last executing test programs:

6.386921448s ago: executing program 0 (id=4338):
getrusage(0x0, &(0x7f0000000040))
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
r3 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000300)={0x42, 0x1}, 0x10)
sendmsg$tipc(r3, &(0x7f0000000000)={&(0x7f0000000200)=@name={0x1e, 0x2, 0x1, {{0x42, 0x2}, 0x2}}, 0x10, 0x0}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x1, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
r7 = syz_io_uring_setup(0x237, &(0x7f0000000380)={0x0, 0x80fd, 0x10, 0x4, 0x2cf}, &(0x7f0000000300), &(0x7f00000002c0))
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r7, 0x13, &(0x7f00000001c0)=[0x39e], 0x2)
io_uring_register$IORING_REGISTER_RING_FDS(r7, 0x14, &(0x7f0000002240)=[{0x0, 0x1, 0x0, 0x0, 0x0}, {0x4, 0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000400)=""/151, 0x97}, {&(0x7f00000004c0)=""/170, 0xaa}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000280)=""/22, 0x16}], &(0x7f0000000600)=[0xb5, 0xfffffffffffffffb, 0x539, 0xb2be, 0x2, 0x4, 0x9, 0x3]}, {0x8, 0x1, 0x0, &(0x7f0000000b80)=[{&(0x7f0000000700)=""/83, 0x53}, {&(0x7f0000000780)=""/140, 0x8c}, {&(0x7f0000000840)=""/123, 0x7b}, {&(0x7f00000008c0)=""/161, 0xa1}, {0x0}, {&(0x7f00000009c0)=""/212, 0xd4}, {&(0x7f0000000ac0)=""/66, 0x42}, {&(0x7f0000000b40)}], &(0x7f0000000c00)=[0x2b279bfa, 0x2]}, {0x4, 0x0, 0x0, &(0x7f0000001e80)=[{&(0x7f0000000c40)=""/168, 0xa8}, {&(0x7f0000002300)=""/164, 0xa4}, {&(0x7f00000023c0)=""/4096, 0x1000}, {&(0x7f0000001dc0)=""/72, 0x48}], &(0x7f0000001ec0)=[0xb, 0x9, 0x400, 0xdb, 0x1, 0x2, 0xffffffffffffffff, 0x20008, 0x7]}, {0x1, 0x1, 0x0, &(0x7f0000002080)=[{0x0}], &(0x7f0000000b40)=[0xf, 0x4, 0x9]}, {0x1, 0x1, 0x0, &(0x7f0000002180)=[{&(0x7f0000002100)=""/94, 0x5e}], &(0x7f00000021c0)=[0x0, 0x76, 0x5, 0x5, 0xb97f6b7, 0x0, 0x37f, 0xfffffffffffffc00, 0x9]}], 0x6)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

4.660387505s ago: executing program 0 (id=4342):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
read$FUSE(r0, &(0x7f0000006340)={0x2020, 0x0, <r1=>0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000002200)={0x50, 0x0, r1, {0x7, 0x27, 0x2, 0x4a1dd8c1, 0xfffe, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2}}, 0x50)
read$FUSE(r0, &(0x7f0000000100)={0x2020}, 0x2020)
syz_fuse_handle_req(r0, &(0x7f0000008680)="265ed300624cee917954148609d0f2ac52561da46fe5c8ce8b3d649d8b59dfb0c633a2151990de893de399d507986121aa114fd87163065d2988807d3e0953e6b084d8b607280f9207193bb76a79bb6d4f638d070435bddb76667d5dee6329e71b2c9befbb22bbde0c1b6da63b845f2c28d2c5f4deb07b4ae015fc576702112f75a755e76b6dc450719f63cd1939961e4c895f9054760c61f933bf74d185520f9aebaf3ab397a2089640ec41ab5cfe6c828b53c4cc544f9812034c719e712532763eff6e69ad7cc4d2f29f97ccce18f298ce417251430929d422e21cac05093609d97896d0beb7d4cce9f1975f01e7dd29ea061a868bb6607b7cf88a2e33dd5c5db31cbead98e06c2c7add9012b0483fe662532c81ab1a1ca8f20f1cd9020e06c2bdade3f311d08b47503b5b63b279a9be019006e6929670f53d5688c194e9f046d2322d71bc26245e698cd44d655c59b2e0ff43771a386abc38cd6e493e0a475ef525fa78671fd9954e7df71a3b7c7ed90379dffa4fd76f0367eca11c1d8de813979951eccc8c93b4f9fdb4785c0a9d207e65742bdd358e9dfbf29203c36b91fdd78db55b53ad1e713e32fc1f47bf3390f3db8dfbd514b4b31095c818e18b63ebad5cc3b406557f3a9380c5025ab11c64522b1752b2296bb00b7750ab82704ba197f26ab76e35da02ae87d25669d54d212aa680b579773c889902782d1c8067b16ff957bfa70cd8af4c366c1629e871cfb033d46c0d308c3ff5072fd8e23ee02986a128051b8e6dbaa2bc46bdc8772d923f2906eef68015bdb4cd66a2525269a91cbd7336c930c08190a8606d762c768d164d05eea38d63e99e1fab83ce2683b885e1619065acb1bed0bfd63e3cea5c9d7c9994df4036aa17f9eb0850f9eb42b17b19926fd9d814529c3cf4397e3f38f9626f0bb4f229b51c35773cbecc42ba22f8346c9c3a6f3ca7d8b25d0bbf30baf48bde92ea192e2484ef9b2160492edb5f2ce296b0b6b420d020b7d14d77f7b436b1a23b733051369536eae7c7148927c3ba3a968516039b0b14d9918a41a1bdd5002847e1c3d02f0dc2235857a9797038d164591757820e7d74dbadd42b8903f20434c6ac0f401fdbfcbed5dd3c5b5fb0ce1f9c81e8d1037fde8dd3fef1d5d7af6af8f36c0f4462909dbf694cc6fe80070bd5fac5a5ca4dffae4b2c67892f7c53af3644ffec29ab3d791bd7934ad38929a9d5fb9ecf10b9dec62e315ccb0e0de60bb1620daa8154a4cdec98d94d42ac1a4b5f8da6afcb7dfb53544fbbcaa3aa444182ff25064ace51a825fe89236e850a2c90e1c7db17871ea809c4a11a26f49b213cab87d4a42b747546fb9b15068faf1a8556f909f2c47202e7b65cddc708ded90bdde68725b787bdc2d4eeda60204bd0028f07ffc3052f93eb6343d1b2a9a5292e6574baa4a096fda6dd54f6d39e9462b6839b8ee2426e3fbf42a016dc0963145e602f2b0c351f123df48f608f74b04fc7e9cd018e7ab25bc1c12f8f58c0b2dce5714faa54820ef72f38566e3d776ea2d5b061a2e94710176f15d2221420abad8b8b733de253e602277848e7f1e0eb4d07f5eb0cc4d9f874e632007cbca23a5d7e4109cf5c4fafe5f607149bac37938734b77d9b183cf76014aa61507bd4eb44524e8326c58932c8b9f6a10e334cc602b5b8c956c7cb5ffa099274b599fc9c58327f85553e00263e548c93c89edf7a7c83cc10348662fc344c85378572a40b49ae65972fb40abd5e0a38af48207983f86c7bb6bf9b7853c4b1fb522d135a83bbdbb78130b4df3aa7cfa930868cd5a2d995ca9fe4f64c79485ab19d85b0c82a72f4a09ccab267320a61208ccef13c3546ab0f16e34cdc56d6e48a6d9c14c626528a3b191e3723b19d4388d5b9b61c7aec726b8752455f96e888ba7af82c127796e9b67432d1f60a3470c7bf4b924cf10f06a3e3f64c60c7c2b0fba4d1ebe4e52014b4052c2ba0d5b649c46e5cdc6c7159faff2adad2db2d3db9f4f9e9735ba28b7aa1c6c2fea9dab6c9617160d182dfc13e18f44e73c4377df42080d08a87fcfd46b4a4f30205457ad19ddd473fc3a67153d04e960f1dc7556fb158a1d584eb2bde917792892a30e9cd25d37a318cf06bd6541463adaf5d12adc50252f364ba05f89182018ded2179c23a1fc0b31d87139da39298b8d387446c70c4577a27f6df841d9f43106bc1bf44f5c7a41460e2afc9eea98f8e256919c0befd53d7d015412391963c9ad39a19aad265cdbd609628e1913adc2467b69c00865a88635c46a851e7252cf3dc5c3cc5dcb04e97c0742d1a844556744036c97710dd9b55f661506f36cfef2c6b7305b63f5c33469b33ad09e1b593a7ddfc97777954c71c8e4857ca49aa7e5de0d25d760f633660e1fd783cdc43b00a0ec149cc9c8385807c2f6b4cb255d6a15ac75ef63d0871b176d503f332c069ccfa7a2bacd11999ea792024b35c9faae5bf02bd5c844d04d9680c1fe35c2d90ce808b45932e754e4e1dd142ba5a7bd9ecdf7717094ed4359eba666fbdc1e849ccede72b0b37f0b8bc4f76b99222f8d199de11dbd0ff396236f4a37aab955126a60c9f0d457c7a394920aa9014611e5d994c8373516f061dcc5ac881bdda5132b5ee984b15fd007828401c72df63c2efbc5f0e8545310ce65d0635dc73f0cb1c796c24b7ee62616116c13369ceb74ff8bda64a98e903dfcfd88b3c0c5f86191bcc8342578f23dc70fa6ceebde822ffedb7587a3f204d330be4977bbbc2529cf0ddf4c85b17f1088f48d878e72fb00e15a6144231108be816d2718c360e2fa8a236691c775a9a0ef3559696e9b8f85eec0aa2b1c4f01a2df6065bd31b23dd37718613fcbbb1566dc0607bf487c1a91f2b39a83755a6048e46d02ede0f5aaea8ee9e245d6c37891f5ebc9bb7ad2462b4ea4f1167b8c8e97e2f7b62c1c98ae0b808ee6033818d28a00ee72120820b2227da50d7f66d3318f6acc6398c81e529c5cb0df75e303954c2fa828760c1133fdbdf1fd7675b8634bdb496b054b91672fc7ac344a37bf60988870d54e5baf91334db883b2c69acb50676c2f871fd577747dd1d26c00a56e757b6a0edcd609ef5c3b3ef669ced2af5f19ad19194d04f23ff23546df47bc67ad596672a40cca2e87f8fcc3a318e37c73f9f50bd06926c74078356ddddba42ee273e0c33c2fc6cdd1fd50daa6ed3b7b6ce558f89449fca6d8b05c90639283d44e14a854eb29d65ce5b9552597072cb148ccea15ef430630559293afaf204f22a890fc3009a2bc1b0844a49668354a940fbd0d5919faadfe5cb80e4c93d138ae28269a99c877426298b9ec7f01e9005da2d7977f34103de38b2f65bdc1c899ba96745ca977c46db6003b1ab840e677f0d8960b4e9f71e82fb89a8cc0702739276ec7a040c69e6dc0e439658d420737a2f6cbe7cb1ce904f4a39dbe8284971e527ef50976c89855f75d5e129a09a117a5c042411696f8a3bf02879a287b2b1ea2a6e1adaed0374341113bb8363f33aacd361339c9c06b4bd6e04f8fbf1f120f1992856608426d44abb6cc429a075c7bd22bdffc9493f218286f8eb585001fdf79327c8c17d462cc2ca5b435d444659767150c6e1000a74f001be398a1bb48863d3a4d4a71a4623e1721b003d7d2c038fdb405b814f37a95a6a53bbb365dddeefb83451676c7b57a23dd1d523958e2e2eb8d889c47cb7aa515e9b11b2c3accfe6739a8ef56b7a02adfd63ec9f9232c38e2aef3773a9a7d6f4844ea1d609f146f19e6c46fb6b961b8037e5d9ba34c0ca5c10a668ddc5d6f4c7951732f68c56ad9c1b3e53e09d33d9b377258ab2de957c8adcd4b68923ed6eaf2441e2d888d1d4653c5686ab712a82ca16cf475009e238e5a8df04ca2fa719e6308bd60026deea44355a6e878157ffc7f14a8d34275a9ed5f810ea4ed1827e4c91998aebe9aacbae14d95eed96a9de17463ae852f53d2bf3e92df959564e9550c1eeb0b052c00cd44c07b7f021cdad5c70908a74bca9ec4fa372f491aeadb297e8f571de1b376ef1b7194d8e434ba3867940606521399595be0ec4daab0b45c42e439adc5cbecc7310025ed8761a1d78adf3ee6b223577e473423cece99cde0807269de6929624ed1739b2380ed4688779ce9808595e9b87ed6f42d89b1676014cb8c9a3f7484aacdf794f056439fd1e5233de23141d5b87ca95b54721a01212666e8067cf683025f1219f4d0569c8cfb2d6ed67e7f051e2ef9d0b70a390ac7d53bf9c4e537c74afd223e311341583282ac6e4ab209a591ab0f4d7205512a74a01cd33b57d993fc5c548a757d757e1f32272c22b86fb2428b338eac75c21e4ce3fbfdc6f04a62856610308e65dca82a7637d7113a48c6ce0357fa454f6d58a1b61698c7b65dc9b8678f9d279b883f76e04ad1f1154e2f490afb7e397ce65ce297f6599b0671f3129bc87cf4221d8ce101f71a1df23b6343dc3d6e35ee2eb0a1e37e67e091fab994b8948e956320d7e512308641a129526ff2e73ba026fb72fd3da3482fde5374d54bc3ed6ae53f2b9b4d222db5f3126760285683ecbbd0f8b5bb964e5a1cfe404ce21588a21c2244e0f76520e139992f65a15299548f4dc5e4d1e54acf7592ee1f04e36987606bf10e4632c79d00e1ed985553b00a8e828dd193f5cbd7101cd36745804d474532fc51e708c7f124bf9231b9a7bd1ca4446060535054b4bfd5a61607f3ae45cf1deebfb9d8710e5523c8cd03565cd378e77b1b3323a7d97f28fd1a13aa40626abf69d7b66ee9db3d604b293966347a4fb36d089078f9808bc209109690ea47941ad7c146367b78eee93131a57b5e12690b7288ffecf22f39f308a80457ac6052b8f477bafc15a3ab30cfa3cbd7dda9803e5a5664694e77f528087de197c02fd4d133ea9133b9aa4377bcc0b62801982b999b6e7f76dff371dfd998704e340b4e5da88384fa8cf08d747c977105e4574bda02c56361338a0a9bd800e94c861a31d5d64d71cb65c0655f5b5cf5f900e348d7cc05d9c2dcf711859cbb8ffa54065e2e5462f4c1d80d28e5d5400090d4bf61565422b8df0f34f7a7c1e153d39c9d7340d15b8db226d323b4e3c50fd8aaa87ec9e5c3fbb3ad66462c6ec5ff31877024d119fdb7a16e69d324ca9819512c45c3852409f4899a41a4d16ca77dc3dba1ffbdc2af2fccaba1f04e048444154d5019a267bbcd440d7bb3516e9741e5f9c3ef1135e8c0d70e3c7800c10c000e9cfbddbb5aba9e43b3dc0164f92733590f6921bfb53aa1466a53b6146113795fc13d1621b3cbe0eadec02c469a4899232c23a5a88a9d659984c22ee523b5c5de84223a0f0f9bf1fcdb1efb4709252c0fab477823bf2505f9a2e4a36d0bdae824ecad15a4c313f0c9eb4423ea249710e353e61264630927f778c01978f5b50213d71fd746e40009432bf50b7932b7659942f0d1b6375b87d9b038ce271d7333ed282beb3925a330d881ac7611d3e8b869601b146fd82c06b340ae4823c4c429af4c15f2a2a2bdf383788e86b68c001866a86188cfd71b02bc8abef13703264f3ad08ff6602e15ff84715b7796541c87e26b0c6e086211943e52629f8c1e71fdaec972ab5a2c690c78b08d65651ae4b64070f7bb37931119881ef14c4c8e228d67d34f1c9eb855b39ad6e615bf24f7b453a76547edf2fa025c53bda95d783fb3f735852f28318a8a67c8ceb5279d380d724ee6eb2e76ba8807a0865fcafac50d09a92b85d27a238e4461a80cbbeaed62a844c17e498f6457aa642ebbd0aaeabf127b8f8fbdc2e28ff7fafaafe3016603461f256d7fca690a8643b9697800b3cd59e09ecae48baabccb63cad4a627f6bfba0759f1c186977e9698e6fbc16ec9d1c95ca8e2e075a1eed3ba6223e4df44be7da59a444715a78fdb90a1645c069ca0fd1609b7dce29ffa11f17266c32856f9ebc853c0c7cbbbd82667a5106b5b63f5328ae9d653dc5dd53194988f0e421db3851eee53c557e40a7ad293a22ffd3445d296347cef4187aab3c9c3c2a8e40be66919c30cef3de8125f3cc7342a43791cf1b3b117af99b04e0fd8170f17f4ba25bdcb24965501025188a430df86239d369a6e2c9245e914fe4be3a1eb48e22e2e1c72caeb4b0d1b69e8a817cc7ddf644d33e56ae32215604f267a80754619440ddb3621280a4b388c14ca19dfd398d744977849247d0bbc55d5a54ef062ad3cb3689168b28a0981946fa01737e081101b9c571d0ec4e5775159daccc110588fbd35bf6f0d55f99da967a3d3db1999e158958d7ce128571efaabc09c1aa7137c35f3edf7cfff386a79ba5acfa974366c442207a39ce67afc8469c2ddc6f45413dd654d9f59ae7fd31115dfeccc43c27bbcffab119106735b7782f9694a3e30159aee341f04540a54443562cafad5cf3336c6e900343b053d7c93bab45d8846cb5b880e11b979c13dfea06267932d89e258ef30768ec2ce1d7b020609a5ea6ad9eda78219542567029d1d4d2ffe797b7f95f16b8f599390b0b630decdc6e17593b7e4992d48e62c27cca2e423eded85cd4b436065496984d59044d38f317d0ba649837e5377ab3793c3f66c0509eb37ba365c94273b3cad97c5f607bcd312cdf3c8605dd5569e293d21c588969d7bfb17a228b53f2cd0387995945253c6ec8fad3777cafafcbb9151a54e653a142b5ad0c62682b8ec4b99f525dd853f75c17ae6264b7bf975138de9932d40be9f35ce25dd2a1e307fcf506eb6db8803c19b9880f96299ef58a6bdf32708346db540dae112b0f7ebfbe6f3f46635b7d98e232cc91eff29c7fed6dd53d448db2fb8fc4c0dd661d47585c7966f9338f165e53b3d7777dd844be6a6c8885d95b839a32ea0bc83ec0ef8a5bd11b666d11fd8e27561d8afc4686e978ba31ff2f812f81a6a82956b95a0cce2966a37a4b9e33bd297ab8b1667f6ca5a6be65e4485a305651a4230b7a010a960b035dfb7a8474dec1965c6a9177f62484817807e0dc43ab2770b27adcb40f76c0e78639c55fdecb6c008f2e859ed496818b48e5fbe32376fb3c434afc0ff780867e7374a8d659cc1580e49678f4542e5cd3e54d5f4bd1ff6d186827d588ace5a8adf437dea11def7b57b6b8c992b86695d09c65aaf532d6b8cf12686df8b07bfb5a8aef7944f04c8bd00d500b8b7eb24516dbec0f5514dc48f70eb26a2b78042fb6b4726a20fcf73ccc9a14b75bb82e558e8bc4f7ff5453850f83d12896e9abf322e5b81b6efe679c8c98ee092e06302f9f1472931dbe5a815ac38b1bff79363c4f846caa755ab3ed5b60a938d5f1a9e10950aaa0c5d10c5c4f09abb8ce6b98867e6f8644e3b9d603f07f9c2d1044600635d432ce796b0b96baf572238711302f8fe486f3bd4b5a0463eefb0cb04271393cb1b47b033db62840b4c535da356de3db90961deefbf43060d57b303489aaf9c3bed935f8750d47b8e6aed8eba71f08d93246c92c7cfddea99f6e052bf18e787aca4cc04779dda1f67a420cbb5fbcee2f2ae28be664fad18b478e171dc3699116ae71421b86a5fa9732767c994f38519874b33f07b12b8baa5bc672017cb1e2c8e8897e541358da9a9e3bf8bf57ad3541fb434534190ddb95a5ad701e20548b269268fef7c20c15adb8a86dc8ed756f760370ef2bfff1261349b535b77f67a4118dc8f95c70e977ae39c7c77f2d4e2248028439b72325c033c68684fc8dd6050f0449e2c87debc00fb8bd5d1d9b9f31219b4243cb089362b345f2b9aa7089eb618e1407223ef1022dbaa856197f6cd8dcb7fc53afc16731e0f21b45a17fdc2c49bfd9f14e454c98536c507c3aca95ad57be395ea9d737a4a3237825cf102ca080e013230cd7a46e91237b2214a2b175ffb390ac9f12e5dd3124ffe1e152e148371425c6ae5c603715d5439e0f9e49e8048b56489ce79c26df2dab6ad0c8ac0b37e5d4fe10061f44f3d2314e1ee6245ed600c62a9c448faf905267cdb125ed7dd2a7a539770bd1ddeefd13a521991cae16160cadef434edc23fec333ec7b328c4a6213c5040848e835c6b3e0aebcae1d5884f7e8f654adb512c2f0227fae83ddae0dfa848e0ba9344404ef1d6da880f8eac71fb7e02f197859fdc1ec634dca3f46932e5f022689ed253e60f232e1acd96fce398961d62c4d63d7f37d48c26175298658c224bc1db73b8baaeab139065a9bd004bcaa24493c17f09961c09bd0cb828a8cb3cab56df2991646ff370040bc8507d3d16e66dc075c8d302c6586dbee27b32f93ea563a2692f65ada174e35bcd8cd3214c1a38cc00c90067828b9980da7dec04fbeaa2e550c8d069712efd0853e7daf007b0de5c9e361d75c40ad5f9f2923c10ea479e5852ad35f232d6d141ca7b4328c9d72dc5c247d1431688b2a325d88582733953ee50f997a5d8324cdcb01fda11a773093f344fb38b55c5f9e7706e1024cfb4f2e47544ebbaf792de3c4d8f1522e9d9ce73fdaf1740d3dc134a78b53c6167aec45c730016b8ad9d9bc4042b6835a5ff34c9d36da7418719a86be6637c896fa4a4eda862a9e73ab97e5a977aebf0fe64a7d507dc210a677873e155fe4b2cc3a96e558f4d54db6fc5fcdf166c4cd58bb5d1721378ccff170c0eba14b990ef610606909c205e34aabd15eb7a62406df5451871b18ae3cfb5af37b7f7bb2be80590d3be02c5d0c4143be66efcbe13c6927f54ed27884b3d6a73e90516552a0bbd81f7c76ed5f84ecfef2225e52b9cf6021895716aa29b540750eb64b31cd7be1e9fdaaf132681b23cfb2742fbeb4d1f40fd0bb1d13ba044b252f2f04b0d5fcb121977486c5754a569b81be7577cc0c9e918affbf9abc1b6dd567aab66b7e2aca396e79d53ced9695a65a704bbd9700b55ac8c968c5f43557060c6507a3557c8762a7dc8263eaba22d51fb7df435e20beeaa700609d774d1e212e7493b672324e1a907fc1546cdf7d4ff88029dd7e9c92fc530e3f55b6c1b103c69f14859524d07e454a3c5f987e01d21d9a5a6f842370cc3dadcde1b5822b0d0c47883dfee62b9b7209c3a7c399ed34604e164f806e68a5a24a53d0c5beccdc1389e87a5894061f95e7e8e8bf84ead6e7fb155938230f22b426d9041e8bea72dae14911824db9b65bb0ea0d0404cc8fabcb8f1863e13c8475beb68138e043dd67bf1b0d7e038f9f3d25c8ab1a52173af6b46d8260d677bf066058e89dd18b03fa20e79938dab01876102992f9df49dbe983526b9e0bc83c15cb9d52511eff20d18dcdd316bf334b98aed9024051b87bd3d767054470f4b7f59a207e9b9f17827497bec146aa1b0d18ef54ae5927c64b05f34c8508a0cfea02cf59b3c97a1d3e83a00b7ca495167f411b3f41c1409a8ac007e1cb08ef83c4cbe38117d4b1ef9b58dc0092371b1dbb1a1834f780282dc2f3b6bf36fd0dcc7619c28785b76910757376adfb014ca9ff8bfa3e291e7cba2caa05efad48b1506337b61f74b7b0f4abc18846af682f34708bbee9dee76837bcd192876d1861a20b3e77c9984aff5ebf0a2a4741d6e43b4ac056ea138e79230144578bfd4ae82b84ed109e4d5ff0f955ca481ac0231cae963b7d4db76d89d07e265973a16899fb3a6f8dba53473954589134b520e680f4c5e707fd056e75edb194004b81a40bce0407b6c294078b77e8abd8873c01f6918b2c7c6095c9f23b9841e90e8acde53ba60cd78911cac6fc2ef6bb5fcbb0d3da3e63d70b47495f2177afce5da37c59efde49aae133761847a6f0c8aa374790522ba04d466bd1f7860f53371f5eb2f506c5bc7bb6ab449e4a5c37866c31684b285cf5da17f36434b809f69c542c989449fd0eca50f5eacf8080cbbe8b84d1183095ae7416b8f2b98311451cf7cad2d8fb721e589f9e611376430359cf855444fd1415011e8c313834bf0e217ac7b03f8add941427b0d15b56378b2cd1e3925008c16cd5f95dd149c7e050e0a153e4333e63bd14816b4357fbaa5f706af6ee225057eb599bbe5714c9ff23204d1902230569839d8836e6b2525570b00eca8534aa0c29cf62dce61ec66d9c195be81279b698ec8565fd6754f636b9288247657efdb2b6356a82f014a1e6b24926fdd67810ef0a01295c664980f2057ca17362b0a5888c23ac21842f931a7d57cdeea73c4848c6c1cce20be979faa611f86509ce031fb4102a0fd30bea4f4f840c75d238362a2c4f8de16e81733ca90119f8c1ae148b184d0b113685594088ad8a947455dcfb782f8beb69e255dbed46ae2ee6f094168a52501fc68ed669fac390cd9320ba16d69c86d6f642aea836bb1d7c14593f15d8d33d452d8c87003d7ada1995e2b43f788b4ab00ec6f58869968f098218a3ca21a6f369d47a14cd3de7de8357902e8ecfb5f2e6beb5d3d32a6a6224fe3d6dc5c06eb117af0ab396acfcae58b2b1b9981cc71cc1cde07491b6b6d97e04c10ff216393dd28737d31c8f2cc9ebe161b96d407088b2bc456c331b676a0d7dca3df7f7080697d154fa14f351fd467e30b4ac3f4eb7b4adfb173ff20594cfe539c775c4275795d54782bae4b59cc64a45740ff73d21f5d6cf39e10bae4fbc48ac7799023796d7408ff9220a07a49552b18c5e35f98082297d2b4a0932e4d224c6807d49bf9b5de2eff1a8130da56124ecb5509241fe95be11eb0df066f5f819bc7db0f1ee90ea0aaf4ca4458ae7b5105d574de028c82714ad0d53bfc8ffab31c57762b38e433d6991d83ba5616162e27e8ac122c145547c4abe18260c6d32c755a44390ed41241ef375e1f5a4311263881a02dae71f837206413fc37ddf40a9bb72256d1625ee0b94c1c5715809bdb24224cd0698a5802a83e2328dfa22b80e31b9a5c7dc2fe0c68545905368806c308334c194803eed4a24a96bc5021b837a293dde7ba22b9ed27369b3584deda6489bd1b3fa2925beeacb7d3be367fd014547f82b4561c0120978b6ec2b32ac2634589b819a2c94fd20c081fe9eac7b0745f73a1981e21b05b1bd97a9a1d7218c0e6d0e473e15a1a7465cea98ba0c72af2f270b6a61bc51d1a0a9603b91fcdcc7314fe7aa007ecffe6c7eebf5a65e82a96325e86f9aec39feac6eee9501495c74000ec1f0923e79ad1fbf6dc581539047537794151473e00be353b3b8dbb6da0053826c7bdf16c43867cc9cab9d1220466ca29ef2d6172c4c0ff9067eba9d9775225efaeab1b8c634b4001d2a5c01628bd5550c4573fa017afa3f501f1a6b7d7a483dc0885ab9c2ee959a596ffbb68c7ea99e48f4304697edf7fdba5567735ace3433c15aa59863f87e4605206a31ccf268588de7ed37fcacf6bde80c68ad53de63feb4399cce137c5776abd15395402af07250938aa1c466511bd5754f9cf2f938faa37a683996c801c8fc8aae36a706c5d6e2d36e96ab77eec817ce4d56d2bcf5a43702a883b127a1da8b6ceae1b82573a9e9e9e297560f8d65a1f5fd4bf3d45af0841e691b6e637bd8b9f7c8e51b813b818b0baf2d9c5c9d116781d327b4b43309c7265612089f1dce60a41fd0aff4bcd1335d696f01cee7b371e13584c731a3c3ef7e1b9f3f41f91c4dc647b948c93a99c1ae79f5f530c68c3cc28bbd00", 0x2000, &(0x7f00000023c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000008600)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x6, 0xffffffffffffa635, 0x3, 0x5, 0xfffffffffffffffe, 0x2000000000000000, 0x0, 0x0, 0x0, 0xa000, 0x0, r2, 0x0, 0x3, 0x20006}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x10)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000180), 0x0, 0x0)

4.35968112s ago: executing program 3 (id=4345):
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xb, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
creat(&(0x7f0000000440)='./file0/file0\x00', 0x188)
lsetxattr$security_capability(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000100), &(0x7f0000000600)=@v3={0x3000000, [{0x4, 0x3}, {0xffff, 0xc4}]}, 0x18, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
lchown(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)

4.103009734s ago: executing program 3 (id=4348):
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xf)
ioctl$TCFLSH(r0, 0x400455c8, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r1, 0x400448dd, &(0x7f0000000100))

4.007591986s ago: executing program 1 (id=4349):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000002e00)={&(0x7f0000000180)={0x2, 0x3, 0x0, 0x3, 0xf, 0x0, 0x70bd2b, 0x0, [@sadb_key={0x3, 0x9, 0x48, 0x0, "051c6f52e407747545"}, @sadb_address={0x5, 0x6, 0x32, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @private1}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @private1={0xfc, 0x1, '\x00', 0x40}}}]}, 0x78}, 0x1, 0x7}, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6(0xa, 0x3, 0xff)
setsockopt$inet6_IPV6_RTHDR(r2, 0x29, 0x39, &(0x7f0000002e40)=ANY=[@ANYBLOB="00020201"], 0x18)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
r3 = dup(r2)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000300)=ANY=[@ANYRES32=r4, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='kmem_cache_free\x00', r5}, 0x10)
write$FUSE_INIT(r3, &(0x7f0000000180)={0x50, 0x0, 0x0, {0x7, 0x29, 0x3ff, 0x40100, 0x0, 0x89, 0x8, 0x80, 0x0, 0x0, 0x4, 0x2}}, 0x50)
ioctl$SIOCSIFHWADDR(r1, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"})

3.598380852s ago: executing program 0 (id=4350):
r0 = timerfd_create(0x7, 0x0)
timerfd_settime(r0, 0x0, &(0x7f0000007000)={{0x0, 0x4}, {0x0, 0x989680}}, 0x0)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x300001a, &(0x7f0000000500)=ANY=[], 0x1, 0x2b6, &(0x7f00000000c0)="$eJzs3UFrY1UUAODz0jSNukgRN4qLB7pwVaZu3bTKCGJXSgR1ocXpgCRhIIWAI5iZ1fwCl/4Pf4IbN/4Dwa3gri6qV17ee01iX9PS1hT1+1an995z73nvQrrKyeevjgYPHmXx9OTn6HazaO3FXvyZxXa0ovYk2nFe0xgA8G/we0rxW7pOZrt1+9UAAOtQ/v8v3XUtAMB6fPjxJ+/vHxzc/yDPu/Fy79mkn0XE6NmkX87vP4wvYxhHcS96cRqRzpTxu+8d3I92XtiO10fTSb/IHH32Y7X//q8Rs/zd6MV2c/5uXlrIn076m/F85LH/cLMutRcvNee/2ZAf/U688dpC/TvRi5++iEcxjAdR5M7zv9nN83fStydff1ocU+RnrehvzdbNpY113gsAAAAAAAAAAAAAAAAAAAAAAP9tO3mele17Zv17iqGq/87G6Wx+J69tL/fnKfOzeqOyP1CKqkXPNMV3dX+de3mep2rhPL8dr7T9iAAAAAAAAAAAAAAAAAAAAAAUjr96PDgcDo/GtxLU3QDqr/Vfd5+9+cjWUrkNi7euftZit4Gi1pWLo92O1RuepNLlz9WqD21e89zFUzcItuaX+1GUQX0xN9o5/e2Fv/h2+ffjwWFeralf8uAwu+ysbr3P94tTnbjpS0izCk/T8p12z0pdzurc0pvvvNA49UdK6Wr7vPVLeUfVSDZrsXG10zeroPEBi6B7/i5+uHjDCz8yNq75UQMAAAAAAAAAAAAAAAAAAFyi/K7vk6PxccPk05WprX+sKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABYs/L3/4dH47OgGxHLI+eCaZW8ak0VdGJ8fMePCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwP/AXwEAAP//wZJM4A==")
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000010, &(0x7f0000000200), 0x1, 0x513, &(0x7f00000010c0)="$eJzs3d9rY1kdAPDvvW1mOzNdk1WRdcF1cVc6i07Sbt3dIqLriz4tqOt7rW1aSpOmNOk6LYt28T8QQcEnn3wR/AOEZR78A2RgQF/EB1FRRGf0QVDnSpIbp5Mmbd1pm07z+cBpzrn35n7PuSEn98fpvQGMrRci4o2ImIiIlyOimE9P87TYLux3l7t/753ldkoiy976axJJPq23rnZ5MiKud98SUxHxtS9HfDM5HLe5u7exVKtVt/NypVXfqjR3926u15fWqmvVzfn5udcWXl94dWE2yz1WO0u9zE++9Pn3Pv2t3y3++ca329X63EeiEH3tOE3dphc626KnvY22zyLYCEzk7SmMuiIAAJxIex//gxHxic7+fzEmOntzfSZGUTMAAADgtGRfmI5/JxEZAAAAcGmlETEdSVrOxwJMR5peyc8NfDiupbVGs/Wp1cbO5kp7XkQpCunqeq06m48VLkUhaZfn8jG2vfIrfeX5iHgmIr5fvNopl5cbtZURn/sAAACAcXG97/j/H8W0kz/egP8TAAAAAC6u0tACAAAAcFk45AcAAIDLr//4/70R1QMAAAA4E1958812ynrPv155e3dno/H2zZVqc6Nc31kuLze2t8prjcZa55599ePWV2s0tj4Tmzu3Kq1qs1Vp7u4t1hs7m63F9UcegQ0AAACco2c+fvvXSUTsf/ZqJ0V+H0CAR/xh1BUATtPEqCsAjIy7eMP4Koy6AsDIJcfMN3gHAACefDMfPXz9v/f8f+cG4HIz1gcAxo/r/zC+CkYAwlhLI+ID3exTw5YZev3/lyeNkmURd4oHpzi/CAAA52u6k5K0nB8HTEealssRT0ekpSgkq+u16mx+fPCrYuGpdnmu887k2DHDAAAAAAAAAAAAAAAAAAAAAAAAAEBXliWRAQAAAJdaRPqnpHM3/4iZ4kvT/ecHriT/LMYf88KP3vrBraVWa3uuPf1vnWd5XYmI1g/z6a8MfXwYAAAAcNqS/aGzusfp+evcudYKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDFw/947y710nnH/8sWIKA2KPxlTndepKETEtb8nMXngfUlETJxC/P13I+LZQfGTeJBlWSmvxaD4V884fqmzaQbHTyPi+inEh3F2u93/vDHo+5fGC53Xwd+/yTw9ruH9X5pHfrbTzw3qf54+tLb6wBjP3f1ZZWj8dyOemxzc//T632RI/BcPre1fWZYdjvGNr+/tDYuf/ThiZuDvT/JIrEqrvlVp7u7dXK8vrVXXqpvz83OvLby+8OrCbGV1vVbN/w6M8b2P/fzBUe2/NiD+b3/T7X+Pav9Lw1ba5z93b937UDdbGBT/xosDf3+nYkj8NP/t+2Seb8+f6eX3u/mDnv/pneePav/KkO1/3Od/44Ttf/mr3/39CRcFAM5Bc3dvY6lWq24fkZk6wTJPYuYXUxeiGv9nJvtO95O7KPV5v5n23urDKb1WXYCKHchk5xZrIi5Ik/+XGWm3BAAAnIGHO/2jrgkAAAAAAAAAAAAAAAAAAACMr/O4nVh/zP3RNBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Ej/DQAA///M/t/r")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file2\x00', 0x105042, 0x189)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffff7, 0x4012011, r1, 0x1000)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000000000207d1e5a2d00000000000109022400010000000009040000010300000009210000000122080009058103"], 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, &(0x7f0000000140)={0x24, 0x0, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="002208000000a20100c3"], 0x0}, 0x0)
syz_open_dev$hiddev(&(0x7f0000000040), 0x0, 0x40302)

3.523082354s ago: executing program 4 (id=4351):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
getuid()
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
inotify_init()
prctl$PR_GET_TID_ADDRESS(0x28, &(0x7f0000000040))
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
read$msr(r2, &(0x7f0000000040)=""/59, 0xffb5)
ioctl$GIO_UNIMAP(0xffffffffffffffff, 0x4b66, &(0x7f00000000c0)={0x0, 0x0})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000580)=@deltclass={0x10fc, 0x29, 0x8, 0x70bd28, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x10}, {0x1, 0xfff3}, {0xe, 0x8}}, [@TCA_RATE={0x6, 0x5, {0x8}}, @TCA_RATE={0x6, 0x5, {0x7f, 0x8}}, @TCA_RATE={0x6, 0x5, {0x2, 0x9}}, @tclass_kind_options=@c_htb={{0x8}, {0x10b0, 0x2, [@TCA_HTB_PARMS={0x30, 0x1, {{0x7f, 0x2, 0x6, 0x80, 0x1, 0x68}, {0x10, 0x1, 0x3, 0x8, 0xa, 0x8}, 0x2, 0x5, 0x2, 0x0, 0x800}}, @TCA_HTB_RTAB={0x404, 0x4, [0x6, 0x81, 0x2, 0x9, 0x7, 0x4, 0x4, 0x0, 0x1, 0xfffffff3, 0x1, 0x7fffffff, 0x0, 0x2, 0x4, 0x1, 0x5, 0x0, 0x4, 0x4, 0x3, 0x5ff, 0x1, 0x0, 0xb0fc, 0x7, 0x10000000, 0x4, 0x9, 0x3, 0xfffffffd, 0xee, 0x4, 0x3, 0xb, 0x8, 0x89da, 0xb2, 0x4, 0x1ff, 0x2, 0x6, 0x9, 0x3, 0x5, 0x0, 0x6, 0x2, 0xba, 0x1, 0x5, 0xfffffff9, 0x3ff, 0xb, 0x3, 0x3, 0xf, 0x9, 0xb5d5, 0x713, 0x564, 0x49, 0x60, 0xfffffffb, 0x5, 0x9, 0x5, 0x3a7, 0x3, 0x4f, 0xa, 0x9, 0x0, 0x774f, 0x1000, 0x7ff, 0x400, 0x7, 0x81, 0xa, 0x7, 0x7ff, 0x7, 0x4, 0x0, 0x2eb746c1, 0xff, 0x6, 0x607b, 0x5, 0x9, 0x0, 0xe, 0x9, 0x25, 0x628, 0x9, 0x6, 0x5, 0xe9, 0x6f, 0x2, 0x5, 0x7, 0x4, 0x4, 0x5, 0x4, 0x7fff, 0x35836793, 0x7, 0x7f, 0x3, 0x1, 0x8, 0x5, 0xc, 0x4, 0x4, 0x1, 0x40, 0x400, 0x80000001, 0x0, 0x20, 0x5, 0x3, 0x6, 0x3, 0x5, 0x100000, 0x4, 0x2, 0xfffffff8, 0x0, 0x3, 0x3, 0xd, 0x0, 0x101, 0x6, 0x5, 0x80000001, 0xfffffff7, 0x6, 0x7, 0x1, 0xfff, 0x1, 0x9, 0x3, 0x5, 0x5, 0x50b, 0x3ff, 0x5, 0x5c, 0x2b2d, 0x6, 0x10000, 0x7f, 0xf, 0x0, 0x2, 0x2, 0x8, 0xf, 0xf, 0x10001, 0x6, 0x6, 0xffffffea, 0xe8d, 0x2, 0xf44, 0x2, 0xf5, 0xfe, 0x3, 0x80000000, 0xff, 0x17, 0x7, 0xc0, 0xfffff1c5, 0xfffffffe, 0x0, 0xfffffffe, 0x400, 0x2, 0x926, 0x7, 0x7, 0x0, 0x8, 0x1ff, 0x6, 0x1, 0x84a5, 0x247d, 0x203e, 0x4, 0x22, 0x6, 0x7, 0x8, 0x3, 0x6, 0x7, 0x80000001, 0xe280, 0x8, 0x3, 0x4, 0xc0, 0x3, 0xffffff6a, 0x7f, 0x1000, 0xf, 0x5, 0x10001, 0xac, 0x8, 0x80000000, 0x1, 0x7ff, 0x80000000, 0x9, 0x80, 0x5, 0x5d81, 0xff, 0x4, 0x5, 0x81, 0x9, 0x1, 0x6, 0x6, 0x4, 0x3, 0xfffffff8, 0x2, 0x0, 0xffffffde, 0x145, 0xffc00000, 0x7, 0x3ff, 0xd9, 0xc8e3, 0x6, 0x31, 0x4]}, @TCA_HTB_PARMS={0x30, 0x1, {{0x81, 0x0, 0xf02, 0xff, 0x6, 0x8000}, {0x8, 0x0, 0x5, 0xe89, 0x4, 0xfffffff3}, 0x101, 0x12, 0x1, 0x7ff, 0xb}}, @TCA_HTB_CEIL64={0xc, 0x7, 0x1}, @TCA_HTB_RTAB={0x404, 0x4, [0xa0000, 0x1, 0x6, 0x7fff, 0x0, 0xfffffffd, 0x457, 0x3ff, 0x1, 0x400, 0x6, 0xfffff001, 0x4, 0x101, 0x6d, 0x6a4, 0x3, 0x7ff, 0x3, 0x7, 0x5, 0xc548, 0xfffffff7, 0x2, 0xffffffff, 0x0, 0x3, 0x0, 0x2, 0x6, 0xeda4, 0x8000, 0x1, 0xc5b, 0xff, 0x6, 0x2, 0x9, 0x0, 0xfff, 0x9, 0x5, 0x10, 0x0, 0x2b, 0x5, 0x1, 0x6, 0x5, 0xbdd0, 0x5, 0x8, 0x6, 0x8000, 0x4, 0x100, 0x0, 0x1, 0xfffffff9, 0xfffffff1, 0x9, 0xec04, 0xffff, 0x5, 0xb641, 0x5, 0x30d6, 0x9, 0x9, 0xff, 0xada, 0x80000000, 0xd, 0x5, 0x4, 0x3fe00, 0x4, 0x1, 0x80000001, 0x4, 0x6, 0x10000, 0x7, 0x200, 0x3db, 0x6, 0x8, 0xc, 0x4, 0x8, 0x1ff, 0xac, 0x3, 0x80000000, 0x7fffffff, 0x3, 0x3, 0xffffffc0, 0x1, 0xe00, 0x5f, 0x9, 0x9, 0x41f7, 0xc, 0x6, 0x10, 0x3, 0x1ff, 0x400, 0x7, 0xffffda24, 0x65, 0x7, 0xe, 0x7, 0x0, 0x3, 0x2002, 0x7, 0x0, 0xdf69, 0x0, 0x9, 0x7fffffff, 0x9, 0x7, 0x4, 0x40000, 0x6, 0x7, 0x3, 0x1000, 0x7, 0xfffffff0, 0x80000000, 0x4, 0x4, 0x2, 0xc2, 0x0, 0x2, 0xfffffbff, 0x6, 0xffffffff, 0x7, 0x0, 0x4, 0x1, 0x6, 0x4, 0x7, 0x52, 0xffffffda, 0x10, 0x2, 0x5, 0xa, 0x5a4, 0x7, 0x2b, 0x200, 0x3, 0x8, 0xb, 0x2, 0x7, 0x6, 0xffffffff, 0x101, 0xfffffff7, 0x0, 0x81, 0x6, 0x10000, 0x0, 0x8, 0xe, 0x4, 0x100, 0x19ab51a, 0x4, 0x6, 0xffffffff, 0xa3e6, 0x2, 0x7, 0x9, 0x6, 0x0, 0x4c1, 0x7, 0x9, 0x6, 0x4, 0x5b1, 0x936, 0x9, 0x0, 0xa, 0xfa, 0x3, 0xd75, 0x8, 0x0, 0xfffffffd, 0x8a0, 0x59, 0x579, 0x9, 0x7d30164a, 0x1000, 0x3, 0x6, 0x8001, 0x1000, 0x80000000, 0x60000, 0x0, 0x3, 0x5, 0x1, 0x3, 0x8, 0x400, 0x8000, 0x62, 0xe, 0x9, 0x0, 0xf, 0x3, 0x4, 0x613, 0x6, 0x5, 0x26, 0x38b, 0x2, 0x8, 0xe35, 0x2, 0x4, 0x5, 0x6, 0x1, 0x5, 0x7438827d, 0xaf, 0x4, 0x9, 0x47a, 0x8, 0x7, 0x8, 0xfffffffa]}, @TCA_HTB_CTAB={0x404, 0x3, [0x4, 0x4, 0x6, 0xe000000, 0xf, 0xfffffffe, 0x7, 0xbd, 0x2, 0x5d706d68, 0x2, 0xa, 0x4, 0xd3, 0x1847, 0x0, 0x33a00b9d, 0x40, 0x8, 0xfffffbff, 0x0, 0x0, 0x2, 0x47, 0xc, 0x8, 0x2, 0x6, 0x9, 0xfffffff8, 0x4, 0x4, 0x5, 0x9, 0x9, 0x8c, 0x3, 0xffffeb94, 0x20, 0x9, 0x9, 0x9, 0x40, 0x2, 0x0, 0xd8, 0x7117, 0x22, 0x1, 0x0, 0x0, 0x0, 0x6, 0xa, 0x8, 0x9, 0x4, 0x7f, 0x8bb, 0x2, 0x4, 0x3, 0x4, 0x1, 0x3, 0x6, 0x8, 0x7, 0x7, 0x7, 0x7, 0x2, 0x9, 0x7, 0x7, 0x5, 0x3, 0x10001, 0x1000, 0x1, 0x1, 0x800, 0x9, 0x6, 0x1527, 0x7, 0x2, 0x1, 0xd, 0x1, 0x4, 0x7fff, 0x80000000, 0x3ff, 0x7, 0x4a, 0x2, 0xfffffdaa, 0x4, 0x1fb, 0xffff, 0x70, 0x0, 0x0, 0x5, 0xfffffff7, 0x8, 0x5, 0x0, 0xb283, 0x9, 0x29a, 0x3, 0x401, 0x3, 0x5dd, 0xb, 0x10, 0x192521f1, 0x4, 0x4, 0x4, 0x0, 0x9, 0x2, 0x3, 0x22, 0x101, 0x0, 0xc, 0xc5, 0x5666, 0xce, 0x2, 0x2, 0x80000001, 0x5, 0xd, 0xf, 0xfb4c, 0x3, 0x5, 0xd1c, 0x81, 0x7, 0xffff3203, 0x10, 0x4, 0x3, 0x8000, 0xfffff000, 0xfffffffc, 0xcb, 0x10, 0x2, 0x80000001, 0xffff, 0xa98, 0xffff876e, 0xc, 0x7, 0xd7a7, 0x1, 0x81, 0x0, 0x3, 0x3, 0xfffffffa, 0xfffffffb, 0x3, 0x3, 0x1, 0x81, 0x4, 0x8da, 0x4, 0x2, 0x8, 0x8, 0x6, 0x7fffffff, 0x0, 0x3, 0x7, 0x74, 0x4, 0x0, 0x100, 0x2ef097ab, 0x71, 0x1, 0x7, 0x5, 0xe, 0x3, 0x0, 0x8, 0x3, 0x29c, 0x101, 0x6, 0x4, 0xfffffff4, 0xfffffffa, 0xd, 0x7fffffff, 0x4, 0x2, 0x6fe9, 0x8, 0x3971, 0x80, 0x7f, 0x3, 0x7, 0x3, 0x3ff, 0x40, 0x80000001, 0xc2, 0x81, 0xfffffffa, 0x8000, 0x7, 0x2, 0x1, 0x0, 0x4, 0x4, 0x0, 0x81, 0xf1, 0xb, 0x5, 0x1, 0xe2d, 0x4, 0x9, 0x5, 0x1, 0x4, 0x0, 0x9, 0x6c, 0xbf4, 0x3, 0xc, 0x3, 0x30000000, 0x8, 0x200, 0x401, 0x8, 0x1f7f, 0x6, 0x3]}, @TCA_HTB_CTAB={0x404, 0x3, [0x3, 0x8001, 0x0, 0x8, 0x7, 0x4, 0x5, 0x91a, 0x5, 0x9, 0x0, 0xfc, 0x7, 0x3, 0xcff0, 0x5, 0xef, 0xfffffffb, 0xc, 0x6, 0xfffffff4, 0x200, 0x5, 0x80000000, 0x33e5, 0x1000, 0x1, 0x4, 0x2, 0x3, 0xa, 0x8, 0x6, 0x7, 0x0, 0x1, 0x7f, 0x4, 0x7, 0x40, 0xffff, 0x80000001, 0x1, 0x10000, 0x400, 0x6, 0xffffff80, 0x9, 0x5, 0x8, 0x28000, 0x7fff, 0x3, 0x2, 0x8, 0x9, 0x100, 0x5, 0x7, 0x13, 0x9, 0xb4f, 0x6, 0x8, 0x3, 0x0, 0x34, 0x1, 0x1000, 0x5, 0x5, 0x101, 0x3, 0x3cff, 0x5, 0x400, 0x1, 0x2, 0x9, 0x4, 0x1, 0x7, 0x8, 0xffffffff, 0xffffffff, 0x8, 0x4, 0xc4d2, 0x80, 0x6, 0x1, 0x750, 0x9c2, 0x3, 0x3, 0x5, 0x10000, 0x8, 0x1ba, 0x8, 0x9e4c, 0xa, 0x80000001, 0x800, 0xffffff7f, 0x8, 0x3, 0x4a0, 0x260a, 0x7fff, 0x2, 0x9, 0x8, 0x3, 0x1, 0x9, 0xfffffff7, 0x1ff, 0x7, 0x9, 0x0, 0x4, 0xfbe00000, 0x6, 0x0, 0x401, 0x7, 0x1ff, 0x1, 0x3, 0x1, 0x4, 0xdd93, 0xa, 0x6, 0x0, 0x6, 0x8, 0x6, 0x78237551, 0x8, 0x4, 0x50, 0xb, 0xc, 0x43d, 0xce0c, 0x9, 0x3, 0x101, 0xfffffffd, 0x8001, 0x0, 0x74ab, 0x2, 0x6, 0xfffffff8, 0x2, 0x1ff, 0x401, 0x9, 0x8, 0x3, 0x3, 0x7, 0x6, 0x3ff, 0x0, 0xe, 0x101, 0x1ff, 0x5, 0x7ff, 0x1, 0xb0b3, 0x7, 0x3, 0x6, 0x1, 0x6, 0xe, 0x7, 0x7ff, 0x1, 0x5, 0x5, 0x4, 0x3ff, 0x5, 0xea6, 0x7, 0x3, 0xe, 0x5, 0x1, 0x1, 0x7, 0x6, 0x80000000, 0x0, 0x9, 0x1, 0x9, 0x2, 0x3, 0x2, 0x3, 0x5, 0x1, 0x2, 0x0, 0x9353, 0x4, 0xfd2f585, 0x8, 0x6, 0x5, 0x1, 0x2, 0xd, 0x2dc, 0x4, 0x8000, 0x101, 0x2, 0x1, 0x2, 0x3bb8, 0x10001, 0x100, 0xb93, 0xc, 0x880e, 0x80000000, 0xd, 0x91, 0x7, 0x1140, 0x1ff, 0x1, 0x3, 0x3ff, 0x8, 0x2, 0x8, 0x5, 0x6, 0x3, 0x8, 0x8, 0x2, 0x5, 0x27, 0x7f4b, 0x9, 0x5498]}, @TCA_HTB_PARMS={0x30, 0x1, {{0x5, 0x0, 0x3, 0x3, 0x9, 0x5}, {0x2, 0x2, 0x8, 0x7, 0xd, 0x7fff}, 0xfffffff8, 0x8, 0x0, 0x400}}]}}, @TCA_RATE={0x6, 0x5, {0x6, 0xbf}}]}, 0x10fc}, 0x1, 0x0, 0x0, 0x4000050}, 0x200000c5)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x1)

3.479510504s ago: executing program 4 (id=4352):
getrusage(0x0, &(0x7f0000000040))
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
r3 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000300)={0x42, 0x1}, 0x10)
sendmsg$tipc(r3, &(0x7f0000000000)={&(0x7f0000000200)=@name={0x1e, 0x2, 0x1, {{0x42, 0x2}, 0x2}}, 0x10, 0x0}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x1, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
r7 = syz_io_uring_setup(0x237, &(0x7f0000000380)={0x0, 0x80fd, 0x10, 0x4, 0x2cf}, &(0x7f0000000300), &(0x7f00000002c0))
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r7, 0x13, &(0x7f00000001c0)=[0x39e], 0x2)
io_uring_register$IORING_REGISTER_RING_FDS(r7, 0x14, &(0x7f0000002240)=[{0x0, 0x1, 0x0, 0x0, 0x0}, {0x4, 0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000400)=""/151, 0x97}, {&(0x7f00000004c0)=""/170, 0xaa}, {&(0x7f0000000580)=""/98, 0x62}, {&(0x7f0000000280)=""/22, 0x16}], &(0x7f0000000600)=[0xb5, 0xfffffffffffffffb, 0x539, 0xb2be, 0x2, 0x4, 0x9, 0x3]}, {0x8, 0x1, 0x0, &(0x7f0000000b80)=[{&(0x7f0000000700)=""/83, 0x53}, {&(0x7f0000000780)=""/140, 0x8c}, {&(0x7f0000000840)=""/123, 0x7b}, {&(0x7f00000008c0)=""/161, 0xa1}, {0x0}, {&(0x7f00000009c0)=""/212, 0xd4}, {&(0x7f0000000ac0)=""/66, 0x42}, {&(0x7f0000000b40)}], &(0x7f0000000c00)=[0x2b279bfa, 0x2]}, {0x4, 0x0, 0x0, &(0x7f0000001e80)=[{&(0x7f0000000c40)=""/168, 0xa8}, {&(0x7f0000002300)=""/164, 0xa4}, {&(0x7f00000023c0)=""/4096, 0x1000}, {&(0x7f0000001dc0)=""/72, 0x48}], &(0x7f0000001ec0)=[0xb, 0x9, 0x400, 0xdb, 0x1, 0x2, 0xffffffffffffffff, 0x20008, 0x7]}, {0x1, 0x1, 0x0, &(0x7f0000002080)=[{0x0}], &(0x7f0000000b40)=[0xf, 0x4, 0x9]}, {0x1, 0x1, 0x0, &(0x7f0000002180)=[{&(0x7f0000002100)=""/94, 0x5e}], &(0x7f00000021c0)=[0x0, 0x76, 0x5, 0x5, 0xb97f6b7, 0x0, 0x37f, 0xfffffffffffffc00, 0x9]}], 0x6)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

3.048914971s ago: executing program 1 (id=4354):
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000), 0x4)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r1=>0x0})
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000100)={r2, r1, 0x25, 0x0, @val=@tracing={0x0, 0xfffffffffffffffd}}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', r1, 0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x23)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r3}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='percpu_free_percpu\x00'}, 0x10)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETS(r7, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x1, 0x4, 0x0, "810000cc2b000000ffffff00ffffffec00"})
r8 = syz_open_pts(r7, 0x141601)
fcntl$setstatus(r8, 0x4, 0x102800)
write(r8, &(0x7f0000000000)="d5", 0xfffffedf)

2.443708361s ago: executing program 4 (id=4355):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000005000000850000002d0000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000040)='netlink_extack\x00', r0}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00')
lseek(r1, 0x289e0cb5, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x4e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000160000001811", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r3}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000040)={'macsec0\x00', @random="06517dc2e6ea"})

2.336482252s ago: executing program 4 (id=4356):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x16, 0x0, 0x4, 0x7, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0xb, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r3, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
syslog(0x2, &(0x7f0000001940)=""/87, 0x57)
munlockall()
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)

2.223697614s ago: executing program 2 (id=4358):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r0 = getuid()
quotactl_fd$Q_GETFMT(0xffffffffffffffff, 0xffffffff80000402, r0, &(0x7f0000000280))
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
inotify_init()
prctl$PR_GET_TID_ADDRESS(0x28, &(0x7f0000000040))
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000))
socket$inet_icmp(0x2, 0x2, 0x1)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
read$msr(r1, &(0x7f0000000040)=""/59, 0xffb5)

2.132500606s ago: executing program 1 (id=4359):
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xb, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
creat(&(0x7f0000000440)='./file0/file0\x00', 0x188)
lsetxattr$security_capability(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000100), &(0x7f0000000600)=@v3={0x3000000, [{0x4, 0x3}, {0xffff, 0xc4}]}, 0x18, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
lchown(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)

2.000494048s ago: executing program 3 (id=4360):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r3}, 0x10)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'tunl0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=@newqdisc={0x50, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0xffffff1f, 0x2, {0xfffffffa, "60d7f74b38433ed7bf20a5dc0dfbb554"}}}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x8}]}, 0x50}}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r6, &(0x7f0000000040)={0x1f, 0x0, @none, 0x4, 0x2}, 0xe)

1.530009175s ago: executing program 4 (id=4361):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
read$FUSE(r0, &(0x7f0000006340)={0x2020, 0x0, <r1=>0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000002200)={0x50, 0x0, r1, {0x7, 0x27, 0x2, 0x4a1dd8c1, 0xfffe, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2}}, 0x50)
read$FUSE(r0, &(0x7f0000000100)={0x2020}, 0x2020)
syz_fuse_handle_req(r0, &(0x7f0000008680)="265ed300624cee917954148609d0f2ac52561da46fe5c8ce8b3d649d8b59dfb0c633a2151990de893de399d507986121aa114fd87163065d2988807d3e0953e6b084d8b607280f9207193bb76a79bb6d4f638d070435bddb76667d5dee6329e71b2c9befbb22bbde0c1b6da63b845f2c28d2c5f4deb07b4ae015fc576702112f75a755e76b6dc450719f63cd1939961e4c895f9054760c61f933bf74d185520f9aebaf3ab397a2089640ec41ab5cfe6c828b53c4cc544f9812034c719e712532763eff6e69ad7cc4d2f29f97ccce18f298ce417251430929d422e21cac05093609d97896d0beb7d4cce9f1975f01e7dd29ea061a868bb6607b7cf88a2e33dd5c5db31cbead98e06c2c7add9012b0483fe662532c81ab1a1ca8f20f1cd9020e06c2bdade3f311d08b47503b5b63b279a9be019006e6929670f53d5688c194e9f046d2322d71bc26245e698cd44d655c59b2e0ff43771a386abc38cd6e493e0a475ef525fa78671fd9954e7df71a3b7c7ed90379dffa4fd76f0367eca11c1d8de813979951eccc8c93b4f9fdb4785c0a9d207e65742bdd358e9dfbf29203c36b91fdd78db55b53ad1e713e32fc1f47bf3390f3db8dfbd514b4b31095c818e18b63ebad5cc3b406557f3a9380c5025ab11c64522b1752b2296bb00b7750ab82704ba197f26ab76e35da02ae87d25669d54d212aa680b579773c889902782d1c8067b16ff957bfa70cd8af4c366c1629e871cfb033d46c0d308c3ff5072fd8e23ee02986a128051b8e6dbaa2bc46bdc8772d923f2906eef68015bdb4cd66a2525269a91cbd7336c930c08190a8606d762c768d164d05eea38d63e99e1fab83ce2683b885e1619065acb1bed0bfd63e3cea5c9d7c9994df4036aa17f9eb0850f9eb42b17b19926fd9d814529c3cf4397e3f38f9626f0bb4f229b51c35773cbecc42ba22f8346c9c3a6f3ca7d8b25d0bbf30baf48bde92ea192e2484ef9b2160492edb5f2ce296b0b6b420d020b7d14d77f7b436b1a23b733051369536eae7c7148927c3ba3a968516039b0b14d9918a41a1bdd5002847e1c3d02f0dc2235857a9797038d164591757820e7d74dbadd42b8903f20434c6ac0f401fdbfcbed5dd3c5b5fb0ce1f9c81e8d1037fde8dd3fef1d5d7af6af8f36c0f4462909dbf694cc6fe80070bd5fac5a5ca4dffae4b2c67892f7c53af3644ffec29ab3d791bd7934ad38929a9d5fb9ecf10b9dec62e315ccb0e0de60bb1620daa8154a4cdec98d94d42ac1a4b5f8da6afcb7dfb53544fbbcaa3aa444182ff25064ace51a825fe89236e850a2c90e1c7db17871ea809c4a11a26f49b213cab87d4a42b747546fb9b15068faf1a8556f909f2c47202e7b65cddc708ded90bdde68725b787bdc2d4eeda60204bd0028f07ffc3052f93eb6343d1b2a9a5292e6574baa4a096fda6dd54f6d39e9462b6839b8ee2426e3fbf42a016dc0963145e602f2b0c351f123df48f608f74b04fc7e9cd018e7ab25bc1c12f8f58c0b2dce5714faa54820ef72f38566e3d776ea2d5b061a2e94710176f15d2221420abad8b8b733de253e602277848e7f1e0eb4d07f5eb0cc4d9f874e632007cbca23a5d7e4109cf5c4fafe5f607149bac37938734b77d9b183cf76014aa61507bd4eb44524e8326c58932c8b9f6a10e334cc602b5b8c956c7cb5ffa099274b599fc9c58327f85553e00263e548c93c89edf7a7c83cc10348662fc344c85378572a40b49ae65972fb40abd5e0a38af48207983f86c7bb6bf9b7853c4b1fb522d135a83bbdbb78130b4df3aa7cfa930868cd5a2d995ca9fe4f64c79485ab19d85b0c82a72f4a09ccab267320a61208ccef13c3546ab0f16e34cdc56d6e48a6d9c14c626528a3b191e3723b19d4388d5b9b61c7aec726b8752455f96e888ba7af82c127796e9b67432d1f60a3470c7bf4b924cf10f06a3e3f64c60c7c2b0fba4d1ebe4e52014b4052c2ba0d5b649c46e5cdc6c7159faff2adad2db2d3db9f4f9e9735ba28b7aa1c6c2fea9dab6c9617160d182dfc13e18f44e73c4377df42080d08a87fcfd46b4a4f30205457ad19ddd473fc3a67153d04e960f1dc7556fb158a1d584eb2bde917792892a30e9cd25d37a318cf06bd6541463adaf5d12adc50252f364ba05f89182018ded2179c23a1fc0b31d87139da39298b8d387446c70c4577a27f6df841d9f43106bc1bf44f5c7a41460e2afc9eea98f8e256919c0befd53d7d015412391963c9ad39a19aad265cdbd609628e1913adc2467b69c00865a88635c46a851e7252cf3dc5c3cc5dcb04e97c0742d1a844556744036c97710dd9b55f661506f36cfef2c6b7305b63f5c33469b33ad09e1b593a7ddfc97777954c71c8e4857ca49aa7e5de0d25d760f633660e1fd783cdc43b00a0ec149cc9c8385807c2f6b4cb255d6a15ac75ef63d0871b176d503f332c069ccfa7a2bacd11999ea792024b35c9faae5bf02bd5c844d04d9680c1fe35c2d90ce808b45932e754e4e1dd142ba5a7bd9ecdf7717094ed4359eba666fbdc1e849ccede72b0b37f0b8bc4f76b99222f8d199de11dbd0ff396236f4a37aab955126a60c9f0d457c7a394920aa9014611e5d994c8373516f061dcc5ac881bdda5132b5ee984b15fd007828401c72df63c2efbc5f0e8545310ce65d0635dc73f0cb1c796c24b7ee62616116c13369ceb74ff8bda64a98e903dfcfd88b3c0c5f86191bcc8342578f23dc70fa6ceebde822ffedb7587a3f204d330be4977bbbc2529cf0ddf4c85b17f1088f48d878e72fb00e15a6144231108be816d2718c360e2fa8a236691c775a9a0ef3559696e9b8f85eec0aa2b1c4f01a2df6065bd31b23dd37718613fcbbb1566dc0607bf487c1a91f2b39a83755a6048e46d02ede0f5aaea8ee9e245d6c37891f5ebc9bb7ad2462b4ea4f1167b8c8e97e2f7b62c1c98ae0b808ee6033818d28a00ee72120820b2227da50d7f66d3318f6acc6398c81e529c5cb0df75e303954c2fa828760c1133fdbdf1fd7675b8634bdb496b054b91672fc7ac344a37bf60988870d54e5baf91334db883b2c69acb50676c2f871fd577747dd1d26c00a56e757b6a0edcd609ef5c3b3ef669ced2af5f19ad19194d04f23ff23546df47bc67ad596672a40cca2e87f8fcc3a318e37c73f9f50bd06926c74078356ddddba42ee273e0c33c2fc6cdd1fd50daa6ed3b7b6ce558f89449fca6d8b05c90639283d44e14a854eb29d65ce5b9552597072cb148ccea15ef430630559293afaf204f22a890fc3009a2bc1b0844a49668354a940fbd0d5919faadfe5cb80e4c93d138ae28269a99c877426298b9ec7f01e9005da2d7977f34103de38b2f65bdc1c899ba96745ca977c46db6003b1ab840e677f0d8960b4e9f71e82fb89a8cc0702739276ec7a040c69e6dc0e439658d420737a2f6cbe7cb1ce904f4a39dbe8284971e527ef50976c89855f75d5e129a09a117a5c042411696f8a3bf02879a287b2b1ea2a6e1adaed0374341113bb8363f33aacd361339c9c06b4bd6e04f8fbf1f120f1992856608426d44abb6cc429a075c7bd22bdffc9493f218286f8eb585001fdf79327c8c17d462cc2ca5b435d444659767150c6e1000a74f001be398a1bb48863d3a4d4a71a4623e1721b003d7d2c038fdb405b814f37a95a6a53bbb365dddeefb83451676c7b57a23dd1d523958e2e2eb8d889c47cb7aa515e9b11b2c3accfe6739a8ef56b7a02adfd63ec9f9232c38e2aef3773a9a7d6f4844ea1d609f146f19e6c46fb6b961b8037e5d9ba34c0ca5c10a668ddc5d6f4c7951732f68c56ad9c1b3e53e09d33d9b377258ab2de957c8adcd4b68923ed6eaf2441e2d888d1d4653c5686ab712a82ca16cf475009e238e5a8df04ca2fa719e6308bd60026deea44355a6e878157ffc7f14a8d34275a9ed5f810ea4ed1827e4c91998aebe9aacbae14d95eed96a9de17463ae852f53d2bf3e92df959564e9550c1eeb0b052c00cd44c07b7f021cdad5c70908a74bca9ec4fa372f491aeadb297e8f571de1b376ef1b7194d8e434ba3867940606521399595be0ec4daab0b45c42e439adc5cbecc7310025ed8761a1d78adf3ee6b223577e473423cece99cde0807269de6929624ed1739b2380ed4688779ce9808595e9b87ed6f42d89b1676014cb8c9a3f7484aacdf794f056439fd1e5233de23141d5b87ca95b54721a01212666e8067cf683025f1219f4d0569c8cfb2d6ed67e7f051e2ef9d0b70a390ac7d53bf9c4e537c74afd223e311341583282ac6e4ab209a591ab0f4d7205512a74a01cd33b57d993fc5c548a757d757e1f32272c22b86fb2428b338eac75c21e4ce3fbfdc6f04a62856610308e65dca82a7637d7113a48c6ce0357fa454f6d58a1b61698c7b65dc9b8678f9d279b883f76e04ad1f1154e2f490afb7e397ce65ce297f6599b0671f3129bc87cf4221d8ce101f71a1df23b6343dc3d6e35ee2eb0a1e37e67e091fab994b8948e956320d7e512308641a129526ff2e73ba026fb72fd3da3482fde5374d54bc3ed6ae53f2b9b4d222db5f3126760285683ecbbd0f8b5bb964e5a1cfe404ce21588a21c2244e0f76520e139992f65a15299548f4dc5e4d1e54acf7592ee1f04e36987606bf10e4632c79d00e1ed985553b00a8e828dd193f5cbd7101cd36745804d474532fc51e708c7f124bf9231b9a7bd1ca4446060535054b4bfd5a61607f3ae45cf1deebfb9d8710e5523c8cd03565cd378e77b1b3323a7d97f28fd1a13aa40626abf69d7b66ee9db3d604b293966347a4fb36d089078f9808bc209109690ea47941ad7c146367b78eee93131a57b5e12690b7288ffecf22f39f308a80457ac6052b8f477bafc15a3ab30cfa3cbd7dda9803e5a5664694e77f528087de197c02fd4d133ea9133b9aa4377bcc0b62801982b999b6e7f76dff371dfd998704e340b4e5da88384fa8cf08d747c977105e4574bda02c56361338a0a9bd800e94c861a31d5d64d71cb65c0655f5b5cf5f900e348d7cc05d9c2dcf711859cbb8ffa54065e2e5462f4c1d80d28e5d5400090d4bf61565422b8df0f34f7a7c1e153d39c9d7340d15b8db226d323b4e3c50fd8aaa87ec9e5c3fbb3ad66462c6ec5ff31877024d119fdb7a16e69d324ca9819512c45c3852409f4899a41a4d16ca77dc3dba1ffbdc2af2fccaba1f04e048444154d5019a267bbcd440d7bb3516e9741e5f9c3ef1135e8c0d70e3c7800c10c000e9cfbddbb5aba9e43b3dc0164f92733590f6921bfb53aa1466a53b6146113795fc13d1621b3cbe0eadec02c469a4899232c23a5a88a9d659984c22ee523b5c5de84223a0f0f9bf1fcdb1efb4709252c0fab477823bf2505f9a2e4a36d0bdae824ecad15a4c313f0c9eb4423ea249710e353e61264630927f778c01978f5b50213d71fd746e40009432bf50b7932b7659942f0d1b6375b87d9b038ce271d7333ed282beb3925a330d881ac7611d3e8b869601b146fd82c06b340ae4823c4c429af4c15f2a2a2bdf383788e86b68c001866a86188cfd71b02bc8abef13703264f3ad08ff6602e15ff84715b7796541c87e26b0c6e086211943e52629f8c1e71fdaec972ab5a2c690c78b08d65651ae4b64070f7bb37931119881ef14c4c8e228d67d34f1c9eb855b39ad6e615bf24f7b453a76547edf2fa025c53bda95d783fb3f735852f28318a8a67c8ceb5279d380d724ee6eb2e76ba8807a0865fcafac50d09a92b85d27a238e4461a80cbbeaed62a844c17e498f6457aa642ebbd0aaeabf127b8f8fbdc2e28ff7fafaafe3016603461f256d7fca690a8643b9697800b3cd59e09ecae48baabccb63cad4a627f6bfba0759f1c186977e9698e6fbc16ec9d1c95ca8e2e075a1eed3ba6223e4df44be7da59a444715a78fdb90a1645c069ca0fd1609b7dce29ffa11f17266c32856f9ebc853c0c7cbbbd82667a5106b5b63f5328ae9d653dc5dd53194988f0e421db3851eee53c557e40a7ad293a22ffd3445d296347cef4187aab3c9c3c2a8e40be66919c30cef3de8125f3cc7342a43791cf1b3b117af99b04e0fd8170f17f4ba25bdcb24965501025188a430df86239d369a6e2c9245e914fe4be3a1eb48e22e2e1c72caeb4b0d1b69e8a817cc7ddf644d33e56ae32215604f267a80754619440ddb3621280a4b388c14ca19dfd398d744977849247d0bbc55d5a54ef062ad3cb3689168b28a0981946fa01737e081101b9c571d0ec4e5775159daccc110588fbd35bf6f0d55f99da967a3d3db1999e158958d7ce128571efaabc09c1aa7137c35f3edf7cfff386a79ba5acfa974366c442207a39ce67afc8469c2ddc6f45413dd654d9f59ae7fd31115dfeccc43c27bbcffab119106735b7782f9694a3e30159aee341f04540a54443562cafad5cf3336c6e900343b053d7c93bab45d8846cb5b880e11b979c13dfea06267932d89e258ef30768ec2ce1d7b020609a5ea6ad9eda78219542567029d1d4d2ffe797b7f95f16b8f599390b0b630decdc6e17593b7e4992d48e62c27cca2e423eded85cd4b436065496984d59044d38f317d0ba649837e5377ab3793c3f66c0509eb37ba365c94273b3cad97c5f607bcd312cdf3c8605dd5569e293d21c588969d7bfb17a228b53f2cd0387995945253c6ec8fad3777cafafcbb9151a54e653a142b5ad0c62682b8ec4b99f525dd853f75c17ae6264b7bf975138de9932d40be9f35ce25dd2a1e307fcf506eb6db8803c19b9880f96299ef58a6bdf32708346db540dae112b0f7ebfbe6f3f46635b7d98e232cc91eff29c7fed6dd53d448db2fb8fc4c0dd661d47585c7966f9338f165e53b3d7777dd844be6a6c8885d95b839a32ea0bc83ec0ef8a5bd11b666d11fd8e27561d8afc4686e978ba31ff2f812f81a6a82956b95a0cce2966a37a4b9e33bd297ab8b1667f6ca5a6be65e4485a305651a4230b7a010a960b035dfb7a8474dec1965c6a9177f62484817807e0dc43ab2770b27adcb40f76c0e78639c55fdecb6c008f2e859ed496818b48e5fbe32376fb3c434afc0ff780867e7374a8d659cc1580e49678f4542e5cd3e54d5f4bd1ff6d186827d588ace5a8adf437dea11def7b57b6b8c992b86695d09c65aaf532d6b8cf12686df8b07bfb5a8aef7944f04c8bd00d500b8b7eb24516dbec0f5514dc48f70eb26a2b78042fb6b4726a20fcf73ccc9a14b75bb82e558e8bc4f7ff5453850f83d12896e9abf322e5b81b6efe679c8c98ee092e06302f9f1472931dbe5a815ac38b1bff79363c4f846caa755ab3ed5b60a938d5f1a9e10950aaa0c5d10c5c4f09abb8ce6b98867e6f8644e3b9d603f07f9c2d1044600635d432ce796b0b96baf572238711302f8fe486f3bd4b5a0463eefb0cb04271393cb1b47b033db62840b4c535da356de3db90961deefbf43060d57b303489aaf9c3bed935f8750d47b8e6aed8eba71f08d93246c92c7cfddea99f6e052bf18e787aca4cc04779dda1f67a420cbb5fbcee2f2ae28be664fad18b478e171dc3699116ae71421b86a5fa9732767c994f38519874b33f07b12b8baa5bc672017cb1e2c8e8897e541358da9a9e3bf8bf57ad3541fb434534190ddb95a5ad701e20548b269268fef7c20c15adb8a86dc8ed756f760370ef2bfff1261349b535b77f67a4118dc8f95c70e977ae39c7c77f2d4e2248028439b72325c033c68684fc8dd6050f0449e2c87debc00fb8bd5d1d9b9f31219b4243cb089362b345f2b9aa7089eb618e1407223ef1022dbaa856197f6cd8dcb7fc53afc16731e0f21b45a17fdc2c49bfd9f14e454c98536c507c3aca95ad57be395ea9d737a4a3237825cf102ca080e013230cd7a46e91237b2214a2b175ffb390ac9f12e5dd3124ffe1e152e148371425c6ae5c603715d5439e0f9e49e8048b56489ce79c26df2dab6ad0c8ac0b37e5d4fe10061f44f3d2314e1ee6245ed600c62a9c448faf905267cdb125ed7dd2a7a539770bd1ddeefd13a521991cae16160cadef434edc23fec333ec7b328c4a6213c5040848e835c6b3e0aebcae1d5884f7e8f654adb512c2f0227fae83ddae0dfa848e0ba9344404ef1d6da880f8eac71fb7e02f197859fdc1ec634dca3f46932e5f022689ed253e60f232e1acd96fce398961d62c4d63d7f37d48c26175298658c224bc1db73b8baaeab139065a9bd004bcaa24493c17f09961c09bd0cb828a8cb3cab56df2991646ff370040bc8507d3d16e66dc075c8d302c6586dbee27b32f93ea563a2692f65ada174e35bcd8cd3214c1a38cc00c90067828b9980da7dec04fbeaa2e550c8d069712efd0853e7daf007b0de5c9e361d75c40ad5f9f2923c10ea479e5852ad35f232d6d141ca7b4328c9d72dc5c247d1431688b2a325d88582733953ee50f997a5d8324cdcb01fda11a773093f344fb38b55c5f9e7706e1024cfb4f2e47544ebbaf792de3c4d8f1522e9d9ce73fdaf1740d3dc134a78b53c6167aec45c730016b8ad9d9bc4042b6835a5ff34c9d36da7418719a86be6637c896fa4a4eda862a9e73ab97e5a977aebf0fe64a7d507dc210a677873e155fe4b2cc3a96e558f4d54db6fc5fcdf166c4cd58bb5d1721378ccff170c0eba14b990ef610606909c205e34aabd15eb7a62406df5451871b18ae3cfb5af37b7f7bb2be80590d3be02c5d0c4143be66efcbe13c6927f54ed27884b3d6a73e90516552a0bbd81f7c76ed5f84ecfef2225e52b9cf6021895716aa29b540750eb64b31cd7be1e9fdaaf132681b23cfb2742fbeb4d1f40fd0bb1d13ba044b252f2f04b0d5fcb121977486c5754a569b81be7577cc0c9e918affbf9abc1b6dd567aab66b7e2aca396e79d53ced9695a65a704bbd9700b55ac8c968c5f43557060c6507a3557c8762a7dc8263eaba22d51fb7df435e20beeaa700609d774d1e212e7493b672324e1a907fc1546cdf7d4ff88029dd7e9c92fc530e3f55b6c1b103c69f14859524d07e454a3c5f987e01d21d9a5a6f842370cc3dadcde1b5822b0d0c47883dfee62b9b7209c3a7c399ed34604e164f806e68a5a24a53d0c5beccdc1389e87a5894061f95e7e8e8bf84ead6e7fb155938230f22b426d9041e8bea72dae14911824db9b65bb0ea0d0404cc8fabcb8f1863e13c8475beb68138e043dd67bf1b0d7e038f9f3d25c8ab1a52173af6b46d8260d677bf066058e89dd18b03fa20e79938dab01876102992f9df49dbe983526b9e0bc83c15cb9d52511eff20d18dcdd316bf334b98aed9024051b87bd3d767054470f4b7f59a207e9b9f17827497bec146aa1b0d18ef54ae5927c64b05f34c8508a0cfea02cf59b3c97a1d3e83a00b7ca495167f411b3f41c1409a8ac007e1cb08ef83c4cbe38117d4b1ef9b58dc0092371b1dbb1a1834f780282dc2f3b6bf36fd0dcc7619c28785b76910757376adfb014ca9ff8bfa3e291e7cba2caa05efad48b1506337b61f74b7b0f4abc18846af682f34708bbee9dee76837bcd192876d1861a20b3e77c9984aff5ebf0a2a4741d6e43b4ac056ea138e79230144578bfd4ae82b84ed109e4d5ff0f955ca481ac0231cae963b7d4db76d89d07e265973a16899fb3a6f8dba53473954589134b520e680f4c5e707fd056e75edb194004b81a40bce0407b6c294078b77e8abd8873c01f6918b2c7c6095c9f23b9841e90e8acde53ba60cd78911cac6fc2ef6bb5fcbb0d3da3e63d70b47495f2177afce5da37c59efde49aae133761847a6f0c8aa374790522ba04d466bd1f7860f53371f5eb2f506c5bc7bb6ab449e4a5c37866c31684b285cf5da17f36434b809f69c542c989449fd0eca50f5eacf8080cbbe8b84d1183095ae7416b8f2b98311451cf7cad2d8fb721e589f9e611376430359cf855444fd1415011e8c313834bf0e217ac7b03f8add941427b0d15b56378b2cd1e3925008c16cd5f95dd149c7e050e0a153e4333e63bd14816b4357fbaa5f706af6ee225057eb599bbe5714c9ff23204d1902230569839d8836e6b2525570b00eca8534aa0c29cf62dce61ec66d9c195be81279b698ec8565fd6754f636b9288247657efdb2b6356a82f014a1e6b24926fdd67810ef0a01295c664980f2057ca17362b0a5888c23ac21842f931a7d57cdeea73c4848c6c1cce20be979faa611f86509ce031fb4102a0fd30bea4f4f840c75d238362a2c4f8de16e81733ca90119f8c1ae148b184d0b113685594088ad8a947455dcfb782f8beb69e255dbed46ae2ee6f094168a52501fc68ed669fac390cd9320ba16d69c86d6f642aea836bb1d7c14593f15d8d33d452d8c87003d7ada1995e2b43f788b4ab00ec6f58869968f098218a3ca21a6f369d47a14cd3de7de8357902e8ecfb5f2e6beb5d3d32a6a6224fe3d6dc5c06eb117af0ab396acfcae58b2b1b9981cc71cc1cde07491b6b6d97e04c10ff216393dd28737d31c8f2cc9ebe161b96d407088b2bc456c331b676a0d7dca3df7f7080697d154fa14f351fd467e30b4ac3f4eb7b4adfb173ff20594cfe539c775c4275795d54782bae4b59cc64a45740ff73d21f5d6cf39e10bae4fbc48ac7799023796d7408ff9220a07a49552b18c5e35f98082297d2b4a0932e4d224c6807d49bf9b5de2eff1a8130da56124ecb5509241fe95be11eb0df066f5f819bc7db0f1ee90ea0aaf4ca4458ae7b5105d574de028c82714ad0d53bfc8ffab31c57762b38e433d6991d83ba5616162e27e8ac122c145547c4abe18260c6d32c755a44390ed41241ef375e1f5a4311263881a02dae71f837206413fc37ddf40a9bb72256d1625ee0b94c1c5715809bdb24224cd0698a5802a83e2328dfa22b80e31b9a5c7dc2fe0c68545905368806c308334c194803eed4a24a96bc5021b837a293dde7ba22b9ed27369b3584deda6489bd1b3fa2925beeacb7d3be367fd014547f82b4561c0120978b6ec2b32ac2634589b819a2c94fd20c081fe9eac7b0745f73a1981e21b05b1bd97a9a1d7218c0e6d0e473e15a1a7465cea98ba0c72af2f270b6a61bc51d1a0a9603b91fcdcc7314fe7aa007ecffe6c7eebf5a65e82a96325e86f9aec39feac6eee9501495c74000ec1f0923e79ad1fbf6dc581539047537794151473e00be353b3b8dbb6da0053826c7bdf16c43867cc9cab9d1220466ca29ef2d6172c4c0ff9067eba9d9775225efaeab1b8c634b4001d2a5c01628bd5550c4573fa017afa3f501f1a6b7d7a483dc0885ab9c2ee959a596ffbb68c7ea99e48f4304697edf7fdba5567735ace3433c15aa59863f87e4605206a31ccf268588de7ed37fcacf6bde80c68ad53de63feb4399cce137c5776abd15395402af07250938aa1c466511bd5754f9cf2f938faa37a683996c801c8fc8aae36a706c5d6e2d36e96ab77eec817ce4d56d2bcf5a43702a883b127a1da8b6ceae1b82573a9e9e9e297560f8d65a1f5fd4bf3d45af0841e691b6e637bd8b9f7c8e51b813b818b0baf2d9c5c9d116781d327b4b43309c7265612089f1dce60a41fd0aff4bcd1335d696f01cee7b371e13584c731a3c3ef7e1b9f3f41f91c4dc647b948c93a99c1ae79f5f530c68c3cc28bbd00", 0x2000, &(0x7f00000023c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000008600)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x6, 0xffffffffffffa635, 0x3, 0x5, 0xfffffffffffffffe, 0x2000000000000000, 0x0, 0x0, 0x0, 0xa000, 0x0, r2, 0x0, 0x3, 0x20006}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x10)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000180), 0x0, 0x0)

1.483062616s ago: executing program 2 (id=4362):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
getuid()
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
inotify_init()
prctl$PR_GET_TID_ADDRESS(0x28, &(0x7f0000000040))
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
read$msr(r2, &(0x7f0000000040)=""/59, 0xffb5)
ioctl$GIO_UNIMAP(0xffffffffffffffff, 0x4b66, &(0x7f00000000c0)={0x0, 0x0})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000580)=@deltclass={0x10fc, 0x29, 0x8, 0x70bd28, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x10}, {0x1, 0xfff3}, {0xe, 0x8}}, [@TCA_RATE={0x6, 0x5, {0x8}}, @TCA_RATE={0x6, 0x5, {0x7f, 0x8}}, @TCA_RATE={0x6, 0x5, {0x2, 0x9}}, @tclass_kind_options=@c_htb={{0x8}, {0x10b0, 0x2, [@TCA_HTB_PARMS={0x30, 0x1, {{0x7f, 0x2, 0x6, 0x80, 0x1, 0x68}, {0x10, 0x1, 0x3, 0x8, 0xa, 0x8}, 0x2, 0x5, 0x2, 0x0, 0x800}}, @TCA_HTB_RTAB={0x404, 0x4, [0x6, 0x81, 0x2, 0x9, 0x7, 0x4, 0x4, 0x0, 0x1, 0xfffffff3, 0x1, 0x7fffffff, 0x0, 0x2, 0x4, 0x1, 0x5, 0x0, 0x4, 0x4, 0x3, 0x5ff, 0x1, 0x0, 0xb0fc, 0x7, 0x10000000, 0x4, 0x9, 0x3, 0xfffffffd, 0xee, 0x4, 0x3, 0xb, 0x8, 0x89da, 0xb2, 0x4, 0x1ff, 0x2, 0x6, 0x9, 0x3, 0x5, 0x0, 0x6, 0x2, 0xba, 0x1, 0x5, 0xfffffff9, 0x3ff, 0xb, 0x3, 0x3, 0xf, 0x9, 0xb5d5, 0x713, 0x564, 0x49, 0x60, 0xfffffffb, 0x5, 0x9, 0x5, 0x3a7, 0x3, 0x4f, 0xa, 0x9, 0x0, 0x774f, 0x1000, 0x7ff, 0x400, 0x7, 0x81, 0xa, 0x7, 0x7ff, 0x7, 0x4, 0x0, 0x2eb746c1, 0xff, 0x6, 0x607b, 0x5, 0x9, 0x0, 0xe, 0x9, 0x25, 0x628, 0x9, 0x6, 0x5, 0xe9, 0x6f, 0x2, 0x5, 0x7, 0x4, 0x4, 0x5, 0x4, 0x7fff, 0x35836793, 0x7, 0x7f, 0x3, 0x1, 0x8, 0x5, 0xc, 0x4, 0x4, 0x1, 0x40, 0x400, 0x80000001, 0x0, 0x20, 0x5, 0x3, 0x6, 0x3, 0x5, 0x100000, 0x4, 0x2, 0xfffffff8, 0x0, 0x3, 0x3, 0xd, 0x0, 0x101, 0x6, 0x5, 0x80000001, 0xfffffff7, 0x6, 0x7, 0x1, 0xfff, 0x1, 0x9, 0x3, 0x5, 0x5, 0x50b, 0x3ff, 0x5, 0x5c, 0x2b2d, 0x6, 0x10000, 0x7f, 0xf, 0x0, 0x2, 0x2, 0x8, 0xf, 0xf, 0x10001, 0x6, 0x6, 0xffffffea, 0xe8d, 0x2, 0xf44, 0x2, 0xf5, 0xfe, 0x3, 0x80000000, 0xff, 0x17, 0x7, 0xc0, 0xfffff1c5, 0xfffffffe, 0x0, 0xfffffffe, 0x400, 0x2, 0x926, 0x7, 0x7, 0x0, 0x8, 0x1ff, 0x6, 0x1, 0x84a5, 0x247d, 0x203e, 0x4, 0x22, 0x6, 0x7, 0x8, 0x3, 0x6, 0x7, 0x80000001, 0xe280, 0x8, 0x3, 0x4, 0xc0, 0x3, 0xffffff6a, 0x7f, 0x1000, 0xf, 0x5, 0x10001, 0xac, 0x8, 0x80000000, 0x1, 0x7ff, 0x80000000, 0x9, 0x80, 0x5, 0x5d81, 0xff, 0x4, 0x5, 0x81, 0x9, 0x1, 0x6, 0x6, 0x4, 0x3, 0xfffffff8, 0x2, 0x0, 0xffffffde, 0x145, 0xffc00000, 0x7, 0x3ff, 0xd9, 0xc8e3, 0x6, 0x31, 0x4]}, @TCA_HTB_PARMS={0x30, 0x1, {{0x81, 0x0, 0xf02, 0xff, 0x6, 0x8000}, {0x8, 0x0, 0x5, 0xe89, 0x4, 0xfffffff3}, 0x101, 0x12, 0x1, 0x7ff, 0xb}}, @TCA_HTB_CEIL64={0xc, 0x7, 0x1}, @TCA_HTB_RTAB={0x404, 0x4, [0xa0000, 0x1, 0x6, 0x7fff, 0x0, 0xfffffffd, 0x457, 0x3ff, 0x1, 0x400, 0x6, 0xfffff001, 0x4, 0x101, 0x6d, 0x6a4, 0x3, 0x7ff, 0x3, 0x7, 0x5, 0xc548, 0xfffffff7, 0x2, 0xffffffff, 0x0, 0x3, 0x0, 0x2, 0x6, 0xeda4, 0x8000, 0x1, 0xc5b, 0xff, 0x6, 0x2, 0x9, 0x0, 0xfff, 0x9, 0x5, 0x10, 0x0, 0x2b, 0x5, 0x1, 0x6, 0x5, 0xbdd0, 0x5, 0x8, 0x6, 0x8000, 0x4, 0x100, 0x0, 0x1, 0xfffffff9, 0xfffffff1, 0x9, 0xec04, 0xffff, 0x5, 0xb641, 0x5, 0x30d6, 0x9, 0x9, 0xff, 0xada, 0x80000000, 0xd, 0x5, 0x4, 0x3fe00, 0x4, 0x1, 0x80000001, 0x4, 0x6, 0x10000, 0x7, 0x200, 0x3db, 0x6, 0x8, 0xc, 0x4, 0x8, 0x1ff, 0xac, 0x3, 0x80000000, 0x7fffffff, 0x3, 0x3, 0xffffffc0, 0x1, 0xe00, 0x5f, 0x9, 0x9, 0x41f7, 0xc, 0x6, 0x10, 0x3, 0x1ff, 0x400, 0x7, 0xffffda24, 0x65, 0x7, 0xe, 0x7, 0x0, 0x3, 0x2002, 0x7, 0x0, 0xdf69, 0x0, 0x9, 0x7fffffff, 0x9, 0x7, 0x4, 0x40000, 0x6, 0x7, 0x3, 0x1000, 0x7, 0xfffffff0, 0x80000000, 0x4, 0x4, 0x2, 0xc2, 0x0, 0x2, 0xfffffbff, 0x6, 0xffffffff, 0x7, 0x0, 0x4, 0x1, 0x6, 0x4, 0x7, 0x52, 0xffffffda, 0x10, 0x2, 0x5, 0xa, 0x5a4, 0x7, 0x2b, 0x200, 0x3, 0x8, 0xb, 0x2, 0x7, 0x6, 0xffffffff, 0x101, 0xfffffff7, 0x0, 0x81, 0x6, 0x10000, 0x0, 0x8, 0xe, 0x4, 0x100, 0x19ab51a, 0x4, 0x6, 0xffffffff, 0xa3e6, 0x2, 0x7, 0x9, 0x6, 0x0, 0x4c1, 0x7, 0x9, 0x6, 0x4, 0x5b1, 0x936, 0x9, 0x0, 0xa, 0xfa, 0x3, 0xd75, 0x8, 0x0, 0xfffffffd, 0x8a0, 0x59, 0x579, 0x9, 0x7d30164a, 0x1000, 0x3, 0x6, 0x8001, 0x1000, 0x80000000, 0x60000, 0x0, 0x3, 0x5, 0x1, 0x3, 0x8, 0x400, 0x8000, 0x62, 0xe, 0x9, 0x0, 0xf, 0x3, 0x4, 0x613, 0x6, 0x5, 0x26, 0x38b, 0x2, 0x8, 0xe35, 0x2, 0x4, 0x5, 0x6, 0x1, 0x5, 0x7438827d, 0xaf, 0x4, 0x9, 0x47a, 0x8, 0x7, 0x8, 0xfffffffa]}, @TCA_HTB_CTAB={0x404, 0x3, [0x4, 0x4, 0x6, 0xe000000, 0xf, 0xfffffffe, 0x7, 0xbd, 0x2, 0x5d706d68, 0x2, 0xa, 0x4, 0xd3, 0x1847, 0x0, 0x33a00b9d, 0x40, 0x8, 0xfffffbff, 0x0, 0x0, 0x2, 0x47, 0xc, 0x8, 0x2, 0x6, 0x9, 0xfffffff8, 0x4, 0x4, 0x5, 0x9, 0x9, 0x8c, 0x3, 0xffffeb94, 0x20, 0x9, 0x9, 0x9, 0x40, 0x2, 0x0, 0xd8, 0x7117, 0x22, 0x1, 0x0, 0x0, 0x0, 0x6, 0xa, 0x8, 0x9, 0x4, 0x7f, 0x8bb, 0x2, 0x4, 0x3, 0x4, 0x1, 0x3, 0x6, 0x8, 0x7, 0x7, 0x7, 0x7, 0x2, 0x9, 0x7, 0x7, 0x5, 0x3, 0x10001, 0x1000, 0x1, 0x1, 0x800, 0x9, 0x6, 0x1527, 0x7, 0x2, 0x1, 0xd, 0x1, 0x4, 0x7fff, 0x80000000, 0x3ff, 0x7, 0x4a, 0x2, 0xfffffdaa, 0x4, 0x1fb, 0xffff, 0x70, 0x0, 0x0, 0x5, 0xfffffff7, 0x8, 0x5, 0x0, 0xb283, 0x9, 0x29a, 0x3, 0x401, 0x3, 0x5dd, 0xb, 0x10, 0x192521f1, 0x4, 0x4, 0x4, 0x0, 0x9, 0x2, 0x3, 0x22, 0x101, 0x0, 0xc, 0xc5, 0x5666, 0xce, 0x2, 0x2, 0x80000001, 0x5, 0xd, 0xf, 0xfb4c, 0x3, 0x5, 0xd1c, 0x81, 0x7, 0xffff3203, 0x10, 0x4, 0x3, 0x8000, 0xfffff000, 0xfffffffc, 0xcb, 0x10, 0x2, 0x80000001, 0xffff, 0xa98, 0xffff876e, 0xc, 0x7, 0xd7a7, 0x1, 0x81, 0x0, 0x3, 0x3, 0xfffffffa, 0xfffffffb, 0x3, 0x3, 0x1, 0x81, 0x4, 0x8da, 0x4, 0x2, 0x8, 0x8, 0x6, 0x7fffffff, 0x0, 0x3, 0x7, 0x74, 0x4, 0x0, 0x100, 0x2ef097ab, 0x71, 0x1, 0x7, 0x5, 0xe, 0x3, 0x0, 0x8, 0x3, 0x29c, 0x101, 0x6, 0x4, 0xfffffff4, 0xfffffffa, 0xd, 0x7fffffff, 0x4, 0x2, 0x6fe9, 0x8, 0x3971, 0x80, 0x7f, 0x3, 0x7, 0x3, 0x3ff, 0x40, 0x80000001, 0xc2, 0x81, 0xfffffffa, 0x8000, 0x7, 0x2, 0x1, 0x0, 0x4, 0x4, 0x0, 0x81, 0xf1, 0xb, 0x5, 0x1, 0xe2d, 0x4, 0x9, 0x5, 0x1, 0x4, 0x0, 0x9, 0x6c, 0xbf4, 0x3, 0xc, 0x3, 0x30000000, 0x8, 0x200, 0x401, 0x8, 0x1f7f, 0x6, 0x3]}, @TCA_HTB_CTAB={0x404, 0x3, [0x3, 0x8001, 0x0, 0x8, 0x7, 0x4, 0x5, 0x91a, 0x5, 0x9, 0x0, 0xfc, 0x7, 0x3, 0xcff0, 0x5, 0xef, 0xfffffffb, 0xc, 0x6, 0xfffffff4, 0x200, 0x5, 0x80000000, 0x33e5, 0x1000, 0x1, 0x4, 0x2, 0x3, 0xa, 0x8, 0x6, 0x7, 0x0, 0x1, 0x7f, 0x4, 0x7, 0x40, 0xffff, 0x80000001, 0x1, 0x10000, 0x400, 0x6, 0xffffff80, 0x9, 0x5, 0x8, 0x28000, 0x7fff, 0x3, 0x2, 0x8, 0x9, 0x100, 0x5, 0x7, 0x13, 0x9, 0xb4f, 0x6, 0x8, 0x3, 0x0, 0x34, 0x1, 0x1000, 0x5, 0x5, 0x101, 0x3, 0x3cff, 0x5, 0x400, 0x1, 0x2, 0x9, 0x4, 0x1, 0x7, 0x8, 0xffffffff, 0xffffffff, 0x8, 0x4, 0xc4d2, 0x80, 0x6, 0x1, 0x750, 0x9c2, 0x3, 0x3, 0x5, 0x10000, 0x8, 0x1ba, 0x8, 0x9e4c, 0xa, 0x80000001, 0x800, 0xffffff7f, 0x8, 0x3, 0x4a0, 0x260a, 0x7fff, 0x2, 0x9, 0x8, 0x3, 0x1, 0x9, 0xfffffff7, 0x1ff, 0x7, 0x9, 0x0, 0x4, 0xfbe00000, 0x6, 0x0, 0x401, 0x7, 0x1ff, 0x1, 0x3, 0x1, 0x4, 0xdd93, 0xa, 0x6, 0x0, 0x6, 0x8, 0x6, 0x78237551, 0x8, 0x4, 0x50, 0xb, 0xc, 0x43d, 0xce0c, 0x9, 0x3, 0x101, 0xfffffffd, 0x8001, 0x0, 0x74ab, 0x2, 0x6, 0xfffffff8, 0x2, 0x1ff, 0x401, 0x9, 0x8, 0x3, 0x3, 0x7, 0x6, 0x3ff, 0x0, 0xe, 0x101, 0x1ff, 0x5, 0x7ff, 0x1, 0xb0b3, 0x7, 0x3, 0x6, 0x1, 0x6, 0xe, 0x7, 0x7ff, 0x1, 0x5, 0x5, 0x4, 0x3ff, 0x5, 0xea6, 0x7, 0x3, 0xe, 0x5, 0x1, 0x1, 0x7, 0x6, 0x80000000, 0x0, 0x9, 0x1, 0x9, 0x2, 0x3, 0x2, 0x3, 0x5, 0x1, 0x2, 0x0, 0x9353, 0x4, 0xfd2f585, 0x8, 0x6, 0x5, 0x1, 0x2, 0xd, 0x2dc, 0x4, 0x8000, 0x101, 0x2, 0x1, 0x2, 0x3bb8, 0x10001, 0x100, 0xb93, 0xc, 0x880e, 0x80000000, 0xd, 0x91, 0x7, 0x1140, 0x1ff, 0x1, 0x3, 0x3ff, 0x8, 0x2, 0x8, 0x5, 0x6, 0x3, 0x8, 0x8, 0x2, 0x5, 0x27, 0x7f4b, 0x9, 0x5498]}, @TCA_HTB_PARMS={0x30, 0x1, {{0x5, 0x0, 0x3, 0x3, 0x9, 0x5}, {0x2, 0x2, 0x8, 0x7, 0xd, 0x7fff}, 0xfffffff8, 0x8, 0x0, 0x400}}]}}, @TCA_RATE={0x6, 0x5, {0x6, 0xbf}}]}, 0x10fc}, 0x1, 0x0, 0x0, 0x4000050}, 0x200000c5)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x1)

1.454826586s ago: executing program 1 (id=4363):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000002e00)={&(0x7f0000000180)={0x2, 0x3, 0x0, 0x3, 0xf, 0x0, 0x70bd2b, 0x0, [@sadb_key={0x3, 0x9, 0x48, 0x0, "051c6f52e407747545"}, @sadb_address={0x5, 0x6, 0x32, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @private1}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @private1={0xfc, 0x1, '\x00', 0x40}}}]}, 0x78}, 0x1, 0x7}, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6(0xa, 0x3, 0xff)
setsockopt$inet6_IPV6_RTHDR(r2, 0x29, 0x39, &(0x7f0000002e40)=ANY=[@ANYBLOB="00020201"], 0x18)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
r3 = dup(r2)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a", @ANYRES32=r4], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='kmem_cache_free\x00', r5}, 0x10)
socket$can_bcm(0x1d, 0x2, 0x2)
write$FUSE_INIT(r3, &(0x7f0000000180)={0x50, 0x0, 0x0, {0x7, 0x29, 0x3ff, 0x40100, 0x0, 0x89, 0x8, 0x80, 0x0, 0x0, 0x4, 0x2}}, 0x50)
ioctl$SIOCSIFHWADDR(r1, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"})

1.391230347s ago: executing program 2 (id=4364):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000002e00)={&(0x7f0000000180)={0x2, 0x3, 0x0, 0x3, 0xf, 0x0, 0x70bd2b, 0x0, [@sadb_key={0x3, 0x9, 0x48, 0x0, "051c6f52e407747545"}, @sadb_address={0x5, 0x6, 0x32, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @private1}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @private1={0xfc, 0x1, '\x00', 0x40}}}]}, 0x78}, 0x1, 0x7}, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6(0xa, 0x3, 0xff)
setsockopt$inet6_IPV6_RTHDR(r2, 0x29, 0x39, &(0x7f0000002e40)=ANY=[@ANYBLOB="00020201"], 0x18)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
r3 = dup(r2)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000300)=ANY=[@ANYRES32=r4, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='kmem_cache_free\x00', r5}, 0x10)
write$FUSE_INIT(r3, &(0x7f0000000180)={0x50, 0x0, 0x0, {0x7, 0x29, 0x3ff, 0x40100, 0x0, 0x89, 0x8, 0x80, 0x0, 0x0, 0x4, 0x2}}, 0x50)
ioctl$SIOCSIFHWADDR(r1, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"})

1.078881572s ago: executing program 3 (id=4365):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000000), 0x0, &(0x7f00000003c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [{@subj_type={'subj_type', 0x3d, 'GPL\x00'}}], 0x2c})
syz_mount_image$fuse(0x0, &(0x7f00000001c0)='./file0\x00', 0x40000, 0x0, 0x1, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x141842, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='fd\x00')
read$FUSE(r0, &(0x7f0000020940)={0x2020}, 0x2020)
preadv(r0, &(0x7f0000000b00), 0x0, 0x80000001, 0x3)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$key(r2, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="020700"], 0x10}}, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
ioctl$LOOP_SET_DIRECT_IO(0xffffffffffffffff, 0x4c08, 0x101)
setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {}, {}, 0x3, 0x0, 0x1}, {{@in6=@dev, 0x0, 0x33}, 0x0, @in=@private=0xa010100, 0x0, 0x0, 0x0, 0xb7, 0xffffffff}}, 0xe8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x2d)
sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0xb00)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x0, 0x0)

1.046480013s ago: executing program 3 (id=4366):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000340)='sys_enter\x00', r1, 0x0, 0x1}, 0x18)
r2 = open(0x0, 0x16543e, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
unshare(0x62040200)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b0000000800000006000000ffffff", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x48)
creat(&(0x7f0000000040)='./file0\x00', 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
openat(r2, &(0x7f0000000180)='./file1\x00', 0x4000, 0x18)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r4}, 0x10)
pipe2$9p(&(0x7f00000001c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000001bc0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r6])

998.993403ms ago: executing program 3 (id=4367):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000040)=0x9)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCFLSH(r2, 0x400455c8, 0x4)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000040)=0x32)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000140)={'erspan0\x00', &(0x7f00000000c0)={'syztnl2\x00', <r4=>0x0, 0x40, 0x1, 0x9d1, 0xffffffc0, {{0xc, 0x4, 0x0, 0x3b, 0x30, 0x65, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @loopback, {[@noop, @ssrr={0x89, 0x1b, 0xd2, [@multicast2, @local, @multicast2, @initdev={0xac, 0x1e, 0x1, 0x0}, @broadcast, @loopback]}]}}}}})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYRES64=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r4, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000001c0)={0x1b, 0x0, 0x0, 0x1000000, 0x0, 0xffffffffffffffff, 0xfffffffe, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x5, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0xf)
ioctl$sock_bt_hci(r0, 0x800448d2, &(0x7f0000000040))

992.072604ms ago: executing program 0 (id=4368):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x601c2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00'}, 0x10)
ftruncate(r0, 0x8800000)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000900)={0x2, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000034f0e61000000000000000804000000bb7f1a007600feff000020009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x5, 0x93, &(0x7f0000000100)=""/147, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x2b, 0x10, 0x0, 0x0, 0x61e5cc96, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x22)
prlimit64(0x0, 0xe, 0x0, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs2/binder1\x00', 0x802, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x1, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r4, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

824.070926ms ago: executing program 0 (id=4369):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
quotactl$Q_QUOTAON(0xffffffff80000202, &(0x7f0000000180)=@filename='./file0\x00', 0xee01, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYRES32], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'veth1_macvtap\x00', 0x20})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
r5 = socket(0x840000000002, 0x3, 0xfa)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
ioctl$int_in(0xffffffffffffffff, 0x5452, 0x0)
write$P9_RREMOVE(0xffffffffffffffff, &(0x7f00000002c0)={0x7, 0x7b, 0x2}, 0x7)
r6 = socket$can_bcm(0x1d, 0x2, 0x2)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r7 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r7, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r7, 0x4008af03, &(0x7f0000002100))
ioctl$VHOST_GET_VRING_ENDIAN(r7, 0x4028af11, &(0x7f00000001c0))
ioctl$VHOST_VSOCK_SET_RUNNING(r7, 0x4004af61, &(0x7f0000001980)=0x1)
close(r6)
connect$inet(r5, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10)
sync()

738.755038ms ago: executing program 0 (id=4370):
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
openat(0xffffffffffffffff, 0x0, 0x4000, 0x18)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
sendmsg$MPTCP_PM_CMD_SET_FLAGS(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x24, 0x0, 0x400, 0x70bd2a, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x904}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x7}]}, 0x24}, 0x1, 0x0, 0x0, 0xc010}, 0x2004c004)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r2}, 0x10)

678.896769ms ago: executing program 4 (id=4371):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x601c2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00'}, 0x10)
ftruncate(r0, 0x8800000)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000900)={0x2, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000034f0e61000000000000000804000000bb7f1a007600feff000020009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x5, 0x93, &(0x7f0000000100)=""/147, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x2b, 0x10, 0x0, 0x0, 0x61e5cc96, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x22)
prlimit64(0x0, 0xe, 0x0, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs2/binder1\x00', 0x802, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r3, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

595.97549ms ago: executing program 1 (id=4372):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r0 = getuid()
quotactl_fd$Q_GETFMT(0xffffffffffffffff, 0xffffffff80000402, r0, &(0x7f0000000280))
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
inotify_init()
prctl$PR_GET_TID_ADDRESS(0x28, &(0x7f0000000040))
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000))
socket$inet_icmp(0x2, 0x2, 0x1)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
read$msr(r1, &(0x7f0000000040)=""/59, 0xffb5)

509.391221ms ago: executing program 2 (id=4373):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000004080)={{r0}, &(0x7f0000004000), &(0x7f0000004040)}, 0x20)
sigaltstack(&(0x7f0000000480)={&(0x7f0000002340)=""/4126, 0x80000001, 0x101e}, 0x0)

478.571822ms ago: executing program 2 (id=4374):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
getuid()
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
inotify_init()
prctl$PR_GET_TID_ADDRESS(0x28, &(0x7f0000000040))
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00')
read$msr(r2, &(0x7f0000000040)=""/59, 0xffb5)
ioctl$GIO_UNIMAP(0xffffffffffffffff, 0x4b66, &(0x7f00000000c0)={0x0, 0x0})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000580)=@deltclass={0x10fc, 0x29, 0x8, 0x70bd28, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x10}, {0x1, 0xfff3}, {0xe, 0x8}}, [@TCA_RATE={0x6, 0x5, {0x8}}, @TCA_RATE={0x6, 0x5, {0x7f, 0x8}}, @TCA_RATE={0x6, 0x5, {0x2, 0x9}}, @tclass_kind_options=@c_htb={{0x8}, {0x10b0, 0x2, [@TCA_HTB_PARMS={0x30, 0x1, {{0x7f, 0x2, 0x6, 0x80, 0x1, 0x68}, {0x10, 0x1, 0x3, 0x8, 0xa, 0x8}, 0x2, 0x5, 0x2, 0x0, 0x800}}, @TCA_HTB_RTAB={0x404, 0x4, [0x6, 0x81, 0x2, 0x9, 0x7, 0x4, 0x4, 0x0, 0x1, 0xfffffff3, 0x1, 0x7fffffff, 0x0, 0x2, 0x4, 0x1, 0x5, 0x0, 0x4, 0x4, 0x3, 0x5ff, 0x1, 0x0, 0xb0fc, 0x7, 0x10000000, 0x4, 0x9, 0x3, 0xfffffffd, 0xee, 0x4, 0x3, 0xb, 0x8, 0x89da, 0xb2, 0x4, 0x1ff, 0x2, 0x6, 0x9, 0x3, 0x5, 0x0, 0x6, 0x2, 0xba, 0x1, 0x5, 0xfffffff9, 0x3ff, 0xb, 0x3, 0x3, 0xf, 0x9, 0xb5d5, 0x713, 0x564, 0x49, 0x60, 0xfffffffb, 0x5, 0x9, 0x5, 0x3a7, 0x3, 0x4f, 0xa, 0x9, 0x0, 0x774f, 0x1000, 0x7ff, 0x400, 0x7, 0x81, 0xa, 0x7, 0x7ff, 0x7, 0x4, 0x0, 0x2eb746c1, 0xff, 0x6, 0x607b, 0x5, 0x9, 0x0, 0xe, 0x9, 0x25, 0x628, 0x9, 0x6, 0x5, 0xe9, 0x6f, 0x2, 0x5, 0x7, 0x4, 0x4, 0x5, 0x4, 0x7fff, 0x35836793, 0x7, 0x7f, 0x3, 0x1, 0x8, 0x5, 0xc, 0x4, 0x4, 0x1, 0x40, 0x400, 0x80000001, 0x0, 0x20, 0x5, 0x3, 0x6, 0x3, 0x5, 0x100000, 0x4, 0x2, 0xfffffff8, 0x0, 0x3, 0x3, 0xd, 0x0, 0x101, 0x6, 0x5, 0x80000001, 0xfffffff7, 0x6, 0x7, 0x1, 0xfff, 0x1, 0x9, 0x3, 0x5, 0x5, 0x50b, 0x3ff, 0x5, 0x5c, 0x2b2d, 0x6, 0x10000, 0x7f, 0xf, 0x0, 0x2, 0x2, 0x8, 0xf, 0xf, 0x10001, 0x6, 0x6, 0xffffffea, 0xe8d, 0x2, 0xf44, 0x2, 0xf5, 0xfe, 0x3, 0x80000000, 0xff, 0x17, 0x7, 0xc0, 0xfffff1c5, 0xfffffffe, 0x0, 0xfffffffe, 0x400, 0x2, 0x926, 0x7, 0x7, 0x0, 0x8, 0x1ff, 0x6, 0x1, 0x84a5, 0x247d, 0x203e, 0x4, 0x22, 0x6, 0x7, 0x8, 0x3, 0x6, 0x7, 0x80000001, 0xe280, 0x8, 0x3, 0x4, 0xc0, 0x3, 0xffffff6a, 0x7f, 0x1000, 0xf, 0x5, 0x10001, 0xac, 0x8, 0x80000000, 0x1, 0x7ff, 0x80000000, 0x9, 0x80, 0x5, 0x5d81, 0xff, 0x4, 0x5, 0x81, 0x9, 0x1, 0x6, 0x6, 0x4, 0x3, 0xfffffff8, 0x2, 0x0, 0xffffffde, 0x145, 0xffc00000, 0x7, 0x3ff, 0xd9, 0xc8e3, 0x6, 0x31, 0x4]}, @TCA_HTB_PARMS={0x30, 0x1, {{0x81, 0x0, 0xf02, 0xff, 0x6, 0x8000}, {0x8, 0x0, 0x5, 0xe89, 0x4, 0xfffffff3}, 0x101, 0x12, 0x1, 0x7ff, 0xb}}, @TCA_HTB_CEIL64={0xc, 0x7, 0x1}, @TCA_HTB_RTAB={0x404, 0x4, [0xa0000, 0x1, 0x6, 0x7fff, 0x0, 0xfffffffd, 0x457, 0x3ff, 0x1, 0x400, 0x6, 0xfffff001, 0x4, 0x101, 0x6d, 0x6a4, 0x3, 0x7ff, 0x3, 0x7, 0x5, 0xc548, 0xfffffff7, 0x2, 0xffffffff, 0x0, 0x3, 0x0, 0x2, 0x6, 0xeda4, 0x8000, 0x1, 0xc5b, 0xff, 0x6, 0x2, 0x9, 0x0, 0xfff, 0x9, 0x5, 0x10, 0x0, 0x2b, 0x5, 0x1, 0x6, 0x5, 0xbdd0, 0x5, 0x8, 0x6, 0x8000, 0x4, 0x100, 0x0, 0x1, 0xfffffff9, 0xfffffff1, 0x9, 0xec04, 0xffff, 0x5, 0xb641, 0x5, 0x30d6, 0x9, 0x9, 0xff, 0xada, 0x80000000, 0xd, 0x5, 0x4, 0x3fe00, 0x4, 0x1, 0x80000001, 0x4, 0x6, 0x10000, 0x7, 0x200, 0x3db, 0x6, 0x8, 0xc, 0x4, 0x8, 0x1ff, 0xac, 0x3, 0x80000000, 0x7fffffff, 0x3, 0x3, 0xffffffc0, 0x1, 0xe00, 0x5f, 0x9, 0x9, 0x41f7, 0xc, 0x6, 0x10, 0x3, 0x1ff, 0x400, 0x7, 0xffffda24, 0x65, 0x7, 0xe, 0x7, 0x0, 0x3, 0x2002, 0x7, 0x0, 0xdf69, 0x0, 0x9, 0x7fffffff, 0x9, 0x7, 0x4, 0x40000, 0x6, 0x7, 0x3, 0x1000, 0x7, 0xfffffff0, 0x80000000, 0x4, 0x4, 0x2, 0xc2, 0x0, 0x2, 0xfffffbff, 0x6, 0xffffffff, 0x7, 0x0, 0x4, 0x1, 0x6, 0x4, 0x7, 0x52, 0xffffffda, 0x10, 0x2, 0x5, 0xa, 0x5a4, 0x7, 0x2b, 0x200, 0x3, 0x8, 0xb, 0x2, 0x7, 0x6, 0xffffffff, 0x101, 0xfffffff7, 0x0, 0x81, 0x6, 0x10000, 0x0, 0x8, 0xe, 0x4, 0x100, 0x19ab51a, 0x4, 0x6, 0xffffffff, 0xa3e6, 0x2, 0x7, 0x9, 0x6, 0x0, 0x4c1, 0x7, 0x9, 0x6, 0x4, 0x5b1, 0x936, 0x9, 0x0, 0xa, 0xfa, 0x3, 0xd75, 0x8, 0x0, 0xfffffffd, 0x8a0, 0x59, 0x579, 0x9, 0x7d30164a, 0x1000, 0x3, 0x6, 0x8001, 0x1000, 0x80000000, 0x60000, 0x0, 0x3, 0x5, 0x1, 0x3, 0x8, 0x400, 0x8000, 0x62, 0xe, 0x9, 0x0, 0xf, 0x3, 0x4, 0x613, 0x6, 0x5, 0x26, 0x38b, 0x2, 0x8, 0xe35, 0x2, 0x4, 0x5, 0x6, 0x1, 0x5, 0x7438827d, 0xaf, 0x4, 0x9, 0x47a, 0x8, 0x7, 0x8, 0xfffffffa]}, @TCA_HTB_CTAB={0x404, 0x3, [0x4, 0x4, 0x6, 0xe000000, 0xf, 0xfffffffe, 0x7, 0xbd, 0x2, 0x5d706d68, 0x2, 0xa, 0x4, 0xd3, 0x1847, 0x0, 0x33a00b9d, 0x40, 0x8, 0xfffffbff, 0x0, 0x0, 0x2, 0x47, 0xc, 0x8, 0x2, 0x6, 0x9, 0xfffffff8, 0x4, 0x4, 0x5, 0x9, 0x9, 0x8c, 0x3, 0xffffeb94, 0x20, 0x9, 0x9, 0x9, 0x40, 0x2, 0x0, 0xd8, 0x7117, 0x22, 0x1, 0x0, 0x0, 0x0, 0x6, 0xa, 0x8, 0x9, 0x4, 0x7f, 0x8bb, 0x2, 0x4, 0x3, 0x4, 0x1, 0x3, 0x6, 0x8, 0x7, 0x7, 0x7, 0x7, 0x2, 0x9, 0x7, 0x7, 0x5, 0x3, 0x10001, 0x1000, 0x1, 0x1, 0x800, 0x9, 0x6, 0x1527, 0x7, 0x2, 0x1, 0xd, 0x1, 0x4, 0x7fff, 0x80000000, 0x3ff, 0x7, 0x4a, 0x2, 0xfffffdaa, 0x4, 0x1fb, 0xffff, 0x70, 0x0, 0x0, 0x5, 0xfffffff7, 0x8, 0x5, 0x0, 0xb283, 0x9, 0x29a, 0x3, 0x401, 0x3, 0x5dd, 0xb, 0x10, 0x192521f1, 0x4, 0x4, 0x4, 0x0, 0x9, 0x2, 0x3, 0x22, 0x101, 0x0, 0xc, 0xc5, 0x5666, 0xce, 0x2, 0x2, 0x80000001, 0x5, 0xd, 0xf, 0xfb4c, 0x3, 0x5, 0xd1c, 0x81, 0x7, 0xffff3203, 0x10, 0x4, 0x3, 0x8000, 0xfffff000, 0xfffffffc, 0xcb, 0x10, 0x2, 0x80000001, 0xffff, 0xa98, 0xffff876e, 0xc, 0x7, 0xd7a7, 0x1, 0x81, 0x0, 0x3, 0x3, 0xfffffffa, 0xfffffffb, 0x3, 0x3, 0x1, 0x81, 0x4, 0x8da, 0x4, 0x2, 0x8, 0x8, 0x6, 0x7fffffff, 0x0, 0x3, 0x7, 0x74, 0x4, 0x0, 0x100, 0x2ef097ab, 0x71, 0x1, 0x7, 0x5, 0xe, 0x3, 0x0, 0x8, 0x3, 0x29c, 0x101, 0x6, 0x4, 0xfffffff4, 0xfffffffa, 0xd, 0x7fffffff, 0x4, 0x2, 0x6fe9, 0x8, 0x3971, 0x80, 0x7f, 0x3, 0x7, 0x3, 0x3ff, 0x40, 0x80000001, 0xc2, 0x81, 0xfffffffa, 0x8000, 0x7, 0x2, 0x1, 0x0, 0x4, 0x4, 0x0, 0x81, 0xf1, 0xb, 0x5, 0x1, 0xe2d, 0x4, 0x9, 0x5, 0x1, 0x4, 0x0, 0x9, 0x6c, 0xbf4, 0x3, 0xc, 0x3, 0x30000000, 0x8, 0x200, 0x401, 0x8, 0x1f7f, 0x6, 0x3]}, @TCA_HTB_CTAB={0x404, 0x3, [0x3, 0x8001, 0x0, 0x8, 0x7, 0x4, 0x5, 0x91a, 0x5, 0x9, 0x0, 0xfc, 0x7, 0x3, 0xcff0, 0x5, 0xef, 0xfffffffb, 0xc, 0x6, 0xfffffff4, 0x200, 0x5, 0x80000000, 0x33e5, 0x1000, 0x1, 0x4, 0x2, 0x3, 0xa, 0x8, 0x6, 0x7, 0x0, 0x1, 0x7f, 0x4, 0x7, 0x40, 0xffff, 0x80000001, 0x1, 0x10000, 0x400, 0x6, 0xffffff80, 0x9, 0x5, 0x8, 0x28000, 0x7fff, 0x3, 0x2, 0x8, 0x9, 0x100, 0x5, 0x7, 0x13, 0x9, 0xb4f, 0x6, 0x8, 0x3, 0x0, 0x34, 0x1, 0x1000, 0x5, 0x5, 0x101, 0x3, 0x3cff, 0x5, 0x400, 0x1, 0x2, 0x9, 0x4, 0x1, 0x7, 0x8, 0xffffffff, 0xffffffff, 0x8, 0x4, 0xc4d2, 0x80, 0x6, 0x1, 0x750, 0x9c2, 0x3, 0x3, 0x5, 0x10000, 0x8, 0x1ba, 0x8, 0x9e4c, 0xa, 0x80000001, 0x800, 0xffffff7f, 0x8, 0x3, 0x4a0, 0x260a, 0x7fff, 0x2, 0x9, 0x8, 0x3, 0x1, 0x9, 0xfffffff7, 0x1ff, 0x7, 0x9, 0x0, 0x4, 0xfbe00000, 0x6, 0x0, 0x401, 0x7, 0x1ff, 0x1, 0x3, 0x1, 0x4, 0xdd93, 0xa, 0x6, 0x0, 0x6, 0x8, 0x6, 0x78237551, 0x8, 0x4, 0x50, 0xb, 0xc, 0x43d, 0xce0c, 0x9, 0x3, 0x101, 0xfffffffd, 0x8001, 0x0, 0x74ab, 0x2, 0x6, 0xfffffff8, 0x2, 0x1ff, 0x401, 0x9, 0x8, 0x3, 0x3, 0x7, 0x6, 0x3ff, 0x0, 0xe, 0x101, 0x1ff, 0x5, 0x7ff, 0x1, 0xb0b3, 0x7, 0x3, 0x6, 0x1, 0x6, 0xe, 0x7, 0x7ff, 0x1, 0x5, 0x5, 0x4, 0x3ff, 0x5, 0xea6, 0x7, 0x3, 0xe, 0x5, 0x1, 0x1, 0x7, 0x6, 0x80000000, 0x0, 0x9, 0x1, 0x9, 0x2, 0x3, 0x2, 0x3, 0x5, 0x1, 0x2, 0x0, 0x9353, 0x4, 0xfd2f585, 0x8, 0x6, 0x5, 0x1, 0x2, 0xd, 0x2dc, 0x4, 0x8000, 0x101, 0x2, 0x1, 0x2, 0x3bb8, 0x10001, 0x100, 0xb93, 0xc, 0x880e, 0x80000000, 0xd, 0x91, 0x7, 0x1140, 0x1ff, 0x1, 0x3, 0x3ff, 0x8, 0x2, 0x8, 0x5, 0x6, 0x3, 0x8, 0x8, 0x2, 0x5, 0x27, 0x7f4b, 0x9, 0x5498]}, @TCA_HTB_PARMS={0x30, 0x1, {{0x5, 0x0, 0x3, 0x3, 0x9, 0x5}, {0x2, 0x2, 0x8, 0x7, 0xd, 0x7fff}, 0xfffffff8, 0x8, 0x0, 0x400}}]}}, @TCA_RATE={0x6, 0x5, {0x6, 0xbf}}]}, 0x10fc}, 0x1, 0x0, 0x0, 0x4000050}, 0x200000c5)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x1)

390.769673ms ago: executing program 1 (id=4375):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'tunl0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=@newqdisc={0x50, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0xffffff1f, 0x2, {0xfffffffa, "60d7f74b38433ed7bf20a5dc0dfbb554"}}}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x8}]}, 0x50}}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r7, &(0x7f0000000040)={0x1f, 0x0, @none, 0x4, 0x2}, 0xe)

0s ago: executing program 2 (id=4376):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1802000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
quotactl$Q_QUOTAON(0xffffffff80000202, &(0x7f0000000180)=@filename='./file0\x00', 0xee01, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYRES32=r2], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'lo\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bf"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10)
r8 = syz_open_dev$vcsa(&(0x7f0000000300), 0x1, 0x102)
ioctl$int_in(r8, 0x5452, 0x0)
r9 = socket$can_bcm(0x1d, 0x2, 0x2)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r10 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r10, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r10, 0x4008af03, &(0x7f0000002100))
ioctl$VHOST_GET_VRING_ENDIAN(r10, 0x4028af11, &(0x7f00000001c0))
ioctl$VHOST_VSOCK_SET_RUNNING(r10, 0x4004af61, &(0x7f0000001980)=0x1)
close(r9)
connect$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10)
sync()

kernel console output (not intermixed with test programs):

 usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  401.946850][   T24] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  401.959598][   T24] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  402.754593][   T24] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  402.766248][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  402.774196][   T24] usb 5-1: Product: syz
[  402.778228][   T24] usb 5-1: Manufacturer: syz
[  402.782702][   T24] usb 5-1: SerialNumber: syz
[  403.036618][ T8111] device pim6reg1 entered promiscuous mode
[  403.146814][   T24] usb 5-1: 0:2 : does not exist
[  403.301002][   T24] usb 5-1: USB disconnect, device number 19
[  403.836866][ T7055] udevd[7055]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  403.925100][ T8186] overlayfs: unrecognized mount option "fsuuid=36794e55-ff47-0253-c386-cfb5c762" or missing value
[  404.859792][ T8206] incfs_lookup_dentry err:-4
[  404.869382][ T8206] incfs: Can't find or create .index dir in ./file0
[  404.945029][ T8206] incfs: mount failed -4
[  404.998839][ T8216] Bluetooth: received HCILL_WAKE_UP_IND in state 2
[  405.079960][  T198] Bluetooth: hci0: Frame reassembly failed (-84)
[  405.103517][   T43] Bluetooth: hci1: Frame reassembly failed (-84)
[  405.113600][   T43] Bluetooth: hci1: Frame reassembly failed (-84)
[  405.418637][  T760] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  405.638511][  T760] usb 5-1: Using ep0 maxpacket: 32
[  406.001786][   T28] kauditd_printk_skb: 9 callbacks suppressed
[  406.001806][   T28] audit: type=1400 audit(1744500490.435:547): avc:  denied  { nlmsg_read } for  pid=8235 comm="syz.3.2107" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  407.147087][   T45] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  407.153120][ T7699] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  407.159133][ T7681] Bluetooth: hci0: command 0x1003 tx timeout
[  407.165079][ T1433] Bluetooth: hci1: command 0x1003 tx timeout
[  407.214792][  T760] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 74, changing to 10
[  407.238466][  T760] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 51062, setting to 1024
[  407.250221][  T760] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  407.265054][  T760] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  407.275404][  T760] usb 5-1: config 0 descriptor??
[  407.285651][ T8218] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  407.736444][  T760] savu 0003:1E7D:2D5A.0006: hiddev96,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.4-1/input0
[  408.059102][ T8260] incfs_lookup_dentry err:-103
[  408.065026][ T8260] incfs: Can't find or create .index dir in ./file0
[  408.091307][ T8260] incfs: mount failed -103
[  410.248860][   T24] usb 5-1: USB disconnect, device number 20
[  411.175647][   T28] audit: type=1400 audit(1744500495.645:548): avc:  denied  { read write } for  pid=8327 comm="syz.2.2133" name="file0" dev="fuse" ino=6 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  411.268944][   T28] audit: type=1400 audit(1744500495.645:549): avc:  denied  { open } for  pid=8327 comm="syz.2.2133" path="/417/file0/file0" dev="fuse" ino=6 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  411.301359][   T28] audit: type=1400 audit(1744500495.675:550): avc:  denied  { write } for  pid=8318 comm="syz.0.2130" name="urandom" dev="devtmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:urandom_device_t tclass=chr_file permissive=1
[  411.437389][ T8343] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2139'.
[  411.631454][   T28] audit: type=1400 audit(1744500496.105:551): avc:  denied  { read } for  pid=8336 comm="syz.3.2137" name="binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  411.654105][   T28] audit: type=1400 audit(1744500496.105:552): avc:  denied  { open } for  pid=8336 comm="syz.3.2137" path="/dev/binderfs/binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  413.008486][   T19] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  413.213779][   T19] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  413.223312][   T19] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  413.233264][  T322] usb 1-1: new full-speed USB device number 19 using dummy_hcd
[  413.243125][   T19] usb 5-1: Product: syz
[  413.247128][   T19] usb 5-1: Manufacturer: syz
[  413.257570][   T19] usb 5-1: SerialNumber: syz
[  413.418538][  T760] usb 3-1: new full-speed USB device number 11 using dummy_hcd
[  413.430089][  T322] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  413.442079][  T322] usb 1-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87
[  413.451605][  T322] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  413.459568][  T322] usb 1-1: Product: syz
[  413.463770][  T322] usb 1-1: Manufacturer: syz
[  413.468267][  T322] usb 1-1: SerialNumber: syz
[  413.482099][  T322] usb 1-1: config 0 descriptor??
[  413.599590][  T760] usb 3-1: config 2 has an invalid interface number: 174 but max is 0
[  413.612218][  T760] usb 3-1: config 2 has no interface number 0
[  413.618141][  T760] usb 3-1: config 2 interface 174 altsetting 0 has an invalid endpoint with address 0x9E, skipping
[  413.629115][  T760] usb 3-1: config 2 interface 174 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  413.643301][  T760] usb 3-1: New USB device found, idVendor=0424, idProduct=012c, bcdDevice=22.7e
[  413.652273][  T760] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  413.660966][  T760] usb 3-1: Product: syz
[  413.665232][  T760] usb 3-1: Manufacturer: syz
[  413.669734][  T760] usb 3-1: SerialNumber: syz
[  413.675422][ T8394] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  413.689716][  T322] usb 1-1: USB disconnect, device number 19
[  413.795855][ T8406] 9pnet: Could not find request transport: rdma
[  413.885337][   T19] usb 3-1: USB disconnect, device number 11
[  413.995634][ T8412] overlayfs: failed to resolve './file0': -2
[  414.278475][   T24] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  414.461420][   T24] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  414.478460][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  414.486307][   T24] usb 4-1: Product: syz
[  414.498482][   T24] usb 4-1: Manufacturer: syz
[  414.502908][   T24] usb 4-1: SerialNumber: syz
[  414.518806][   T24] usb 4-1: config 0 descriptor??
[  414.608149][   T28] audit: type=1400 audit(1744500499.075:553): avc:  denied  { create } for  pid=8424 comm="syz.0.2170" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  414.892439][   T28] audit: type=1400 audit(1744500499.365:554): avc:  denied  { create } for  pid=8440 comm="syz.1.2176" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  414.911925][   T28] audit: type=1400 audit(1744500499.365:555): avc:  denied  { read } for  pid=8440 comm="syz.1.2176" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  415.030782][   T19] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  415.161930][   T28] audit: type=1400 audit(1744500499.635:556): avc:  denied  { search } for  pid=8444 comm="dhcpcd-run-hook" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  415.190676][   T28] audit: type=1400 audit(1744500499.655:557): avc:  denied  { read } for  pid=8451 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=422 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  415.289755][   T19] usb 3-1: config index 0 descriptor too short (expected 34929, got 36)
[  415.298002][   T19] usb 3-1: config 26 has too many interfaces: 203, using maximum allowed: 32
[  415.306708][   T19] usb 3-1: config 26 has an invalid descriptor of length 209, skipping remainder of the config
[  415.316957][   T19] usb 3-1: config 26 has 0 interfaces, different from the descriptor's value: 203
[  415.326020][   T19] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  415.334896][   T19] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  415.508468][  T322] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  415.548899][    C0] raw-gadget.2 gadget.2: ignoring, device is not running
[  415.558370][   T19] usb 3-1: string descriptor 0 read error: -71
[  415.565131][   T19] usb 3-1: USB disconnect, device number 12
[  415.638627][  T760] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  415.699555][  T322] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  415.710832][  T322] usb 2-1: New USB device found, idVendor=1943, idProduct=2255, bcdDevice=13.03
[  415.719847][  T322] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  415.727653][  T322] usb 2-1: Product: syz
[  415.732106][  T322] usb 2-1: Manufacturer: syz
[  415.736386][ T2023] usb 5-1: USB disconnect, device number 21
[  415.736520][  T322] usb 2-1: SerialNumber: syz
[  415.751893][  T322] usb 2-1: config 0 descriptor??
[  415.766442][ T8479] kvm: vcpu 2: requested 128 ns lapic timer period limited to 200000 ns
[  415.774736][ T8479] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  415.818508][  T760] usb 1-1: Using ep0 maxpacket: 16
[  415.824623][  T760] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  415.832743][  T760] usb 1-1: config 0 has no interface number 0
[  415.838938][  T760] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  415.849945][  T760] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  415.859727][  T760] usb 1-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[  415.868799][  T760] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  415.882388][  T760] usb 1-1: config 0 descriptor??
[  415.960098][ T2023] usb 2-1: USB disconnect, device number 10
[  416.495001][  T760] uclogic 0003:28BD:0071.0007: failed retrieving string descriptor #100: -71
[  416.504482][  T760] uclogic 0003:28BD:0071.0007: failed retrieving pen parameters: -71
[  416.512978][  T760] uclogic 0003:28BD:0071.0007: pen probing failed: -71
[  416.520310][  T760] uclogic 0003:28BD:0071.0007: failed probing parameters: -71
[  416.527736][  T760] uclogic: probe of 0003:28BD:0071.0007 failed with error -71
[  416.543092][  T760] usb 1-1: USB disconnect, device number 20
[  416.707621][ T8499] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2192'.
[  416.728646][ T8499] device vlan2 entered promiscuous mode
[  416.821070][ T8513] syz.4.2199 uses obsolete (PF_INET,SOCK_PACKET)
[  416.828389][   T28] kauditd_printk_skb: 16 callbacks suppressed
[  416.834893][   T28] audit: type=1400 audit(1744500501.295:574): avc:  denied  { ioctl } for  pid=8512 comm="syz.4.2199" path="socket:[45978]" dev="sockfs" ino=45978 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  416.860491][ T8513] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2199'.
[  416.999689][   T28] audit: type=1400 audit(1744500501.475:575): avc:  denied  { read } for  pid=8506 comm="syz.1.2196" path="socket:[46049]" dev="sockfs" ino=46049 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  417.200000][ T8525] device erspan1 entered promiscuous mode
[  417.211372][   T19] usb 3-1: new full-speed USB device number 13 using dummy_hcd
[  417.217271][ T2023] usb 4-1: USB disconnect, device number 20
[  418.001165][   T19] usb 3-1: config 0 has an invalid interface number: 20 but max is 0
[  418.014858][   T19] usb 3-1: config 0 has no interface number 0
[  418.089300][   T19] usb 3-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  418.120145][   T19] usb 3-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00
[  418.175554][   T19] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  418.196050][   T19] usb 3-1: Product: syz
[  418.205412][   T19] usb 3-1: Manufacturer: syz
[  418.216575][   T19] usb 3-1: SerialNumber: syz
[  418.234697][   T19] usb 3-1: config 0 descriptor??
[  418.240543][ T8503] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  418.408496][   T19] usb-storage 3-1:0.20: USB Mass Storage device detected
[  418.439785][   T19] usb-storage 3-1:0.20: Quirks match for vid 04e6 pid 000b: 4
[  418.517325][   T19] scsi host1: usb-storage 3-1:0.20
[  418.688482][ T2023] usb 5-1: new full-speed USB device number 22 using dummy_hcd
[  418.714808][ T7624] usb 3-1: USB disconnect, device number 13
[  418.859600][   T28] audit: type=1400 audit(1744500503.335:576): avc:  denied  { write } for  pid=8578 comm="syz.0.2224" name="file0" dev="tmpfs" ino=2336 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  418.878189][ T8579] block device autoloading is deprecated and will be removed.
[  418.883534][ T2023] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  418.907183][ T2023] usb 5-1: config 0 interface 0 has no altsetting 0
[  418.915120][   T28] audit: type=1400 audit(1744500503.335:577): avc:  denied  { open } for  pid=8578 comm="syz.0.2224" path="/417/file0" dev="tmpfs" ino=2336 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  418.938316][ T2023] usb 5-1: New USB device found, idVendor=28bd, idProduct=0078, bcdDevice= 0.00
[  418.947437][ T2023] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  418.956045][   T28] audit: type=1400 audit(1744500503.415:578): avc:  denied  { ioctl } for  pid=8578 comm="syz.0.2224" path="/417/file0" dev="tmpfs" ino=2336 ioctlcmd=0x1273 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  418.980361][ T2023] usb 5-1: config 0 descriptor??
[  418.985850][ T8550] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  418.999217][ T8585] device bridge2 entered promiscuous mode
[  419.023425][ T8587] loop1: detected capacity change from 0 to 16
[  419.040926][ T8587] erofs: (device loop1): mounted with root inode @ nid 36.
[  419.042218][ T8591] /dev/loop0: Can't open blockdev
[  419.061637][ T8587] erofs: (device loop1): z_erofs_fill_inode_lazy: per-inode big pcluster without sb feature for nid 36
[  419.074533][ T8587] erofs: (device loop1): z_erofs_fill_inode_lazy: per-inode big pcluster without sb feature for nid 36
[  419.079408][ T8596] overlayfs: conflicting options: nfs_export=on,metacopy=on
[  419.085587][ T8587] erofs: (device loop1): z_erofs_read_folio: failed to read, err [-117]
[  419.338538][   T19] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  419.461386][ T2023] uclogic 0003:28BD:0078.0008: interface is invalid, ignoring
[  419.530471][   T19] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  419.545482][   T19] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  419.557383][   T19] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  419.567126][   T19] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  419.578917][   T19] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  419.605417][   T19] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  419.650956][   T19] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  419.684106][   T19] usb 1-1: Product: syz
[  419.688242][   T19] usb 1-1: Manufacturer: syz
[  419.699221][  T322] usb 5-1: USB disconnect, device number 22
[  419.712802][   T19] cdc_wdm 1-1:1.0: skipping garbage
[  419.714536][ T8616] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2240'.
[  419.753902][   T19] cdc_wdm 1-1:1.0: skipping garbage
[  419.765472][   T19] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  420.068284][ T8624] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  420.159531][   T28] audit: type=1400 audit(1744500504.625:579): avc:  denied  { mount } for  pid=8626 comm="syz.1.2244" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[  420.202809][   T28] audit: type=1400 audit(1744500504.655:580): avc:  denied  { watch } for  pid=8626 comm="syz.1.2244" path="/498/file0" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  420.290988][   T28] audit: type=1400 audit(1744500504.685:581): avc:  denied  { unmount } for  pid=294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[  420.588381][   T28] audit: type=1400 audit(1744500505.055:582): avc:  denied  { create } for  pid=8638 comm="syz.2.2250" name="#1b" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  420.665539][   T28] audit: type=1400 audit(1744500505.065:583): avc:  denied  { link } for  pid=8638 comm="syz.2.2250" name="#1b" dev="tmpfs" ino=2491 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  420.709826][ T8641] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[  420.717966][ T8641] tipc: Enabled bearer <udp:syz1>, priority 10
[  420.884880][ T8631] loop1: detected capacity change from 0 to 40427
[  420.891729][ T8631] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  420.899706][ T8631] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  420.950826][ T8631] F2FS-fs (loop1): Found nat_bits in checkpoint
[  421.011112][ T8631] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  421.017993][ T8631] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  421.061246][ T8631] syz.1.2246: attempt to access beyond end of device
[  421.061246][ T8631] loop1: rw=2049, sector=77824, nr_sectors = 408 limit=40427
[  421.151970][ T8679] IPv6: NLM_F_CREATE should be specified when creating new route
[  421.309372][ T7624] usb 1-1: USB disconnect, device number 21
[  421.373039][ T8690] loop1: detected capacity change from 0 to 512
[  421.398775][ T8690] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  421.570408][ T8690] EXT4-fs (loop1): 1 orphan inode deleted
[  421.583923][ T8690] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  421.593838][  T198] EXT4-fs error (device loop1): ext4_release_dquot:6805: comm kworker/u4:3: Failed to release dquot type 1
[  421.609356][ T8690] ext4 filesystem being mounted at /500/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  421.713436][  T294] EXT4-fs (loop1): unmounting filesystem.
[  421.796935][ T8708] loop1: detected capacity change from 0 to 256
[  421.848497][ T7624] tipc: Node number set to 2890004882
[  421.876169][   T28] kauditd_printk_skb: 9 callbacks suppressed
[  421.876184][   T28] audit: type=1400 audit(1744500506.345:592): avc:  denied  { unmount } for  pid=294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[  421.998012][ T8721] kvm: vcpu 2: requested 128 ns lapic timer period limited to 200000 ns
[  422.006364][ T7624] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  422.034018][ T8721] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  422.188495][ T7624] usb 1-1: Using ep0 maxpacket: 16
[  422.195453][ T7624] usb 1-1: config 0 has an invalid interface number: 245 but max is 0
[  422.205283][  T322] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  422.220597][ T7624] usb 1-1: config 0 has no interface number 0
[  422.226820][ T7624] usb 1-1: config 0 interface 245 has no altsetting 0
[  422.246951][ T7624] usb 1-1: New USB device found, idVendor=13e5, idProduct=0001, bcdDevice=11.e2
[  422.256469][ T7624] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  422.264599][ T7624] usb 1-1: Product: syz
[  422.268831][ T7624] usb 1-1: Manufacturer: syz
[  422.273249][ T7624] usb 1-1: SerialNumber: syz
[  422.278779][ T7624] usb 1-1: config 0 descriptor??
[  422.289719][ T7624] usb 1-1: selecting invalid altsetting 0
[  422.398991][  T322] usb 3-1: Using ep0 maxpacket: 16
[  422.405093][  T322] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  422.416528][  T322] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  422.429871][  T322] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  422.448742][  T322] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  422.464523][  T322] usb 3-1: config 0 descriptor??
[  422.500641][ T6091] usb 1-1: USB disconnect, device number 22
[  423.077596][  T322] microsoft 0003:045E:07DA.0009: unknown main item tag 0x1
[  423.085450][  T322] microsoft 0003:045E:07DA.0009: unknown main item tag 0x2
[  423.094024][  T322] microsoft 0003:045E:07DA.0009: item fetching failed at offset 12/34
[  423.118052][  T322] microsoft 0003:045E:07DA.0009: parse failed
[  423.125303][  T322] microsoft: probe of 0003:045E:07DA.0009 failed with error -22
[  423.281796][  T322] usb 3-1: USB disconnect, device number 14
[  423.806076][ T8751] loop1: detected capacity change from 0 to 2048
[  423.958770][ T2023] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  423.966624][ T8751]  loop1: p1 < > p3
[  424.143836][ T8751] loop1: p3 size 134217728 extends beyond EOD, truncated
[  424.240695][ T2023] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 65, using maximum allowed: 30
[  424.641701][ T2023] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  424.756148][ T2023] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  424.771193][ T2023] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 65
[  424.784299][ T2023] usb 1-1: New USB device found, idVendor=258a, idProduct=0033, bcdDevice= 0.00
[  424.793616][ T2023] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  424.806003][ T2023] usb 1-1: config 0 descriptor??
[  425.502553][ T2023] hid-generic 0003:258A:0033.000A: hidraw0: USB HID v0.00 Device [HID 258a:0033] on usb-dummy_hcd.0-1/input0
[  425.619332][ T7624] usb 4-1: new low-speed USB device number 21 using dummy_hcd
[  425.706029][ T2023] usb 1-1: USB disconnect, device number 23
[  425.729649][ T8798] 9pnet: Could not find request transport: rdma
[  425.869735][ T7624] usb 4-1: config 0 has an invalid interface number: 55 but max is 0
[  425.886740][ T7624] usb 4-1: config 0 has no interface number 0
[  425.892784][ T7624] usb 4-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0x80, skipping
[  425.901166][ T8817] =======================================================
[  425.901166][ T8817] WARNING: The mand mount option has been deprecated and
[  425.901166][ T8817]          and is ignored by this kernel. Remove the mand
[  425.901166][ T8817]          option from the mount to silence this warning.
[  425.901166][ T8817] =======================================================
[  425.913437][ T7624] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  425.969537][ T7624] usb 4-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0xAB, skipping
[  425.980199][ T7624] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  426.008473][ T7624] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  426.017363][ T7624] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  426.028523][ T7624] usb 4-1: config 0 descriptor??
[  426.033616][ T8788] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  426.044519][ T8788] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  426.325814][   T28] audit: type=1400 audit(1744500510.795:593): avc:  denied  { ioctl } for  pid=8820 comm="syz.1.2317" path="socket:[47763]" dev="sockfs" ino=47763 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  426.719443][ T7624] usb 4-1: USB disconnect, device number 21
[  426.878830][ T2023] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  427.530563][ T2023] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  427.578367][ T2023] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  427.698099][ T2023] usb 3-1: New USB device found, idVendor=056a, idProduct=0314, bcdDevice= 0.00
[  427.708989][ T2023] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  427.717863][ T2023] usb 3-1: config 0 descriptor??
[  428.017650][ T7624] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  428.354445][   T28] audit: type=1400 audit(1744500512.825:594): avc:  denied  { read } for  pid=87 comm="acpid" name="mouse0" dev="devtmpfs" ino=1124 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1
[  428.357454][ T2023] wacom 0003:056A:0314.000B: Unknown device_type for 'HID 056a:0314'. Assuming pen.
[  428.385600][   T28] audit: type=1400 audit(1744500512.825:595): avc:  denied  { open } for  pid=87 comm="acpid" path="/dev/input/mouse0" dev="devtmpfs" ino=1124 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1
[  429.055370][ T8873] block device autoloading is deprecated and will be removed.
[  429.065378][   T28] audit: type=1400 audit(1744500512.825:596): avc:  denied  { ioctl } for  pid=87 comm="acpid" path="/dev/input/mouse0" dev="devtmpfs" ino=1124 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1
[  429.093304][ T2023] wacom 0003:056A:0314.000B: hidraw0: USB HID v0.00 Device [HID 056a:0314] on usb-dummy_hcd.2-1/input0
[  429.105628][ T7624] usb 4-1: config 0 has an invalid interface number: 176 but max is 0
[  429.106491][ T2023] input: Wacom Intuos Pro S Pen as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:056A:0314.000B/input/input11
[  429.132473][ T2023] usb 3-1: USB disconnect, device number 15
[  429.180387][ T7624] usb 4-1: config 0 has no interface number 0
[  429.187087][   T28] audit: type=1400 audit(1744500513.655:597): avc:  denied  { connect } for  pid=8877 comm="syz.0.2336" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  429.231053][ T7624] usb 4-1: config 0 interface 176 has no altsetting 0
[  429.258219][ T7624] usb 4-1: New USB device found, idVendor=07c4, idProduct=a000, bcdDevice= 0.0e
[  429.285280][ T7624] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  429.299131][ T7624] usb 4-1: config 0 descriptor??
[  429.501110][ T8852] loop1: detected capacity change from 0 to 131072
[  429.508212][ T7624] usb 4-1: string descriptor 0 read error: -71
[  429.515416][ T7624] ums-datafab 4-1:0.176: USB Mass Storage device detected
[  429.515505][ T8852] F2FS-fs (loop1): Test dummy encryption mode enabled
[  429.531046][ T8852] F2FS-fs (loop1): invalid crc value
[  429.538215][ T8852] F2FS-fs (loop1): Found nat_bits in checkpoint
[  429.560308][ T7624] usb 4-1: USB disconnect, device number 22
[  429.578472][  T322] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  429.579141][ T8852] F2FS-fs (loop1): sanity_check_inode: corrupted inode ino=3, run fsck to fix.
[  429.595240][ T8852] F2FS-fs (loop1): Failed to read root inode
[  429.627630][ T8890] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2339'.
[  429.709382][ T8898] kvm: vcpu 2: requested 128 ns lapic timer period limited to 200000 ns
[  429.717711][ T8898] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  429.758448][  T322] usb 5-1: Using ep0 maxpacket: 16
[  429.764703][  T322] usb 5-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xF3, skipping
[  429.791749][  T322] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  429.801387][  T322] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  429.827941][  T322] usb 5-1: Product: syz
[  429.832241][  T322] usb 5-1: Manufacturer: syz
[  429.836742][  T322] usb 5-1: SerialNumber: syz
[  429.860556][  T322] usb 5-1: config 0 descriptor??
[  429.892479][ T8903] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  430.090916][   T28] audit: type=1400 audit(1744500514.565:598): avc:  denied  { ioctl } for  pid=8910 comm="syz.1.2348" path="/dev/rtc0" dev="devtmpfs" ino=259 ioctlcmd=0x700a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  430.358901][  T322] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  430.443231][   T28] audit: type=1400 audit(1744500514.915:599): avc:  denied  { read write } for  pid=8931 comm="syz.0.2356" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  430.443944][ T8932] pci 0000:00:05.0: vgaarb: changed VGA decodes: olddecodes=io+mem,decodes=io+mem:owns=io+mem
[  430.467901][   T28] audit: type=1400 audit(1744500514.915:600): avc:  denied  { open } for  pid=8931 comm="syz.0.2356" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  430.977159][ T8942] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer.
[  430.998480][  T322] usb 4-1: Using ep0 maxpacket: 32
[  431.004759][  T322] usb 4-1: config 0 has an invalid interface number: 184 but max is 0
[  431.013367][  T322] usb 4-1: config 0 has no interface number 0
[  431.019362][  T322] usb 4-1: config 0 interface 184 has no altsetting 0
[  431.027290][  T322] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  431.036750][  T322] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  431.044905][  T322] usb 4-1: Product: syz
[  431.049202][  T322] usb 4-1: Manufacturer: syz
[  431.053668][  T322] usb 4-1: SerialNumber: syz
[  431.064688][  T322] usb 4-1: config 0 descriptor??
[  431.071649][  T322] smsc75xx v1.0.0
[  431.358467][  T760] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  431.508466][ T7624] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  431.538464][  T760] usb 3-1: Using ep0 maxpacket: 8
[  431.544466][  T760] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[  431.552646][  T760] usb 3-1: config 179 has no interface number 0
[  431.558770][  T760] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  431.569814][  T760] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  431.581445][  T760] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  431.592361][  T760] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  431.605397][  T760] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  431.614322][  T760] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  431.623354][ T8951] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  431.709599][ T7624] usb 2-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  431.718558][ T7624] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  431.727451][ T7624] usb 2-1: config 0 descriptor??
[  431.835832][  T760] input: Generic X-Box pad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input14
[  431.873367][  T322] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -71
[  431.884195][  T322] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  431.894037][  T322] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  431.904670][  T322] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  431.914112][  T322] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  431.924223][  T322] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  431.933465][  T322] smsc75xx: probe of 4-1:0.184 failed with error -71
[  431.940999][  T322] usb 4-1: USB disconnect, device number 23
[  432.035144][    C1] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  432.043394][    C1] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  432.051796][  T760] usb 3-1: USB disconnect, device number 16
[  432.057847][  T760] xpad 3-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  432.148472][ T6091] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  432.293058][  T760] usb 5-1: USB disconnect, device number 23
[  432.358495][ T6091] usb 1-1: Using ep0 maxpacket: 32
[  432.364605][ T6091] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  432.375382][ T6091] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  432.384996][ T6091] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d51, bcdDevice= 0.00
[  432.394206][ T6091] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  432.401425][   T28] audit: type=1400 audit(1744500516.875:601): avc:  denied  { ioctl } for  pid=8965 comm="syz.3.2369" path="socket:[48008]" dev="sockfs" ino=48008 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  432.403917][ T6091] usb 1-1: config 0 descriptor??
[  432.429364][ T8966] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2369'.
[  432.555201][   T28] audit: type=1400 audit(1744500517.025:602): avc:  denied  { setopt } for  pid=8969 comm="syz.2.2371" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  432.698501][  T760] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  432.728492][  T322] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  432.836623][ T6091] koneplus 0003:1E7D:2D51.000C: item fetching failed at offset 4/5
[  432.844628][ T6091] koneplus 0003:1E7D:2D51.000C: parse failed
[  432.850492][ T6091] koneplus: probe of 0003:1E7D:2D51.000C failed with error -22
[  432.888466][  T760] usb 5-1: Using ep0 maxpacket: 16
[  432.894550][  T760] usb 5-1: config 0 has an invalid interface number: 145 but max is 0
[  432.902748][  T760] usb 5-1: config 0 has no interface number 0
[  432.909704][  T322] usb 4-1: New USB device found, idVendor=06a3, idProduct=0cd0, bcdDevice= 0.00
[  432.910380][  T760] usb 5-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  432.918724][  T322] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  432.927624][  T760] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  432.936901][  T322] usb 4-1: config 0 descriptor??
[  432.947897][  T760] usb 5-1: Product: syz
[  432.948764][ T7624] usb 2-1: Cannot set autoneg
[  432.951991][  T760] usb 5-1: Manufacturer: syz
[  432.958445][ T7624] MOSCHIP usb-ethernet driver: probe of 2-1:0.0 failed with error -71
[  432.961390][  T760] usb 5-1: SerialNumber: syz
[  432.970624][ T7624] usb 2-1: USB disconnect, device number 11
[  432.977202][  T760] usb 5-1: config 0 descriptor??
[  432.987411][  T760] hub 5-1:0.145: bad descriptor, ignoring hub
[  432.993364][  T760] hub: probe of 5-1:0.145 failed with error -5
[  432.999672][  T760] usbhid 5-1:0.145: couldn't find an input interrupt endpoint
[  433.047878][  T760] usb 1-1: USB disconnect, device number 24
[  433.308575][ T2023] usb 5-1: USB disconnect, device number 24
[  433.384003][  T322] saitek 0003:06A3:0CD0.000D: unknown main item tag 0x0
[  433.390964][  T322] saitek 0003:06A3:0CD0.000D: unknown main item tag 0x0
[  433.397645][  T322] saitek 0003:06A3:0CD0.000D: unknown main item tag 0x0
[  433.404491][  T322] saitek 0003:06A3:0CD0.000D: unknown main item tag 0x0
[  433.411217][  T322] saitek 0003:06A3:0CD0.000D: unknown main item tag 0x0
[  433.418761][  T322] saitek 0003:06A3:0CD0.000D: hidraw0: USB HID v1.01 Device [HID 06a3:0cd0] on usb-dummy_hcd.3-1/input0
[  433.489977][ T8977] kvm: vcpu 2: requested 128 ns lapic timer period limited to 200000 ns
[  433.498250][ T8977] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  433.548917][   T28] audit: type=1400 audit(1744500518.025:603): avc:  denied  { setopt } for  pid=8974 comm="syz.2.2373" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  433.574388][ T8976] kvm [8974]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0x4000
[  433.605601][ T8976] kvm [8974]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0x4000
[  433.656031][ T8976] kvm [8974]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0x4000
[  433.657198][ T2023] usb 4-1: USB disconnect, device number 24
[  433.670980][ T8976] kvm [8974]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0x4000
[  433.806213][ T8976] kvm [8974]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0x4000
[  433.826156][ T8976] kvm [8974]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0x4000
[  433.845909][ T8976] kvm [8974]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0x4000
[  433.859155][ T8976] kvm [8974]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0x4000
[  433.872915][ T8976] kvm [8974]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0x4000
[  433.885765][ T8976] kvm [8974]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0x4000
[  434.758476][  T322] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  435.128007][   T28] audit: type=1400 audit(1744500519.385:604): avc:  denied  { nlmsg_write } for  pid=9013 comm="syz.0.2387" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  435.188605][ T2023] usb 5-1: new full-speed USB device number 25 using dummy_hcd
[  435.550872][ T2023] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  435.581661][ T2023] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  435.631270][ T2023] usb 5-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00
[  435.676608][ T2023] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  435.758672][ T2023] usb 5-1: config 0 descriptor??
[  435.778481][  T322] usb 2-1: Using ep0 maxpacket: 16
[  435.784597][  T322] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  435.795632][  T322] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  435.805654][  T322] usb 2-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  435.814769][  T322] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  435.823809][  T322] usb 2-1: config 0 descriptor??
[  436.168294][ T2023] steelseries_srws1 0003:1038:1410.000E: item fetching failed at offset 5/7
[  436.177468][ T2254] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  436.188521][ T2023] steelseries_srws1 0003:1038:1410.000E: parse failed
[  436.195333][ T2023] steelseries_srws1: probe of 0003:1038:1410.000E failed with error -22
[  436.240864][  T322] input: HID 05ac:8241 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:05AC:8241.000F/input/input15
[  436.330861][  T322] appleir 0003:05AC:8241.000F: input,hiddev96,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.1-1/input0
[  436.358933][ T2254] usb 3-1: Using ep0 maxpacket: 16
[  436.371922][  T760] usb 5-1: USB disconnect, device number 25
[  436.388631][ T2254] usb 3-1: config 8 has an invalid interface number: 39 but max is 0
[  436.415622][ T2254] usb 3-1: config 8 has no interface number 0
[  436.427718][ T2254] usb 3-1: config 8 interface 39 altsetting 1 has an invalid endpoint with address 0xDF, skipping
[  436.442844][ T2254] usb 3-1: config 8 interface 39 has no altsetting 0
[  436.460125][ T2254] usb 3-1: New USB device found, idVendor=05ac, idProduct=c704, bcdDevice=62.77
[  436.478470][ T2254] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  436.486407][ T2254] usb 3-1: Product: syz
[  436.490477][ T2254] usb 3-1: Manufacturer: syz
[  436.496499][ T2254] usb 3-1: SerialNumber: syz
[  436.526154][   T28] audit: type=1400 audit(1744500520.995:605): avc:  denied  { bind } for  pid=9046 comm="syz.0.2400" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  436.526253][ T9047] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2400'.
[  436.587426][   T28] audit: type=1400 audit(1744500521.055:606): avc:  denied  { create } for  pid=9052 comm="syz.3.2403" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  436.765117][ T2254] ipheth 3-1:8.39: Unable to find endpoints
[  436.807712][ T9060] IPv6: NLM_F_CREATE should be specified when creating new route
[  437.001110][ T2254] usb 2-1: USB disconnect, device number 12
[  437.848570][ T2023] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  438.050863][ T2023] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  438.097978][ T2023] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  438.124092][ T2023] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  438.142436][ T2023] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  438.151885][ T2023] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  438.173911][ T2023] usb 2-1: config 0 descriptor??
[  438.179663][   T28] audit: type=1400 audit(1744500522.655:607): avc:  denied  { mount } for  pid=9083 comm="syz.4.2414" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[  438.203456][   T28] audit: type=1400 audit(1744500522.665:608): avc:  denied  { unmount } for  pid=292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[  438.530597][ T9096] overlayfs: conflicting options: nfs_export=on,index=off
[  438.606451][ T2023] plantronics 0003:047F:FFFF.0010: No inputs registered, leaving
[  438.624659][ T2023] plantronics 0003:047F:FFFF.0010: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  438.843223][ T6091] usb 3-1: USB disconnect, device number 17
[  438.921087][ T2254] usb 2-1: USB disconnect, device number 13
[  439.068519][ T2023] usb 4-1: new full-speed USB device number 25 using dummy_hcd
[  439.259964][ T2023] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  439.269961][ T2023] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  439.316342][ T2023] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  439.332105][ T2023] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  439.341888][ T2023] usb 4-1: Product: syz
[  439.345959][ T2023] usb 4-1: Manufacturer: syz
[  439.350797][ T2023] usb 4-1: SerialNumber: syz
[  439.531055][   T28] audit: type=1400 audit(1744500524.005:609): avc:  denied  { bind } for  pid=9144 comm="syz.1.2439" lport=60 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  439.551183][   T28] audit: type=1400 audit(1744500524.005:610): avc:  denied  { name_bind } for  pid=9144 comm="syz.1.2439" src=24099 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[  439.608463][   T28] audit: type=1400 audit(1744500524.005:611): avc:  denied  { node_bind } for  pid=9144 comm="syz.1.2439" saddr=::1 src=24099 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1
[  439.610394][ T9153] loop1: detected capacity change from 0 to 256
[  439.640405][   T28] audit: type=1400 audit(1744500524.055:612): avc:  denied  { mount } for  pid=9148 comm="syz.1.2441" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  439.662587][   T28] audit: type=1400 audit(1744500524.065:613): avc:  denied  { name_bind } for  pid=9150 comm="syz.1.2442" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[  439.788006][ T2023] usb 4-1: 0:2 : does not exist
[  440.058512][   T39] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  440.208166][ T6091] usb 4-1: USB disconnect, device number 25
[  440.248603][   T39] usb 3-1: Using ep0 maxpacket: 8
[  440.255777][   T39] usb 3-1: config 0 has no interfaces?
[  440.279175][   T39] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  440.309166][   T39] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  440.330309][   T39] usb 3-1: Product: syz
[  440.358451][   T39] usb 3-1: Manufacturer: syz
[  440.362917][   T39] usb 3-1: SerialNumber: syz
[  440.378715][   T39] usb 3-1: config 0 descriptor??
[  440.587074][ T2023] usb 3-1: USB disconnect, device number 18
[  440.708458][   T39] usb 5-1: new low-speed USB device number 26 using dummy_hcd
[  440.772860][ T9178] device erspan1 entered promiscuous mode
[  440.795763][   T28] audit: type=1400 audit(1744500525.265:614): avc:  denied  { block_suspend } for  pid=9179 comm="syz.3.2455" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  440.817664][   T28] audit: type=1400 audit(1744500525.285:615): avc:  denied  { module_load } for  pid=9179 comm="syz.3.2455" path="/sys/power/wakeup_count" dev="sysfs" ino=1145 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=system permissive=1
[  440.909548][   T39] usb 5-1: config 0 has an invalid interface number: 55 but max is 0
[  440.917609][   T39] usb 5-1: config 0 has no interface number 0
[  440.924444][   T39] usb 5-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0x80, skipping
[  440.938522][   T39] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  440.949385][   T39] usb 5-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0xAB, skipping
[  440.960271][   T39] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  440.973527][   T39] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  440.982783][   T39] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  440.995673][   T39] usb 5-1: config 0 descriptor??
[  441.001252][ T9165] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  441.008226][ T9165] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  441.220995][  T322] usb 5-1: USB disconnect, device number 26
[  441.378495][ T6091] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  441.558436][ T6091] usb 3-1: Using ep0 maxpacket: 8
[  441.564453][ T6091] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 13
[  441.589866][ T6091] usb 3-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58
[  441.609565][ T6091] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  441.617526][ T6091] usb 3-1: Product: syz
[  441.628443][ T6091] usb 3-1: Manufacturer: syz
[  441.633156][ T6091] usb 3-1: SerialNumber: syz
[  441.647126][ T6091] usb 3-1: config 0 descriptor??
[  442.080327][ T5656] Bluetooth: hci0: Frame reassembly failed (-84)
[  442.398515][  T322] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  442.579574][  T322] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  442.590313][  T322] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  442.602904][  T322] usb 2-1: New USB device found, idVendor=1223, idProduct=3f07, bcdDevice= 0.00
[  442.611755][  T322] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  442.620437][  T322] usb 2-1: config 0 descriptor??
[  442.778464][ T6091] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  442.959394][ T6091] usb 4-1: Using ep0 maxpacket: 16
[  442.966166][ T6091] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  442.975156][ T6091] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  442.985158][ T6091] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  442.995986][ T6091] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  443.004919][ T6091] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  443.012736][ T6091] usb 4-1: Product: syz
[  443.016659][ T6091] usb 4-1: Manufacturer: syz
[  443.021145][ T6091] usb 4-1: SerialNumber: syz
[  443.028497][  T322] ortek 0003:1223:3F07.0011: unknown main item tag 0x5
[  443.035182][  T322] ortek 0003:1223:3F07.0011: unknown global tag 0xe
[  443.042233][  T322] ortek 0003:1223:3F07.0011: item 0 1 1 14 parsing failed
[  443.050095][  T322] ortek: probe of 0003:1223:3F07.0011 failed with error -22
[  443.231300][  T322] usb 2-1: USB disconnect, device number 14
[  443.451215][ T6091] usb 4-1: 0:2 : does not exist
[  443.779952][ T9246] tun0: tun_chr_ioctl cmd 3234370597
[  443.982125][ T9252] fuse: root generation should be zero
[  444.002830][   T28] audit: type=1400 audit(1744500534.477:616): avc:  denied  { create } for  pid=9257 comm="syz.1.2483" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  444.037879][   T28] audit: type=1400 audit(1744500534.507:617): avc:  denied  { mounton } for  pid=9259 comm="syz.1.2484" path="/539/file0" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[  444.039914][ T9261] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  444.085362][ T6091] usb 4-1: 1:0: failed to get current value for ch 0 (-22)
[  444.114096][ T6091] usb 4-1: USB disconnect, device number 26
[  444.144630][   T28] audit: type=1400 audit(1744500534.617:618): avc:  denied  { unmount } for  pid=294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  444.158137][   T39] usb 3-1: USB disconnect, device number 19
[  444.170546][   T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  444.170580][ T7699] Bluetooth: hci0: command 0x1003 tx timeout
[  444.398960][ T8876] udevd[8876]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  444.718303][ T9294] /dev/loop0: Can't open blockdev
[  445.083120][   T28] audit: type=1400 audit(1744500535.557:619): avc:  denied  { audit_write } for  pid=9295 comm="syz.0.2497" capability=29  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  446.025011][ T9312] netlink: 'syz.0.2500': attribute type 13 has an invalid length.
[  446.102908][ T9312] netlink: 'syz.0.2500': attribute type 27 has an invalid length.
[  448.379812][   T28] audit: type=1400 audit(1744500538.207:620): avc:  denied  { create } for  pid=9363 comm="syz.3.2519" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  449.286235][ T9392] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  449.591813][ T9407] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2533'.
[  450.311506][   T28] audit: type=1400 audit(1744500540.787:621): avc:  denied  { read } for  pid=9428 comm="syz.2.2542" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  451.529549][ T9446] mmap: syz.1.2546 (9446) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  452.291324][   T28] audit: type=1400 audit(1744500542.767:622): avc:  denied  { mount } for  pid=9480 comm="syz.0.2558" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[  452.430041][   T28] audit: type=1400 audit(1744500542.797:623): avc:  denied  { mounton } for  pid=9480 comm="syz.0.2558" path="/501/file0" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1
[  453.330038][   T28] audit: type=1400 audit(1744500542.797:624): avc:  denied  { read } for  pid=9480 comm="syz.0.2558" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1
[  453.400950][ T9506] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  453.445448][ T9506] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it.
[  453.458841][ T9506] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  453.477137][   T28] audit: type=1400 audit(1744500542.797:625): avc:  denied  { open } for  pid=9480 comm="syz.0.2558" path="/501/file0" dev="overlay" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1
[  453.581699][   T28] audit: type=1400 audit(1744500542.807:626): avc:  denied  { unmount } for  pid=293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[  455.553577][ T9530] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  455.772943][ T9530] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  455.826869][ T9543] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2577'.
[  455.835828][ T9543] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2577'.
[  457.138465][ T9566] input: syz0 as /devices/virtual/input/input17
[  459.134724][   T28] audit: type=1400 audit(1744500549.607:627): avc:  denied  { listen } for  pid=9602 comm="syz.4.2596" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  459.601272][ T9600] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  464.028796][   T24] kernel write not supported for file /input/event2 (pid: 24 comm: kworker/1:0)
[  464.115838][   T28] audit: type=1400 audit(1744500554.587:628): avc:  denied  { append } for  pid=9675 comm="syz.4.2619" name="event2" dev="devtmpfs" ino=271 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  464.352343][   T28] audit: type=1400 audit(1744500554.827:629): avc:  denied  { mount } for  pid=9692 comm="syz.1.2626" name="/" dev="ramfs" ino=52290 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  465.147942][   T28] audit: type=1326 audit(1744500555.617:630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9722 comm="syz.0.2636" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbc4c18d169 code=0x0
[  467.958486][ T7624] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  468.092645][ T9786] overlayfs: unrecognized mount option "verity=on" or missing value
[  468.148447][ T7624] usb 3-1: Using ep0 maxpacket: 16
[  468.156801][ T7624] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  468.173968][ T7624] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  468.191430][ T7624] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  468.208324][ T7624] usb 3-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00
[  468.218614][ T7624] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  468.231786][ T7624] usb 3-1: config 0 descriptor??
[  468.591130][ T7624] usbhid 3-1:0.0: can't add hid device: -71
[  468.597335][ T7624] usbhid: probe of 3-1:0.0 failed with error -71
[  468.606269][ T7624] usb 3-1: USB disconnect, device number 20
[  471.598071][   T28] audit: type=1400 audit(1744500562.067:631): avc:  denied  { unmount } for  pid=294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  472.147392][ T9868] 9pnet_fd: Insufficient options for proto=fd
[  475.481009][   T28] audit: type=1400 audit(1744500565.957:632): avc:  denied  { getopt } for  pid=9910 comm="syz.1.2699" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  476.099674][ T9940] usb usb8: usbfs: process 9940 (syz.0.2713) did not claim interface 0 before use
[  476.174370][ T9940] usb usb8: selecting invalid altsetting 4
[  478.329057][   T28] audit: type=1400 audit(1744500568.807:633): avc:  denied  { bind } for  pid=9964 comm="syz.0.2721" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  478.816764][ T9993] netlink: 176 bytes leftover after parsing attributes in process `syz.1.2728'.
[  478.864077][ T9995] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  478.964260][ T9995] device syzkaller0 entered promiscuous mode
[  478.971506][ T9995] tipc: Resetting bearer <eth:syzkaller0>
[  478.988905][  T866] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  479.208564][ T9994] tipc: Resetting bearer <eth:syzkaller0>
[  479.219307][  T866] usb 3-1: Using ep0 maxpacket: 16
[  479.228700][  T866] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  479.253936][ T9994] tipc: Disabling bearer <eth:syzkaller0>
[  479.259673][  T866] usb 3-1: config 0 has no interfaces?
[  479.270090][  T866] usb 3-1: New USB device found, idVendor=05ac, idProduct=c704, bcdDevice=62.77
[  479.286292][  T866] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  479.299069][  T866] usb 3-1: Product: syz
[  479.303336][  T866] usb 3-1: Manufacturer: syz
[  479.307958][  T866] usb 3-1: SerialNumber: syz
[  479.424523][  T866] usb 3-1: config 0 descriptor??
[  480.103651][  T344] usb 3-1: USB disconnect, device number 21
[  480.193123][T10016] futex_wake_op: syz.4.2737 tries to shift op by -1; fix this program
[  480.330090][T10024] overlayfs: unrecognized mount option "fsuuid=36794e55-ff47-0253-c386-cfb5c762" or missing value
[  480.746709][  T866] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  481.045693][  T866] usb 2-1: Using ep0 maxpacket: 32
[  481.077326][  T866] usb 2-1: unable to get BOS descriptor or descriptor too short
[  481.318482][   T28] audit: type=1400 audit(1744500571.777:634): avc:  denied  { write } for  pid=10053 comm="syz.3.2747" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  481.371342][  T866] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  481.381789][  T866] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  481.391877][  T866] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  481.407239][  T866] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  481.412623][T10063] input: syz0 as /devices/virtual/input/input21
[  481.421985][  T866] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  481.441382][  T866] usb 2-1: Product: syz
[  481.458212][  T866] usb 2-1: Manufacturer: syz
[  481.502458][  T866] usb 2-1: SerialNumber: syz
[  481.744725][  T866] usb 2-1: 0:2 : does not exist
[  481.763223][T10068] overlayfs: unrecognized mount option "fsuuid=36794e55-ff47-0253-c386-cfb5c762" or missing value
[  481.766653][  T866] usb 2-1: USB disconnect, device number 15
[  482.714757][T10098] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2757'.
[  483.281249][T10105] input: syz0 as /devices/virtual/input/input22
[  483.348784][T10113] overlayfs: unrecognized mount option "fsuuid=36794e55-ff47-0253-c386-cfb5c762" or missing value
[  485.307275][T10157] input: syz0 as /devices/virtual/input/input23
[  485.827305][T10174] overlayfs: unrecognized mount option "fsuuid=36794e55-ff47-0253-c386-cfb5c762" or missing value
[  485.923913][T10188] netlink: 'syz.3.2782': attribute type 3 has an invalid length.
[  485.931592][T10188] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2782'.
[  486.765808][T10170] incfs_lookup_dentry err:-103
[  486.816324][T10170] incfs: Can't find or create .index dir in ./file0
[  486.907548][T10170] incfs: mount failed -103
[  487.434275][  T760] usb 1-1: new full-speed USB device number 25 using dummy_hcd
[  487.640617][  T760] usb 1-1: config index 0 descriptor too short (expected 5668, got 36)
[  487.675132][  T760] usb 1-1: config 3 has too many interfaces: 84, using maximum allowed: 32
[  487.782427][  T760] usb 1-1: config 3 has 1 interface, different from the descriptor's value: 84
[  487.825361][T10220] overlayfs: unrecognized mount option "fsuuid=36794e55-ff47-0253-c386-cfb5c762" or missing value
[  487.835967][  T760] usb 1-1: config 3 has no interface number 0
[  487.847406][  T760] usb 1-1: config 3 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  487.991138][  T760] usb 1-1: config 3 interface 20 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  488.057614][  T760] usb 1-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00
[  488.066713][  T760] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  488.074819][  T760] usb 1-1: Product: syz
[  488.078858][  T760] usb 1-1: Manufacturer: syz
[  488.083251][  T760] usb 1-1: SerialNumber: syz
[  488.088753][T10209] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  488.799848][T10245] bridge0: port 1(vlan2) entered blocking state
[  488.806017][T10245] bridge0: port 1(vlan2) entered disabled state
[  488.939724][   T28] audit: type=1400 audit(1744500579.267:635): avc:  denied  { mount } for  pid=10221 comm="syz.4.2793" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  489.286198][  T760] usb-storage 1-1:3.20: USB Mass Storage device detected
[  489.301946][  T760] usb-storage 1-1:3.20: Quirks match for vid 04e6 pid 000b: 4
[  489.313799][  T760] scsi host1: usb-storage 1-1:3.20
[  489.321126][  T760] usb 1-1: USB disconnect, device number 25
[  489.431502][   T28] audit: type=1400 audit(1744500579.907:636): avc:  denied  { mounton } for  pid=10266 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  489.465735][  T198] tipc: Disabling bearer <eth:veth0_to_batadv>
[  489.475289][  T198] tipc: Left network mode
[  489.573978][T10266] bridge0: port 1(bridge_slave_0) entered blocking state
[  489.583489][T10266] bridge0: port 1(bridge_slave_0) entered disabled state
[  489.591153][T10266] device bridge_slave_0 entered promiscuous mode
[  489.597149][T10272] overlayfs: unrecognized mount option "fsuuid=36794e55-ff47-0253-c386-cfb5c762" or missing value
[  489.609164][T10266] bridge0: port 2(bridge_slave_1) entered blocking state
[  489.616017][T10266] bridge0: port 2(bridge_slave_1) entered disabled state
[  489.623682][T10266] device bridge_slave_1 entered promiscuous mode
[  489.765768][T10266] bridge0: port 2(bridge_slave_1) entered blocking state
[  489.772809][T10266] bridge0: port 2(bridge_slave_1) entered forwarding state
[  489.779884][T10266] bridge0: port 1(bridge_slave_0) entered blocking state
[  489.786729][T10266] bridge0: port 1(bridge_slave_0) entered forwarding state
[  489.985389][  T633] bridge0: port 1(bridge_slave_0) entered disabled state
[  490.013898][  T633] bridge0: port 2(bridge_slave_1) entered disabled state
[  490.163743][ T5656] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  490.172409][ T5656] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  490.191840][ T5656] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  490.223726][ T5656] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  490.285642][ T5656] bridge0: port 1(bridge_slave_0) entered blocking state
[  490.292584][ T5656] bridge0: port 1(bridge_slave_0) entered forwarding state
[  490.319739][  T198] device bridge_slave_1 left promiscuous mode
[  490.332143][  T198] bridge0: port 2(bridge_slave_1) entered disabled state
[  490.348037][  T198] device bridge_slave_0 left promiscuous mode
[  490.360472][  T198] bridge0: port 1(bridge_slave_0) entered disabled state
[  490.710259][  T198] device veth0_vlan left promiscuous mode
[  491.265632][ T5656] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  491.273897][ T5656] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  491.281937][ T5656] bridge0: port 2(bridge_slave_1) entered blocking state
[  491.288797][ T5656] bridge0: port 2(bridge_slave_1) entered forwarding state
[  491.299025][T10305] bridge0: port 2(vlan2) entered blocking state
[  491.305141][T10305] bridge0: port 2(vlan2) entered disabled state
[  491.326094][ T5656] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  491.339928][ T5656] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  491.358439][ T5656] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  491.366601][ T5656] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  491.384275][ T5656] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  491.392711][ T5656] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  491.401761][ T5656] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  491.410352][ T5656] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  491.419211][T10266] device veth0_vlan entered promiscuous mode
[  491.432582][ T5656] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  491.447382][T10314] overlayfs: unrecognized mount option "fsuuid=36794e55-ff47-0253-c386-cfb5c762" or missing value
[  491.459772][ T5656] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  491.475170][T10266] device veth1_macvtap entered promiscuous mode
[  491.543865][T10317] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2814'.
[  491.808997][   T28] audit: type=1400 audit(1744500582.277:637): avc:  denied  { mounton } for  pid=10266 comm="syz-executor" path="/root/syzkaller.d06QFm/syz-tmp" dev="sda1" ino=1950 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[  491.840711][  T633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  491.848944][  T633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  491.857298][  T633] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  491.868813][  T633] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  491.877052][  T633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  491.885949][  T633] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  491.902726][   T28] audit: type=1400 audit(1744500582.277:638): avc:  denied  { mounton } for  pid=10266 comm="syz-executor" path="/root/syzkaller.d06QFm/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  492.009974][   T28] audit: type=1400 audit(1744500582.277:639): avc:  denied  { mounton } for  pid=10266 comm="syz-executor" path="/root/syzkaller.d06QFm/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=54723 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  492.117603][  T633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  492.402266][ T2023] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  492.413795][   T28] audit: type=1400 audit(1744500582.277:640): avc:  denied  { mounton } for  pid=10266 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=528 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  492.798646][  T760] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  492.828526][ T2023] usb 1-1: Using ep0 maxpacket: 32
[  492.841161][ T2023] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 74, changing to 10
[  492.938994][ T2023] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 51062, setting to 1024
[  492.968489][ T2023] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  492.978170][ T2023] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  492.993713][ T2023] usb 1-1: config 0 descriptor??
[  492.998684][T10351] device veth1_macvtap left promiscuous mode
[  493.000761][T10324] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  493.010712][T10351] device macsec0 entered promiscuous mode
[  493.036805][T10353] futex_wake_op: syz.1.2824 tries to shift op by -1; fix this program
[  493.048494][  T760] usb 5-1: Using ep0 maxpacket: 8
[  493.055601][  T760] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  493.066843][  T760] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  493.080410][  T760] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  493.090589][  T760] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  493.103617][  T760] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  493.114449][  T760] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  493.459591][ T2023] savu 0003:1E7D:2D5A.0012: hiddev96,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.0-1/input0
[  493.476092][T10373] overlayfs: unrecognized mount option "fsuuid=36794e55-ff47-0253-c386-cfb5c762" or missing value
[  493.585812][T10384] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2829'.
[  493.799680][ T2023] usb 1-1: USB disconnect, device number 26
[  494.188505][  T760] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  494.558488][  T760] usb 3-1: Using ep0 maxpacket: 32
[  494.565217][  T760] usb 3-1: unable to get BOS descriptor or descriptor too short
[  494.574559][  T760] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  494.584878][  T760] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  494.596348][  T760] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  494.623573][  T760] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  494.663634][  T760] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  494.702254][  T760] usb 3-1: Product: syz
[  494.724686][  T760] usb 3-1: Manufacturer: syz
[  494.749635][  T760] usb 3-1: SerialNumber: syz
[  495.017986][  T760] usb 3-1: 0:2 : does not exist
[  495.025365][  T760] usb 3-1: USB disconnect, device number 22
[  495.256478][ T9590] usb 5-1: USB disconnect, device number 27
[  495.413496][ T8876] udevd[8876]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  496.381898][T10454] kvm: vcpu 2: requested 128 ns lapic timer period limited to 200000 ns
[  496.391195][T10454] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  496.428834][T10454] ------------[ cut here ]------------
[  496.434154][T10454] WARNING: CPU: 0 PID: 10454 at arch/x86/kvm/x86.c:11209 kvm_arch_vcpu_ioctl_run+0x2094/0x2270
[  496.444388][T10454] Modules linked in:
[  496.448024][T10454] CPU: 0 PID: 10454 Comm: syz.2.2854 Not tainted 6.1.129-syzkaller-00005-g19a0fb1d3513 #0
[  496.457828][T10454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  496.467680][T10454] RIP: 0010:kvm_arch_vcpu_ioctl_run+0x2094/0x2270
[  496.473928][T10454] Code: a4 e9 ff ff e8 8d c5 ac 00 e9 9a e9 ff ff 89 f9 80 e1 07 38 c1 0f 8c b0 e9 ff ff e8 76 c5 ac 00 e9 a6 e9 ff ff e8 1c 18 65 00 <0f> 0b e9 6b f9 ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c a7 f8 ff
[  496.493390][T10454] RSP: 0018:ffffc90000cb7bc0 EFLAGS: 00010287
[  496.499263][T10454] RAX: ffffffff81108014 RBX: 0000000000000000 RCX: 0000000000080000
[  496.507129][T10454] RDX: ffffc900022cd000 RSI: 0000000000000123 RDI: 0000000000000124
[  496.515008][T10454] RBP: ffffc90000cb7cd0 R08: ffffffff8117a856 R09: ffffed1022f5d799
[  496.522782][T10454] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88811d935000
[  496.530594][T10454] R13: ffff88811ab1a4c0 R14: dffffc0000000000 R15: ffff88811ab1a548
[  496.538428][T10454] FS:  00007f4b65e6a6c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  496.547140][T10454] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  496.553621][T10454] CR2: 0000200000000040 CR3: 000000011d6be000 CR4: 00000000003526b0
[  496.561402][T10454] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  496.569236][T10454] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  496.577001][T10454] Call Trace:
[  496.580156][T10454]  <TASK>
[  496.582897][T10454]  ? show_regs+0x58/0x60
[  496.586978][T10454]  ? __warn+0x160/0x3d0
[  496.591003][T10454]  ? kvm_arch_vcpu_ioctl_run+0x2094/0x2270
[  496.596619][T10454]  ? report_bug+0x4d5/0x7d0
[  496.601146][T10454]  ? kvm_arch_vcpu_ioctl_run+0x2094/0x2270
[  496.606912][T10454]  ? handle_bug+0x41/0x70
[  496.611153][T10454]  ? exc_invalid_op+0x1b/0x50
[  496.615598][T10454]  ? asm_exc_invalid_op+0x1b/0x20
[  496.620487][T10454]  ? kvm_lapic_hv_timer_in_use+0x66/0xc0
[  496.625925][T10454]  ? kvm_arch_vcpu_ioctl_run+0x2094/0x2270
[  496.631657][T10454]  ? kvm_arch_vcpu_ioctl_run+0x2094/0x2270
[  496.637208][T10454]  ? memcpy+0x56/0x70
[  496.641499][T10454]  ? mutex_lock_killable+0xb1/0x1e0
[  496.646535][T10454]  ? __kvm_request_immediate_exit+0x70/0x70
[  496.652489][T10454]  kvm_vcpu_ioctl+0x7eb/0xcf0
[  496.657145][T10454]  ? xa_release+0x40/0x40
[  496.661387][T10454]  ? selinux_file_ioctl+0x3cc/0x540
[  496.666334][T10454]  ? __ia32_sys_get_robust_list+0x90/0x90
[  496.671919][T10454]  ? selinux_file_alloc_security+0x120/0x120
[  496.677708][T10454]  ? __fget_files+0x2cb/0x330
[  496.682274][T10454]  ? security_file_ioctl+0x84/0xb0
[  496.687163][T10454]  ? xa_release+0x40/0x40
[  496.691372][T10454]  __se_sys_ioctl+0x114/0x190
[  496.695841][T10454]  __x64_sys_ioctl+0x7b/0x90
[  496.700299][T10454]  x64_sys_call+0x98/0x9a0
[  496.704520][T10454]  do_syscall_64+0x3b/0xb0
[  496.708801][T10454]  ? clear_bhb_loop+0x55/0xb0
[  496.713287][T10454]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  496.719265][T10454] RIP: 0033:0x7f4b64f8d169
[  496.723507][T10454] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  496.743328][T10454] RSP: 002b:00007f4b65e6a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  496.751754][T10454] RAX: ffffffffffffffda RBX: 00007f4b651a5fa0 RCX: 00007f4b64f8d169
[  496.759643][T10454] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  496.767398][T10454] RBP: 00007f4b6500e990 R08: 0000000000000000 R09: 0000000000000000
[  496.775262][T10454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  496.783147][T10454] R13: 0000000000000000 R14: 00007f4b651a5fa0 R15: 00007ffe95244258
[  496.791043][T10454]  </TASK>
[  496.793935][T10454] ---[ end trace 0000000000000000 ]---
[  498.479714][ T9590] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  498.678482][ T9590] usb 4-1: Using ep0 maxpacket: 32
[  498.686326][ T9590] usb 4-1: unable to get BOS descriptor or descriptor too short
[  498.827041][ T9590] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  498.835783][ T9590] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  498.859481][ T9590] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  499.452307][ T9590] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  499.527263][ T9590] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  499.535848][ T9590] usb 4-1: Product: syz
[  499.540151][ T9590] usb 4-1: Manufacturer: syz
[  499.544729][ T9590] usb 4-1: SerialNumber: syz
[  500.009706][ T9590] usb 4-1: 0:2 : does not exist
[  500.152180][ T9590] usb 4-1: USB disconnect, device number 27
[  500.512010][T10545] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2876'.
[  501.545555][T10551] incfs_lookup_dentry err:-107
[  501.552548][T10551] incfs: Can't find or create .index dir in ./file0
[  501.559389][T10551] incfs: mount failed -107
[  502.479381][T10585] loop0: detected capacity change from 0 to 512
[  502.496007][T10585] EXT4-fs: Ignoring removed i_version option
[  502.502252][T10585] EXT4-fs: Ignoring removed mblk_io_submit option
[  502.517328][T10585] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  502.571496][T10585] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2809: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  502.598719][T10585] EXT4-fs (loop0): 1 truncate cleaned up
[  502.605950][T10585] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  502.651865][T10608] overlayfs: unrecognized mount option "fsuuid=36794e55-ff47-0253-c386-cfb5c762" or missing value
[  503.254634][T10628] overlayfs: './file1' not a directory
[  503.264351][T10628] EXT4-fs error (device loop0): ext4_search_dir:1549: inode #12: block 7: comm syz.0.2891: bad entry in directory: inode out of bounds - offset=0, inode=16777215, rec_len=16, size=56 fake=0
[  503.283754][   T28] audit: type=1400 audit(1744500593.717:641): avc:  denied  { create } for  pid=10584 comm="syz.0.2891" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[  503.471917][   T28] audit: type=1400 audit(1744500593.727:642): avc:  denied  { mounton } for  pid=10584 comm="syz.0.2891" path="/554/file0/bus" dev="loop0" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[  503.538160][  T293] EXT4-fs (loop0): unmounting filesystem.
[  503.598538][   T28] audit: type=1400 audit(1744500593.797:643): avc:  denied  { write } for  pid=10584 comm="syz.0.2891" name="bus" dev="loop0" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[  503.664400][   T28] audit: type=1400 audit(1744500593.797:644): avc:  denied  { add_name } for  pid=10584 comm="syz.0.2891" name="memory.events" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[  503.806907][T10627] incfs_lookup_dentry err:-107
[  503.822564][T10627] incfs: Can't find or create .index dir in ./file0
[  503.900697][T10627] incfs: mount failed -107
[  504.222699][T10643] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer.
[  504.569958][T10661] overlayfs: unrecognized mount option "fsuuid=36794e55-ff47-0253-c386-cfb5c762" or missing value
[  505.670922][T10708] futex_wake_op: syz.2.2918 tries to shift op by -1; fix this program
[  505.702995][T10714] overlayfs: unrecognized mount option "fsuuid=36794e55-ff47-0253-c386-cfb5c762" or missing value
[  506.163200][T10737] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer.
[  506.844652][T10759] futex_wake_op: syz.2.2930 tries to shift op by -1; fix this program
[  507.153797][T10771] overlayfs: unrecognized mount option "fsuuid=36794e55-ff47-0253-c386-cfb5c762" or missing value
[  507.572163][T10793] bridge0: port 1(macsec0) entered blocking state
[  507.578516][T10793] bridge0: port 1(macsec0) entered disabled state
[  508.031923][T10808] futex_wake_op: syz.2.2943 tries to shift op by -1; fix this program
[  508.069447][T10810] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer.
[  508.194208][T10815] input: syz0 as /devices/virtual/input/input30
[  508.845029][T10822] overlayfs: unrecognized mount option "fsuuid=36794e55-ff47-0253-c386-cfb5c762" or missing value
[  509.727406][T10853] futex_wake_op: syz.0.2955 tries to shift op by -1; fix this program
[  510.170819][T10863] input: syz0 as /devices/virtual/input/input31
[  510.343853][T10868] overlayfs: unrecognized mount option "fsuuid=36794e55-ff47-0253-c386-cfb5c762" or missing value
[  511.779305][T10906] fuse: Bad value for 'fd'
[  511.968945][ T9590] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  512.537520][T10918] futex_wake_op: syz.1.2970 tries to shift op by -1; fix this program
[  512.598447][ T9590] usb 1-1: Using ep0 maxpacket: 32
[  512.709963][ T9590] usb 1-1: unable to get BOS descriptor or descriptor too short
[  512.738277][ T9590] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  512.757371][ T9590] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  512.775165][ T9590] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  512.775365][T10923] overlayfs: unrecognized mount option "fsuuid=36794e55-ff47-0253-c386-cfb5c762" or missing value
[  512.795970][ T9590] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  512.819259][ T9590] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  512.835107][ T9590] usb 1-1: Product: syz
[  512.924574][ T9590] usb 1-1: Manufacturer: syz
[  512.938905][ T9590] usb 1-1: SerialNumber: syz
[  513.207232][T10866] device pim6reg1 entered promiscuous mode
[  513.227231][ T9590] usb 1-1: 0:2 : does not exist
[  513.250834][ T9590] usb 1-1: USB disconnect, device number 27
[  514.118810][T10977] input: syz0 as /devices/virtual/input/input32
[  514.875507][T10992] device bridge0 entered promiscuous mode
[  514.881770][T10992] bridge0: port 3(macsec0) entered blocking state
[  514.888017][T10992] bridge0: port 3(macsec0) entered disabled state
[  514.940905][T10992] device bridge0 left promiscuous mode
[  515.869812][T11030] input: syz0 as /devices/virtual/input/input33
[  516.171805][T11039] device bridge0 entered promiscuous mode
[  516.182174][T11039] bridge0: port 3(macsec1) entered blocking state
[  516.884651][T11039] bridge0: port 3(macsec1) entered disabled state
[  516.895183][T11039] device bridge0 left promiscuous mode
[  517.937127][T11088] futex_wake_op: syz.0.3012 tries to shift op by -1; fix this program
[  517.950671][T11077] bridge0: port 1(bridge_slave_0) entered blocking state
[  517.957758][T11077] bridge0: port 1(bridge_slave_0) entered disabled state
[  517.975784][T11077] device bridge_slave_0 entered promiscuous mode
[  517.992874][T11077] bridge0: port 2(bridge_slave_1) entered blocking state
[  518.000697][T11077] bridge0: port 2(bridge_slave_1) entered disabled state
[  518.009836][T11077] device bridge_slave_1 entered promiscuous mode
[  518.171509][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  518.180500][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  518.196637][T11101] device bridge0 entered promiscuous mode
[  518.203607][T11101] bridge0: port 3(macsec0) entered blocking state
[  518.215616][T11101] bridge0: port 3(macsec0) entered disabled state
[  518.223593][T11101] device bridge0 left promiscuous mode
[  518.239555][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  518.248098][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  518.256477][   T43] bridge0: port 1(bridge_slave_0) entered blocking state
[  518.263355][   T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[  518.278779][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  518.302201][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  518.315899][   T43] bridge0: port 2(bridge_slave_1) entered blocking state
[  518.322827][   T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[  518.339940][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  518.362706][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  518.379382][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  518.392798][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  518.405685][T11077] device veth0_vlan entered promiscuous mode
[  518.412199][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  518.420998][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  518.429957][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  518.741747][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  518.750921][T11077] device veth1_macvtap entered promiscuous mode
[  518.761529][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  518.772814][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  518.942896][   T43] tipc: Left network mode
[  519.000318][T11114] bridge0: port 1(bridge_slave_0) entered blocking state
[  519.007584][T11114] bridge0: port 1(bridge_slave_0) entered disabled state
[  519.015938][T11114] device bridge_slave_0 entered promiscuous mode
[  519.023162][T11114] bridge0: port 2(bridge_slave_1) entered blocking state
[  519.031283][T11114] bridge0: port 2(bridge_slave_1) entered disabled state
[  519.039157][T11114] device bridge_slave_1 entered promiscuous mode
[  519.267811][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  519.275809][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  519.294951][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  519.304371][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  519.312830][  T198] bridge0: port 1(bridge_slave_0) entered blocking state
[  519.319733][  T198] bridge0: port 1(bridge_slave_0) entered forwarding state
[  519.328542][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  519.336728][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  519.344964][  T198] bridge0: port 2(bridge_slave_1) entered blocking state
[  519.351840][  T198] bridge0: port 2(bridge_slave_1) entered forwarding state
[  519.368893][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  519.376770][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  519.385044][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  519.402109][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  519.421817][T11114] device veth0_vlan entered promiscuous mode
[  519.428929][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  519.437797][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  519.445635][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  519.460769][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  519.470742][T11114] device veth1_macvtap entered promiscuous mode
[  519.483081][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  519.498804][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  519.569794][   T43] device bridge_slave_1 left promiscuous mode
[  519.575880][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[  519.590062][   T43] device bridge_slave_0 left promiscuous mode
[  519.603853][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[  519.619675][   T43] device veth0_vlan left promiscuous mode
[  519.693513][T11132] futex_wake_op: syz.3.3024 tries to shift op by -1; fix this program
[  519.983195][   T43] tipc: Disabling bearer <udp:syz1>
[  519.988669][   T43] tipc: Left network mode
[  520.087895][T11142] bridge0: port 1(bridge_slave_0) entered blocking state
[  520.095028][T11142] bridge0: port 1(bridge_slave_0) entered disabled state
[  520.102500][T11142] device bridge_slave_0 entered promiscuous mode
[  520.111802][T11142] bridge0: port 2(bridge_slave_1) entered blocking state
[  520.118746][T11142] bridge0: port 2(bridge_slave_1) entered disabled state
[  520.125937][T11142] device bridge_slave_1 entered promiscuous mode
[  520.183705][T11142] bridge0: port 2(bridge_slave_1) entered blocking state
[  520.190684][T11142] bridge0: port 2(bridge_slave_1) entered forwarding state
[  520.197738][T11142] bridge0: port 1(bridge_slave_0) entered blocking state
[  520.204566][T11142] bridge0: port 1(bridge_slave_0) entered forwarding state
[  520.230351][  T198] bridge0: port 1(bridge_slave_0) entered disabled state
[  520.237728][  T198] bridge0: port 2(bridge_slave_1) entered disabled state
[  520.245353][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  520.252922][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  520.262777][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  520.271032][  T198] bridge0: port 1(bridge_slave_0) entered blocking state
[  520.277873][  T198] bridge0: port 1(bridge_slave_0) entered forwarding state
[  520.288344][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  520.296671][  T198] bridge0: port 2(bridge_slave_1) entered blocking state
[  520.303564][  T198] bridge0: port 2(bridge_slave_1) entered forwarding state
[  520.316570][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  520.328155][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  520.346179][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  520.358738][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  520.366702][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  520.374355][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  520.384629][T11142] device veth0_vlan entered promiscuous mode
[  520.395564][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  520.405965][T11142] device veth1_macvtap entered promiscuous mode
[  520.416007][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  520.428882][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  520.509486][   T43] device bridge_slave_1 left promiscuous mode
[  520.515610][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[  520.523273][   T43] device bridge_slave_0 left promiscuous mode
[  520.529319][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[  520.537097][   T43] device veth0_vlan left promiscuous mode
[  520.878653][ T7699] Bluetooth: hci0: command 0x1003 tx timeout
[  520.878688][   T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  521.921885][T11181] fuse: Bad value for 'fd'
[  523.519148][   T45] Bluetooth: hci0: command 0x1003 tx timeout
[  523.538573][ T7699] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  523.571027][T11214] overlayfs: failed to resolve './file0': -2
[  523.917761][T11222] device veth1_macvtap left promiscuous mode
[  523.924289][T11222] device macsec0 entered promiscuous mode
[  524.261837][ T5656] Bluetooth: hci0: Frame reassembly failed (-84)
[  524.268199][T11240] Bluetooth: received HCILL_WAKE_UP_IND in state 2
[  526.328445][ T7699] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  526.328478][   T45] Bluetooth: hci0: command 0x1003 tx timeout
[  527.071641][T11313] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3082'.
[  527.128394][   T43] Bluetooth: hci0: Frame reassembly failed (-84)
[  527.134732][T11317] Bluetooth: received HCILL_WAKE_UP_IND in state 2
[  527.926304][T11334] device bridge0 entered promiscuous mode
[  527.933405][T11334] bridge0: port 3(macsec1) entered blocking state
[  527.939849][T11334] bridge0: port 3(macsec1) entered disabled state
[  527.947823][T11334] device bridge0 left promiscuous mode
[  529.499375][T11360] overlayfs: failed to resolve './file0': -2
[  529.623681][ T7681] Bluetooth: hci0: command 0x1003 tx timeout
[  529.932916][ T7699] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  531.631135][T11409] overlayfs: failed to resolve './file0': -2
[  532.023852][T11416] overlayfs: unrecognized mount option "fsuuid=36794e55-ff47-0253-c386-cfb5c762" or missing value
[  533.830414][T11462] overlayfs: failed to resolve './file0': -2
[  535.731323][ T5656] tipc: Left network mode
[  535.790377][T11509] bridge0: port 1(bridge_slave_0) entered blocking state
[  535.798284][T11509] bridge0: port 1(bridge_slave_0) entered disabled state
[  535.806002][T11509] device bridge_slave_0 entered promiscuous mode
[  535.849771][T11509] bridge0: port 2(bridge_slave_1) entered blocking state
[  535.856858][T11509] bridge0: port 2(bridge_slave_1) entered disabled state
[  535.865449][T11509] device bridge_slave_1 entered promiscuous mode
[  535.958972][T11521] overlayfs: failed to resolve './file0': -2
[  536.426426][T11509] bridge0: port 2(bridge_slave_1) entered blocking state
[  536.433418][T11509] bridge0: port 2(bridge_slave_1) entered forwarding state
[  536.440552][T11509] bridge0: port 1(bridge_slave_0) entered blocking state
[  536.447402][T11509] bridge0: port 1(bridge_slave_0) entered forwarding state
[  536.561743][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  536.662035][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[  536.746594][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[  536.950205][  T903] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  536.967616][  T903] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  536.989273][  T903] bridge0: port 1(bridge_slave_0) entered blocking state
[  536.996154][  T903] bridge0: port 1(bridge_slave_0) entered forwarding state
[  537.010829][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  537.025205][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  537.035036][  T198] bridge0: port 2(bridge_slave_1) entered blocking state
[  537.041948][  T198] bridge0: port 2(bridge_slave_1) entered forwarding state
[  537.062545][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  537.070688][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  537.078943][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  537.086990][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  537.105795][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  537.202378][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  537.244962][T11509] device veth0_vlan entered promiscuous mode
[  537.306273][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  537.314665][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  537.337219][T11509] device veth1_macvtap entered promiscuous mode
[  537.346932][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  537.358578][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  537.368410][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  537.378283][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  537.388776][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  537.414393][ T5656] device bridge_slave_0 left promiscuous mode
[  537.422477][ T5656] bridge0: port 1(bridge_slave_0) entered disabled state
[  537.458908][ T5656] device veth0_vlan left promiscuous mode
[  537.572614][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  537.581171][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  537.589783][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  537.598030][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  537.899232][T11604] input: syz0 as /devices/virtual/input/input34
[  538.302081][T11609] Bluetooth: received HCILL_WAKE_UP_IND in state 2
[  538.362767][  T198] Bluetooth: hci1: Frame reassembly failed (-84)
[  538.641602][T11617] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3171'.
[  539.558393][T11646] input: syz0 as /devices/virtual/input/input35
[  539.608671][ T7681] Bluetooth: hci0: command 0x1003 tx timeout
[  539.608705][ T7699] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  539.621951][T11573] Bluetooth: hci0: Opcode 0x0c1a failed: -22
[  539.863928][T11649] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3182'.
[  540.312173][ T7699] Bluetooth: hci0: sending frame failed (-49)
[  540.318130][ T7681] Bluetooth: hci0: Opcode 0x1003 failed: -49
[  540.398407][ T7681] Bluetooth: hci1: command 0x1003 tx timeout
[  540.398685][   T45] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  540.467585][T11676] 9pnet_fd: Insufficient options for proto=fd
[  540.484145][T11684] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3195'.
[  540.817072][T11698] input: syz0 as /devices/virtual/input/input36
[  542.058131][T11723] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3209'.
[  543.279378][T11762] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3221'.
[  543.289130][   T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  545.035451][T11804] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3235'.
[  547.076990][T11880] fuse: Bad value for 'group_id'
[  547.825203][T11913] fuse: Bad value for 'group_id'
[  548.643915][T11935] device veth1_macvtap left promiscuous mode
[  548.649860][T11935] device macsec0 entered promiscuous mode
[  548.677130][T11937] Bluetooth: received HCILL_WAKE_UP_IND in state 2
[  548.738522][ T5656] Bluetooth: hci1: Frame reassembly failed (-84)
[  550.718521][ T7681] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  553.504162][T12056] futex_wake_op: syz.1.3318 tries to shift op by -1; fix this program
[  554.913754][T12085] device veth1_macvtap left promiscuous mode
[  554.958442][T12085] device macsec0 entered promiscuous mode
[  555.882620][  T198] Bluetooth: hci0: Frame reassembly failed (-84)
[  555.928717][T12110] Bluetooth: received HCILL_WAKE_UP_IND in state 2
[  555.953025][ T5656] Bluetooth: hci1: Frame reassembly failed (-84)
[  557.987119][ T7699] Bluetooth: hci0: command 0x1003 tx timeout
[  557.993086][ T7681] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  557.999061][ T1433] Bluetooth: hci1: command 0x1003 tx timeout
[  558.006521][   T45] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  558.110118][T12132] device veth1_macvtap left promiscuous mode
[  558.121746][T12132] device macsec0 entered promiscuous mode
[  560.680582][T12189] input: syz0 as /devices/virtual/input/input37
[  562.828892][T12251] input: syz0 as /devices/virtual/input/input38
[  564.551858][T12298] input: syz0 as /devices/virtual/input/input39
[  566.997527][T12346] fuse: Unknown parameter 'group_i00000000000000000000'
[  569.811949][T12404] kvm: vcpu 2: requested 128 ns lapic timer period limited to 200000 ns
[  569.841385][T12404] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  570.130643][T12424] device erspan1 entered promiscuous mode
[  574.613423][T12505] fuse: Unknown parameter 'group_id00000000000000000000'
[  576.461177][T12546] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3469'.
[  576.604231][T12554] fuse: Unknown parameter 'group_id00000000000000000000'
[  578.604349][T12601] input: syz0 as /devices/virtual/input/input40
[  582.259290][T12663] input: syz0 as /devices/virtual/input/input41
[  586.760028][ T5656] Bluetooth: hci0: Frame reassembly failed (-84)
[  589.568578][ T7681] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  589.580873][ T7699] Bluetooth: hci0: command 0x1003 tx timeout
[  591.326914][T12795] device bridge0 entered promiscuous mode
[  591.346210][T12795] bridge0: port 3(macsec1) entered blocking state
[  591.352642][T12795] bridge0: port 3(macsec1) entered disabled state
[  591.367946][T12795] device bridge0 left promiscuous mode
[  597.944997][T12918] device bridge0 entered promiscuous mode
[  597.958969][T12918] bridge0: port 3(macsec1) entered blocking state
[  597.974295][T12918] bridge0: port 3(macsec1) entered disabled state
[  597.981733][T12918] device bridge0 left promiscuous mode
[  599.042036][T12941] overlayfs: unrecognized mount option "fsuuid=36794e55-ff47-0253-c386-cfb5c762" or missing value
[  602.069708][T13006] overlayfs: unrecognized mount option "fsuuid=36794e55-ff47-0253-c386-cfb5c762" or missing value
[  603.529974][T13045] overlayfs: unrecognized mount option "fsuuid=36794e55-ff47-0253-c386-cfb5c762" or missing value
[  604.514761][T13087] overlayfs: unrecognized mount option "fsuuid=36794e55-ff47-0253-c386-cfb5c762" or missing value
[  607.577347][T13124] device bridge0 entered promiscuous mode
[  607.588502][T13124] bridge0: port 3(macsec1) entered blocking state
[  607.594806][T13124] bridge0: port 3(macsec1) entered disabled state
[  607.602124][T13124] device bridge0 left promiscuous mode
[  607.744250][T13136] overlayfs: unrecognized mount option "fsuuid=36794e55-ff47-0253-c386-cfb5c762" or missing value
[  609.697164][T13177] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3635'.
[  610.351843][T13179] device bridge0 entered promiscuous mode
[  610.358046][T13179] bridge0: port 3(macsec1) entered blocking state
[  610.364572][T13179] bridge0: port 3(macsec1) entered disabled state
[  610.398808][T13179] device bridge0 left promiscuous mode
[  610.454793][T13187] overlayfs: unrecognized mount option "fsuuid=36794e55-ff47-0253-c386-cfb5c762" or missing value
[  611.558092][T13231] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3651'.
[  613.205860][T13266] device bridge0 entered promiscuous mode
[  613.456632][T13266] bridge0: port 3(macsec1) entered blocking state
[  613.562299][T13266] bridge0: port 3(macsec1) entered disabled state
[  613.668069][T13266] device bridge0 left promiscuous mode
[  614.071203][T13296] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3666'.
[  614.254020][T13300] kvm: vcpu 2: requested 128 ns lapic timer period limited to 200000 ns
[  614.268504][T13300] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  615.373273][T13334] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3679'.
[  617.257314][T13368] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3686'.
[  620.878397][ T7699] Bluetooth: hci0: command 0x1003 tx timeout
[  620.884286][ T7681] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  621.696779][T13443] loop0: detected capacity change from 0 to 2048
[  621.796655][T13443] loop0: detected capacity change from 0 to 256
[  621.804074][T13443] exfat: Unknown parameter 'ÿÿ00000000000000000000'
[  622.943407][T13468] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3723'.
[  624.972074][T13514] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3737'.
[  625.023412][T13499] incfs_lookup_dentry err:-107
[  625.028025][T13499] incfs: Can't find or create .index dir in ./file0
[  625.079000][T13499] incfs: mount failed -107
[  627.152482][T13557] device bridge0 entered promiscuous mode
[  627.173080][T13557] bridge0: port 3(macsec1) entered blocking state
[  627.182479][T13557] bridge0: port 3(macsec1) entered disabled state
[  627.261934][T13557] device bridge0 left promiscuous mode
[  627.408690][T13574] loop0: detected capacity change from 0 to 512
[  627.726637][  T760] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  627.838147][T13574] EXT4-fs error (device loop0): ext4_orphan_get:1426: comm syz.0.3750: bad orphan inode 15
[  627.849615][T13574] ext4_test_bit(bit=14, block=5) = 0
[  627.854815][T13574] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  627.928912][T13582] fuse: Unknown parameter '0x0000000000000003'
[  627.974755][  T760] usb 3-1: Using ep0 maxpacket: 32
[  627.981113][  T760] usb 3-1: config 0 has an invalid descriptor of length 224, skipping remainder of the config
[  628.039424][T11509] EXT4-fs (loop0): unmounting filesystem.
[  628.045679][  T760] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  628.054709][  T760] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  628.063932][  T760] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  628.072411][  T760] usb 3-1: config 0 descriptor??
[  630.407988][ T2023] usb 3-1: USB disconnect, device number 23
[  630.716945][  T633] Bluetooth: hci0: Frame reassembly failed (-84)
[  630.723418][ T5656] Bluetooth: hci1: Frame reassembly failed (-84)
[  630.950730][T13657] fuse: Unknown parameter '0x0000000000000003'
[  631.625762][T13687] kvm: vcpu 2: requested 128 ns lapic timer period limited to 200000 ns
[  631.633938][T13687] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  631.818379][  T296] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  631.895657][T13695] input: syz0 as /devices/virtual/input/input42
[  632.018464][  T296] usb 3-1: Using ep0 maxpacket: 32
[  632.025678][  T296] usb 3-1: config 0 has an invalid descriptor of length 224, skipping remainder of the config
[  632.374921][  T296] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  632.425986][  T296] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  632.507669][  T296] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  632.540883][  T296] usb 3-1: config 0 descriptor??
[  632.582003][T13699] fuse: Unknown parameter '0x0000000000000003'
[  632.718450][   T45] Bluetooth: hci0: command 0x1003 tx timeout
[  632.724388][ T7681] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  632.798428][ T7681] Bluetooth: hci1: command 0x1003 tx timeout
[  632.804418][ T7699] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  635.061863][  T296] usb 3-1: USB disconnect, device number 24
[  635.080910][T13753] fuse: Unknown parameter 'fd0x0000000000000003'
[  635.295352][T13766] device bridge0 entered promiscuous mode
[  635.324455][T13766] bridge0: port 3(macsec1) entered blocking state
[  635.338451][T13766] bridge0: port 3(macsec1) entered disabled state
[  635.353838][T13766] device bridge0 left promiscuous mode
[  636.960962][T13786] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3813'.
[  637.719907][T13803] fuse: Unknown parameter 'fd0x0000000000000003'
[  637.828413][    T6] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  637.983080][T13819] overlayfs: unrecognized mount option "fsuuid=36794e55-ff47-0253-c386-cfb5c762" or missing value
[  638.018391][    T6] usb 2-1: Using ep0 maxpacket: 32
[  638.373080][    T6] usb 2-1: config 0 has an invalid descriptor of length 224, skipping remainder of the config
[  638.383342][    T6] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  638.392208][    T6] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  638.401143][    T6] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  638.412735][    T6] usb 2-1: config 0 descriptor??
[  639.643481][T13843] fuse: Unknown parameter 'fd0x0000000000000003'
[  639.892591][T13857] overlayfs: unrecognized mount option "fsuuid=36794e55-ff47-0253-c386-cfb5c762" or missing value
[  640.901226][  T296] usb 2-1: USB disconnect, device number 16
[  641.264471][T13894] overlayfs: unrecognized mount option "fsuuid=36794e55-ff47-0253-c386-cfb5c762" or missing value
[  642.022298][T13898] incfs_lookup_dentry err:-107
[  642.048531][T13898] incfs: Can't find or create .index dir in ./file0
[  642.055008][T13898] incfs: mount failed -107
[  642.849536][T13913] incfs_lookup_dentry err:-4
[  642.854150][T13913] incfs: Can't find or create .index dir in ./file0
[  642.862714][T13913] incfs: mount failed -4
[  645.602965][T13998] device bridge0 entered promiscuous mode
[  645.612588][T13998] bridge0: port 3(macsec1) entered blocking state
[  645.618937][T13998] bridge0: port 3(macsec1) entered disabled state
[  645.634916][T13998] device bridge0 left promiscuous mode
[  645.988429][ T2254] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  646.138369][  T344] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  646.178366][ T2254] usb 1-1: Using ep0 maxpacket: 32
[  646.184367][ T2254] usb 1-1: config 0 has an invalid descriptor of length 79, skipping remainder of the config
[  646.194567][ T2254] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  646.207304][ T2254] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  646.216102][ T2254] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  646.224843][ T2254] usb 1-1: config 0 descriptor??
[  646.230511][ T2254] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  646.318376][  T344] usb 2-1: Using ep0 maxpacket: 32
[  646.324634][  T344] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 74, changing to 10
[  646.335583][  T344] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 51062, setting to 1024
[  646.346595][  T344] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  646.355420][  T344] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  646.366951][  T344] usb 2-1: config 0 descriptor??
[  646.372261][T14012] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  646.947427][  T344] savu 0003:1E7D:2D5A.0013: hiddev96,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.1-1/input0
[  647.049436][  T344] usb 2-1: USB disconnect, device number 17
[  648.365310][T14073] overlayfs: unrecognized mount option "fsuuid=36794e55-ff47-0253-c386-cfb5c762" or missing value
[  648.801922][ T2254] usb 1-1: USB disconnect, device number 28
[  649.066165][T14094] futex_wake_op: syz.0.3912 tries to shift op by -1; fix this program
[  649.479207][T14105] overlayfs: unrecognized mount option "fsuuid=36794e55-ff47-0253-c386-cfb5c762" or missing value
[  651.090693][T14139] input: syz0 as /devices/virtual/input/input43
[  652.052102][T14157] device bridge0 entered promiscuous mode
[  652.061553][T14157] bridge0: port 3(macsec1) entered blocking state
[  652.068848][T14157] bridge0: port 3(macsec1) entered disabled state
[  652.087922][T14157] device bridge0 left promiscuous mode
[  652.138992][T14158] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3929'.
[  653.258399][T12586] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  653.718488][T12586] usb 4-1: Using ep0 maxpacket: 32
[  653.724618][T12586] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 74, changing to 10
[  653.735530][T12586] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 51062, setting to 1024
[  653.746452][T12586] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  653.755273][T12586] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  653.763967][T12586] usb 4-1: config 0 descriptor??
[  653.769042][T14163] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  654.519115][T12586] savu 0003:1E7D:2D5A.0014: hiddev96,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.3-1/input0
[  654.532342][T12586] usb 4-1: USB disconnect, device number 28
[  658.389320][T14267] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3960'.
[  659.188373][T12586] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  659.528353][T12586] usb 4-1: Using ep0 maxpacket: 32
[  659.534511][T12586] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 74, changing to 10
[  659.545646][T12586] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 51062, setting to 1024
[  659.556949][T12586] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  659.565908][T12586] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  659.577753][T12586] usb 4-1: config 0 descriptor??
[  659.583174][T14277] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  659.757100][T14294] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3968'.
[  660.110188][T12586] savu 0003:1E7D:2D5A.0015: hiddev96,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.3-1/input0
[  660.672619][T12586] usb 4-1: USB disconnect, device number 29
[  661.567105][T14317] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3973'.
[  663.712460][T14359] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3985'.
[  666.280411][T14428] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4002'.
[  668.985310][T14478] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4019'.
[  673.049561][T14516] device bridge0 entered promiscuous mode
[  673.055830][T14516] bridge0: port 3(macsec1) entered blocking state
[  673.066658][T14516] bridge0: port 3(macsec1) entered disabled state
[  673.078806][T14516] device bridge0 left promiscuous mode
[  675.195548][T14549] netlink: 32 bytes leftover after parsing attributes in process `syz.1.4034'.
[  677.279458][T14575] incfs_lookup_dentry err:-103
[  677.284493][T14575] incfs: Can't find or create .index dir in ./file0
[  677.463408][T14575] incfs: mount failed -103
[  677.576300][T14269] Bluetooth: hci0: Frame reassembly failed (-84)
[  677.728964][T14597] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4049'.
[  680.277118][ T1433] Bluetooth: hci0: command 0x1003 tx timeout
[  680.318197][ T7699] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  681.681170][T14626] incfs_lookup_dentry err:-103
[  681.685811][T14626] incfs: Can't find or create .index dir in ./file0
[  681.699619][T14626] incfs: mount failed -103
[  681.897900][T14647] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4064'.
[  685.976696][T14688] incfs_lookup_dentry err:-103
[  686.048594][T14688] incfs: Can't find or create .index dir in ./file0
[  686.245130][T14688] incfs: mount failed -103
[  686.699268][T14698] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4078'.
[  687.611899][T14726] device bridge0 entered promiscuous mode
[  687.762846][T14726] bridge0: port 3(macsec1) entered blocking state
[  687.793279][T14726] bridge0: port 3(macsec1) entered disabled state
[  687.815895][T14726] device bridge0 left promiscuous mode
[  688.438687][T14750] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4092'.
[  689.172954][T14749] incfs_lookup_dentry err:-103
[  689.177693][T14749] incfs: Can't find or create .index dir in ./file0
[  689.187198][T14749] incfs: mount failed -103
[  689.331029][T14763] device bridge0 entered promiscuous mode
[  689.352307][T14763] bridge0: port 3(macsec1) entered blocking state
[  689.358774][T14763] bridge0: port 3(macsec1) entered disabled state
[  689.365987][T14763] device bridge0 left promiscuous mode
[  689.758514][ T2254] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  689.968354][ T2254] usb 5-1: Using ep0 maxpacket: 32
[  689.974926][ T2254] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 74, changing to 10
[  689.985896][ T2254] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 51062, setting to 1024
[  689.996948][ T2254] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  690.005863][ T2254] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  690.014564][ T2254] usb 5-1: config 0 descriptor??
[  690.019635][T14769] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  690.141671][T14779] incfs: Backing dir is not set, filesystem can't be mounted.
[  690.149172][T14779] incfs: mount failed -2
[  690.228267][T14781] device bridge0 entered promiscuous mode
[  690.240208][T14781] bridge0: port 3(macsec1) entered blocking state
[  690.246664][T14781] bridge0: port 3(macsec1) entered disabled state
[  690.262505][T14781] device bridge0 left promiscuous mode
[  690.440529][ T2254] savu 0003:1E7D:2D5A.0016: hiddev96,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.4-1/input0
[  690.561385][T14794] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4106'.
[  690.742989][  T313] usb 5-1: USB disconnect, device number 28
[  691.253319][T14269] Bluetooth: hci0: Frame reassembly failed (-84)
[  691.279753][T14813] incfs: Backing dir is not set, filesystem can't be mounted.
[  691.287303][T14813] incfs: mount failed -2
[  691.783839][T14798] incfs_lookup_dentry err:-103
[  691.788737][T14798] incfs: Can't find or create .index dir in ./file0
[  691.803419][T14798] incfs: mount failed -103
[  691.978336][T14826] input: syz0 as /devices/virtual/input/input44
[  692.124064][T14830] device bridge0 entered promiscuous mode
[  692.130295][T14830] bridge0: port 3(macsec1) entered blocking state
[  692.136602][T14830] bridge0: port 3(macsec1) entered disabled state
[  692.144201][T14830] device bridge0 left promiscuous mode
[  692.781022][T14847] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4123'.
[  693.278385][ T7681] Bluetooth: hci0: command 0x1003 tx timeout
[  693.278406][ T7699] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  694.525841][T14888] input: syz0 as /devices/virtual/input/input45
[  694.618385][    T6] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  694.828374][    T6] usb 2-1: Using ep0 maxpacket: 32
[  694.889251][    T6] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 74, changing to 10
[  694.900315][    T6] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 51062, setting to 1024
[  694.911436][    T6] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  694.920361][    T6] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  694.932326][    T6] usb 2-1: config 0 descriptor??
[  694.937784][T14882] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  695.379889][    T6] savu 0003:1E7D:2D5A.0017: hiddev96,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.1-1/input0
[  695.681144][    T6] usb 2-1: USB disconnect, device number 18
[  696.605664][T14937] incfs_lookup_dentry err:-5
[  696.610154][T14937] incfs: Can't find or create .index dir in ./file0
[  696.616655][T14937] incfs: mount failed -5
[  696.657861][T14938] incfs_lookup_dentry err:-5
[  696.662819][T14938] incfs: Can't find or create .index dir in ./file0
[  696.683691][T14938] incfs: mount failed -5
[  697.332819][T14947] input: syz0 as /devices/virtual/input/input46
[  698.008973][T14962] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4156'.
[  698.940489][T14972] device bridge0 entered promiscuous mode
[  698.949996][T14972] bridge0: port 3(macsec1) entered blocking state
[  698.958079][T14972] bridge0: port 3(macsec1) entered disabled state
[  698.968252][T14972] device bridge0 left promiscuous mode
[  700.270315][T14996] input: syz0 as /devices/virtual/input/input47
[  700.529795][T15004] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4168'.
[  702.048905][T15043] overlayfs: unrecognized mount option "fsuuid=36794e55-ff47-0253-c386-cfb5c762" or missing value
[  702.512107][T15066] device bridge0 entered promiscuous mode
[  702.520517][T15066] bridge0: port 3(macsec1) entered blocking state
[  702.526848][T15066] bridge0: port 3(macsec1) entered disabled state
[  702.534107][T15066] device bridge0 left promiscuous mode
[  702.741364][T15077] input: syz0 as /devices/virtual/input/input48
[  707.125084][T15149] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4207'.
[  707.125318][T15152] input: syz0 as /devices/virtual/input/input49
[  707.611286][T15164] overlayfs: unrecognized mount option "fsuuid=36794e55-ff47-0253-c386-cfb5c762" or missing value
[  710.118722][T15221] device bridge0 entered promiscuous mode
[  710.124867][T15221] bridge0: port 3(macsec1) entered blocking state
[  710.131611][T15221] bridge0: port 3(macsec1) entered disabled state
[  710.138773][T15221] device bridge0 left promiscuous mode
[  710.261884][T15224] input: syz0 as /devices/virtual/input/input50
[  713.398345][  T322] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  713.838342][  T322] usb 2-1: Using ep0 maxpacket: 32
[  713.844438][  T322] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 74, changing to 10
[  713.857926][  T322] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 51062, setting to 1024
[  713.869250][  T322] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  713.878175][  T322] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  713.897371][  T322] usb 2-1: config 0 descriptor??
[  713.902468][T15253] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  714.525888][  T322] savu 0003:1E7D:2D5A.0018: hiddev96,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.1-1/input0
[  714.628882][  T322] usb 2-1: USB disconnect, device number 19
[  714.979316][T15289] incfs_lookup_dentry err:-107
[  714.984099][T15289] incfs: Can't find or create .index dir in ./file0
[  714.990861][T15289] incfs: mount failed -107
[  715.918388][T15312] input: syz0 as /devices/virtual/input/input51
[  716.398341][ T7699] Bluetooth: hci0: command 0x1003 tx timeout
[  716.404209][ T7681] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  716.453454][T15326] device bridge0 entered promiscuous mode
[  716.492961][T15326] bridge0: port 3(macsec1) entered blocking state
[  716.528814][T15326] bridge0: port 3(macsec1) entered disabled state
[  716.551719][T15326] device bridge0 left promiscuous mode
[  717.444595][T15353] device bridge0 entered promiscuous mode
[  717.460209][T15353] bridge0: port 3(macsec1) entered blocking state
[  717.477746][T15353] bridge0: port 3(macsec1) entered disabled state
[  717.512580][T15353] device bridge0 left promiscuous mode
[  717.780780][T15367] input: syz0 as /devices/virtual/input/input52
[  718.571753][T15377] device bridge0 entered promiscuous mode
[  718.586047][T15377] bridge0: port 3(macsec1) entered blocking state
[  718.598370][T15377] bridge0: port 3(macsec1) entered disabled state
[  718.630091][T15377] device bridge0 left promiscuous mode
[  718.848862][ T9590] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  719.128354][ T9590] usb 3-1: Using ep0 maxpacket: 32
[  719.134753][ T9590] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 74, changing to 10
[  719.145980][ T9590] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 51062, setting to 1024
[  719.158997][ T9590] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  719.167965][ T9590] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  719.190075][ T9590] usb 3-1: config 0 descriptor??
[  719.195512][T15373] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  719.614611][ T9590] savu 0003:1E7D:2D5A.0019: hiddev96,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.2-1/input0
[  720.029223][ T9590] usb 3-1: USB disconnect, device number 25
[  724.053680][T15523] device bridge0 entered promiscuous mode
[  724.059886][T15523] bridge0: port 3(macsec1) entered blocking state
[  724.066118][T15523] bridge0: port 3(macsec1) entered disabled state
[  724.073538][T15523] device bridge0 left promiscuous mode
[  727.341842][T15572] device bridge0 entered promiscuous mode
[  727.348054][T15572] bridge0: port 3(macsec1) entered blocking state
[  727.364418][T15572] bridge0: port 3(macsec1) entered disabled state
[  727.383871][T15572] device bridge0 left promiscuous mode
[  730.707961][T15621] input: syz0 as /devices/virtual/input/input53
[  731.147229][T15634] incfs_lookup_dentry err:-5
[  731.151870][T15634] incfs: Can't find or create .index dir in ./file0
[  731.158558][T15634] incfs: mount failed -5
[  732.418353][  T313] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  732.608351][  T313] usb 1-1: Using ep0 maxpacket: 32
[  733.035800][  T313] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 74, changing to 10
[  733.065744][  T313] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 51062, setting to 1024
[  733.098716][  T313] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  733.113027][  T313] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  733.127386][  T313] usb 1-1: config 0 descriptor??
[  733.134548][T15649] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  733.438365][ T1433] Bluetooth: hci0: command 0x1003 tx timeout
[  733.444316][ T7681] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  733.451096][T15642] Bluetooth: hci0: Opcode 0x0c1a failed: -22
[  733.568982][  T313] savu 0003:1E7D:2D5A.001A: hiddev96,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.0-1/input0
[  733.675971][T15685] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4360'.
[  733.970566][ T9590] usb 1-1: USB disconnect, device number 29
[  734.058228][T15694] incfs_lookup_dentry err:-5
[  734.063270][T15694] incfs: Can't find or create .index dir in ./file0
[  734.070257][T15694] incfs: mount failed -5
[  734.490113][T14269] Bluetooth: hci0: Frame reassembly failed (-84)
[  734.497049][T15712] Bluetooth: received HCILL_WAKE_UP_IND in state 2
[  735.301842][T15738] netlink: 32 bytes leftover after parsing attributes in process `syz.1.4375'.
[  735.518288][    C1] ==================================================================
[  735.526194][    C1] BUG: KASAN: use-after-free in __run_timers+0x34a/0xa10
[  735.533044][    C1] Write of size 8 at addr ffff88810d84ca00 by task syz.4.4371/15724
[  735.540855][    C1] 
[  735.543031][    C1] CPU: 1 PID: 15724 Comm: syz.4.4371 Tainted: G        W          6.1.129-syzkaller-00005-g19a0fb1d3513 #0
[  735.554235][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  735.564115][    C1] Call Trace:
[  735.567236][    C1]  <IRQ>
[  735.569928][    C1]  dump_stack_lvl+0x151/0x1b7
[  735.574440][    C1]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[  735.579734][    C1]  ? _printk+0xd1/0x111
[  735.583727][    C1]  ? __virt_addr_valid+0x242/0x2f0
[  735.588702][    C1]  print_report+0x158/0x4e0
[  735.593016][    C1]  ? __virt_addr_valid+0x242/0x2f0
[  735.597963][    C1]  ? kasan_complete_mode_report_info+0x90/0x1b0
[  735.604036][    C1]  ? __run_timers+0x34a/0xa10
[  735.608552][    C1]  kasan_report+0x13c/0x170
[  735.612890][    C1]  ? __run_timers+0x34a/0xa10
[  735.617403][    C1]  __asan_report_store8_noabort+0x17/0x20
[  735.622957][    C1]  __run_timers+0x34a/0xa10
[  735.627298][    C1]  ? kvm_sched_clock_read+0x18/0x40
[  735.632333][    C1]  ? calc_index+0x270/0x270
[  735.636671][    C1]  ? sched_clock+0x9/0x10
[  735.640853][    C1]  ? sched_clock_cpu+0x71/0x2b0
[  735.645525][    C1]  run_timer_softirq+0x69/0xf0
[  735.650143][    C1]  handle_softirqs+0x1db/0x650
[  735.654723][    C1]  ? irqtime_account_irq+0xdc/0x260
[  735.659758][    C1]  __irq_exit_rcu+0x52/0xf0
[  735.664097][    C1]  irq_exit_rcu+0x9/0x10
[  735.668175][    C1]  sysvec_apic_timer_interrupt+0xa9/0xc0
[  735.673646][    C1]  </IRQ>
[  735.676422][    C1]  <TASK>
[  735.679199][    C1]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[  735.685015][    C1] RIP: 0010:preempt_schedule_irq+0xc2/0x140
[  735.690743][    C1] Code: 4c 89 e7 e8 20 15 9c fc f6 44 24 21 02 74 0b 0f 0b 48 f7 03 08 00 00 00 74 4d bf 01 00 00 00 e8 84 7b 2e fc fb bf 01 00 00 00 <e8> 99 e4 ff ff fa bf 01 00 00 00 e8 0e 7d 2e fc 65 48 8b 1d 66 3d
[  735.710183][    C1] RSP: 0018:ffffc90009e37500 EFLAGS: 00000246
[  735.716084][    C1] RAX: 1ffff110258a13e1 RBX: 1ffff920013c6ea4 RCX: ffffffff85232f00
[  735.723895][    C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  735.731707][    C1] RBP: ffffc90009e37590 R08: dffffc0000000000 R09: ffffed10258a1289
[  735.739521][    C1] R10: 0000000000000000 R11: dffffc0000000001 R12: ffffc90009e37520
[  735.747330][    C1] R13: 0000000000000000 R14: dffffc0000000000 R15: 1ffff920013c6ea0
[  735.755142][    C1]  ? queued_write_lock_slowpath+0x460/0x547
[  735.760872][    C1]  ? preempt_schedule_notrace+0x140/0x140
[  735.766423][    C1]  ? cgroup_rstat_updated+0xe5/0x370
[  735.771546][    C1]  raw_irqentry_exit_cond_resched+0x2a/0x30
[  735.777272][    C1]  irqentry_exit+0x30/0x40
[  735.781526][    C1]  sysvec_reschedule_ipi+0x8f/0x170
[  735.786562][    C1]  asm_sysvec_reschedule_ipi+0x1b/0x20
[  735.791855][    C1] RIP: 0010:__sanitizer_cov_trace_pc+0x1/0x60
[  735.797761][    C1] Code: 00 00 00 00 00 0f 1f 40 00 55 48 89 e5 53 48 89 fb e8 13 00 00 00 48 8b 3d 44 52 1d 06 48 89 de e8 34 f0 46 00 5b 5d c3 cc 55 <48> 89 e5 48 8b 45 08 65 48 8b 0d 80 d5 8c 7e 65 8b 15 81 d5 8c 7e
[  735.817358][    C1] RSP: 0018:ffffc90009e37690 EFLAGS: 00000287
[  735.823248][    C1] RAX: 0000000080000000 RBX: 0400000000000080 RCX: 0000000000000001
[  735.831060][    C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  735.838872][    C1] RBP: ffffc90009e37910 R08: ffffffff81b0cec1 R09: ffffed10258a1289
[  735.846683][    C1] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff1102475a266
[  735.854495][    C1] R13: 0000200000866000 R14: dffffc0000000000 R15: ffff88814548b020
[  735.862311][    C1]  ? unmap_page_range+0x22a1/0x2620
[  735.867346][    C1]  ? unmap_page_range+0x22fe/0x2620
[  735.872388][    C1]  ? copy_page_range+0x2ed0/0x2ed0
[  735.877321][    C1]  ? mas_next_slot+0xac5/0xb00
[  735.881923][    C1]  ? uprobe_munmap+0x18d/0x450
[  735.886523][    C1]  unmap_vmas+0x4e4/0x660
[  735.890688][    C1]  ? unmap_page_range+0x2620/0x2620
[  735.895720][    C1]  ? preempt_schedule_common+0xbe/0xf0
[  735.901015][    C1]  ? folio_add_lru_vma+0x80/0x80
[  735.905790][    C1]  ? __kasan_check_write+0x14/0x20
[  735.910735][    C1]  ? tlb_gather_mmu_fullmm+0x165/0x210
[  735.916030][    C1]  exit_mmap+0x2e5/0xbb0
[  735.920110][    C1]  ? vm_brk+0x30/0x30
[  735.923930][    C1]  ? kiocb_set_cancel_fn+0x230/0x230
[  735.929050][    C1]  ? uprobe_clear_state+0x2cd/0x320
[  735.934088][    C1]  __mmput+0x95/0x310
[  735.937902][    C1]  mmput+0x56/0x170
[  735.941547][    C1]  do_exit+0xb24/0x2b80
[  735.945540][    C1]  ? preempt_schedule+0xd9/0xe0
[  735.950225][    C1]  ? put_task_struct+0x80/0x80
[  735.954827][    C1]  ? sysvec_reschedule_ipi+0x8f/0x170
[  735.960033][    C1]  ? asm_sysvec_reschedule_ipi+0x1b/0x20
[  735.965502][    C1]  ? zap_other_threads+0x1e2/0x2d0
[  735.970450][    C1]  do_group_exit+0x21a/0x2d0
[  735.974893][    C1]  __x64_sys_exit_group+0x3f/0x40
[  735.979734][    C1]  x64_sys_call+0x610/0x9a0
[  735.984075][    C1]  do_syscall_64+0x3b/0xb0
[  735.988327][    C1]  ? clear_bhb_loop+0x55/0xb0
[  735.992844][    C1]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  735.998571][    C1] RIP: 0033:0x7f3ff3b8d169
[  736.002824][    C1] Code: Unable to access opcode bytes at 0x7f3ff3b8d13f.
[  736.009679][    C1] RSP: 002b:00007ffef8d95da8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  736.017925][    C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f3ff3b8d169
[  736.025734][    C1] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000
[  736.033549][    C1] RBP: 00007ffef8d95e0c R08: 00000012f8d95e9f R09: 00000000000927c0
[  736.041358][    C1] R10: 0000000000000001 R11: 0000000000000246 R12: 000000000000010d
[  736.049192][    C1] R13: 00000000000927c0 R14: 00000000000b3633 R15: 00007ffef8d95e60
[  736.056985][    C1]  </TASK>
[  736.059844][    C1] 
[  736.062015][    C1] Allocated by task 15642:
[  736.066267][    C1]  kasan_set_track+0x4b/0x70
[  736.070693][    C1]  kasan_save_alloc_info+0x1f/0x30
[  736.075653][    C1]  __kasan_kmalloc+0x9c/0xb0
[  736.080065][    C1]  __kmalloc+0xb4/0x1e0
[  736.084059][    C1]  hci_alloc_dev_priv+0x27/0x1c00
[  736.088920][    C1]  hci_uart_tty_ioctl+0x401/0xa70
[  736.093782][    C1]  tty_ioctl+0x903/0xc50
[  736.097859][    C1]  __se_sys_ioctl+0x114/0x190
[  736.102372][    C1]  __x64_sys_ioctl+0x7b/0x90
[  736.106799][    C1]  x64_sys_call+0x98/0x9a0
[  736.111050][    C1]  do_syscall_64+0x3b/0xb0
[  736.115303][    C1]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  736.121031][    C1] 
[  736.123200][    C1] Freed by task 15642:
[  736.127109][    C1]  kasan_set_track+0x4b/0x70
[  736.131534][    C1]  kasan_save_free_info+0x2b/0x40
[  736.136396][    C1]  ____kasan_slab_free+0x131/0x180
[  736.141355][    C1]  __kasan_slab_free+0x11/0x20
[  736.145944][    C1]  __kmem_cache_free+0x21d/0x410
[  736.150714][    C1]  kfree+0x7a/0xf0
[  736.154272][    C1]  hci_release_dev+0x14d3/0x1640
[  736.159049][    C1]  bt_host_release+0x83/0xa0
[  736.163474][    C1]  device_release+0x95/0x1c0
[  736.167900][    C1]  kobject_put+0x178/0x260
[  736.172171][    C1]  put_device+0x1f/0x30
[  736.176145][    C1]  hci_dev_cmd+0x2be/0x9b0
[  736.180397][    C1]  hci_sock_ioctl+0x415/0x7f0
[  736.184911][    C1]  sock_do_ioctl+0x152/0x450
[  736.189337][    C1]  sock_ioctl+0x455/0x740
[  736.193503][    C1]  __se_sys_ioctl+0x114/0x190
[  736.198017][    C1]  __x64_sys_ioctl+0x7b/0x90
[  736.202444][    C1]  x64_sys_call+0x98/0x9a0
[  736.206695][    C1]  do_syscall_64+0x3b/0xb0
[  736.210948][    C1]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  736.216678][    C1] 
[  736.218871][    C1] Last potentially related work creation:
[  736.224418][    C1]  kasan_save_stack+0x3b/0x60
[  736.228917][    C1]  __kasan_record_aux_stack+0xb4/0xc0
[  736.234121][    C1]  kasan_record_aux_stack_noalloc+0xb/0x10
[  736.239763][    C1]  insert_work+0x56/0x310
[  736.243936][    C1]  __queue_work+0x9b6/0xd70
[  736.248270][    C1]  queue_work_on+0x105/0x170
[  736.252696][    C1]  __hci_cmd_sync_sk+0xc2a/0xf70
[  736.257468][    C1]  hci_cmd_sync_status+0x52/0x130
[  736.262329][    C1]  hci_dev_cmd+0x39e/0x9b0
[  736.266583][    C1]  hci_sock_ioctl+0x415/0x7f0
[  736.271094][    C1]  sock_do_ioctl+0x152/0x450
[  736.275522][    C1]  sock_ioctl+0x455/0x740
[  736.279687][    C1]  __se_sys_ioctl+0x114/0x190
[  736.284204][    C1]  __x64_sys_ioctl+0x7b/0x90
[  736.288631][    C1]  x64_sys_call+0x98/0x9a0
[  736.292881][    C1]  do_syscall_64+0x3b/0xb0
[  736.297133][    C1]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  736.302865][    C1] 
[  736.305032][    C1] Second to last potentially related work creation:
[  736.311455][    C1]  kasan_save_stack+0x3b/0x60
[  736.315967][    C1]  __kasan_record_aux_stack+0xb4/0xc0
[  736.321196][    C1]  kasan_record_aux_stack_noalloc+0xb/0x10
[  736.326904][    C1]  insert_work+0x56/0x310
[  736.331078][    C1]  __queue_work+0x9b6/0xd70
[  736.335408][    C1]  queue_work_on+0x105/0x170
[  736.339836][    C1]  hci_cmd_timeout+0x199/0x200
[  736.344435][    C1]  process_one_work+0x73d/0xcb0
[  736.349121][    C1]  worker_thread+0xa60/0x1260
[  736.353635][    C1]  kthread+0x26d/0x300
[  736.357540][    C1]  ret_from_fork+0x1f/0x30
[  736.361794][    C1] 
[  736.363962][    C1] The buggy address belongs to the object at ffff88810d84c000
[  736.363962][    C1]  which belongs to the cache kmalloc-8k of size 8192
[  736.377858][    C1] The buggy address is located 2560 bytes inside of
[  736.377858][    C1]  8192-byte region [ffff88810d84c000, ffff88810d84e000)
[  736.391130][    C1] 
[  736.393314][    C1] The buggy address belongs to the physical page:
[  736.399550][    C1] page:ffffea0004361200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10d848
[  736.409626][    C1] head:ffffea0004361200 order:3 compound_mapcount:0 compound_pincount:0
[  736.417775][    C1] flags: 0x4000000000010200(slab|head|zone=1)
[  736.423684][    C1] raw: 4000000000010200 0000000000000000 dead000000000001 ffff888100043500
[  736.432107][    C1] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000
[  736.440515][    C1] page dumped because: kasan: bad access detected
[  736.447038][    C1] page_owner tracks the page as allocated
[  736.452578][    C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 13673, tgid 13673 (cryptomgr_probe), ts 631319967703, free_ts 631098612657
[  736.475753][    C1]  post_alloc_hook+0x213/0x220
[  736.480350][    C1]  prep_new_page+0x1b/0x110
[  736.484690][    C1]  get_page_from_freelist+0x3a98/0x3b10
[  736.490075][    C1]  __alloc_pages+0x234/0x610
[  736.494498][    C1]  alloc_slab_page+0x6c/0xf0
[  736.498927][    C1]  new_slab+0x90/0x3e0
[  736.502829][    C1]  ___slab_alloc+0x6f9/0xb80
[  736.507256][    C1]  __slab_alloc+0x5d/0xa0
[  736.511421][    C1]  __kmem_cache_alloc_node+0x207/0x2a0
[  736.516718][    C1]  kmalloc_trace+0x2a/0xa0
[  736.520969][    C1]  cryptomgr_notify+0x84/0xc10
[  736.525569][    C1]  blocking_notifier_call_chain+0xbb/0x140
[  736.531212][    C1]  crypto_alg_mod_lookup+0x376/0x570
[  736.536332][    C1]  crypto_find_alg+0x98/0xf0
[  736.540758][    C1]  crypto_grab_spawn+0x7e/0x380
[  736.545446][    C1]  skcipher_alloc_instance_simple+0x192/0x680
[  736.551350][    C1] page last free stack trace:
[  736.555861][    C1]  free_unref_page_prepare+0x9f1/0xa00
[  736.561155][    C1]  free_unref_page+0xb2/0x5c0
[  736.565666][    C1]  __free_pages+0x61/0xf0
[  736.569833][    C1]  free_large_kmalloc+0xa9/0xe0
[  736.574529][    C1]  kfree+0x93/0xf0
[  736.578081][    C1]  can_pernet_exit+0x75/0xd0
[  736.582512][    C1]  cleanup_net+0x64b/0xbf0
[  736.586758][    C1]  process_one_work+0x73d/0xcb0
[  736.591451][    C1]  worker_thread+0xa60/0x1260
[  736.595959][    C1]  kthread+0x26d/0x300
[  736.599863][    C1]  ret_from_fork+0x1f/0x30
[  736.604117][    C1] 
[  736.606304][    C1] Memory state around the buggy address:
[  736.611758][    C1]  ffff88810d84c900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  736.619656][    C1]  ffff88810d84c980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  736.627553][    C1] >ffff88810d84ca00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  736.635456][    C1]                    ^
[  736.639367][    C1]  ffff88810d84ca80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  736.647258][    C1]  ffff88810d84cb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  736.655152][    C1] ==================================================================
[  736.663050][    C1] Disabling lock debugging due to kernel taint
[  736.669123][    C1] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
[  736.680586][    C1] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[  736.688833][    C1] CPU: 1 PID: 15724 Comm: syz.4.4371 Tainted: G    B   W          6.1.129-syzkaller-00005-g19a0fb1d3513 #0
[  736.700030][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  736.709923][    C1] RIP: 0010:__queue_work+0x4f1/0xd70
[  736.715039][    C1] Code: 39 03 0f 84 40 01 00 00 e8 4c 6e 2a 00 4c 89 e7 e8 e4 cf d7 03 49 bd 00 00 00 00 00 fc ff df 4c 8b 65 d0 4c 89 f0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 f7 e8 30 1b 72 00 49 8b 3e e8 98 c8 d7
[  736.734481][    C1] RSP: 0018:ffffc900001b0c78 EFLAGS: 00010046
[  736.740381][    C1] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff88812c509440
[  736.748192][    C1] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[  736.756005][    C1] RBP: ffffc900001b0d00 R08: ffffffff814b279b R09: 0000000000000007
[  736.763818][    C1] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff88810d84c9c8
[  736.771635][    C1] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff88810d84c9e0
[  736.779440][    C1] FS:  0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[  736.788207][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  736.794631][    C1] CR2: 0000000000000000 CR3: 00000001267fc000 CR4: 00000000003506a0
[  736.802444][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  736.810251][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  736.818063][    C1] Call Trace:
[  736.821186][    C1]  <IRQ>
[  736.823881][    C1]  ? __die_body+0x62/0xb0
[  736.828060][    C1]  ? die_addr+0x9f/0xd0
[  736.832036][    C1]  ? exc_general_protection+0x317/0x4c0
[  736.837425][    C1]  ? asm_exc_general_protection+0x27/0x30
[  736.842977][    C1]  ? __queue_work+0x28b/0xd70
[  736.847486][    C1]  ? __queue_work+0x4f1/0xd70
[  736.851998][    C1]  ? __queue_work+0x29c/0xd70
[  736.856512][    C1]  delayed_work_timer_fn+0x61/0x80
[  736.861459][    C1]  ? queue_work_node+0x1d0/0x1d0
[  736.866232][    C1]  call_timer_fn+0x3b/0x2d0
[  736.870571][    C1]  ? queue_work_node+0x1d0/0x1d0
[  736.875344][    C1]  __run_timers+0x756/0xa10
[  736.879690][    C1]  ? calc_index+0x270/0x270
[  736.884023][    C1]  ? sched_clock+0x9/0x10
[  736.888189][    C1]  ? sched_clock_cpu+0x71/0x2b0
[  736.892880][    C1]  run_timer_softirq+0x69/0xf0
[  736.897479][    C1]  handle_softirqs+0x1db/0x650
[  736.902076][    C1]  ? irqtime_account_irq+0xdc/0x260
[  736.907109][    C1]  __irq_exit_rcu+0x52/0xf0
[  736.911449][    C1]  irq_exit_rcu+0x9/0x10
[  736.915528][    C1]  sysvec_apic_timer_interrupt+0xa9/0xc0
[  736.920999][    C1]  </IRQ>
[  736.923772][    C1]  <TASK>
[  736.926552][    C1]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[  736.932368][    C1] RIP: 0010:preempt_schedule_irq+0xc2/0x140
[  736.938094][    C1] Code: 4c 89 e7 e8 20 15 9c fc f6 44 24 21 02 74 0b 0f 0b 48 f7 03 08 00 00 00 74 4d bf 01 00 00 00 e8 84 7b 2e fc fb bf 01 00 00 00 <e8> 99 e4 ff ff fa bf 01 00 00 00 e8 0e 7d 2e fc 65 48 8b 1d 66 3d
[  736.957537][    C1] RSP: 0018:ffffc90009e37500 EFLAGS: 00000246
[  736.963597][    C1] RAX: 1ffff110258a13e1 RBX: 1ffff920013c6ea4 RCX: ffffffff85232f00
[  736.971402][    C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  736.979211][    C1] RBP: ffffc90009e37590 R08: dffffc0000000000 R09: ffffed10258a1289
[  736.987025][    C1] R10: 0000000000000000 R11: dffffc0000000001 R12: ffffc90009e37520
[  736.994836][    C1] R13: 0000000000000000 R14: dffffc0000000000 R15: 1ffff920013c6ea0
[  737.002653][    C1]  ? queued_write_lock_slowpath+0x460/0x547
[  737.008377][    C1]  ? preempt_schedule_notrace+0x140/0x140
[  737.013928][    C1]  ? cgroup_rstat_updated+0xe5/0x370
[  737.019050][    C1]  raw_irqentry_exit_cond_resched+0x2a/0x30
[  737.024778][    C1]  irqentry_exit+0x30/0x40
[  737.029033][    C1]  sysvec_reschedule_ipi+0x8f/0x170
[  737.034064][    C1]  asm_sysvec_reschedule_ipi+0x1b/0x20
[  737.039359][    C1] RIP: 0010:__sanitizer_cov_trace_pc+0x1/0x60
[  737.045263][    C1] Code: 00 00 00 00 00 0f 1f 40 00 55 48 89 e5 53 48 89 fb e8 13 00 00 00 48 8b 3d 44 52 1d 06 48 89 de e8 34 f0 46 00 5b 5d c3 cc 55 <48> 89 e5 48 8b 45 08 65 48 8b 0d 80 d5 8c 7e 65 8b 15 81 d5 8c 7e
[  737.064706][    C1] RSP: 0018:ffffc90009e37690 EFLAGS: 00000287
[  737.070614][    C1] RAX: 0000000080000000 RBX: 0400000000000080 RCX: 0000000000000001
[  737.078414][    C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  737.086230][    C1] RBP: ffffc90009e37910 R08: ffffffff81b0cec1 R09: ffffed10258a1289
[  737.094036][    C1] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff1102475a266
[  737.101848][    C1] R13: 0000200000866000 R14: dffffc0000000000 R15: ffff88814548b020
[  737.109673][    C1]  ? unmap_page_range+0x22a1/0x2620
[  737.114700][    C1]  ? unmap_page_range+0x22fe/0x2620
[  737.119736][    C1]  ? copy_page_range+0x2ed0/0x2ed0
[  737.124677][    C1]  ? mas_next_slot+0xac5/0xb00
[  737.129280][    C1]  ? uprobe_munmap+0x18d/0x450
[  737.133896][    C1]  unmap_vmas+0x4e4/0x660
[  737.138043][    C1]  ? unmap_page_range+0x2620/0x2620
[  737.143079][    C1]  ? preempt_schedule_common+0xbe/0xf0
[  737.148373][    C1]  ? folio_add_lru_vma+0x80/0x80
[  737.153144][    C1]  ? __kasan_check_write+0x14/0x20
[  737.158089][    C1]  ? tlb_gather_mmu_fullmm+0x165/0x210
[  737.163385][    C1]  exit_mmap+0x2e5/0xbb0
[  737.167464][    C1]  ? vm_brk+0x30/0x30
[  737.171289][    C1]  ? kiocb_set_cancel_fn+0x230/0x230
[  737.176407][    C1]  ? uprobe_clear_state+0x2cd/0x320
[  737.181459][    C1]  __mmput+0x95/0x310
[  737.185260][    C1]  mmput+0x56/0x170
[  737.188904][    C1]  do_exit+0xb24/0x2b80
[  737.192902][    C1]  ? preempt_schedule+0xd9/0xe0
[  737.197580][    C1]  ? put_task_struct+0x80/0x80
[  737.202180][    C1]  ? sysvec_reschedule_ipi+0x8f/0x170
[  737.207390][    C1]  ? asm_sysvec_reschedule_ipi+0x1b/0x20
[  737.212858][    C1]  ? zap_other_threads+0x1e2/0x2d0
[  737.217805][    C1]  do_group_exit+0x21a/0x2d0
[  737.222235][    C1]  __x64_sys_exit_group+0x3f/0x40
[  737.227090][    C1]  x64_sys_call+0x610/0x9a0
[  737.231435][    C1]  do_syscall_64+0x3b/0xb0
[  737.235696][    C1]  ? clear_bhb_loop+0x55/0xb0
[  737.240195][    C1]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  737.245923][    C1] RIP: 0033:0x7f3ff3b8d169
[  737.250175][    C1] Code: Unable to access opcode bytes at 0x7f3ff3b8d13f.
[  737.257033][    C1] RSP: 002b:00007ffef8d95da8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  737.265281][    C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f3ff3b8d169
[  737.273092][    C1] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000
[  737.280903][    C1] RBP: 00007ffef8d95e0c R08: 00000012f8d95e9f R09: 00000000000927c0
[  737.288712][    C1] R10: 0000000000000001 R11: 0000000000000246 R12: 000000000000010d
[  737.296524][    C1] R13: 00000000000927c0 R14: 00000000000b3633 R15: 00007ffef8d95e60
[  737.304343][    C1]  </TASK>
[  737.307200][    C1] Modules linked in:
[  737.310936][    C1] ---[ end trace 0000000000000000 ]---
[  737.316228][    C1] RIP: 0010:__queue_work+0x4f1/0xd70
[  737.321358][    C1] Code: 39 03 0f 84 40 01 00 00 e8 4c 6e 2a 00 4c 89 e7 e8 e4 cf d7 03 49 bd 00 00 00 00 00 fc ff df 4c 8b 65 d0 4c 89 f0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 f7 e8 30 1b 72 00 49 8b 3e e8 98 c8 d7
[  737.340790][    C1] RSP: 0018:ffffc900001b0c78 EFLAGS: 00010046
[  737.346689][    C1] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff88812c509440
[  737.354500][    C1] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[  737.362314][    C1] RBP: ffffc900001b0d00 R08: ffffffff814b279b R09: 0000000000000007
[  737.370125][    C1] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff88810d84c9c8
[  737.377934][    C1] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff88810d84c9e0
[  737.385746][    C1] FS:  0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[  737.394515][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  737.400935][    C1] CR2: 0000000000000000 CR3: 00000001267fc000 CR4: 00000000003506a0
[  737.408751][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  737.416558][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  737.424370][    C1] Kernel panic - not syncing: Fatal exception in interrupt
[  737.431716][    C1] Kernel Offset: disabled
[  737.435845][    C1] Rebooting in 86400 seconds..