1257.785590][T25260] Call Trace:
[ 1257.788712][T25260]  <TASK>
[ 1257.791493][T25260]  dump_stack_lvl+0x151/0x1c0
[ 1257.796003][T25260]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 1257.801473][T25260]  ? __kasan_check_write+0x14/0x20
[ 1257.806521][T25260]  ? __switch_to+0x62a/0x1190
[ 1257.811036][T25260]  dump_stack+0x15/0x20
[ 1257.815024][T25260]  should_fail+0x3c6/0x510
[ 1257.819276][T25260]  should_fail_usercopy+0x1a/0x20
[ 1257.824134][T25260]  _copy_from_user+0x20/0xd0
[ 1257.828560][T25260]  binder_thread_write+0xa58/0x6ec0
[ 1257.833595][T25260]  ? finish_task_switch+0x167/0x7b0
[ 1257.838627][T25260]  ? requeue_task_rt+0x410/0x410
[ 1257.843411][T25260]  ? binder_ioctl_get_freezer_info+0x460/0x460
[ 1257.849392][T25260]  ? __kasan_check_read+0x11/0x20
[ 1257.854251][T25260]  ? preempt_schedule_irq+0xe7/0x140
[ 1257.859372][T25260]  ? irqentry_exit_cond_resched+0x2a/0x30
[ 1257.864925][T25260]  ? irqentry_exit+0x30/0x40
[ 1257.869358][T25260]  ? sysvec_reschedule_ipi+0x7d/0x150
[ 1257.874565][T25260]  ? asm_sysvec_reschedule_ipi+0x1b/0x20
[ 1257.880030][T25260]  ? __kasan_check_write+0x14/0x20
[ 1257.884975][T25260]  ? _copy_from_user+0x96/0xd0
[ 1257.889577][T25260]  binder_ioctl_write_read+0x205/0x7300
[ 1257.894960][T25260]  ? release_firmware_map_entry+0x190/0x190
[ 1257.900686][T25260]  ? __kasan_check_read+0x11/0x20
[ 1257.905548][T25260]  ? preempt_schedule_irq+0xe7/0x140
[ 1257.910666][T25260]  ? __cond_resched+0x20/0x20
[ 1257.915181][T25260]  ? pick_next_pushable_task+0x210/0x210
[ 1257.920650][T25260]  ? irqentry_exit_cond_resched+0x2a/0x30
[ 1257.926204][T25260]  ? irqentry_exit+0x30/0x40
[ 1257.930628][T25260]  ? sysvec_reschedule_ipi+0x7d/0x150
[ 1257.935838][T25260]  ? asm_sysvec_reschedule_ipi+0x1b/0x20
[ 1257.941305][T25260]  ? avc_has_extended_perms+0x81/0x10f0
[ 1257.946685][T25260]  ? avc_has_extended_perms+0xe2/0x10f0
[ 1257.952067][T25260]  ? kasan_check_range+0x25a/0x2a0
[ 1257.957020][T25260]  ? avc_has_extended_perms+0x90b/0x10f0
[ 1257.962483][T25260]  ? binder_has_work_ilocked+0x4f0/0x4f0
[ 1257.967951][T25260]  ? memcpy+0x56/0x70
[ 1257.971769][T25260]  ? avc_has_extended_perms+0xad7/0x10f0
[ 1257.977241][T25260]  ? avc_flush+0x290/0x290
[ 1257.981491][T25260]  ? __kasan_check_write+0x14/0x20
[ 1257.986439][T25260]  ? _raw_spin_lock+0xa4/0x1b0
[ 1257.991036][T25260]  ? _raw_spin_trylock_bh+0x190/0x190
[ 1257.996246][T25260]  ? _raw_spin_unlock+0x4d/0x70
[ 1258.000935][T25260]  binder_ioctl+0x371/0x2640
[ 1258.005361][T25260]  ? ioctl_has_perm+0x3f5/0x560
[ 1258.010044][T25260]  ? binder_poll+0x2e0/0x2e0
[ 1258.014472][T25260]  ? has_cap_mac_admin+0x3c0/0x3c0
[ 1258.019420][T25260]  ? __kasan_check_write+0x14/0x20
[ 1258.024368][T25260]  ? _raw_spin_unlock+0x4d/0x70
[ 1258.029055][T25260]  ? selinux_file_ioctl+0x3cc/0x540
[ 1258.034087][T25260]  ? selinux_file_alloc_security+0x120/0x120
[ 1258.039901][T25260]  ? __schedule+0xcd4/0x1590
[ 1258.044329][T25260]  ? __fget_files+0x31e/0x380
[ 1258.048844][T25260]  ? security_file_ioctl+0x84/0xb0
[ 1258.053789][T25260]  ? binder_poll+0x2e0/0x2e0
[ 1258.058216][T25260]  __se_sys_ioctl+0x114/0x190
[ 1258.062729][T25260]  __x64_sys_ioctl+0x7b/0x90
[ 1258.067157][T25260]  x64_sys_call+0x98/0x9a0
[ 1258.071410][T25260]  do_syscall_64+0x3b/0xb0
[ 1258.075661][T25260]  ? clear_bhb_loop+0x35/0x90
[ 1258.080176][T25260]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1258.085902][T25260] RIP: 0033:0x7fc248d18ff9
[ 1258.090156][T25260] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1258.109599][T25260] RSP: 002b:00007fc247950038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1258.117843][T25260] RAX: ffffffffffffffda RBX: 00007fc248ed1130 RCX: 00007fc248d18ff9
[ 1258.125655][T25260] RDX: 0000000020000300 RSI: 00000000c0306201 RDI: 0000000000000005
[ 1258.133466][T25260] RBP: 00007fc247950090 R08: 0000000000000000 R09: 0000000000000000
[ 1258.141276][T25260] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1258.149089][T25260] R13: 0000000000000000 R14: 00007fc248ed1130 R15: 00007ffc94f88758
[ 1258.156903][T25260]  </TASK>
[ 1258.159995][T25260] binder: 25255:25260 ioctl c0306201 20000300 returned -14
[ 1258.167080][T25257] binder: 25255:25257 ioctl c0306201 0 returned -14
[ 1258.218233][   T30] audit: type=1400 audit(2000000874.607:3687): avc:  denied  { write } for  pid=25263 comm="syz.0.6714" name="binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[ 1258.275872][   T30] audit: type=1326 audit(2000000874.667:3688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25263 comm="syz.0.6714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f540d5c1ff9 code=0x7ffc0000
[ 1258.287419][T25262] netlink: 80 bytes leftover after parsing attributes in process `syz.1.6713'.
[ 1258.301385][   T30] audit: type=1326 audit(2000000874.667:3689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25263 comm="syz.0.6714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f540d5c1ff9 code=0x7ffc0000
[ 1258.331846][   T30] audit: type=1326 audit(2000000874.687:3690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25263 comm="syz.0.6714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=63 compat=0 ip=0x7f540d5c1ff9 code=0x7ffc0000
[ 1258.364291][T25267] loop0: detected capacity change from 0 to 2048
[ 1258.370700][   T30] audit: type=1326 audit(2000000874.687:3691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25263 comm="syz.0.6714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f540d5c1ff9 code=0x7ffc0000
[ 1258.394113][   T30] audit: type=1326 audit(2000000874.687:3692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25263 comm="syz.0.6714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f540d5c1ff9 code=0x7ffc0000
[ 1258.417704][   T30] audit: type=1326 audit(2000000874.687:3693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25263 comm="syz.0.6714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f540d5c1ff9 code=0x7ffc0000
[ 1258.445182][   T30] audit: type=1326 audit(2000000874.687:3694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25263 comm="syz.0.6714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f540d5c1ff9 code=0x7ffc0000
[ 1258.477102][T25272] loop3: detected capacity change from 0 to 256
[ 1258.483356][   T30] audit: type=1326 audit(2000000874.687:3695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25263 comm="syz.0.6714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f540d5c1ff9 code=0x7ffc0000
[ 1258.525094][T25281] FAULT_INJECTION: forcing a failure.
[ 1258.525094][T25281] name failslab, interval 1, probability 0, space 0, times 0
[ 1258.537697][T25281] CPU: 0 PID: 25281 Comm: syz.1.6719 Not tainted 5.15.167-syzkaller-02003-g5e4635681cf1 #0
[ 1258.547480][T25281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1258.557376][T25281] Call Trace:
[ 1258.560502][T25281]  <TASK>
[ 1258.563276][T25281]  dump_stack_lvl+0x151/0x1c0
[ 1258.567792][T25281]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 1258.573259][T25281]  ? __kasan_check_write+0x14/0x20
[ 1258.578205][T25281]  ? proc_fail_nth_write+0x20b/0x290
[ 1258.583328][T25281]  dump_stack+0x15/0x20
[ 1258.587320][T25281]  should_fail+0x3c6/0x510
[ 1258.591574][T25281]  __should_failslab+0xa4/0xe0
[ 1258.596172][T25281]  should_failslab+0x9/0x20
[ 1258.600513][T25281]  slab_pre_alloc_hook+0x37/0xd0
[ 1258.605287][T25281]  kmem_cache_alloc_trace+0x48/0x210
[ 1258.610407][T25281]  ? btf_new_fd+0x11e/0x910
[ 1258.614747][T25281]  btf_new_fd+0x11e/0x910
[ 1258.618910][T25281]  bpf_btf_load+0x6f/0x90
[ 1258.623074][T25281]  __sys_bpf+0x50e/0x760
[ 1258.627153][T25281]  ? fput_many+0x160/0x1b0
[ 1258.631407][T25281]  ? bpf_link_show_fdinfo+0x2d0/0x2d0
[ 1258.636615][T25281]  ? debug_smp_processor_id+0x17/0x20
[ 1258.641823][T25281]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 1258.647724][T25281]  __x64_sys_bpf+0x7c/0x90
[ 1258.651979][T25281]  x64_sys_call+0x87f/0x9a0
[ 1258.656317][T25281]  do_syscall_64+0x3b/0xb0
[ 1258.660568][T25281]  ? clear_bhb_loop+0x35/0x90
[ 1258.665081][T25281]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1258.670817][T25281] RIP: 0033:0x7f386af64ff9
[ 1258.675067][T25281] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1258.694510][T25281] RSP: 002b:00007f3869bde038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1258.702760][T25281] RAX: ffffffffffffffda RBX: 00007f386b11cf80 RCX: 00007f386af64ff9
[ 1258.710568][T25281] RDX: 0000000000000028 RSI: 0000000020000c40 RDI: 0000000000000012
[ 1258.718378][T25281] RBP: 00007f3869bde090 R08: 0000000000000000 R09: 0000000000000000
[ 1258.726190][T25281] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1258.734000][T25281] R13: 0000000000000000 R14: 00007f386b11cf80 R15: 00007ffcecb60d38
[ 1258.741815][T25281]  </TASK>
[ 1259.547892][T25272] exfat: Bad value for 'gid'
[ 1259.979463][T25295] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6723'.
[ 1260.082609][T25297] netlink: 96 bytes leftover after parsing attributes in process `syz.4.6722'.
[ 1260.092251][T25297] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1260.346998][T25304] loop1: detected capacity change from 0 to 512
[ 1260.416933][T25304] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[ 1260.428137][T25304] ext4 filesystem being mounted at /45/file0 supports timestamps until 2038 (0x7fffffff)
[ 1261.643604][T25344] FAULT_INJECTION: forcing a failure.
[ 1261.643604][T25344] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1261.656502][T25344] CPU: 1 PID: 25344 Comm: syz.3.6735 Not tainted 5.15.167-syzkaller-02003-g5e4635681cf1 #0
[ 1261.666258][T25344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1261.676153][T25344] Call Trace:
[ 1261.679277][T25344]  <TASK>
[ 1261.682058][T25344]  dump_stack_lvl+0x151/0x1c0
[ 1261.686571][T25344]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 1261.692040][T25344]  dump_stack+0x15/0x20
[ 1261.696030][T25344]  should_fail+0x3c6/0x510
[ 1261.700282][T25344]  should_fail_usercopy+0x1a/0x20
[ 1261.705144][T25344]  _copy_from_user+0x20/0xd0
[ 1261.709570][T25344]  iovec_from_user+0xc7/0x330
[ 1261.714084][T25344]  __import_iovec+0x6d/0x420
[ 1261.718511][T25344]  ? __ia32_sys_shutdown+0x70/0x70
[ 1261.723455][T25344]  import_iovec+0xe5/0x120
[ 1261.727709][T25344]  ___sys_sendmsg+0x215/0x2e0
[ 1261.732224][T25344]  ? __sys_sendmsg+0x260/0x260
[ 1261.736669][T25343] 9pnet: Insufficient options for proto=fd
[ 1261.736823][T25344]  ? __kasan_check_read+0x11/0x20
[ 1261.747324][T25344]  ? preempt_schedule_irq+0xe7/0x140
[ 1261.752447][T25344]  ? irqentry_exit_cond_resched+0x2a/0x30
[ 1261.757997][T25344]  ? irqentry_exit+0x30/0x40
[ 1261.762427][T25344]  ? __fdget+0x1bc/0x240
[ 1261.766502][T25344]  __se_sys_sendmsg+0x19a/0x260
[ 1261.771189][T25344]  ? __x64_sys_sendmsg+0x90/0x90
[ 1261.775966][T25344]  ? ksys_write+0x260/0x2c0
[ 1261.780307][T25344]  ? __kasan_check_write+0x14/0x20
[ 1261.785249][T25344]  ? switch_fpu_return+0x15f/0x2e0
[ 1261.790199][T25344]  __x64_sys_sendmsg+0x7b/0x90
[ 1261.794797][T25344]  x64_sys_call+0x16a/0x9a0
[ 1261.799138][T25344]  do_syscall_64+0x3b/0xb0
[ 1261.803392][T25344]  ? clear_bhb_loop+0x35/0x90
[ 1261.807906][T25344]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1261.813631][T25344] RIP: 0033:0x7fade2c4bff9
[ 1261.817884][T25344] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1261.837326][T25344] RSP: 002b:00007fade1883038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1261.845572][T25344] RAX: ffffffffffffffda RBX: 00007fade2e04130 RCX: 00007fade2c4bff9
[ 1261.853383][T25344] RDX: 0000000000000000 RSI: 0000000020000580 RDI: 0000000000000005
[ 1261.861195][T25344] RBP: 00007fade1883090 R08: 0000000000000000 R09: 0000000000000000
[ 1261.869004][T25344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1261.876815][T25344] R13: 0000000000000000 R14: 00007fade2e04130 R15: 00007fffde78ab18
[ 1261.884632][T25344]  </TASK>
[ 1262.274503][T25352] binder: 25350:25352 ioctl 4018620d 0 returned -22
[ 1262.369687][T25353] netlink: 96 bytes leftover after parsing attributes in process `syz.0.6737'.
[ 1262.379027][T25353] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1262.535827][T25369] loop2: detected capacity change from 0 to 512
[ 1262.585494][T25369] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[ 1262.596632][T25369] ext4 filesystem being mounted at /79/file0 supports timestamps until 2038 (0x7fffffff)
[ 1263.073388][T25376] fuse: Bad value for 'fd'
[ 1263.277431][T25385] FAULT_INJECTION: forcing a failure.
[ 1263.277431][T25385] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1263.290367][T25385] CPU: 1 PID: 25385 Comm: syz.3.6748 Not tainted 5.15.167-syzkaller-02003-g5e4635681cf1 #0
[ 1263.300077][T25385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1263.309971][T25385] Call Trace:
[ 1263.313093][T25385]  <TASK>
[ 1263.315871][T25385]  dump_stack_lvl+0x151/0x1c0
[ 1263.320386][T25385]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 1263.325853][T25385]  ? __kernel_text_address+0x9b/0x110
[ 1263.331061][T25385]  ? unwind_get_return_address+0x4d/0x90
[ 1263.336528][T25385]  dump_stack+0x15/0x20
[ 1263.340520][T25385]  should_fail+0x3c6/0x510
[ 1263.344773][T25385]  should_fail_usercopy+0x1a/0x20
[ 1263.345331][T19129] usb 1-1: new high-speed USB device number 127 using dummy_hcd
[ 1263.349636][T25385]  _copy_from_user+0x20/0xd0
[ 1263.349659][T25385]  ipv6_flowlabel_opt+0x122/0x2530
[ 1263.349675][T25385]  ? stack_trace_snprint+0xf0/0xf0
[ 1263.371420][T25385]  ? __stack_depot_save+0x34/0x470
[ 1263.376365][T25385]  ? ipv6_flowlabel_opt_get+0x600/0x600
[ 1263.381745][T25385]  ? __kasan_slab_alloc+0xc3/0xe0
[ 1263.386606][T25385]  ? __kasan_slab_alloc+0xb1/0xe0
[ 1263.391467][T25385]  ? __kasan_check_write+0x14/0x20
[ 1263.396416][T25385]  ? _raw_spin_lock_bh+0xa4/0x1b0
[ 1263.401275][T25385]  ? _raw_spin_lock_irq+0x1b0/0x1b0
[ 1263.406311][T25385]  ? do_sys_openat2+0x13f/0x820
[ 1263.410998][T25385]  ? x64_sys_call+0x6bf/0x9a0
[ 1263.415512][T25385]  ? __local_bh_enable_ip+0x58/0x80
[ 1263.420544][T25385]  ? _raw_spin_unlock_bh+0x51/0x60
[ 1263.425490][T25385]  ? lock_sock_nested+0x266/0x300
[ 1263.430354][T25385]  ? sock_init_data+0xc0/0xc0
[ 1263.434867][T25385]  ? __kasan_check_write+0x14/0x20
[ 1263.439813][T25385]  ? _copy_from_user+0x96/0xd0
[ 1263.444414][T25385]  ipv6_setsockopt+0xb44/0x4240
[ 1263.449102][T25385]  ? ipv6_update_options+0x400/0x400
[ 1263.454227][T25385]  ? 0xffffffffa002a070
[ 1263.458214][T25385]  ? is_bpf_text_address+0x172/0x190
[ 1263.463332][T25385]  ? stack_trace_save+0x1c0/0x1c0
[ 1263.468193][T25385]  ? __kernel_text_address+0x9b/0x110
[ 1263.473401][T25385]  ? unwind_get_return_address+0x4d/0x90
[ 1263.478869][T25385]  ? arch_stack_walk+0xf3/0x140
[ 1263.483558][T25385]  ? stack_trace_save+0x113/0x1c0
[ 1263.488417][T25385]  ? stack_trace_snprint+0xf0/0xf0
[ 1263.493366][T25385]  ? __stack_depot_save+0x34/0x470
[ 1263.498311][T25385]  ? kmem_cache_free+0x116/0x2e0
[ 1263.503086][T25385]  ? kmem_cache_free+0x116/0x2e0
[ 1263.507857][T25385]  ? kasan_set_track+0x5d/0x70
[ 1263.512459][T25385]  ? kasan_set_track+0x4b/0x70
[ 1263.517061][T25385]  ? kasan_set_free_info+0x23/0x40
[ 1263.522009][T25385]  ? ____kasan_slab_free+0x126/0x160
[ 1263.527127][T25385]  ? __kasan_slab_free+0x11/0x20
[ 1263.531899][T25385]  ? slab_free_freelist_hook+0xbd/0x190
[ 1263.537281][T25385]  ? kmem_cache_free+0x116/0x2e0
[ 1263.542054][T25385]  ? avc_has_perm_noaudit+0x348/0x430
[ 1263.547267][T25385]  ? memcpy+0x56/0x70
[ 1263.551083][T25385]  ? avc_has_perm_noaudit+0x2dd/0x430
[ 1263.556292][T25385]  ? avc_denied+0x1b0/0x1b0
[ 1263.560632][T25385]  ? avc_has_perm+0x16f/0x260
[ 1263.565146][T25385]  tcp_setsockopt+0x22d/0x3800
[ 1263.569742][T25385]  ? fsnotify_perm+0x6a/0x5b0
[ 1263.574257][T25385]  ? tcp_set_window_clamp+0x1b0/0x1b0
[ 1263.579466][T25385]  ? selinux_socket_setsockopt+0x260/0x360
[ 1263.585108][T25385]  ? selinux_socket_getsockopt+0x340/0x340
[ 1263.590752][T25385]  sock_common_setsockopt+0xa2/0xc0
[ 1263.595783][T25385]  ? sock_common_recvmsg+0x240/0x240
[ 1263.600900][T25385]  __sys_setsockopt+0x4dc/0x840
[ 1263.605589][T25385]  ? __ia32_sys_recv+0xb0/0xb0
[ 1263.610191][T25385]  ? debug_smp_processor_id+0x17/0x20
[ 1263.615397][T25385]  __x64_sys_setsockopt+0xbf/0xd0
[ 1263.620258][T25385]  x64_sys_call+0x1a2/0x9a0
[ 1263.624598][T25385]  do_syscall_64+0x3b/0xb0
[ 1263.628850][T25385]  ? clear_bhb_loop+0x35/0x90
[ 1263.633364][T25385]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1263.639092][T25385] RIP: 0033:0x7fade2c4bff9
[ 1263.643345][T25385] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1263.662786][T25385] RSP: 002b:00007fade18c5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1263.671033][T25385] RAX: ffffffffffffffda RBX: 00007fade2e03f80 RCX: 00007fade2c4bff9
[ 1263.678842][T25385] RDX: 0000000000000020 RSI: 0000000000000029 RDI: 0000000000000003
[ 1263.686652][T25385] RBP: 00007fade18c5090 R08: 0000000000000020 R09: 0000000000000000
[ 1263.694605][T25385] R10: 0000000020000100 R11: 0000000000000246 R12: 0000000000000001
[ 1263.702410][T25385] R13: 0000000000000000 R14: 00007fade2e03f80 R15: 00007fffde78ab18
[ 1263.710226][T25385]  </TASK>
[ 1263.935996][T25394] EXT4-fs (sda1): resizing filesystem from 262144 to 262144 blocks
[ 1263.956133][   T30] kauditd_printk_skb: 12 callbacks suppressed
[ 1263.956148][   T30] audit: type=1326 audit(2000000880.347:3708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25390 comm="syz.2.6750" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0838a09ff9 code=0x0
[ 1264.055318][T19129] usb 1-1: Using ep0 maxpacket: 16
[ 1264.175398][T19129] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1264.186248][T19129] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1264.203057][T19129] usb 1-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00
[ 1264.221191][T19129] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1264.341043][T25407] netlink: 96 bytes leftover after parsing attributes in process `syz.3.6755'.
[ 1264.352018][T25407] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1264.368487][T25404] loop2: detected capacity change from 0 to 40427
[ 1264.444195][T25404] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[ 1264.460021][T25404] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[ 1264.472538][T19129] usb 1-1: config 0 descriptor??
[ 1264.477462][T25404] F2FS-fs (loop2): invalid crc value
[ 1264.484126][T25404] F2FS-fs (loop2): Found nat_bits in checkpoint
[ 1264.509481][T25404] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[ 1264.517052][T25404] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[ 1264.844815][T25419] loop1: detected capacity change from 0 to 256
[ 1265.386739][T19129] logitech 0003:046D:C29C.014F: unknown main item tag 0x0
[ 1265.394379][T19129] logitech 0003:046D:C29C.014F: hidraw0: USB HID v0.00 Device [HID 046d:c29c] on usb-dummy_hcd.0-1/input0
[ 1265.398384][T25424] loop3: detected capacity change from 0 to 512
[ 1265.469372][T25426] 9pnet: Insufficient options for proto=fd
[ 1265.509394][T25433] loop1: detected capacity change from 0 to 512
[ 1265.519963][T25424] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[ 1265.531152][T25424] ext4 filesystem being mounted at /92/file0 supports timestamps until 2038 (0x7fffffff)
[ 1265.554386][T25433] EXT4-fs (loop1): revision level too high, forcing read-only mode
[ 1265.572976][T25433] EXT4-fs (loop1): orphan cleanup on readonly fs
[ 1265.582039][T25433] Quota error (device loop1): v2_read_file_info: Free block number too big (0 >= 0).
[ 1265.591689][T25433] EXT4-fs warning (device loop1): ext4_enable_quotas:6422: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[ 1265.629075][T25433] EXT4-fs (loop1): Cannot turn on quotas: error -117
[ 1265.636204][T25433] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.6761: bg 0: block 40: padding at end of block bitmap is not set
[ 1265.650552][T25433] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6185: Corrupt filesystem
[ 1265.661155][T25433] EXT4-fs (loop1): 1 truncate cleaned up
[ 1265.667899][   T30] audit: type=1326 audit(2000000882.057:3709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25438 comm="syz.2.6763" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0838a09ff9 code=0x0
[ 1265.668291][T25433] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[ 1265.720144][T25433] EXT4-fs error (device loop1): ext4_xattr_block_get:546: inode #16: comm syz.1.6761: corrupted xattr block 31
[ 1265.732997][T25433] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=16
[ 1265.741943][T25433] EXT4-fs error (device loop1): ext4_xattr_block_get:546: inode #16: comm syz.1.6761: corrupted xattr block 31
[ 1265.753875][T25433] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=16
[ 1265.755860][T25443] FAULT_INJECTION: forcing a failure.
[ 1265.755860][T25443] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1265.763197][T25433] fuse: Bad value for 'fd'
[ 1265.779813][T25443] CPU: 1 PID: 25443 Comm: syz.3.6765 Not tainted 5.15.167-syzkaller-02003-g5e4635681cf1 #0
[ 1265.789528][T25443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1265.799418][T25443] Call Trace:
[ 1265.802543][T25443]  <TASK>
[ 1265.805323][T25443]  dump_stack_lvl+0x151/0x1c0
[ 1265.809834][T25443]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 1265.815308][T25443]  dump_stack+0x15/0x20
[ 1265.819292][T25443]  should_fail+0x3c6/0x510
[ 1265.823546][T25443]  should_fail_usercopy+0x1a/0x20
[ 1265.828406][T25443]  _copy_to_user+0x20/0x90
[ 1265.832661][T25443]  simple_read_from_buffer+0xc7/0x150
[ 1265.837867][T25443]  proc_fail_nth_read+0x1a3/0x210
[ 1265.842728][T25443]  ? proc_fault_inject_write+0x390/0x390
[ 1265.848194][T25443]  ? fsnotify_perm+0x269/0x5b0
[ 1265.852796][T25443]  ? security_file_permission+0x86/0xb0
[ 1265.858178][T25443]  ? proc_fault_inject_write+0x390/0x390
[ 1265.863644][T25443]  vfs_read+0x27d/0xd40
[ 1265.867638][T25443]  ? kernel_read+0x1f0/0x1f0
[ 1265.872068][T25443]  ? __kasan_check_write+0x14/0x20
[ 1265.877011][T25443]  ? mutex_lock+0xb6/0x1e0
[ 1265.881264][T25443]  ? wait_for_completion_killable_timeout+0x10/0x10
[ 1265.887688][T25443]  ? __fdget_pos+0x2e7/0x3a0
[ 1265.892114][T25443]  ? ksys_read+0x77/0x2c0
[ 1265.896283][T25443]  ksys_read+0x199/0x2c0
[ 1265.900359][T25443]  ? vfs_write+0x1110/0x1110
[ 1265.904875][T25443]  ? debug_smp_processor_id+0x17/0x20
[ 1265.910081][T25443]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 1265.915984][T25443]  __x64_sys_read+0x7b/0x90
[ 1265.920323][T25443]  x64_sys_call+0x28/0x9a0
[ 1265.924576][T25443]  do_syscall_64+0x3b/0xb0
[ 1265.928832][T25443]  ? clear_bhb_loop+0x35/0x90
[ 1265.933340][T25443]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1265.939071][T25443] RIP: 0033:0x7fade2c4aa3c
[ 1265.943323][T25443] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[ 1265.962852][T25443] RSP: 002b:00007fade18c5030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1265.971095][T25443] RAX: ffffffffffffffda RBX: 00007fade2e03f80 RCX: 00007fade2c4aa3c
[ 1265.978910][T25443] RDX: 000000000000000f RSI: 00007fade18c50a0 RDI: 0000000000000005
[ 1265.986719][T25443] RBP: 00007fade18c5090 R08: 0000000000000000 R09: 0000000000000000
[ 1265.994529][T25443] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1266.002343][T25443] R13: 0000000000000000 R14: 00007fade2e03f80 R15: 00007fffde78ab18
[ 1266.010157][T25443]  </TASK>
[ 1266.035429][T19129] logitech 0003:046D:C29C.014F: no inputs found
[ 1266.043556][T19129] usb 1-1: USB disconnect, device number 127
[ 1266.047048][T25448] loop3: detected capacity change from 0 to 512
[ 1266.075571][T10070] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[ 1266.126713][T25448] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=continue,,errors=continue. Quota mode: writeback.
[ 1266.138939][T25448] ext4 filesystem being mounted at /95/file0 supports timestamps until 2038 (0x7fffffff)
[ 1266.315372][T10070] usb 2-1: Using ep0 maxpacket: 16
[ 1266.607522][T10070] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1266.618280][T10070] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1266.627939][T10070] usb 2-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00
[ 1266.641171][T10070] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1266.649907][T10070] usb 2-1: config 0 descriptor??
[ 1267.377021][T25469] netlink: 96 bytes leftover after parsing attributes in process `syz.0.6769'.
[ 1267.386320][T25469] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1267.742181][T25478] loop2: detected capacity change from 0 to 512
[ 1267.792387][T25478] EXT4-fs (loop2): revision level too high, forcing read-only mode
[ 1267.803081][T25478] EXT4-fs (loop2): orphan cleanup on readonly fs
[ 1267.809475][T25478] Quota error (device loop2): v2_read_file_info: Free block number too big (0 >= 0).
[ 1267.818873][T25478] EXT4-fs warning (device loop2): ext4_enable_quotas:6422: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[ 1267.834930][T25478] EXT4-fs (loop2): Cannot turn on quotas: error -117
[ 1267.842160][T25478] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.6772: bg 0: block 40: padding at end of block bitmap is not set
[ 1267.856447][T25478] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6185: Corrupt filesystem
[ 1267.865526][T25478] EXT4-fs (loop2): 1 truncate cleaned up
[ 1267.871065][T25478] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[ 1267.888830][T25478] EXT4-fs error (device loop2): ext4_xattr_block_get:546: inode #16: comm syz.2.6772: corrupted xattr block 31
[ 1267.900637][T25478] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=16
[ 1267.909561][T25478] EXT4-fs error (device loop2): ext4_xattr_block_get:546: inode #16: comm syz.2.6772: corrupted xattr block 31
[ 1267.922365][T25478] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=16
[ 1267.934389][T10070] logitech 0003:046D:C29C.0150: unknown main item tag 0x0
[ 1267.941524][T25478] fuse: Bad value for 'fd'
[ 1267.948586][T10070] logitech 0003:046D:C29C.0150: hidraw0: USB HID v0.00 Device [HID 046d:c29c] on usb-dummy_hcd.1-1/input0
[ 1268.345323][T16707] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[ 1268.445361][T10070] logitech 0003:046D:C29C.0150: no inputs found
[ 1268.453197][T10070] usb 2-1: USB disconnect, device number 19
[ 1268.592966][T16707] usb 3-1: Using ep0 maxpacket: 16
[ 1268.719692][T25491] EXT4-fs (sda1): resizing filesystem from 262144 to 1 blocks
[ 1268.727019][T25491] EXT4-fs warning (device sda1): ext4_resize_fs:2004: can't shrink FS - resize aborted
[ 1268.805311][  T952] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 1268.845414][T16707] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1268.856154][T16707] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1268.865676][T16707] usb 3-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00
[ 1268.874519][T16707] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1268.882973][T16707] usb 3-1: config 0 descriptor??
[ 1268.992676][   T30] audit: type=1400 audit(2000000885.377:3710): avc:  denied  { setopt } for  pid=25492 comm="syz.1.6776" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1269.019013][T25495] loop1: detected capacity change from 0 to 512
[ 1269.075744][T25495] EXT4-fs (loop1): Ignoring removed mblk_io_submit option
[ 1269.083875][T25495] EXT4-fs error (device loop1): __ext4_iget:4903: inode #11: block 1: comm syz.1.6777: invalid block
[ 1269.094696][T25495] EXT4-fs (loop1): Remounting filesystem read-only
[ 1269.101087][T25495] EXT4-fs error (device loop1): ext4_orphan_get:1402: comm syz.1.6777: couldn't read orphan inode 11 (err -117)
[ 1269.112813][T25495] EXT4-fs (loop1): mounted filesystem without journal. Opts: noauto_da_alloc,errors=continue,max_dir_size_kb=0x0000000000000009,data_err=abort,errors=remount-ro,noinit_itable,mblk_io_submit,i_version,acl,. Quota mode: none.
[ 1269.195386][  T952] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11
[ 1269.206455][  T952] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024
[ 1269.217490][  T952] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[ 1269.226286][  T952] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1269.265447][T25486] raw-gadget.2 gadget: fail, usb_ep_enable returned -22
[ 1269.366214][T16707] logitech 0003:046D:C29C.0151: unknown main item tag 0x0
[ 1269.375371][T16707] logitech 0003:046D:C29C.0151: hidraw0: USB HID v0.00 Device [HID 046d:c29c] on usb-dummy_hcd.2-1/input0
[ 1269.426267][   T30] audit: type=1326 audit(2000000885.817:3711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25500 comm="syz.3.6778" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fade2c4bff9 code=0x0
[ 1269.495374][  T952] aiptek 1-1:17.0: Aiptek using 400 ms programming speed
[ 1269.502710][  T952] input: Aiptek as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:17.0/input/input35
[ 1269.513040][  T952] usb 1-1: USB disconnect, device number 2
[ 1269.825365][T16707] logitech 0003:046D:C29C.0151: no inputs found
[ 1269.833026][T16707] usb 3-1: USB disconnect, device number 25
[ 1270.162912][T25509] netlink: 96 bytes leftover after parsing attributes in process `syz.1.6780'.
[ 1270.174048][T25509] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1270.727706][T25520] FAULT_INJECTION: forcing a failure.
[ 1270.727706][T25520] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1270.740623][T25520] CPU: 1 PID: 25520 Comm: syz.2.6783 Not tainted 5.15.167-syzkaller-02003-g5e4635681cf1 #0
[ 1270.750366][T25520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1270.760262][T25520] Call Trace:
[ 1270.763384][T25520]  <TASK>
[ 1270.766162][T25520]  dump_stack_lvl+0x151/0x1c0
[ 1270.770674][T25520]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 1270.776144][T25520]  ? find_lowest_rq+0x196/0x760
[ 1270.780831][T25520]  ? pick_next_pushable_task+0x210/0x210
[ 1270.786298][T25520]  dump_stack+0x15/0x20
[ 1270.790288][T25520]  should_fail+0x3c6/0x510
[ 1270.792875][T16707] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[ 1270.794635][T25520]  should_fail_usercopy+0x1a/0x20
[ 1270.807042][T25520]  _copy_from_user+0x20/0xd0
[ 1270.811468][T25520]  iovec_from_user+0xc7/0x330
[ 1270.815980][T25520]  __import_iovec+0x6d/0x420
[ 1270.820408][T25520]  ? __ia32_sys_shutdown+0x70/0x70
[ 1270.825355][T25520]  import_iovec+0xe5/0x120
[ 1270.829613][T25520]  ___sys_sendmsg+0x215/0x2e0
[ 1270.834120][T25520]  ? __sys_sendmsg+0x260/0x260
[ 1270.838720][T25520]  ? __kasan_check_read+0x11/0x20
[ 1270.843579][T25520]  ? preempt_schedule_irq+0xe7/0x140
[ 1270.848706][T25520]  ? irqentry_exit_cond_resched+0x2a/0x30
[ 1270.854255][T25520]  ? irqentry_exit+0x30/0x40
[ 1270.858682][T25520]  ? __fget_files+0x1c3/0x380
[ 1270.863199][T25520]  ? __fdget+0x1b4/0x240
[ 1270.867273][T25520]  ? __fdget+0x1bc/0x240
[ 1270.871352][T25520]  __se_sys_sendmsg+0x19a/0x260
[ 1270.876045][T25520]  ? __x64_sys_sendmsg+0x90/0x90
[ 1270.880814][T25520]  ? ksys_write+0x260/0x2c0
[ 1270.885154][T25520]  ? __kasan_check_write+0x14/0x20
[ 1270.890100][T25520]  ? switch_fpu_return+0x15f/0x2e0
[ 1270.895048][T25520]  __x64_sys_sendmsg+0x7b/0x90
[ 1270.899649][T25520]  x64_sys_call+0x16a/0x9a0
[ 1270.903987][T25520]  do_syscall_64+0x3b/0xb0
[ 1270.908240][T25520]  ? clear_bhb_loop+0x35/0x90
[ 1270.912752][T25520]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1270.918482][T25520] RIP: 0033:0x7f0838a09ff9
[ 1270.922735][T25520] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1270.942176][T25520] RSP: 002b:00007f0837641038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1270.950423][T25520] RAX: ffffffffffffffda RBX: 00007f0838bc2130 RCX: 00007f0838a09ff9
[ 1270.958232][T25520] RDX: 0000000000000000 RSI: 00000000200006c0 RDI: 0000000000000005
[ 1270.966045][T25520] RBP: 00007f0837641090 R08: 0000000000000000 R09: 0000000000000000
[ 1270.973855][T25520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1270.981667][T25520] R13: 0000000000000000 R14: 00007f0838bc2130 R15: 00007ffe4061e958
[ 1270.989483][T25520]  </TASK>
[ 1271.049277][T25524] 9pnet: Could not find request transport: fd0x0000000000000003
[ 1271.113898][T25522] FAULT_INJECTION: forcing a failure.
[ 1271.113898][T25522] name failslab, interval 1, probability 0, space 0, times 0
[ 1271.126507][T25522] CPU: 1 PID: 25522 Comm: syz.1.6784 Not tainted 5.15.167-syzkaller-02003-g5e4635681cf1 #0
[ 1271.136310][T25522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1271.146195][T25522] Call Trace:
[ 1271.149322][T25522]  <TASK>
[ 1271.152100][T25522]  dump_stack_lvl+0x151/0x1c0
[ 1271.156616][T25522]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 1271.162079][T25522]  ? avc_has_perm+0x16f/0x260
[ 1271.166596][T25522]  dump_stack+0x15/0x20
[ 1271.170586][T25522]  should_fail+0x3c6/0x510
[ 1271.174842][T25522]  __should_failslab+0xa4/0xe0
[ 1271.179439][T25522]  should_failslab+0x9/0x20
[ 1271.183778][T25522]  slab_pre_alloc_hook+0x37/0xd0
[ 1271.188553][T25522]  __kmalloc+0x6d/0x270
[ 1271.192545][T25522]  ? qdisc_alloc+0x75/0x770
[ 1271.196883][T25522]  qdisc_alloc+0x75/0x770
[ 1271.201051][T25522]  ? tun_device_event+0x3e5/0xf80
[ 1271.205913][T25522]  qdisc_create_dflt+0x6b/0x3e0
[ 1271.210596][T25522]  ? _raw_spin_lock+0xa4/0x1b0
[ 1271.215198][T25522]  dev_activate+0x2e0/0x1140
[ 1271.219625][T25522]  __dev_open+0x3bf/0x4e0
[ 1271.223789][T25522]  ? dev_open+0x260/0x260
[ 1271.227957][T25522]  ? _raw_spin_unlock_bh+0x51/0x60
[ 1271.232902][T25522]  ? dev_set_rx_mode+0x245/0x2e0
[ 1271.237676][T25522]  ? __kasan_check_read+0x11/0x20
[ 1271.242537][T25522]  __dev_change_flags+0x1db/0x6e0
[ 1271.247399][T25522]  ? avc_denied+0x1b0/0x1b0
[ 1271.251738][T25522]  ? dev_get_flags+0x1e0/0x1e0
[ 1271.255317][T16707] usb 4-1: device descriptor read/64, error -71
[ 1271.256337][T25522]  ? _kstrtoull+0x3a0/0x4a0
[ 1271.256358][T25522]  dev_change_flags+0x8c/0x1a0
[ 1271.271353][T25522]  dev_ifsioc+0x147/0x10c0
[ 1271.275607][T25522]  ? dev_ioctl+0xe70/0xe70
[ 1271.279859][T25522]  ? mutex_lock+0xb6/0x1e0
[ 1271.284111][T25522]  ? wait_for_completion_killable_timeout+0x10/0x10
[ 1271.290535][T25522]  dev_ioctl+0x54d/0xe70
[ 1271.294613][T25522]  sock_do_ioctl+0x34f/0x5a0
[ 1271.299040][T25522]  ? sock_show_fdinfo+0xa0/0xa0
[ 1271.303732][T25522]  ? selinux_file_ioctl+0x3cc/0x540
[ 1271.308761][T25522]  sock_ioctl+0x455/0x740
[ 1271.312930][T25522]  ? sock_poll+0x400/0x400
[ 1271.317182][T25522]  ? __fget_files+0x31e/0x380
[ 1271.321706][T25522]  ? security_file_ioctl+0x84/0xb0
[ 1271.326639][T25522]  ? sock_poll+0x400/0x400
[ 1271.330893][T25522]  __se_sys_ioctl+0x114/0x190
[ 1271.335408][T25522]  __x64_sys_ioctl+0x7b/0x90
[ 1271.339833][T25522]  x64_sys_call+0x98/0x9a0
[ 1271.344097][T25522]  do_syscall_64+0x3b/0xb0
[ 1271.348339][T25522]  ? clear_bhb_loop+0x35/0x90
[ 1271.352852][T25522]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1271.358584][T25522] RIP: 0033:0x7f386af64ff9
[ 1271.362833][T25522] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1271.382276][T25522] RSP: 002b:00007f3869bde038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1271.390520][T25522] RAX: ffffffffffffffda RBX: 00007f386b11cf80 RCX: 00007f386af64ff9
[ 1271.398332][T25522] RDX: 0000000020000100 RSI: 0000000000008914 RDI: 0000000000000007
[ 1271.406143][T25522] RBP: 00007f3869bde090 R08: 0000000000000000 R09: 0000000000000000
[ 1271.413953][T25522] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1271.421766][T25522] R13: 0000000000000000 R14: 00007f386b11cf80 R15: 00007ffcecb60d38
[ 1271.429587][T25522]  </TASK>
[ 1271.436218][T25522] pim6reg1: default qdisc (pfifo_fast) fail, fallback to noqueue
[ 1271.443799][T25522] device pim6reg1 entered promiscuous mode
[ 1271.546246][T25530] loop4: detected capacity change from 0 to 16
[ 1271.588130][T25530] erofs: (device loop4): mounted with root inode @ nid 36.
[ 1272.285100][   T30] audit: type=1326 audit(2000000888.667:3712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25527 comm="syz.2.6787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0838a09ff9 code=0x7ffc0000
[ 1272.310642][   T30] audit: type=1326 audit(2000000888.667:3713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25527 comm="syz.2.6787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f0838a09ff9 code=0x7ffc0000
[ 1272.335649][   T30] audit: type=1326 audit(2000000888.697:3714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25527 comm="syz.2.6787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0838a09ff9 code=0x7ffc0000
[ 1272.360478][   T30] audit: type=1326 audit(2000000888.697:3715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25527 comm="syz.2.6787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0838a09ff9 code=0x7ffc0000
[ 1272.385512][T25541] device pim6reg1 entered promiscuous mode
[ 1272.392599][   T30] audit: type=1326 audit(2000000888.697:3716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25536 comm="syz.2.6787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f0838a3c0e5 code=0x7ffc0000
[ 1272.416876][   T30] audit: type=1326 audit(2000000888.727:3717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25527 comm="syz.2.6787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=247 compat=0 ip=0x7f0838a09ff9 code=0x7ffc0000
[ 1272.440232][T16707] usb 4-1: device descriptor read/64, error -71
[ 1272.490083][T25543] 9pnet: Could not find request transport: fd0x0000000000000003
[ 1272.512878][   T30] audit: type=1326 audit(2000000888.887:3718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25536 comm="syz.2.6787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7f0838a09ff9 code=0x7ffc0000
[ 1272.542151][   T30] audit: type=1326 audit(2000000888.897:3719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25527 comm="syz.2.6787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f08389a5959 code=0x7ffc0000
[ 1272.799842][T25549] loop1: detected capacity change from 0 to 16
[ 1272.826341][T25549] erofs: (device loop1): mounted with root inode @ nid 36.
[ 1272.915340][  T340] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[ 1272.922683][T16707] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[ 1273.113611][T25555] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6793'.
[ 1273.152327][T25555] tipc: Started in network mode
[ 1273.157268][T25555] tipc: Node identity aaaaaaaaaa1, cluster identity 4711
[ 1273.164776][T25555] tipc: Enabled bearer <eth:gretap0>, priority 10
[ 1273.333845][T25562] loop2: detected capacity change from 0 to 512
[ 1273.375405][T16707] usb 4-1: device descriptor read/64, error -71
[ 1273.406513][T25562] EXT4-fs (loop2): revision level too high, forcing read-only mode
[ 1273.414779][T25562] EXT4-fs (loop2): orphan cleanup on readonly fs
[ 1273.423254][T25562] EXT4-fs warning (device loop2): ext4_enable_quotas:6422: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[ 1273.452205][T25562] EXT4-fs (loop2): Cannot turn on quotas: error -117
[ 1273.466608][T25562] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.6796: bg 0: block 40: padding at end of block bitmap is not set
[ 1273.588341][T25566] netlink: 96 bytes leftover after parsing attributes in process `syz.4.6795'.
[ 1273.599993][T25566] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1273.603161][  T340] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1273.617963][  T340] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1273.627578][  T340] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1273.636627][T25562] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6185: Corrupt filesystem
[ 1273.641373][  T340] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1273.653527][T25562] EXT4-fs (loop2): 1 truncate cleaned up
[ 1273.659126][T25562] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[ 1273.706729][  T340] usb 1-1: config 0 descriptor??
[ 1273.712738][T25562] EXT4-fs error (device loop2): ext4_xattr_block_get:546: inode #16: comm syz.2.6796: corrupted xattr block 31
[ 1273.724523][T25562] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=16
[ 1273.733793][T25562] EXT4-fs error (device loop2): ext4_xattr_block_get:546: inode #16: comm syz.2.6796: corrupted xattr block 31
[ 1273.746939][T25562] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=16
[ 1273.756130][T25562] fuse: Bad value for 'fd'
[ 1274.189762][T25575] FAULT_INJECTION: forcing a failure.
[ 1274.189762][T25575] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1274.202786][T25575] CPU: 0 PID: 25575 Comm: syz.3.6800 Not tainted 5.15.167-syzkaller-02003-g5e4635681cf1 #0
[ 1274.212573][T25575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1274.222469][T25575] Call Trace:
[ 1274.225597][T25575]  <TASK>
[ 1274.228370][T25575]  dump_stack_lvl+0x151/0x1c0
[ 1274.232882][T25575]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 1274.238351][T25575]  dump_stack+0x15/0x20
[ 1274.242345][T25575]  should_fail+0x3c6/0x510
[ 1274.246596][T25575]  should_fail_usercopy+0x1a/0x20
[ 1274.251458][T25575]  strncpy_from_user+0x24/0x2d0
[ 1274.256142][T25575]  ? kmem_cache_alloc+0xf5/0x200
[ 1274.260917][T25575]  getname_flags+0xf2/0x520
[ 1274.265258][T25575]  user_path_at_empty+0x2d/0x1a0
[ 1274.270032][T25575]  path_getxattr+0xac/0x240
[ 1274.274370][T25575]  ? fput+0x1a/0x20
[ 1274.278016][T25575]  ? ksys_write+0x260/0x2c0
[ 1274.282359][T25575]  ? setxattr+0x2e0/0x2e0
[ 1274.286522][T25575]  ? debug_smp_processor_id+0x17/0x20
[ 1274.291728][T25575]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 1274.297631][T25575]  __x64_sys_lgetxattr+0x9e/0xb0
[ 1274.302404][T25575]  x64_sys_call+0x51b/0x9a0
[ 1274.306744][T25575]  do_syscall_64+0x3b/0xb0
[ 1274.310996][T25575]  ? clear_bhb_loop+0x35/0x90
[ 1274.315512][T25575]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1274.321240][T25575] RIP: 0033:0x7fade2c4bff9
[ 1274.325495][T25575] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1274.344933][T25575] RSP: 002b:00007fade18c5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c0
[ 1274.353179][T25575] RAX: ffffffffffffffda RBX: 00007fade2e03f80 RCX: 00007fade2c4bff9
[ 1274.360990][T25575] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200001c0
[ 1274.368800][T25575] RBP: 00007fade18c5090 R08: 0000000000000000 R09: 0000000000000000
[ 1274.376612][T25575] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1274.384423][T25575] R13: 0000000000000000 R14: 00007fade2e03f80 R15: 00007fffde78ab18
[ 1274.392238][T25575]  </TASK>
[ 1274.396470][T19129] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[ 1274.425383][  T952] tipc: Node number set to 12233386
[ 1274.458927][T25583] loop4: detected capacity change from 0 to 1024
[ 1274.572633][T25583] EXT4-fs (loop4): error: could not find journal device path: error -2
[ 1274.714642][T25588] loop1: detected capacity change from 0 to 512
[ 1274.750323][T25583] loop4: detected capacity change from 0 to 512
[ 1274.797443][T25588] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[ 1274.808308][T25588] ext4 filesystem being mounted at /62/file0 supports timestamps until 2038 (0x7fffffff)
[ 1274.815343][T19129] usb 3-1: Using ep0 maxpacket: 16
[ 1274.856550][T25583] EXT4-fs (loop4): orphan cleanup on readonly fs
[ 1274.862747][T25583] EXT4-fs error (device loop4): ext4_orphan_get:1423: comm syz.4.6803: bad orphan inode 1
[ 1274.874644][T25583] EXT4-fs (loop4): Remounting filesystem read-only
[ 1274.881190][T25583] EXT4-fs (loop4): mounted filesystem without journal. Opts: bsdgroups,i_version,usrquota,min_batch_time=0x0000000000000005,nobarrier,errors=remount-ro,jqfmt=vfsold,. Quota mode: writeback.
[ 1274.908501][   T30] kauditd_printk_skb: 3 callbacks suppressed
[ 1274.908513][   T30] audit: type=1400 audit(2000000891.297:3722): avc:  denied  { mounton } for  pid=25582 comm="syz.4.6803" path="/87/file0/file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[ 1274.937729][T19129] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1274.949899][T19129] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1274.959510][T19129] usb 3-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00
[ 1274.968340][T19129] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1274.977307][T25583] EXT4-fs (loop4): Ignoring removed mblk_io_submit option
[ 1274.984269][T25583] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option
[ 1274.993373][T19129] usb 3-1: config 0 descriptor??
[ 1275.004578][T25583] EXT4-fs (loop4): Remounting file system with no journal so ignoring journalled data option
[ 1275.032491][T25583] EXT4-fs (loop4): changing journal_checksum during remount not supported; ignoring
[ 1275.044465][T25583] EXT4-fs error (device loop4): ext4_remount:5845: comm syz.4.6803: Abort forced by user
[ 1275.055855][  T340] usb 1-1: string descriptor 0 read error: -71
[ 1275.072569][T24037] EXT4-fs error (device loop4): ext4_readdir:260: inode #11: block 21: comm syz-executor: path /87/file0/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=64815104, rec_len=1024, size=1024 fake=0
[ 1275.094233][T24037] EXT4-fs error (device loop4): ext4_lookup:1856: inode #16: comm syz-executor: iget: bad extra_isize 2080 (inode size 256)
[ 1275.106934][  T340] uclogic 0003:256C:006D.0152: failed retrieving string descriptor #200: -71
[ 1275.106963][  T340] uclogic 0003:256C:006D.0152: failed retrieving pen parameters: -71
[ 1275.106976][  T340] uclogic 0003:256C:006D.0152: failed probing pen v2 parameters: -71
[ 1275.106999][  T340] uclogic 0003:256C:006D.0152: failed probing parameters: -71
[ 1275.107023][  T340] uclogic: probe of 0003:256C:006D.0152 failed with error -71
[ 1275.116102][T24037] EXT4-fs error (device loop4): ext4_lookup:1856: inode #16: comm syz-executor: iget: bad extra_isize 2080 (inode size 256)
[ 1275.136931][  T340] usb 1-1: USB disconnect, device number 3
[ 1275.347588][T25599] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1275.354429][T25599] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1275.361677][T25599] device bridge_slave_0 entered promiscuous mode
[ 1275.370124][T25599] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1275.377011][T25599] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1275.384050][T25599] device bridge_slave_1 entered promiscuous mode
[ 1275.469593][T25605] loop3: detected capacity change from 0 to 1024
[ 1275.608886][T19129] logitech 0003:046D:C29C.0153: unknown main item tag 0x0
[ 1275.616436][T19129] logitech 0003:046D:C29C.0153: hidraw0: USB HID v0.00 Device [HID 046d:c29c] on usb-dummy_hcd.2-1/input0
[ 1275.706307][T25599] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1275.713185][T25599] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1275.718770][T25609] loop1: detected capacity change from 0 to 1024
[ 1275.720298][T25599] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1275.733203][T25599] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1275.747412][T25609] EXT4-fs (loop1): Ignoring removed oldalloc option
[ 1275.766559][T25609] EXT4-fs (loop1): mounted filesystem without journal. Opts: stripe=0x0000000000000003,noauto_da_alloc,jqfmt=vfsold,data_err=ignore,noauto_da_alloc,delalloc,resuid=0x0000000000000000,oldalloc,jqfmt=vfsv1,,errors=continue. Quota mode: none.
[ 1275.789802][  T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1275.799270][  T393] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1275.808397][  T393] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1275.821479][  T393] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1275.830772][  T393] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1275.839600][  T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1275.941578][T25612] netlink: 96 bytes leftover after parsing attributes in process `syz.0.6810'.
[ 1275.950976][T25612] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1275.967556][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1275.975565][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1275.982792][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1275.985388][T19129] logitech 0003:046D:C29C.0153: no inputs found
[ 1275.998860][T25599] device veth0_vlan entered promiscuous mode
[ 1276.012637][T19129] usb 3-1: USB disconnect, device number 26
[ 1276.029687][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1276.045898][T25599] device veth1_macvtap entered promiscuous mode
[ 1276.057139][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1276.073125][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1276.165875][T20879] device veth1_macvtap left promiscuous mode
[ 1276.467008][T25626] fuse: Unknown parameter ''
[ 1276.570727][T25632] FAULT_INJECTION: forcing a failure.
[ 1276.570727][T25632] name failslab, interval 1, probability 0, space 0, times 0
[ 1276.583237][T25632] CPU: 1 PID: 25632 Comm: syz.4.6813 Not tainted 5.15.167-syzkaller-02003-g5e4635681cf1 #0
[ 1276.592945][T25632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1276.602838][T25632] Call Trace:
[ 1276.605962][T25632]  <TASK>
[ 1276.608741][T25632]  dump_stack_lvl+0x151/0x1c0
[ 1276.613253][T25632]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 1276.618726][T25632]  dump_stack+0x15/0x20
[ 1276.622711][T25632]  should_fail+0x3c6/0x510
[ 1276.626967][T25632]  __should_failslab+0xa4/0xe0
[ 1276.631567][T25632]  should_failslab+0x9/0x20
[ 1276.635908][T25632]  slab_pre_alloc_hook+0x37/0xd0
[ 1276.640680][T25632]  __kmalloc+0x6d/0x270
[ 1276.644672][T25632]  ? binder_alloc_mmap_handler+0x1a8/0x600
[ 1276.650313][T25632]  binder_alloc_mmap_handler+0x1a8/0x600
[ 1276.655782][T25632]  binder_mmap+0x1b6/0x380
[ 1276.660034][T25632]  mmap_region+0x138d/0x1b60
[ 1276.664459][T25632]  ? release_firmware_map_entry+0x190/0x190
[ 1276.670193][T25632]  ? file_mmap_ok+0x150/0x150
[ 1276.674702][T25632]  ? __sanitizer_cov_trace_cmp8+0x2e/0x80
[ 1276.680255][T25632]  ? file_mmap_ok+0x104/0x150
[ 1276.684782][T25632]  do_mmap+0x776/0xe50
[ 1276.688682][T25632]  vm_mmap_pgoff+0x1dd/0x450
[ 1276.693103][T25632]  ? account_locked_vm+0x270/0x270
[ 1276.698054][T25632]  ksys_mmap_pgoff+0x15d/0x1e0
[ 1276.702648][T25632]  __x64_sys_mmap+0x103/0x120
[ 1276.707165][T25632]  x64_sys_call+0x67/0x9a0
[ 1276.711410][T25632]  do_syscall_64+0x3b/0xb0
[ 1276.715668][T25632]  ? clear_bhb_loop+0x35/0x90
[ 1276.720180][T25632]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1276.725908][T25632] RIP: 0033:0x7f2541b84ff9
[ 1276.730165][T25632] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1276.749606][T25632] RSP: 002b:00007f25407bc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 1276.757849][T25632] RAX: ffffffffffffffda RBX: 00007f2541d3d130 RCX: 00007f2541b84ff9
[ 1276.765660][T25632] RDX: 0000000000000001 RSI: 0000000000003000 RDI: 0000000020ffd000
[ 1276.773471][T25632] RBP: 00007f25407bc090 R08: 0000000000000009 R09: 0000000000000000
[ 1276.781286][T25632] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000001
[ 1276.789095][T25632] R13: 0000000000000000 R14: 00007f2541d3d130 R15: 00007ffe0d4fe778
[ 1276.796913][T25632]  </TASK>
[ 1276.799952][T25632] binder_alloc: binder_alloc_mmap_handler: 25627 20ffd000-21000000 alloc page array failed -12
[ 1276.800010][T25630] binder_alloc: 25627: binder_alloc_buf, no vma
[ 1276.825715][T25631] 9pnet: Insufficient options for proto=fd
[ 1277.402617][T25643] loop3: detected capacity change from 0 to 16
[ 1277.415726][T25643] erofs: (device loop3): mounted with root inode @ nid 36.
[ 1277.427379][T25645] loop1: detected capacity change from 0 to 512
[ 1277.746085][T25645] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[ 1277.763582][T25649] attempt to access beyond end of device
[ 1277.763582][T25649] loop3: rw=0, want=14552337264, limit=16
[ 1277.786117][T25645] ext4 filesystem being mounted at /65/file0 supports timestamps until 2038 (0x7fffffff)
[ 1277.853144][T25649] attempt to access beyond end of device
[ 1277.853144][T25649] loop3: rw=0, want=14546590688, limit=16
[ 1278.208299][T25673] FAULT_INJECTION: forcing a failure.
[ 1278.208299][T25673] name failslab, interval 1, probability 0, space 0, times 0
[ 1278.220776][T25673] CPU: 1 PID: 25673 Comm: syz.4.6825 Not tainted 5.15.167-syzkaller-02003-g5e4635681cf1 #0
[ 1278.230504][T25673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1278.240402][T25673] Call Trace:
[ 1278.243639][T25673]  <TASK>
[ 1278.246414][T25673]  dump_stack_lvl+0x151/0x1c0
[ 1278.250962][T25673]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 1278.256511][T25673]  dump_stack+0x15/0x20
[ 1278.260501][T25673]  should_fail+0x3c6/0x510
[ 1278.264749][T25673]  __should_failslab+0xa4/0xe0
[ 1278.269350][T25673]  should_failslab+0x9/0x20
[ 1278.273687][T25673]  slab_pre_alloc_hook+0x37/0xd0
[ 1278.278466][T25673]  kmem_cache_alloc_trace+0x48/0x210
[ 1278.283582][T25673]  ? htab_map_alloc+0xa2/0x1650
[ 1278.288271][T25673]  htab_map_alloc+0xa2/0x1650
[ 1278.292789][T25673]  ? capable+0x88/0xe0
[ 1278.296689][T25673]  ? htab_map_alloc_check+0x319/0x430
[ 1278.301901][T25673]  map_create+0x411/0x2050
[ 1278.306150][T25673]  __sys_bpf+0x296/0x760
[ 1278.310230][T25673]  ? fput_many+0x160/0x1b0
[ 1278.314482][T25673]  ? bpf_link_show_fdinfo+0x2d0/0x2d0
[ 1278.319691][T25673]  ? debug_smp_processor_id+0x17/0x20
[ 1278.324898][T25673]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 1278.330800][T25673]  __x64_sys_bpf+0x7c/0x90
[ 1278.335051][T25673]  x64_sys_call+0x87f/0x9a0
[ 1278.339393][T25673]  do_syscall_64+0x3b/0xb0
[ 1278.343650][T25673]  ? clear_bhb_loop+0x35/0x90
[ 1278.348156][T25673]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1278.353885][T25673] RIP: 0033:0x7f2541b84ff9
[ 1278.358141][T25673] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1278.377589][T25673] RSP: 002b:00007f25407fe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1278.385826][T25673] RAX: ffffffffffffffda RBX: 00007f2541d3cf80 RCX: 00007f2541b84ff9
[ 1278.393636][T25673] RDX: 0000000000000048 RSI: 0000000020000840 RDI: 0000000000000000
[ 1278.401448][T25673] RBP: 00007f25407fe090 R08: 0000000000000000 R09: 0000000000000000
[ 1278.409262][T25673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1278.417073][T25673] R13: 0000000000000000 R14: 00007f2541d3cf80 R15: 00007ffe0d4fe778
[ 1278.424894][T25673]  </TASK>
[ 1279.372083][   T30] audit: type=1326 audit(2000000895.757:3723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25702 comm="syz.3.6834" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fade2c4bff9 code=0x0
[ 1279.630964][T25713] loop1: detected capacity change from 0 to 2048
[ 1279.711968][T25705] loop4: detected capacity change from 0 to 40427
[ 1279.755873][T25705] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[ 1279.763459][T25705] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[ 1279.772303][T25705] F2FS-fs (loop4): invalid crc value
[ 1279.778879][T25705] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 1279.801684][T25705] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[ 1279.808564][T25705] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1280.155319][T16707] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[ 1280.186199][   T30] audit: type=1400 audit(2000000896.567:3724): avc:  denied  { create } for  pid=25726 comm="syz.0.6841" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[ 1280.325401][T25737] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6845'.
[ 1281.096960][T25745] netlink: 96 bytes leftover after parsing attributes in process `syz.2.6842'.
[ 1281.106245][T25745] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1281.156706][T16707] usb 2-1: Using ep0 maxpacket: 8
[ 1281.637232][T16707] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1281.649332][T16707] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1282.708474][T16707] usb 2-1: New USB device found, idVendor=07c0, idProduct=1125, bcdDevice= 0.40
[ 1282.717375][T16707] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1282.725135][T16707] usb 2-1: Product: syz
[ 1282.729363][T16707] usb 2-1: Manufacturer: syz
[ 1282.733756][T16707] usb 2-1: SerialNumber: syz
[ 1282.760085][T16707] usb 2-1: can't set config #1, error -71
[ 1282.779721][T16707] usb 2-1: USB disconnect, device number 20
[ 1282.953455][T25777] loop4: detected capacity change from 0 to 40427
[ 1282.995413][  T952] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[ 1283.146601][T25777] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[ 1283.154446][T25777] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[ 1283.190406][T25777] F2FS-fs (loop4): invalid crc value
[ 1283.237312][   T30] audit: type=1400 audit(2000000899.627:3725): avc:  denied  { getopt } for  pid=25786 comm="syz.0.6858" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 1283.239019][T25787] overlayfs: unrecognized mount option "uuid=null" or missing value
[ 1283.260499][  T952] usb 3-1: Using ep0 maxpacket: 16
[ 1283.266393][T25777] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 1283.278112][   T30] audit: type=1326 audit(2000000899.667:3726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25786 comm="syz.0.6858" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f540d5c1ff9 code=0x0
[ 1283.303143][T25777] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[ 1283.310067][T25777] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1283.435668][  T952] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1283.446747][  T952] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1283.636543][  T952] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[ 1283.645584][  T952] usb 3-1: New USB device strings: Mfr=236, Product=255, SerialNumber=0
[ 1283.654146][  T952] usb 3-1: Product: syz
[ 1283.658456][  T952] usb 3-1: Manufacturer: syz
[ 1283.663434][  T952] usb 3-1: config 0 descriptor??
[ 1284.215754][   T30] audit: type=1400 audit(2000000900.607:3727): avc:  denied  { write } for  pid=25809 comm="syz.4.6863" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[ 1284.236088][  T952] kovaplus 0003:1E7D:2D50.0154: unknown main item tag 0x0
[ 1284.243003][  T952] kovaplus 0003:1E7D:2D50.0154: unknown main item tag 0x0
[ 1284.250194][  T952] kovaplus 0003:1E7D:2D50.0154: unknown main item tag 0x0
[ 1284.257300][  T952] kovaplus 0003:1E7D:2D50.0154: unknown main item tag 0x0
[ 1284.264407][  T952] kovaplus 0003:1E7D:2D50.0154: unknown main item tag 0x0
[ 1284.271557][  T952] kovaplus 0003:1E7D:2D50.0154: unknown main item tag 0x0
[ 1284.278593][  T952] kovaplus 0003:1E7D:2D50.0154: unknown main item tag 0x0
[ 1284.286065][  T952] kovaplus 0003:1E7D:2D50.0154: hidraw0: USB HID v0.07 Device [syz syz] on usb-dummy_hcd.2-1/input0
[ 1284.926589][T25825] loop1: detected capacity change from 0 to 512
[ 1284.967167][T25825] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[ 1284.978057][T25825] ext4 filesystem being mounted at /75/file0 supports timestamps until 2038 (0x7fffffff)
[ 1285.067036][T25831] overlayfs: missing 'lowerdir'
[ 1285.072940][T25831] overlayfs: statfs failed on './file0'
[ 1285.079179][T25831] FAULT_INJECTION: forcing a failure.
[ 1285.079179][T25831] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1285.092230][T25831] CPU: 1 PID: 25831 Comm: syz.4.6869 Not tainted 5.15.167-syzkaller-02003-g5e4635681cf1 #0
[ 1285.102009][T25831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1285.111903][T25831] Call Trace:
[ 1285.115030][T25831]  <TASK>
[ 1285.117809][T25831]  dump_stack_lvl+0x151/0x1c0
[ 1285.122320][T25831]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 1285.127790][T25831]  dump_stack+0x15/0x20
[ 1285.131780][T25831]  should_fail+0x3c6/0x510
[ 1285.136033][T25831]  should_fail_usercopy+0x1a/0x20
[ 1285.140894][T25831]  strncpy_from_user+0x24/0x2d0
[ 1285.145581][T25831]  ? kmem_cache_alloc+0xf5/0x200
[ 1285.150354][T25831]  getname_flags+0xf2/0x520
[ 1285.154693][T25831]  user_path_at_empty+0x2d/0x1a0
[ 1285.159467][T25831]  __x64_sys_llistxattr+0x105/0x230
[ 1285.164501][T25831]  ? __ia32_sys_read+0x90/0x90
[ 1285.169209][T25831]  ? __ia32_sys_listxattr+0x230/0x230
[ 1285.174813][T25831]  ? debug_smp_processor_id+0x17/0x20
[ 1285.180022][T25831]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 1285.185492][T25831]  x64_sys_call+0x530/0x9a0
[ 1285.189832][T25831]  do_syscall_64+0x3b/0xb0
[ 1285.194083][T25831]  ? clear_bhb_loop+0x35/0x90
[ 1285.198596][T25831]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1285.204321][T25831] RIP: 0033:0x7f2541b84ff9
[ 1285.208582][T25831] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1285.228018][T25831] RSP: 002b:00007f25407fe038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3
[ 1285.236261][T25831] RAX: ffffffffffffffda RBX: 00007f2541d3cf80 RCX: 00007f2541b84ff9
[ 1285.244072][T25831] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000040
[ 1285.251886][T25831] RBP: 00007f25407fe090 R08: 0000000000000000 R09: 0000000000000000
[ 1285.259696][T25831] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1285.267508][T25831] R13: 0000000000000000 R14: 00007f2541d3cf80 R15: 00007ffe0d4fe778
[ 1285.275435][T25831]  </TASK>
[ 1285.665702][T25834] loop4: detected capacity change from 0 to 40427
[ 1285.745617][T25834] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[ 1285.754409][T25834] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[ 1285.765595][T25834] F2FS-fs (loop4): invalid crc value
[ 1285.772166][T25834] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 1285.803399][T25834] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[ 1285.810317][T25834] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1286.201507][T25849] netlink: 96 bytes leftover after parsing attributes in process `syz.1.6872'.
[ 1286.210836][T25849] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1286.325404][  T952] kovaplus 0003:1E7D:2D50.0154: couldn't init struct kovaplus_device
[ 1286.417536][  T952] kovaplus 0003:1E7D:2D50.0154: couldn't install mouse
[ 1286.439374][T25853] 9pnet: Insufficient options for proto=fd
[ 1286.488152][  T952] kovaplus: probe of 0003:1E7D:2D50.0154 failed with error -71
[ 1286.516556][  T952] usb 3-1: USB disconnect, device number 27
[ 1286.535472][   T30] audit: type=1326 audit(2000000902.927:3728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25855 comm="syz.3.6876" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fade2c4bff9 code=0x0
[ 1286.741779][T25863] loop1: detected capacity change from 0 to 512
[ 1286.824429][T25863] EXT4-fs (loop1): revision level too high, forcing read-only mode
[ 1286.835078][T25863] EXT4-fs (loop1): orphan cleanup on readonly fs
[ 1286.842131][T25863] Quota error (device loop1): v2_read_file_info: Free block number too big (0 >= 0).
[ 1286.851959][T25863] EXT4-fs warning (device loop1): ext4_enable_quotas:6422: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[ 1286.866728][T25863] EXT4-fs (loop1): Cannot turn on quotas: error -117
[ 1286.873798][T25863] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.6877: bg 0: block 40: padding at end of block bitmap is not set
[ 1286.888156][T25863] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6185: Corrupt filesystem
[ 1286.897134][T25863] EXT4-fs (loop1): 1 truncate cleaned up
[ 1286.902588][T25863] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[ 1286.905318][  T952] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[ 1286.919881][T25863] EXT4-fs error (device loop1): ext4_xattr_block_get:546: inode #16: comm syz.1.6877: corrupted xattr block 31
[ 1286.932518][T25863] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=16
[ 1286.941365][T25863] EXT4-fs error (device loop1): ext4_xattr_block_get:546: inode #16: comm syz.1.6877: corrupted xattr block 31
[ 1286.953026][T25863] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=16
[ 1286.961908][T25863] fuse: Bad value for 'fd'
[ 1287.165316][  T952] usb 3-1: Using ep0 maxpacket: 16
[ 1287.192426][T25866] 9pnet: Insufficient options for proto=fd
[ 1287.214021][   T30] audit: type=1326 audit(2000000903.597:3729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25869 comm="syz.0.6880" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f540d5c1ff9 code=0x0
[ 1287.235326][T16707] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[ 1287.315528][  T952] usb 3-1: config index 0 descriptor too short (expected 64, got 36)
[ 1287.323473][  T952] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[ 1287.331291][  T952] usb 3-1: config 0 has no interface number 0
[ 1287.337163][  T952] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 67, changing to 10
[ 1287.348038][  T952] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid maxpacket 16706, setting to 1024
[ 1287.358931][  T952] usb 3-1: config 0 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1287.371541][  T952] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2e22, bcdDevice= 0.00
[ 1287.380367][  T952] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1287.389029][  T952] usb 3-1: config 0 descriptor??
[ 1287.429435][T25875] loop4: detected capacity change from 0 to 512
[ 1287.475393][T16707] usb 2-1: Using ep0 maxpacket: 16
[ 1287.487011][T25875] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[ 1287.497933][T25875] ext4 filesystem being mounted at /14/file0 supports timestamps until 2038 (0x7fffffff)
[ 1287.595371][T16707] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1287.606442][T16707] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1287.616067][T16707] usb 2-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00
[ 1287.624874][T16707] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1287.633701][T16707] usb 2-1: config 0 descriptor??
[ 1287.876301][  T952] koneplus 0003:1E7D:2E22.0155: unknown main item tag 0x0
[ 1287.883871][  T952] koneplus 0003:1E7D:2E22.0155: hidraw0: USB HID v0.00 Device [HID 1e7d:2e22] on usb-dummy_hcd.2-1/input1
[ 1288.078348][T19129] usb 3-1: USB disconnect, device number 28
[ 1288.116180][T16707] logitech 0003:046D:C29C.0156: unknown main item tag 0x0
[ 1288.123507][T16707] logitech 0003:046D:C29C.0156: hidraw0: USB HID v0.00 Device [HID 046d:c29c] on usb-dummy_hcd.1-1/input0
[ 1288.501943][T25888] loop4: detected capacity change from 0 to 40427
[ 1288.535362][T16707] logitech 0003:046D:C29C.0156: no inputs found
[ 1288.542540][T16707] usb 2-1: USB disconnect, device number 21
[ 1288.595727][T25888] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[ 1288.603771][T25888] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[ 1288.617995][T25888] F2FS-fs (loop4): invalid crc value
[ 1288.624862][T25888] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 1288.663053][T25888] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[ 1288.670006][T25888] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1288.685242][T25896] overlayfs: missing 'lowerdir'
[ 1288.692230][T25896] overlayfs: statfs failed on './file0'
[ 1288.744499][T25901] 9pnet: Insufficient options for proto=fd
[ 1289.729830][   T30] audit: type=1326 audit(2000000906.117:3730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25916 comm="syz.4.6893" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2541b84ff9 code=0x0
[ 1289.813254][T25923] loop2: detected capacity change from 0 to 512
[ 1289.846075][   T30] audit: type=1400 audit(2000000906.237:3731): avc:  denied  { mounton } for  pid=25922 comm="syz.2.6897" path="/syzcgroup/unified/syz2" dev="cgroup2" ino=112 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[ 1289.870113][T25923] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[ 1289.880331][T25923] EXT4-fs (loop2): orphan cleanup on readonly fs
[ 1289.892609][T25923] Quota error (device loop2): do_check_range: Getting dqdh_next_free 196613 out of range 0-5
[ 1289.903078][T25923] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[ 1289.914183][T25923] EXT4-fs error (device loop2): ext4_acquire_dquot:6187: comm syz.2.6897: Failed to acquire dquot type 1
[ 1289.926941][T25923] EXT4-fs (loop2): 1 truncate cleaned up
[ 1289.933738][T25923] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpjquota=,noblock_validity,discard,barrier=0x0000000000000003,noinit_itable,noinit_itable,noauto_da_alloc,resgid=0x0000000000000000,resgid=0x000000000000ee002,errors=continue. Quota mode: writeback.
[ 1290.446283][   T30] audit: type=1400 audit(2000000906.837:3732): avc:  denied  { write } for  pid=25922 comm="syz.2.6897" name="net" dev="proc" ino=125241 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[ 1290.459678][T13799] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1290.469098][   T30] audit: type=1400 audit(2000000906.837:3733): avc:  denied  { add_name } for  pid=25922 comm="syz.2.6897" name="pfkey" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[ 1290.493990][   T30] audit: type=1400 audit(2000000906.837:3734): avc:  denied  { create } for  pid=25922 comm="syz.2.6897" name="pfkey" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=file permissive=1
[ 1290.564637][T25937] 9pnet: Insufficient options for proto=fd
[ 1290.590320][T25941] fuse: Bad value for 'fd'
[ 1290.925347][  T952] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[ 1291.185328][  T952] usb 1-1: Using ep0 maxpacket: 16
[ 1291.355414][  T952] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1291.366136][  T952] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1291.376224][  T952] usb 1-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00
[ 1291.385011][  T952] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1291.393901][  T952] usb 1-1: config 0 descriptor??
[ 1291.482484][T25955] 9pnet: Insufficient options for proto=fd
[ 1291.500973][T25957] loop4: detected capacity change from 0 to 512
[ 1291.557018][T25957] EXT4-fs (loop4): revision level too high, forcing read-only mode
[ 1291.565050][T25957] EXT4-fs (loop4): orphan cleanup on readonly fs
[ 1291.571899][T25957] __quota_error: 1 callbacks suppressed
[ 1291.571914][T25957] Quota error (device loop4): v2_read_file_info: Free block number too big (0 >= 0).
[ 1291.586625][T25957] EXT4-fs warning (device loop4): ext4_enable_quotas:6422: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[ 1291.600997][T25957] EXT4-fs (loop4): Cannot turn on quotas: error -117
[ 1291.751605][T25962] netlink: 96 bytes leftover after parsing attributes in process `syz.1.6907'.
[ 1291.762717][T25962] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1291.774019][T25957] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.6906: bg 0: block 40: padding at end of block bitmap is not set
[ 1291.788347][T25957] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6185: Corrupt filesystem
[ 1291.797266][T25957] EXT4-fs (loop4): 1 truncate cleaned up
[ 1291.802698][T25957] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[ 1291.816031][T25957] EXT4-fs error (device loop4): ext4_xattr_block_get:546: inode #16: comm syz.4.6906: corrupted xattr block 31
[ 1291.828014][T25957] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop4 ino=16
[ 1291.836876][T25957] EXT4-fs error (device loop4): ext4_xattr_block_get:546: inode #16: comm syz.4.6906: corrupted xattr block 31
[ 1291.848597][T25957] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop4 ino=16
[ 1291.857715][T25957] fuse: Bad value for 'fd'
[ 1291.996131][  T952] logitech 0003:046D:C29C.0157: unknown main item tag 0x0
[ 1292.003547][  T952] logitech 0003:046D:C29C.0157: hidraw0: USB HID v0.00 Device [HID 046d:c29c] on usb-dummy_hcd.0-1/input0
[ 1292.425381][  T952] logitech 0003:046D:C29C.0157: no inputs found
[ 1292.433866][  T952] usb 1-1: USB disconnect, device number 4
[ 1292.505365][T19129] Bluetooth: hci0: command 0x1003 tx timeout
[ 1292.511234][T15817] Bluetooth: hci0: sending frame failed (-49)
[ 1292.958244][T25968] fuse: Bad value for 'fd'
[ 1293.225326][T19129] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[ 1293.465440][T19129] usb 1-1: Using ep0 maxpacket: 16
[ 1293.585382][T19129] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1293.596092][T19129] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1293.605617][T19129] usb 1-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00
[ 1293.614449][T19129] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1293.623180][T19129] usb 1-1: config 0 descriptor??
[ 1294.076523][   T30] audit: type=1326 audit(2000000910.467:3736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25976 comm="syz.1.6912" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f386af64ff9 code=0x0
[ 1294.106188][T19129] logitech 0003:046D:C29C.0158: unknown main item tag 0x0
[ 1294.113686][T19129] logitech 0003:046D:C29C.0158: hidraw0: USB HID v0.00 Device [HID 046d:c29c] on usb-dummy_hcd.0-1/input0
[ 1294.525366][T19129] logitech 0003:046D:C29C.0158: no inputs found
[ 1294.533675][T19129] usb 1-1: USB disconnect, device number 5
[ 1294.585333][  T340] Bluetooth: hci0: command 0x1001 tx timeout
[ 1294.591272][T15817] Bluetooth: hci0: sending frame failed (-49)
[ 1295.298362][T25992] 9pnet: Insufficient options for proto=fd
[ 1295.363097][T25994] loop1: detected capacity change from 0 to 512
[ 1295.458632][T25994] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[ 1295.469511][T25994] ext4 filesystem being mounted at /87/file0 supports timestamps until 2038 (0x7fffffff)
[ 1295.618892][T26004] loop4: detected capacity change from 0 to 40427
[ 1295.695642][T26004] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[ 1295.703267][T26004] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[ 1295.712215][T26004] F2FS-fs (loop4): invalid crc value
[ 1295.718850][T26004] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 1295.741375][T26004] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[ 1295.748287][T26004] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1296.394342][T24545] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[ 1296.665306][T19129] Bluetooth: hci0: command 0x1009 tx timeout
[ 1296.797138][   T30] audit: type=1326 audit(2000000913.187:3737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26026 comm="syz.4.6925" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2541b84ff9 code=0x0
[ 1297.027978][T26030] loop1: detected capacity change from 0 to 512
[ 1297.086437][T26030] EXT4-fs (loop1): revision level too high, forcing read-only mode
[ 1297.094513][T26030] EXT4-fs (loop1): orphan cleanup on readonly fs
[ 1297.100901][T26030] Quota error (device loop1): v2_read_file_info: Free block number too big (0 >= 0).
[ 1297.110230][T26030] EXT4-fs warning (device loop1): ext4_enable_quotas:6422: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[ 1297.124612][T26030] EXT4-fs (loop1): Cannot turn on quotas: error -117
[ 1297.131610][T26030] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.6926: bg 0: block 40: padding at end of block bitmap is not set
[ 1297.145780][T26030] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6185: Corrupt filesystem
[ 1297.154750][T26030] EXT4-fs (loop1): 1 truncate cleaned up
[ 1297.160298][T26030] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[ 1297.172146][T26030] EXT4-fs error (device loop1): ext4_xattr_block_get:546: inode #16: comm syz.1.6926: corrupted xattr block 31
[ 1297.183947][T26030] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=16
[ 1297.192758][T26030] EXT4-fs error (device loop1): ext4_xattr_block_get:546: inode #16: comm syz.1.6926: corrupted xattr block 31
[ 1297.204495][T26030] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=16
[ 1297.213505][T26030] fuse: Bad value for 'fd'
[ 1297.228529][T26033] 9pnet: Insufficient options for proto=fd
[ 1297.682199][T26041] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6930'.
[ 1297.728207][T26043] loop4: detected capacity change from 0 to 512
[ 1297.785386][T10070] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[ 1297.795731][T26043] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[ 1297.820509][T26044] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1297.834624][T26044] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1297.841885][T26043] ext4 filesystem being mounted at /28/file0 supports timestamps until 2038 (0x7fffffff)
[ 1297.859171][T26044] device bridge_slave_0 entered promiscuous mode
[ 1297.877676][T26044] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1297.958451][T26044] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1297.975760][T26044] device bridge_slave_1 entered promiscuous mode
[ 1298.140666][T10070] usb 2-1: Using ep0 maxpacket: 16
[ 1298.175572][T26044] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1298.182432][T26044] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1298.189564][T26044] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1298.196311][T26044] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1298.235652][T13799] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1298.243263][T13799] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1298.252797][T13799] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1298.262046][T13799] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1298.270051][T13799] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1298.277757][T10070] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1298.308017][T20879] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1298.311741][T10070] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1298.319586][T20879] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1298.328187][T10070] usb 2-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00
[ 1298.333560][T20879] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1298.352569][T20879] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1298.365422][T26044] device veth0_vlan entered promiscuous mode
[ 1298.408920][T20879] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1298.425294][T26044] device veth1_macvtap entered promiscuous mode
[ 1298.468625][T20879] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1298.480232][T20879] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1298.528456][T10070] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1298.537333][T10070] usb 2-1: config 0 descriptor??
[ 1298.564211][T26068] loop4: detected capacity change from 0 to 512
[ 1298.573472][  T393] device bridge_slave_1 left promiscuous mode
[ 1298.580201][  T393] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1298.587769][  T393] device bridge_slave_0 left promiscuous mode
[ 1298.593706][  T393] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1298.602380][  T393] device veth1_macvtap left promiscuous mode
[ 1298.608444][  T393] device veth0_vlan left promiscuous mode
[ 1298.632483][T26068] EXT4-fs (loop4): revision level too high, forcing read-only mode
[ 1298.640773][T26068] EXT4-fs (loop4): orphan cleanup on readonly fs
[ 1298.647405][T26068] Quota error (device loop4): v2_read_file_info: Free block number too big (0 >= 0).
[ 1298.656806][T26068] EXT4-fs warning (device loop4): ext4_enable_quotas:6422: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[ 1298.671350][T26068] EXT4-fs (loop4): Cannot turn on quotas: error -117
[ 1298.680998][T26068] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.6936: bg 0: block 40: padding at end of block bitmap is not set
[ 1298.696726][T26068] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6185: Corrupt filesystem
[ 1298.708645][T26068] EXT4-fs (loop4): 1 truncate cleaned up
[ 1298.714133][T26068] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[ 1298.775646][T26068] EXT4-fs error (device loop4): ext4_xattr_block_get:546: inode #16: comm syz.4.6936: corrupted xattr block 31
[ 1298.809820][T26068] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop4 ino=16
[ 1298.820692][T26068] EXT4-fs error (device loop4): ext4_xattr_block_get:546: inode #16: comm syz.4.6936: corrupted xattr block 31
[ 1298.866016][T26068] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop4 ino=16
[ 1298.887376][T26068] fuse: Bad value for 'fd'
[ 1299.116394][T10070] logitech 0003:046D:C29C.0159: unknown main item tag 0x0
[ 1299.123911][T10070] logitech 0003:046D:C29C.0159: hidraw0: USB HID v0.00 Device [HID 046d:c29c] on usb-dummy_hcd.1-1/input0
[ 1299.205323][T16707] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[ 1299.445319][T16707] usb 1-1: Using ep0 maxpacket: 16
[ 1299.535359][T10070] logitech 0003:046D:C29C.0159: no inputs found
[ 1299.547512][T10070] usb 2-1: USB disconnect, device number 22
[ 1299.565454][T16707] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 11
[ 1299.574869][T16707] usb 1-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0
[ 1299.584527][T16707] usb 1-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0
[ 1299.594148][T16707] usb 1-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0
[ 1299.604308][T16707] usb 1-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0
[ 1299.614191][T16707] usb 1-1: config 1 interface 0 has no altsetting 0
[ 1299.620771][T16707] usb 1-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77
[ 1299.629843][T16707] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1299.675734][T16707] ums-sddr09 1-1:1.0: USB Mass Storage device detected
[ 1299.886624][T16707] scsi host1: usb-storage 1-1:1.0
[ 1300.092251][T26066] UDC core: couldn't find an available UDC or it's busy: -16
[ 1300.099499][T26066] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[ 1300.107481][T26066] UDC core: couldn't find an available UDC or it's busy: -16
[ 1300.114728][T26066] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[ 1300.193319][T26084] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1300.200213][T26084] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1300.207438][T26084] device bridge_slave_0 entered promiscuous mode
[ 1300.214893][T26084] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1300.221781][T26084] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1300.228964][T26084] device bridge_slave_1 entered promiscuous mode
[ 1300.875989][T19323] usb 1-1: USB disconnect, device number 6
[ 1300.950837][T26084] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1300.957721][T26084] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1300.964810][T26084] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1300.971590][T26084] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1301.038855][  T377] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1301.050811][T26102] loop1: detected capacity change from 0 to 512
[ 1301.059636][  T377] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1301.068753][  T377] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1301.091888][  T377] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1301.097850][T26102] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[ 1301.109811][T26102] ext4 filesystem being mounted at /92/file0 supports timestamps until 2038 (0x7fffffff)
[ 1301.126949][  T377] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1301.134761][  T377] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1301.182980][T26084] device veth0_vlan entered promiscuous mode
[ 1301.193856][  T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1301.202063][  T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1301.210357][  T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1301.218210][  T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1301.226069][  T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1301.234654][  T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1301.252873][T26084] device veth1_macvtap entered promiscuous mode
[ 1301.425539][T19323] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[ 1301.453882][T26115] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6940'.
[ 1301.462817][  T393] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1301.472973][  T393] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1301.480371][  T393] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1301.488128][  T393] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1301.496440][  T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1301.504602][  T393] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1301.513111][  T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1301.987024][   T30] audit: type=1326 audit(2000000918.377:3738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26129 comm="syz.4.6949" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2541b84ff9 code=0x0
[ 1302.004944][T19323] usb 1-1: Using ep0 maxpacket: 16
[ 1302.023939][T26132] loop3: detected capacity change from 0 to 512
[ 1302.108743][T26132] EXT4-fs (loop3): revision level too high, forcing read-only mode
[ 1302.117194][T26132] EXT4-fs (loop3): orphan cleanup on readonly fs
[ 1302.123569][T26132] Quota error (device loop3): v2_read_file_info: Free block number too big (0 >= 0).
[ 1302.133092][T26132] EXT4-fs warning (device loop3): ext4_enable_quotas:6422: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[ 1302.135382][T19323] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1302.148109][T26132] EXT4-fs (loop3): Cannot turn on quotas: error -117
[ 1302.165124][T26132] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.6951: bg 0: block 40: padding at end of block bitmap is not set
[ 1302.179480][T26132] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6185: Corrupt filesystem
[ 1302.187953][T19323] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1302.201894][T26132] EXT4-fs (loop3): 1 truncate cleaned up
[ 1302.207458][T26132] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[ 1302.232625][T26132] EXT4-fs error (device loop3): ext4_xattr_block_get:546: inode #16: comm syz.3.6951: corrupted xattr block 31
[ 1302.244493][T26132] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop3 ino=16
[ 1302.253439][T26132] EXT4-fs error (device loop3): ext4_xattr_block_get:546: inode #16: comm syz.3.6951: corrupted xattr block 31
[ 1302.265167][T26132] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop3 ino=16
[ 1302.274271][  T377] device veth1_macvtap left promiscuous mode
[ 1302.275504][T26132] fuse: Bad value for 'fd'
[ 1302.280197][  T377] device veth0_vlan left promiscuous mode
[ 1302.305383][T19323] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[ 1302.327196][T19323] usb 1-1: New USB device strings: Mfr=236, Product=255, SerialNumber=0
[ 1302.335387][T19323] usb 1-1: Product: syz
[ 1302.339653][T19323] usb 1-1: Manufacturer: syz
[ 1302.362130][T19323] usb 1-1: config 0 descriptor??
[ 1302.555307][  T340] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[ 1302.685324][T10070] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[ 1302.825349][  T340] usb 4-1: Using ep0 maxpacket: 16
[ 1302.827194][T26142] FAULT_INJECTION: forcing a failure.
[ 1302.827194][T26142] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1302.843257][T26142] CPU: 0 PID: 26142 Comm: syz.4.6953 Not tainted 5.15.167-syzkaller-02003-g5e4635681cf1 #0
[ 1302.844334][T19323] kovaplus 0003:1E7D:2D50.015A: unknown main item tag 0x0
[ 1302.852967][T26142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1302.852980][T26142] Call Trace:
[ 1302.852985][T26142]  <TASK>
[ 1302.852993][T26142]  dump_stack_lvl+0x151/0x1c0
[ 1302.860108][T19323] kovaplus 0003:1E7D:2D50.015A: unknown main item tag 0x0
[ 1302.869804][T26142]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 1302.869832][T26142]  dump_stack+0x15/0x20
[ 1302.872940][T19323] kovaplus 0003:1E7D:2D50.015A: unknown main item tag 0x0
[ 1302.875703][T26142]  should_fail+0x3c6/0x510
[ 1302.875724][T26142]  should_fail_usercopy+0x1a/0x20
[ 1302.880265][T19323] kovaplus 0003:1E7D:2D50.015A: unknown main item tag 0x0
[ 1302.887164][T26142]  _copy_to_user+0x20/0x90
[ 1302.887183][T26142]  simple_read_from_buffer+0xc7/0x150
[ 1302.892654][T19323] kovaplus 0003:1E7D:2D50.015A: unknown main item tag 0x0
[ 1302.896622][T26142]  proc_fail_nth_read+0x1a3/0x210
[ 1302.896644][T26142]  ? proc_fault_inject_write+0x390/0x390
[ 1302.903572][T19323] kovaplus 0003:1E7D:2D50.015A: unknown main item tag 0x0
[ 1302.907816][T26142]  ? fsnotify_perm+0x269/0x5b0
[ 1302.907836][T26142]  ? security_file_permission+0x86/0xb0
[ 1302.907854][T26142]  ? proc_fault_inject_write+0x390/0x390
[ 1302.913036][T19323] kovaplus 0003:1E7D:2D50.015A: unknown main item tag 0x0
[ 1302.919623][T26142]  vfs_read+0x27d/0xd40
[ 1302.919643][T26142]  ? __mutex_lock_slowpath+0x10/0x10
[ 1302.925642][T19323] kovaplus 0003:1E7D:2D50.015A: hidraw0: USB HID v0.07 Device [syz syz] on usb-dummy_hcd.0-1/input0
[ 1302.929083][T26142]  ? kernel_read+0x1f0/0x1f0
[ 1302.929104][T26142]  ? __kasan_check_write+0x14/0x20
[ 1303.004770][T26142]  ? mutex_lock+0xb6/0x1e0
[ 1303.009019][T26142]  ? wait_for_completion_killable_timeout+0x10/0x10
[ 1303.015445][T26142]  ? __fdget_pos+0x2e7/0x3a0
[ 1303.019867][T26142]  ? ksys_read+0x77/0x2c0
[ 1303.024035][T26142]  ksys_read+0x199/0x2c0
[ 1303.028123][T26142]  ? vfs_write+0x1110/0x1110
[ 1303.032541][T26142]  ? debug_smp_processor_id+0x17/0x20
[ 1303.037750][T26142]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 1303.043650][T26142]  __x64_sys_read+0x7b/0x90
[ 1303.047992][T26142]  x64_sys_call+0x28/0x9a0
[ 1303.052244][T26142]  do_syscall_64+0x3b/0xb0
[ 1303.056495][T26142]  ? clear_bhb_loop+0x35/0x90
[ 1303.061017][T26142]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1303.066739][T26142] RIP: 0033:0x7f2541b83a3c
[ 1303.070991][T26142] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[ 1303.090432][T26142] RSP: 002b:00007f25407fe030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1303.098679][T26142] RAX: ffffffffffffffda RBX: 00007f2541d3cf80 RCX: 00007f2541b83a3c
[ 1303.106487][T26142] RDX: 000000000000000f RSI: 00007f25407fe0a0 RDI: 0000000000000004
[ 1303.114299][T26142] RBP: 00007f25407fe090 R08: 0000000000000000 R09: 0000000000000000
[ 1303.122115][T26142] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1303.129924][T26142] R13: 0000000000000000 R14: 00007f2541d3cf80 R15: 00007ffe0d4fe778
[ 1303.137738][T26142]  </TASK>
[ 1303.179138][   T30] audit: type=1400 audit(2000000919.567:3739): avc:  denied  { setattr } for  pid=26148 comm="syz.4.6956" name="" dev="pipefs" ino=125825 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[ 1303.201504][T10070] usb 3-1: Using ep0 maxpacket: 16
[ 1303.235572][  T340] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1303.246401][  T340] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1303.256106][  T340] usb 4-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00
[ 1303.264935][  T340] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1303.274327][  T340] usb 4-1: config 0 descriptor??
[ 1303.525247][T26151] netlink: 96 bytes leftover after parsing attributes in process `syz.1.6955'.
[ 1303.541321][T26151] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1303.835423][T10070] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 11
[ 1303.844441][T10070] usb 3-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0
[ 1303.853912][T10070] usb 3-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0
[ 1303.863401][T10070] usb 3-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0
[ 1303.873110][T10070] usb 3-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0
[ 1303.882672][T10070] usb 3-1: config 1 interface 0 has no altsetting 0
[ 1303.889094][T10070] usb 3-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77
[ 1303.897949][T10070] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1303.926164][  T340] logitech 0003:046D:C29C.015B: unknown main item tag 0x0
[ 1303.933656][  T340] logitech 0003:046D:C29C.015B: hidraw1: USB HID v0.00 Device [HID 046d:c29c] on usb-dummy_hcd.3-1/input0
[ 1303.945772][T10070] ums-sddr09 3-1:1.0: USB Mass Storage device detected
[ 1304.043264][T26157] FAULT_INJECTION: forcing a failure.
[ 1304.043264][T26157] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1304.056379][T26157] CPU: 0 PID: 26157 Comm: syz.1.6957 Not tainted 5.15.167-syzkaller-02003-g5e4635681cf1 #0
[ 1304.066159][T26157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1304.076060][T26157] Call Trace:
[ 1304.079179][T26157]  <TASK>
[ 1304.082045][T26157]  dump_stack_lvl+0x151/0x1c0
[ 1304.086561][T26157]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 1304.092038][T26157]  dump_stack+0x15/0x20
[ 1304.096025][T26157]  should_fail+0x3c6/0x510
[ 1304.100270][T26157]  should_fail_usercopy+0x1a/0x20
[ 1304.105131][T26157]  _copy_from_user+0x20/0xd0
[ 1304.109563][T26157]  core_sys_select+0x45e/0x6e0
[ 1304.114168][T26157]  ? poll_select_set_timeout+0x160/0x160
[ 1304.119624][T26157]  ? fsnotify_perm+0x6a/0x5b0
[ 1304.124143][T26157]  ? sigprocmask+0x280/0x280
[ 1304.128565][T26157]  ? __mutex_lock_slowpath+0x10/0x10
[ 1304.133686][T26157]  __se_sys_pselect6+0x322/0x3f0
[ 1304.138460][T26157]  ? ksys_write+0x260/0x2c0
[ 1304.142800][T26157]  ? __x64_sys_pselect6+0x100/0x100
[ 1304.147834][T26157]  ? __ia32_sys_read+0x90/0x90
[ 1304.152433][T26157]  ? debug_smp_processor_id+0x17/0x20
[ 1304.157641][T26157]  __x64_sys_pselect6+0xe5/0x100
[ 1304.162415][T26157]  x64_sys_call+0x71a/0x9a0
[ 1304.166755][T26157]  do_syscall_64+0x3b/0xb0
[ 1304.171008][T26157]  ? clear_bhb_loop+0x35/0x90
[ 1304.175525][T26157]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1304.181247][T26157] RIP: 0033:0x7f386af64ff9
[ 1304.185503][T26157] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1304.204944][T26157] RSP: 002b:00007f3869bde038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[ 1304.213187][T26157] RAX: ffffffffffffffda RBX: 00007f386b11cf80 RCX: 00007f386af64ff9
[ 1304.221002][T26157] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000040
[ 1304.228813][T26157] RBP: 00007f3869bde090 R08: 0000000000000000 R09: 0000000000000000
[ 1304.236624][T26157] R10: 00000000200002c0 R11: 0000000000000246 R12: 0000000000000001
[ 1304.244434][T26157] R13: 0000000000000000 R14: 00007f386b11cf80 R15: 00007ffcecb60d38
[ 1304.252249][T26157]  </TASK>
[ 1304.267024][T10070] scsi host1: usb-storage 3-1:1.0
[ 1304.269597][T26162] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6958'.
[ 1304.296946][T26164] loop1: detected capacity change from 0 to 512
[ 1304.327845][T26164] EXT4-fs (loop1): revision level too high, forcing read-only mode
[ 1304.335926][T26164] EXT4-fs (loop1): orphan cleanup on readonly fs
[ 1304.342280][T26164] Quota error (device loop1): v2_read_file_info: Free block number too big (0 >= 0).
[ 1304.351676][T26164] EXT4-fs warning (device loop1): ext4_enable_quotas:6422: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[ 1304.366131][T26164] EXT4-fs (loop1): Cannot turn on quotas: error -117
[ 1304.372975][T26164] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.6959: bg 0: block 40: padding at end of block bitmap is not set
[ 1304.387248][T26164] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6185: Corrupt filesystem
[ 1304.396180][T26164] EXT4-fs (loop1): 1 truncate cleaned up
[ 1304.401667][T26164] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[ 1304.415218][T26164] EXT4-fs error (device loop1): ext4_xattr_block_get:546: inode #16: comm syz.1.6959: corrupted xattr block 31
[ 1304.427240][T26164] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=16
[ 1304.436300][T26164] EXT4-fs error (device loop1): ext4_xattr_block_get:546: inode #16: comm syz.1.6959: corrupted xattr block 31
[ 1304.448103][T26164] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=16
[ 1304.457024][T26164] fuse: Bad value for 'fd'
[ 1304.469210][T26140] UDC core: couldn't find an available UDC or it's busy: -16
[ 1304.476452][T26140] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[ 1304.484167][T26140] UDC core: couldn't find an available UDC or it's busy: -16
[ 1304.491380][T26140] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[ 1304.535385][  T340] logitech 0003:046D:C29C.015B: no inputs found
[ 1304.545920][  T340] usb 4-1: USB disconnect, device number 15
[ 1304.745405][T10070] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[ 1304.825406][T19323] kovaplus 0003:1E7D:2D50.015A: couldn't init struct kovaplus_device
[ 1304.833330][T19323] kovaplus 0003:1E7D:2D50.015A: couldn't install mouse
[ 1304.873398][T19323] kovaplus: probe of 0003:1E7D:2D50.015A failed with error -71
[ 1304.884894][T19323] usb 1-1: USB disconnect, device number 7
[ 1305.105621][  T393] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1305.120602][  T393] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1305.168172][   T60] usb 3-1: USB disconnect, device number 29
[ 1305.355339][T10070] usb 2-1: Using ep0 maxpacket: 16
[ 1305.495421][T10070] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1305.506164][T10070] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1305.515874][T10070] usb 2-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00
[ 1305.528040][T10070] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1305.539816][T10070] usb 2-1: config 0 descriptor??
[ 1306.026256][T10070] logitech 0003:046D:C29C.015C: unknown main item tag 0x0
[ 1306.033666][T10070] logitech 0003:046D:C29C.015C: hidraw0: USB HID v0.00 Device [HID 046d:c29c] on usb-dummy_hcd.1-1/input0
[ 1306.574538][T26207] loop4: detected capacity change from 0 to 512
[ 1306.588953][T26207] EXT4-fs (loop4): revision level too high, forcing read-only mode
[ 1306.597599][T26207] EXT4-fs (loop4): orphan cleanup on readonly fs
[ 1306.603922][T26207] Quota error (device loop4): v2_read_file_info: Free block number too big (0 >= 0).
[ 1306.613266][T26207] EXT4-fs warning (device loop4): ext4_enable_quotas:6422: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[ 1306.629152][T26207] EXT4-fs (loop4): Cannot turn on quotas: error -117
[ 1306.636444][T26207] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.6972: bg 0: block 40: padding at end of block bitmap is not set
[ 1306.650732][T26207] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6185: Corrupt filesystem
[ 1306.659715][T26207] EXT4-fs (loop4): 1 truncate cleaned up
[ 1306.665167][T26207] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[ 1306.681485][T26207] EXT4-fs error (device loop4): ext4_xattr_block_get:546: inode #16: comm syz.4.6972: corrupted xattr block 31
[ 1306.693308][T26207] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop4 ino=16
[ 1306.703895][T26207] EXT4-fs error (device loop4): ext4_xattr_block_get:546: inode #16: comm syz.4.6972: corrupted xattr block 31
[ 1306.715962][T26207] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop4 ino=16
[ 1306.724901][T26207] fuse: Bad value for 'fd'
[ 1306.745341][T10070] logitech 0003:046D:C29C.015C: no inputs found
[ 1306.754238][T10070] usb 2-1: USB disconnect, device number 23
[ 1306.839724][   T30] audit: type=1326 audit(2000000923.227:3740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26221 comm="syz.2.6980" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f071436fff9 code=0x0
[ 1307.145316][  T952] Bluetooth: hci0: command 0x1003 tx timeout
[ 1307.151213][T15817] Bluetooth: hci0: sending frame failed (-49)
[ 1307.560385][T26238] netlink: 96 bytes leftover after parsing attributes in process `syz.1.6984'.
[ 1307.572261][T26238] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1308.481460][T26253] netlink: 96 bytes leftover after parsing attributes in process `syz.2.6991'.
[ 1308.490937][T26253] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1308.839163][   T30] audit: type=1326 audit(2000000925.227:3741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26266 comm="syz.1.7005" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f386af64ff9 code=0x0
[ 1309.235366][  T362] Bluetooth: hci0: command 0x1001 tx timeout
[ 1309.241257][T15817] Bluetooth: hci0: sending frame failed (-49)
[ 1309.603892][   T30] audit: type=1326 audit(2000000925.987:3742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26274 comm="syz.4.6997" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2541b84ff9 code=0x0
[ 1309.630094][T26277] loop3: detected capacity change from 0 to 512
[ 1309.684077][T26277] EXT4-fs (loop3): revision level too high, forcing read-only mode
[ 1309.692370][T26277] EXT4-fs (loop3): orphan cleanup on readonly fs
[ 1309.698801][T26277] Quota error (device loop3): v2_read_file_info: Free block number too big (0 >= 0).
[ 1309.708361][T26277] EXT4-fs warning (device loop3): ext4_enable_quotas:6422: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[ 1309.723635][T26277] EXT4-fs (loop3): Cannot turn on quotas: error -117
[ 1309.731046][T26277] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.7008: bg 0: block 40: padding at end of block bitmap is not set
[ 1309.745694][T26277] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6185: Corrupt filesystem
[ 1309.755224][T26277] EXT4-fs (loop3): 1 truncate cleaned up
[ 1309.760758][T26277] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[ 1309.776828][T26277] EXT4-fs error (device loop3): ext4_xattr_block_get:546: inode #16: comm syz.3.7008: corrupted xattr block 31
[ 1309.789208][T26277] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop3 ino=16
[ 1309.798323][T26277] EXT4-fs error (device loop3): ext4_xattr_block_get:546: inode #16: comm syz.3.7008: corrupted xattr block 31
[ 1309.813056][T26277] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop3 ino=16
[ 1309.825242][T26277] fuse: Bad value for 'fd'
[ 1309.871641][T26293] loop1: detected capacity change from 0 to 128
[ 1310.565329][  T523] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[ 1310.819672][  T523] usb 4-1: Using ep0 maxpacket: 16
[ 1310.841043][T26311] loop2: detected capacity change from 0 to 512
[ 1311.119541][  T523] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1311.122160][T26311] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[ 1311.130331][  T523] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1311.141070][T26312] netlink: 96 bytes leftover after parsing attributes in process `syz.1.7007'.
[ 1311.150878][T26311] ext4 filesystem being mounted at /25/file0 supports timestamps until 2038 (0x7fffffff)
[ 1311.177171][T26312] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1311.177305][  T523] usb 4-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00
[ 1311.195374][  T523] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1311.237189][  T523] usb 4-1: config 0 descriptor??
[ 1311.305603][   T60] Bluetooth: hci0: command 0x1009 tx timeout
[ 1311.493189][   T30] audit: type=1326 audit(2000000927.877:3743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26319 comm="syz.4.7010" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2541b84ff9 code=0x0
[ 1311.734021][   T30] audit: type=1326 audit(2000000928.117:3744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26326 comm="syz.2.7012" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f071436fff9 code=0x0
[ 1311.757441][  T523] logitech 0003:046D:C29C.015D: unknown main item tag 0x0
[ 1311.764754][  T523] logitech 0003:046D:C29C.015D: hidraw0: USB HID v0.00 Device [HID 046d:c29c] on usb-dummy_hcd.3-1/input0
[ 1311.835658][T26328] 9pnet: Insufficient options for proto=fd
[ 1312.185357][  T523] logitech 0003:046D:C29C.015D: no inputs found
[ 1312.194601][  T523] usb 4-1: USB disconnect, device number 16
[ 1312.409405][T26337] loop4: detected capacity change from 0 to 512
[ 1312.466610][T26337] EXT4-fs (loop4): revision level too high, forcing read-only mode
[ 1312.474725][T26337] EXT4-fs (loop4): orphan cleanup on readonly fs
[ 1312.481107][T26337] Quota error (device loop4): v2_read_file_info: Free block number too big (0 >= 0).
[ 1312.490512][T26337] EXT4-fs warning (device loop4): ext4_enable_quotas:6422: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[ 1312.505014][T26337] EXT4-fs (loop4): Cannot turn on quotas: error -117
[ 1312.512140][T26337] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.7016: bg 0: block 40: padding at end of block bitmap is not set
[ 1312.526363][T26337] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6185: Corrupt filesystem
[ 1312.539964][T26337] EXT4-fs (loop4): 1 truncate cleaned up
[ 1312.545463][T26337] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[ 1312.576160][T26337] EXT4-fs error (device loop4): ext4_xattr_block_get:546: inode #16: comm syz.4.7016: corrupted xattr block 31
[ 1312.589448][T26337] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop4 ino=16
[ 1312.599145][T26337] EXT4-fs error (device loop4): ext4_xattr_block_get:546: inode #16: comm syz.4.7016: corrupted xattr block 31
[ 1312.611272][T26337] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop4 ino=16
[ 1312.618286][T26342] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7018'.
[ 1312.624306][T26337] fuse: Bad value for 'fd'
[ 1312.812471][T26347] netlink: 96 bytes leftover after parsing attributes in process `syz.1.7017'.
[ 1312.824715][T26347] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1313.241336][T26355] netlink: 96 bytes leftover after parsing attributes in process `syz.3.7020'.
[ 1313.250927][T26355] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1313.437134][T26361] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7023'.
[ 1313.798492][T26372] 9pnet: Insufficient options for proto=fd
[ 1313.806009][   T30] audit: type=1326 audit(2000000930.197:3745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26369 comm="syz.3.7028" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f42a3e7aff9 code=0x0
[ 1313.822063][T26375] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7030'.
[ 1313.851716][T26378] loop1: detected capacity change from 0 to 512
[ 1314.023672][T26378] EXT4-fs (loop1): revision level too high, forcing read-only mode
[ 1314.118090][T26378] EXT4-fs (loop1): orphan cleanup on readonly fs
[ 1314.124524][T26378] Quota error (device loop1): v2_read_file_info: Free block number too big (0 >= 0).
[ 1314.134163][T26378] EXT4-fs warning (device loop1): ext4_enable_quotas:6422: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[ 1314.148949][T26378] EXT4-fs (loop1): Cannot turn on quotas: error -117
[ 1314.156032][T26378] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.7031: bg 0: block 40: padding at end of block bitmap is not set
[ 1314.170247][T26378] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6185: Corrupt filesystem
[ 1314.179137][T26378] EXT4-fs (loop1): 1 truncate cleaned up
[ 1314.184607][T26378] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[ 1314.197879][T26378] EXT4-fs error (device loop1): ext4_xattr_block_get:546: inode #16: comm syz.1.7031: corrupted xattr block 31
[ 1314.210641][T26378] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=16
[ 1314.219501][T26378] EXT4-fs error (device loop1): ext4_xattr_block_get:546: inode #16: comm syz.1.7031: corrupted xattr block 31
[ 1314.231279][T26378] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=16
[ 1314.240169][T26378] fuse: Bad value for 'fd'
[ 1314.515551][  T523] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[ 1314.643732][T26385] loop3: detected capacity change from 0 to 2048
[ 1314.666934][T26385] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[ 1314.795328][  T523] usb 2-1: Using ep0 maxpacket: 16
[ 1314.975640][  T523] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1314.995612][  T523] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1315.011893][  T523] usb 2-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00
[ 1315.021219][  T523] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1315.030125][  T523] usb 2-1: config 0 descriptor??
[ 1315.059440][T26400] loop3: detected capacity change from 0 to 512
[ 1315.066513][T26395] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1315.073331][T26395] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1315.080694][T26395] device bridge_slave_0 entered promiscuous mode
[ 1315.087875][T26395] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1315.094702][T26395] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1315.102067][T26395] device bridge_slave_1 entered promiscuous mode
[ 1315.142028][T26395] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1315.148868][T26395] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1315.155984][T26395] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1315.162741][T26395] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1315.213778][T26395] device veth0_vlan entered promiscuous mode
[ 1315.221385][  T630] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1315.224508][T26402] EXT4-fs (sda1): shut down requested (1)
[ 1315.230880][  T630] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1315.239519][T26402] Aborting journal on device sda1-8.
[ 1315.249158][  T630] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1315.257139][  T630] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1315.265567][  T630] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1315.273839][  T630] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1315.281685][  T630] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1315.289144][  T630] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1315.296596][  T630] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1315.304103][  T630] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1315.323939][  T630] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1315.333587][T26395] device veth1_macvtap entered promiscuous mode
[ 1315.347361][  T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1315.361390][  T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
SYZFAIL: posix_spawn failed
 (errno 5: Input/output error)
[ 1315.546166][   T30] audit: type=1400 audit(2000000931.927:3746): avc:  denied  { write } for  pid=291 comm="syz-executor" path="pipe:[14198]" dev="pipefs" ino=14198 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 1315.577744][  T523] logitech 0003:046D:C29C.015E: unknown main item tag 0x0
[ 1315.622851][  T523] logitech 0003:046D:C29C.015E: hidraw0: USB HID v0.00 Device [HID 046d:c29c] on usb-dummy_hcd.1-1/input0
[ 1315.745342][  T523] logitech 0003:046D:C29C.015E: no inputs found
[ 1315.788353][  T523] usb 2-1: USB disconnect, device number 24
[ 1315.906039][T26113] device bridge_slave_1 left promiscuous mode
[ 1315.911950][T26113] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1315.919231][T26113] device bridge_slave_0 left promiscuous mode
[ 1315.925129][T26113] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1315.932759][T26113] device veth1_macvtap left promiscuous mode
[ 1315.938574][T26113] device veth0_vlan left promiscuous mode
[ 1316.328958][T26113] tipc: Disabling bearer <eth:gretap0>
[ 1316.334324][T26113] tipc: Left network mode
[ 1317.106345][T26113] device bridge_slave_1 left promiscuous mode
[ 1317.112275][T26113] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1317.119625][T26113] device bridge_slave_0 left promiscuous mode
[ 1317.125625][T26113] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1317.133548][T26113] device bridge_slave_1 left promiscuous mode
[ 1317.139542][T26113] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1317.146914][T26113] device bridge_slave_0 left promiscuous mode
[ 1317.152814][T26113] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1317.160472][T26113] device bridge_slave_1 left promiscuous mode
[ 1317.166418][T26113] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1317.173588][T26113] device bridge_slave_0 left promiscuous mode
[ 1317.179591][T26113] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1317.187152][T26113] device bridge_slave_1 left promiscuous mode
[ 1317.193043][T26113] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1317.200390][T26113] device bridge_slave_0 left promiscuous mode
[ 1317.206389][T26113] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1317.214481][T26113] device veth1_macvtap left promiscuous mode
[ 1317.220313][T26113] device veth0_vlan left promiscuous mode
[ 1317.226054][T26113] device veth1_macvtap left promiscuous mode
[ 1317.231839][T26113] device veth0_vlan left promiscuous mode
[ 1317.237608][T26113] device veth1_macvtap left promiscuous mode
[ 1317.243403][T26113] device veth0_vlan left promiscuous mode
[ 1317.249223][T26113] device veth1_macvtap left promiscuous mode
[ 1317.255016][T26113] device veth0_vlan left promiscuous mode
[ 1317.261022][T26113] device veth1_macvtap left promiscuous mode
[ 1317.266837][T26113] device veth0_vlan left promiscuous mode