last executing test programs:

3.890976825s ago: executing program 1:
syz_usb_connect$hid(0x0, 0x36, &(0x7f00000001c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0xffffffff, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x4, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, 0x0, &(0x7f00000002c0)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000079000000090000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000380)={&(0x7f0000000000)='W2', &(0x7f0000000300)=""/65, &(0x7f0000000200)="090da27aca56d4ae6566d50435922400e03d7abd6a163572df8b3126814dc13d32097e7f8d7c09aee2e470b8ec39687353ba592f2799c020623173db4e0710", &(0x7f0000000280), 0x4, r0}, 0x38)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r3}, 0x10)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="ec000000210001000000000000000000fc010000000000000000000000000000ff02000000000000000000000000000100"/64, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000eeff0000009c00110000000000000000000000000000000001ffffffff000000000000000000000000fc0200000000000000000000000000000a0101000000000000000000000000006c0000000000000000000a0000000000000000000000000000000001ffffffff"], 0xec}}, 0x0)

3.303385365s ago: executing program 3:
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000300)='qdisc_dequeue\x00'}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000080000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0x20, &(0x7f0000000000)={0x0, 0x0, <r1=>0x0, &(0x7f00000006c0)=""/88, 0x58}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x12, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYRESOCT=r0], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
waitid(0x0, 0x0, 0x0, 0x0, 0x0)

3.293549017s ago: executing program 3:
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
getdents64(0xffffffffffffffff, 0x0, 0x0)

3.281952128s ago: executing program 3:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000090003206d0414c340000000000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, &(0x7f0000000dc0)=ANY=[@ANYBLOB="00020c0000000c0002"], 0x0, 0x0, 0x0}, 0x0)
mount(0x0, 0x0, &(0x7f0000000000)='configfs\x00', 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001480)=@base={0x12, 0x22, 0x4, 0x6}, 0x48)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000), &(0x7f0000000100)=@udp=r2}, 0x20)
bpf$MAP_UPDATE_ELEM(0x4, &(0x7f00000011c0)={r1, &(0x7f00000002c0), &(0x7f0000000000)=@udp}, 0x20)
syz_usb_control_io$hid(r0, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
syz_usb_control_io(r0, 0x0, 0x0)

2.440280046s ago: executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000d8ffffffb703000008000000b70400000000925e8500000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10)
ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000000)={'geneve1\x00', 0x400})
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)

2.42238422s ago: executing program 1:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=<r0=>0xffffffffffffffff, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5}, 0x48)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000640)='./file0\x00', 0x30148d0, &(0x7f0000000000)={[{@discard}, {@barrier_val={'barrier', 0x3d, 0x1000}}, {@grpjquota}, {@norecovery}, {@noauto_da_alloc}]}, 0x3, 0x4d0, &(0x7f0000000680)="$eJzs3d9rW9cdAPDvle3ESZzZ2faQBZaFLcMJWyQ7XhKzh8yDsT0FlmXvnmfLxli2jCUnsQnDYX9AofQX7VOf+lLoH1Ao+RNKIdC+l1JaQpukD31oqyL5qjGubMuNLSXW5wPH99wf8vd7JHSkc89FN4COdSYixiKiKyLOR0R/uj2TllhbL9XjHj28M1ktSVQqN75IIkm31f9Xki6PpQ/rjYh//SPiv8mP45ZWVucmCoX8UrqeK88v5korqxdm5ydm8jP5hbGR4cujV0YvjQ7tWVuv/u3TV1546+9X3/vjrY/HPz/3v2pafem+je1oxlqTx603vaf2XNR1R8TSboI9w7rS9vS0OxEAAJpS/Y7/84j4bUQ8fr3d2QAAAAD7ofKXvvgmiagAAAAAB1amdg1sksmm1wL0RSaTza5fw/vLOJopFEvlP0wXlxem1q+VHYiezPRsIT+UXis8ED1JdX24Vn+yfnHT+khEnIiIl/qP1Nazk8XCVLtPfgAAAECHOLZp/P9V//r4HwAAADhgBtqdAAAAALDvjP8BAADg4Nty/J90tzYRAAAAYD/889q1aqnU7389dXNlea5488JUvjSXnV+ezE4WlxazM8XiTO03++Z3+n+FYnHxT7GwfDtXzpfKudLK6vh8cXmhPF67r/d43n2iAQAAoPVO/ObeR0lErP35SK1UHUr3NTFWH9vf7ID9lNnd4cl+5QG0Xle7EwDaxgW+0LnMxwM7DOxf3rS+y9MGAADAs2DwV081/28+EJ5jBvLQucz/Q+cy/w+dy/w/dLjDOx/Su9WO9/c4FwAAYN/01UqSyaZzgX2RyWSzEcdrtwXoSaZnC/mhiPhZRHzY33O4uj7c7qQBAAAAAAAAAAAAAAAAAAAAAAAA4DlTqSRRAQAAAA60iMxnSXoj/8H+s32bzw8cSr7ury27Im69cePV2xPl8tJwdfuX69sjovxauv1iO85gAAAAAJvVx+n1cTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7KVHD+9M1ksr4z74a0QMNIrfHb21ZW/0RMTRx0l0b3hcEhFdexB/7W5EnGwUP6mmFQNpFpvjZyLiSJvjH9uD+NDJ7lX7n7FG779MnKktG7//utPytB6c2ar/y/zQ/3Vt0f8dbzLGqfvv5LaMfzfiVHfj/qceP3nK/vc//15d3Wpf5c2IwYafP0mla0OsXHl+MVdaWb0wOz8xk5/JL4yMDF8evTJ6aXQoNz1byKd/G8Z48dfvfrdd+482jl/rf7dr/9km2//t/dsPf7FN/HO/a/z6n9wmfvW5+X36OVDdP1ivr63XNzr99gent2v/1Bbt3+n1P9dk+89f//8nTR4KALRAaWV1bqJQyC+1onI4IloVS2XvKtUvgs9AGio/oXI9faPv+uFt7pgAAIA99+RLf7szAQAAAAAAAAAAAAAAAAAAgM7Vih8h2xivt31NBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADY1vcBAAD//4/p0B8=")
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
rename(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='./file1\x00')
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'team0\x00', <r2=>0x0})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3f, &(0x7f0000000240)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRESDEC=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000400)=ANY=[@ANYBLOB="180000000000000400000000dfffff1918120000", @ANYRES32=r3, @ANYRESHEX=r1, @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000180)='sys_enter\x00', r4}, 0x10)
r5 = socket(0x1e, 0x1, 0x0)
connect$tipc(r5, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10)
sendmmsg$unix(r5, &(0x7f0000004400), 0x400000000000203, 0x0)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCOUTQ(r6, 0x4b4b, &(0x7f0000000100))
removexattr(0x0, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r7}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0xc, 0x4, &(0x7f0000000480)=ANY=[@ANYRESDEC=r0], 0x0, 0x10000, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, r7, 0x0, 0x0, 0x0, 0x0}, 0x90)
r8 = io_uring_setup(0x6d2e, &(0x7f0000000000)={0x0, 0x0, 0x8c0})
io_uring_register$IORING_REGISTER_RESTRICTIONS(r8, 0xb, &(0x7f0000000080)=[@ioring_restriction_register_op={0x0, 0x6}], 0x1)
io_uring_register$IORING_REGISTER_ENABLE_RINGS(r8, 0xc, 0x0, 0x0)
io_uring_register$IORING_REGISTER_FILES_UPDATE(r8, 0x6, 0x0, 0x0)

2.346228221s ago: executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=@framed={{}, [@printk={@x}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
pipe(&(0x7f00000000c0)={<r3=>0xffffffffffffffff})
write$binfmt_script(r2, &(0x7f0000000140), 0xb)
readv(r3, 0x0, 0x0)
tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4}, 0x10)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00')

2.293705349s ago: executing program 2:
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r1}, 0x10)
getdents64(0xffffffffffffffff, 0x0, 0x0)

2.262001474s ago: executing program 2:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000090003206d0414c340000000000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, &(0x7f0000000dc0)=ANY=[@ANYBLOB="00020c0000000c0002"], 0x0, 0x0, 0x0}, 0x0)
mount(0x0, 0x0, &(0x7f0000000000)='configfs\x00', 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001480)=@base={0x12, 0x22, 0x4, 0x6}, 0x48)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000), &(0x7f0000000100)=@udp=r2}, 0x20)
bpf$MAP_UPDATE_ELEM(0x4, &(0x7f00000011c0)={r1, &(0x7f00000002c0), &(0x7f0000000000)=@udp}, 0x20)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)
syz_usb_control_io(r0, 0x0, 0x0)

2.256723335s ago: executing program 0:
bpf$MAP_CREATE(0x0, &(0x7f0000001280)=@base={0x2, 0x4, 0x2, 0xc}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100000000a0000000000000000000850000006d00000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, 0x0)

2.22482592s ago: executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000840)={&(0x7f00000005c0)='ext4_es_remove_extent\x00', r0}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.stat\x00', 0x275a, 0x0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1e7d, 0x2d5a, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0xc}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000002000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r3}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90)
socket$igmp(0x2, 0x3, 0x2)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io(r1, &(0x7f0000000580)={0x2c, &(0x7f0000000300)={0x0, 0x0, 0x5, {0x5, 0x0, "ff4e4a"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)

2.210602222s ago: executing program 1:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000201000085000000430000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000d8ffffffb703000008000000b70400000000925e8500000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000200), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000000)={'geneve1\x00', 0x400})
futex(&(0x7f0000004000), 0x5, 0x0, 0x0, &(0x7f0000004000), 0x82020000)

2.179573187s ago: executing program 1:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000090003206d0414c340000000000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, &(0x7f0000000dc0)=ANY=[@ANYBLOB="00020c0000000c0002"], 0x0, 0x0, 0x0}, 0x0)
mount(0x0, 0x0, &(0x7f0000000000)='configfs\x00', 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001480)=@base={0x12, 0x22, 0x4, 0x6}, 0x48)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000), &(0x7f0000000100)=@udp=r2}, 0x20)
bpf$MAP_UPDATE_ELEM(0x4, &(0x7f00000011c0)={r1, &(0x7f00000002c0), &(0x7f0000000000)=@udp}, 0x20)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10)
r6 = syz_io_uring_setup(0xd8, &(0x7f0000000000)={0x0, 0x0, 0x40}, &(0x7f0000000080), &(0x7f00000000c0))
io_uring_register$IORING_REGISTER_RESTRICTIONS(r6, 0xb, &(0x7f0000000100), 0x0)
sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newsa={0x154, 0x10, 0x633, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}}, {@in6=@empty, 0x4d5, 0x32}, @in=@multicast1, {}, {0x0, 0x0, 0x0, 0x3}, {}, 0x0, 0x0, 0xa, 0x1, 0x0, 0x4}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @encap={0x1c, 0x4, {0x2, 0x0, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}]}, 0x154}}, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x7, 0x10000, 0x9}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000200)=ANY=[@ANYBLOB="18000107000000000000000000008ee700006935b814000000", @ANYRES32, @ANYRES8], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f5a}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{r7}, &(0x7f0000000940), &(0x7f0000000980)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10)
syz_usb_control_io(r0, 0x0, 0x0)
r8 = syz_io_uring_setup(0xb1b, &(0x7f00000012c0)={0x0, 0x0, 0x40}, &(0x7f0000001340), &(0x7f0000001380))
io_uring_register$IORING_REGISTER_RESTRICTIONS(r8, 0xb, &(0x7f00000013c0)=[@ioring_restriction_sqe_op, @ioring_restriction_sqe_flags_required, @ioring_restriction_sqe_flags_allowed, @ioring_restriction_register_op, @ioring_restriction_sqe_op], 0x5)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="18", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x25, 0x803, 0x0)

1.529348976s ago: executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000008018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003010000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000008500000070000000850000005000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r1}, 0x10)
getdents64(0xffffffffffffffff, 0x0, 0x300)

1.484728883s ago: executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000d8ffffffb703000008000000b70400000000925e8500000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r0}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x19, 0x4, &(0x7f00000003c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x51}]}, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)

1.440348039s ago: executing program 3:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000090003206d0414c340000000000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, &(0x7f0000000dc0)=ANY=[@ANYBLOB="00020c0000000c0002"], 0x0, 0x0, 0x0}, 0x0)
mount(0x0, 0x0, &(0x7f0000000000)='configfs\x00', 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001480)=@base={0x12, 0x22, 0x4, 0x6}, 0x48)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000), &(0x7f0000000100)=@udp=r2}, 0x20)
bpf$MAP_UPDATE_ELEM(0x4, &(0x7f00000011c0)={r1, &(0x7f00000002c0), &(0x7f0000000000)=@udp}, 0x20)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
io_uring_register$IORING_REGISTER_RESTRICTIONS(0xffffffffffffffff, 0xb, &(0x7f0000000100), 0x0)
sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newsa={0x154, 0x10, 0x633, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}}, {@in6=@empty, 0x4d5, 0x32}, @in=@multicast1, {}, {0x0, 0x0, 0x0, 0x3}, {}, 0x0, 0x0, 0xa, 0x1, 0x0, 0x4}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @encap={0x1c, 0x4, {0x2, 0x0, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}]}, 0x154}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x7, 0x10000, 0x9}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000200)=ANY=[@ANYBLOB="18000107000000000000000000008ee700006935b814000000", @ANYRES32, @ANYRES8], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f5a}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r5}, 0x10)

832.517312ms ago: executing program 4:
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
mknodat$loop(r0, &(0x7f0000000040)='./file1\x00', 0x1000, 0x1)
r1 = open(0x0, 0x0, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
linkat(r0, &(0x7f0000000100)='./file1\x00', r1, &(0x7f0000000240)='./file0\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
mkdirat(r2, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
mkdirat(r2, &(0x7f0000000440)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r4 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0)
renameat2(r3, &(0x7f0000000000)='./file0\x00', r4, &(0x7f00000004c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', 0x2)

798.346128ms ago: executing program 4:
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000300)='qdisc_dequeue\x00'}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000080000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0x20, &(0x7f0000000000)={0x0, 0x0, <r1=>0x0, &(0x7f00000006c0)=""/88, 0x58}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x12, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYRESOCT=r0], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
waitid(0x0, 0x0, 0x0, 0x0, 0x0)

580.874691ms ago: executing program 2:
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r1}, 0x10)
getdents64(0xffffffffffffffff, 0x0, 0x0)

556.641234ms ago: executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=@framed={{}, [@printk={@x}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
pipe(&(0x7f00000000c0)={<r3=>0xffffffffffffffff})
write$binfmt_script(r2, &(0x7f0000000140), 0xb)
readv(r3, 0x0, 0x0)
tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r4, &(0x7f00000000c0)='./file0\x00')

539.921977ms ago: executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f0000001280)=@base={0x2, 0x4, 0x2, 0xc}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100000000a0000000000000000000850000006d00000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, 0x0)

530.881508ms ago: executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000201000085000000430000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000d8ffffffb703000008000000b70400000000925e8500000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000200), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000000)={'geneve1\x00', 0x400})
futex(&(0x7f0000004000), 0x5, 0x0, 0x0, &(0x7f0000004000), 0x82020000)

518.059821ms ago: executing program 4:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000004000000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000140000fbb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000600))
timer_delete(0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESDEC, @ANYBLOB="0000000000000000b7080000000006007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001", @ANYRESHEX, @ANYRESDEC=r2], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x6, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0xfffffffe}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000001000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff})
r5 = inotify_init1(0x0)
fcntl$setown(r5, 0x8, 0xffffffffffffffff)
fcntl$getownex(r5, 0x10, &(0x7f0000000000)={0x0, <r6=>0x0})
fcntl$setown(r4, 0x8, r6)
socket$igmp(0x2, 0x3, 0x2)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x3)
ioctl$TIOCSBRK(r7, 0x5427)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
close(r8)

501.971783ms ago: executing program 2:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000840)={&(0x7f00000005c0)='ext4_es_remove_extent\x00', r0}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.stat\x00', 0x275a, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1e7d, 0x2d5a, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0xc}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10)
syz_read_part_table(0x5d0, &(0x7f0000000000)="$eJzs3LGrHFUUB+DfzO7MvIWExcbSLKSxS2vzMCDJI10ae1sbETtB2V0UBUEbLbSwsE2Tf0DbECytghBiIWgnYmGjuTIzO7urNsLykMD38d7MuXfvPecM3C1nw7OtLGdnY7AuZQjq/r+upgXLP7MYgtnfNzZJXr136/ad1d2q3c1VqZJfNmOOJPP+0iYvjFFvtbt/Pc/H9y4+/OSzd9pssnmyTvJlsklKN7WWofIX7aHod/tCOaTk//PiP8bDsTmbRi/vBzemA9RfNknXR+0HJ9e/f/5g21dJGQ/sok119PHN8TY1VGd9fYya/Po0Tb2aWj7ueNMH26PJLnUppUn+2H1DunaXs5l294fx4Q/rbNtmGD/6Zto8ZMvjRfLm48z3xeqTHx0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEtQBh+9tBs+99Vwm3+epNsvmg9/eaWdJ+XhuGtRSsnm5Pr3zx8s33v/rTpvn7/+6I13f7z4+ey3JLPcuLhSukMLr6Vrc9xQ/XSWPL84tX7pVmORJsm1/fQq23x7/ftr9SxtWR6WN9W4crBNdWp5AAAAAAAAAAAAAAAAAAAAGNy6fWd1t15ML/vX03zJ2b8Xl99LKTf7pdX8MLtI2jwZ3oX/KaXaJ0g75Lua6WcCpoylXB3CT69c2mPxH/0VAAD//6+qXCI=")

470.342638ms ago: executing program 1:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000201000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000d8ffffffb703000008000000b70400000000925e8500000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r0}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x19, 0x4, &(0x7f00000003c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x51}]}, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)

439.609892ms ago: executing program 4:
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
chdir(&(0x7f0000000000)='./file0\x00')
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1807000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0xa, 0x4, 0x8, 0x48}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000940)={{r0}, &(0x7f00000008c0), &(0x7f0000000900)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000400)='locks_get_lock_context\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000400)='locks_get_lock_context\x00', r2}, 0x10)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000600)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0)
fcntl$lock(r3, 0x26, &(0x7f0000000000))
creat(&(0x7f0000000040)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r4 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r4, 0x0)
readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001c40)=ANY=[@ANYBLOB="4800000010000104000000000000004ede33f57a099ae50000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b00010065727370616e00000c00028008000700000000000a000100aaaaaaaaaaaa0000"], 0x48}}, 0x0)
r6 = open(&(0x7f00000001c0)='.\x00', 0x0, 0x0)
mkdirat(r6, &(0x7f00000003c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000080)='./bus\x00', 0x200800, &(0x7f0000000500)=ANY=[@ANYBLOB='dmask=00000000000000000000004,iocharset=cp737,allow_utime=00000000000000000000006,dmask=00000000000000000000011,uid=', @ANYRESHEX=0x0, @ANYBLOB=',errors=remount-ro,allow_utime=00000000000000000000001,discard,discard,dmask=00000000000000000000002,smackfsfloor=iocharset,fowner>', @ANYRESDEC=0xee00, @ANYBLOB="01105b4e3678684895c48ddc295ff5b35ee2aea6f6d5aec39a4f7a46712f29977aca5268721559904b5123461e0d81b1d48d3ea4ca8b410a4b00e4b1b83018d0672589e8ff8145c2647a7097259c8fc053ce83f29a9941921a0e87ea41a9d39ce160792e9b2c1a"], 0x2, 0x1518, &(0x7f0000002280)="$eJzs3AuYjVX7MPD7Xms9Y0jaTXIY1lr3wyaHZZIkhyQ5JEmSJDklJE3ySl4khpCkIQnJYUgOQ0gOE5PG+Xw+JknSJElITsn6rgmft7f63n/f2//1v/5z/67rufa693rWetba97Nnr+fZM/Nt16G1mtSu3oiI4N+CFx+SACAWAAYCwHUAEABA+bjycVn1OSUm/XsHYX+th1Ov9gjY1cT5z944/9kb5z974/xnb5z/7I3zn71x/rM3zj9j2dnm6QWv5y37bnz/Pzvjz///RTLLjP1ybZkbu/2JJpz/7I3z/79W8F/ZifOfvXH+szfOf/bG+c8OcvxhDec/u7p4TnD+GcvOrvb9Z96u7na1zz/GGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY9nDGX+FAoDL5as9LsYYY4wxxhhjjP11fI6rPQLGGGOMMcYYY4z990MQIEFBADGQA2IhJ+QCAQDXQh64DiJwPcTBDZAXboR8kB8KQEGIh0JQGDQYsEAQQhEoClEoBsXhJigBJaEUlAYHZSABboaycAuUg1uhPNwGFeB2qAiVoDJUgTugKtwJ1eAuqA53Qw2oCbWgNtwDdeBeqAv3QT24H+rDA9AAHoSG8BA0goehMTwCTeBRaAqPQTNoDi2gJbT6/2r/AvSEF6EX9IYk6AN94SXoB/3/7ysyCF6FwfAaJMMQGAqvwzB4A4bDmzACRsIoeAtGw9swBsbCOBgPKTABJsI7MAnehckwBabCNEiF6TAD3oOZMAtmw/swBz6AuTAP5sMCSIMPYSEsgnT4CBbDx5ABS2ApLIPlsAJWwipYDWtgLayD9bABNsIm2AxbYCtsg+2wA3bCLtgNn8Ae+BT2wmewDz7/k+1P/1P7bggIKFCgQoUxGIOxGIu5MBfmxtyYB/NgBCMYh3GYF/NiPsyHBbAAxmM8FsbCaNAgIWERLIJRjGJxLI4lsASWwlLo0GECJmBZvAXLYTksj+WxAlbAilgJK2EVrIJVsSpWw2pYHatjDayBtbAW3oP3YB+si3WxHtbD+lj/8u0pbISNsDE2xibYBJtiU2yGzbAFtsBW2ApbY2tsg22wHbbD9tgeO2AHTMRE7IgdsRN2ws7YGbtgF+yKXbEbdsfu+EIOwBfxReyNNUQf7It9sR8m5xiAL+PL+AoOwlfxVXwNk3EIDsXX8XV8A4fjKRyBI3EUjsKqvjcAjkUS4zEFU3AiTsRJOAkn4xScgtMwFafjDJyBM3EWzsL3cQ5+gB/gPJyHCzAN03AhLsJ0TMfFeBozcAkuxWW4HFfgclyFq3EVrsV1uBY34AbchJtwC27BbbgNd+AO3IUKAD/BT/FTTMZ9uA/34348gAfwIB7ETMzEQ3gID+NhPIJH8CgexWN4HE/gcTyJJ/EUnsYzeAbP4Tk8j8/Hf914V8k1ySCyKKFEjIgRsSJW5BK5RG6RW+QReURERESciBN5RV6RT+QTBUQBES/iRWFRWBhhBIkwBgBEVERFcVFclBAlRClRSjjhRIJIEGVFWVFOlBPlxW2igrhdVBSVRFtXRVQRVUU7V03cJaqL6qKGqClqidqitqgj6oi6oq6oJ+qJ+qK+aCAeFA1FHxyAD4uszDQRQ7CpGIrNRHMhL71fW4vh2Ea0Fe3Ek2IkjsAOorVLFM+IjmIMdhJ/E2PxOdFFjMeu4u+im+gueogXRE/RxvUSvcVk7CP6imnYT/QXA8TLYibWFO/jnJy1xGsiWQwRQ8XrYgG+IYaLN8UIMVKMEm+J0eJtMUaMFePEeJEiJoiJ4h0xSbwrJospYqqYJlLFdDFDvCdmillitnhfzBEfiLlinpgvFog08aFYKBaJdPGRWCw+FhliiVgqlonlYoVYKVaJ1WKNWCvWifVig9goNonNYovYKraJ7WKH2Cl2id3iE7FHfCr2is/EPvG52C++EAfEl+Kg+Epkiq/FIfGNOCy+FUfEd+Ko+F4cE8fFCfGDOCl+FKfEaXFGnBXnxE/ivPhZXBBegEQppJRKBjJG5pCxMqfMJa+RuWVw6dW9XsbJG2ReeaPMJ/PLArKgjJeFZGGppZFWkgxlEVlURmUxWVzeJEvIkrKULC2dLCMT5M2yrLxFlpO3yvLyNllB3i4rykqysqwi75BV5Z0SIhePUUPWlLVkbXmPrCPvlXXlfbKevF/Wlw/IBvJB2VA+JBvJh2Vj+YhsIh+VTeVjsplsLlvIlrKVfFy2lk/INrKtbCeflO3lU7KDfFomymdkR+kvnSLPyS7yedlV/l12k91lD/mzvCC97CV7S4A+sq98SfaT/eUA+bIcKF+Rg+SrcrB8TSbLIXKofF0Ok2/I4fJNOUKOlKPkW3K0fFuOkWPlODlepsgJcqJ8R06S78rJcoqcKqfJVDldDrjU02wp/2X7d36n/eBfjr5JbpZb5Fa5TW6XO+ROuUvulrvlHrlH7pV75T65T+6X++UBeUAelAdlpsyUh+QheVgelkfkEXlUHpXH5HF5Vv4gT8of5Sl5Wp6WZ+U5eU6ev/QagEIllFRKBSpG5VCxKqfKpa5RudW1Ko+6TkXU9SpO3aDyqhtVPpVfFVAFVbwqpAorrYyyilSoiqiiKqqK4aUTRpVSpZVTZVSCuvnPtFfF1U2qhCr5q/aXx6f/YHytVCvVWrVWbVQb1U61U+1Ve9VBdVCJKlF1VB1VJ9VJdVadVRfVRXVVXVU31U31UD1UT9VT9VK9VJJKUn3VS6qf6q8GqJfVQPWKGqQGqcFqsEpWyWqoGqqGqWFquBquRqgRapQapUar0WqMGqPGqXEqRaWoiWqimqQmqclqspqqpqpUlapmqBlqppqpZqvZao6ao+aquWq+mq/SVJpaqBaqdJWuFqvFKkMtUUvUMrVMrVAr1Cq1Sq1Ra9Q6tU5tUBtUhtqsNqutaqvarrarnWqn2q12qz1qj9qr9qp9ap/ar/arA+qAOqgOqkyVqQ6pQ+qwOqyOqCPqqDqqjqlj6oQ6oU6qk+qUOqXOqDPqnDqnzqvz6oK6kLXsC0QgAhWoICaICWKD2CBXkCvIHeQO8gR5gkgQCeKCuCBvcGOQL8gfFAgKBvFBoaBwoAMT2EBcSno0KBYUD24KSgQlg1JB6cAFZYKE4OagbHBLUC64NSgf3BZUCG4PKgaVgspBleCOoGpwZ1AtuCuoHtwd1AhqBrWC2sE9QZ3g3qBucF9QL7g/qB88EDQIHgwaBg8FjYKHg8bBI0GT4NGgafBY0CxoHrQIWgat/tL+vT+V/wnXS/fWSbqP7qtf0v10fz1Av6wH6lf0IP2qHqxf08l6iB6qX9fD9Bt6uH5Tj9Aj9Sj9lh6t39Zj9Fg9To/XKXqCnqjf0ZP0u3qynqKn6mk6VU/XM/R7eqaepWfr9/Uc/YGeq+fp+XqBTtMf6oV6kU7XH+nF+mOdoZfopXqZXq5X6JV6lV6t1+i1ep1erzfojXqT3qy36K16m96ud+idepferT/Re/Sneq/+TO/Tn+v9+gt9QH+pD+qvdKb+Wh/S3+jD+lt9RH+nj+rv9TF9XJ/QP+iT+kd9Sp/WZ/RZfU7/pM/rn/UF7bMW91kf70YZZWJMjIk1sSaXyWVym9wmj8ljIiZi4kycyWvymnwmnylgCph4E28Km8ImCxkyRUwREzVRU9wUNyVMCVPKlDLOOJNgEkxZU9aUM+VMeVPeVDAVTEVT0VQ2lc0d5g5zp7nT3GXuMnebu01NU9PUNrVNHVPH1DV1TT1Tz9Q39U0D08A0NA1NI9PINDaNTRPTxDQ1TU0z08y0MC1MK9PKtDatTRvTxrQz7Ux70950MB1Mokk0HU1H08l0Mp1NZ9PFdDFdTVfTzXQzPUwP09P0NL1ML5Nkkkxf09f0M/3MADPADDQDzSAzyAw2g02ySTZDzVAzzAwzw81wM8KMNKOyFqrmbTPGjDXjzHiTYlLMRDPRTDKTzGQz2Uw13qSaVDPDzDAzzUwz28w2c8wcM9fMNfPNfJNm0sxCs9Ckm3Sz2Cw2GSbDLDVLzXKz3Kw0K81qs9qsNWvNelhvNpqNZrPZbLaarWa72W52mp1mt9lt9pg9Zq/Za/aZfWa/2W8OmAPmoDloMk2mOWQOmcPmsDlijpij5qg5Zo6ZE+aEOWlOmlPmlDljzphzJv+lz0tvYm1Om8teY3Pba20ee53957iALWjjbSFb2Gqbz+b/VWystSVsSVvKlrbOlrEJ9ubfxBVtJVvZVrF32Kr2TlvtN3Ede6+ta++z9ez9tra951dxffuAbWAftQ0RAWxz29i2tE3so7apfcw2s81tC9vStrdP2Q72aZton7Ed7bO/iRfaRXa1XWPX2nV2j/3UnrFn7WH7rT1nf7K9bG870L5iB9lX7WD7mk22Q34Tj7Jv2dH2bTvGjrXj7PjfxFPtNJtqp9sZ9j070876TZxmP7RzbLqda+fZ+XbBL3HWmNLtR3ax/dhm2CV2qV1ml9sVdqVddXmsl7+tt7vtJ3ar3Wa32x12p931S5w1j732M7vPfm4P2W/sAfulPWiP2Ez79S9x1vyO2O/sUfu9PWaP2xP2B3vS/mhP2dO/zD9r7j/Yn+0F6y0QEpAkRQHFUA6KpZyUi66h3HQt5aHrKELXUxzdQHnpRspH+akAFaR4KkSFSZMhS0QhFaGiFKVidHmdXopKk6MylEA3U1m6hcrRrVSebqMKdDtVpEpUmarQHVSV7qRqdBdVp7upBtWkWlSb7qE6dC/VpfuoHt1P9ekBakAPUkN6iBrRw9SYHqEm9Cg1pceoGTWnFtSSWtHj1JqeoDbUltrRk9SenqIO9DQl0jPUkZ6lTvQ36kzPURd6nrrS36kbdace9AL1pBepF/WmJOpDfekl6kf9aQC9TAPpFRpEr9Jgeo2SaQgNpddpGL1Bw+lNGkEjaRS9RaPpbRpDY2kcjacUmkAT6R2aRO/SZJpCU2kapdJ0mkHv0UyaRbPpfZpDH9BcmkfzaQGl0Ye0kBZROn1Ei+ljyqAltJSW0XJaQStpFa2mNbSW1tF62kAbaRNtpi20lbbRdtpBO2kX7aZPaA99SnvpM9pHn9N++oIO0Jd0kL6iTPqaDtE3dJi+pSP0ne9N39MxOk4n6Ac6ST/SKTpNZ+gsnaOf6Dz9TBfIE4QYilCGKgzCmDBHGBvmDHOF14S5w2vDPOF1YSS8PowLbwjzhjeG+cL8YYGwYBgfFgoLhzo0oQ0pDMMiYdEwGhYLi4c3hSXCkmGpsHTowjJhQnhzWDa8JSwX3hqWD28LK4S3hxXDSuGj91cJ7wirhneG1cK7wurh3WGNsGZYK6wd3hPWCe8N64b3hfXC+8Ny4QNhg/DBsGH4UNgofDhsHD4SNgkfDZuGj4XNwuZhi7Bl2Cp8PGwdPhG2CduG7cInw/bhU2GH8OkwMXwm7Bg++0v9A4v+uD4p7BP2DV8KXwq9v0/Ojy6IpkU/jC6MLoqmRz+KLo5+HM2ILokujS6LLo+uiK6Mroqujq6Jro2ui66PbohujG6Kel87Bzh0wkmnXOBiXA4X63K6XO4al9td6/K461zEXe/i3A0ur7vR5XP5XQFX0MW7Qq6w084468iFrogr6qKumCvubnIlXElXypV2zpVxCa6la+VaudbuCdfGtXXt3JPuSfeUe8o97Z52z7iO7lnXyf3NdXbPuS7ueRUD4Lq57q6He8H1dBPyXHxPJrm+rq/r5/q5AW6AG+gGukFukBvsBrtkl+yGuqFumBvmhrvhboTLCQCj3Gg32o1xY9w4N86luBQ30U10k9wkN9lNdlPdVJfqUt0MN8PNdDNd1VkXjzLXzXXz3XyX5tLcQpe1Zkx3i91il+Ey3FK31C13y91Kt9KtdqvdWrfWrXfr3Ua30W12m91Wt9Vtd9vdTrfT7Xa73R5/3cVO3T633+13B9wBd9B95TLd1+6Q+8Yddt+6I+47d9R974654+6E+8GddD+6U+60O+POunPuJ3fe/ewuOO9SIhMiEyPvRCZF3o1MjkyJTI1Mi6RGpkdmRN6LzIzMisyOvB+ZE/kgMjcyLzI/siCSFvkwsjCyKJIe+SiyOPJxJCOyJLI0siyyPLIi4n2hraEv4ov6qC/mi/ubfAlf0pfypb3zZXyCv9mX9bf4cv5WX97f5iv4231FX8lX9o/5Zr65b+Fb+lb+cd/aP+Hb+La+nX/St/dP+Q7+aZ/on/Ed/bO+k/+b7+yf8138876r/7vv5rv7Hv4F39O/6Hv53j7J9/F9/Uu+n+/vB/iX/UD/ih/kX/WD/Ws+2Q/xQ/3rfph/ww/3b/oRfqQfFfOWH335EhnG+xQ/wU/07/hJ/l0/2U/xU/00n+qn+xn+PT/Tz/Kz/ft+jv8Akvw8P98v8Gn+Q7/QL/Lp/iO/2H/sM/ySy7dQ/Uq/yq/2a/xav86v9xv8Rr/Jb/Zb/Fa/zW/3O/xOv8vv9p/4Pf5Tv9d/5vf5z/1+/4U/4L/0B/1XPtN/7Q/5b/xh/60/4r/zR/33/pg/7k/4H/xJ/6M/5U/7M/6sP+d/8uf9z/4C/80aY4wxxth/yYQrRfF79X1+5znxDzv3BYBrtxXM/Mf6rBXl+nwXy/1FfPsIADzTu+vDl7caNZKSki7tmyEhKDoP4PI3QVli4Eq8BNrBU5AIbaHs746/v+h+jv5F/9HbAHL9Q5tYuBJf6f+LP+j/8SdHLawQnon7f/Q/D6BE0Sttsq6TLsdLoJ3KemwL5f6g//yt/8X4c36ZAtDmH9rkhivxlfEnwBPwLCT+ak/GGGOMMcYYY+yi/qJy58vXn5d/4/P3rs/j1ZU2OeBK/K+uzxljjDHGGGOMMXb1Pde9x9OPX1OsbedfComJf6JQ7c/szIXfK3j4HzGMiwXvAS4/owDg3+wQ4JfCuP/gLLb8R46VfOmt889Vy8/6AP5npPKvKFzlH0yMMcYYY4yxv9yVRf+vn1dXa0CMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxlg29J/4d2JXe46MMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcbY1fZ/AgAA//81OQSC")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0)

363.722764ms ago: executing program 1:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000090003206d0414c340000000000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, &(0x7f0000000dc0)=ANY=[@ANYBLOB="00020c0000000c0002"], 0x0, 0x0, 0x0}, 0x0)
mount(0x0, 0x0, &(0x7f0000000000)='configfs\x00', 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001480)=@base={0x12, 0x22, 0x4, 0x6}, 0x48)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000), &(0x7f0000000100)=@udp=r2}, 0x20)
bpf$MAP_UPDATE_ELEM(0x4, &(0x7f00000011c0)={r1, &(0x7f00000002c0), &(0x7f0000000000)=@udp}, 0x20)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10)
io_uring_register$IORING_REGISTER_RESTRICTIONS(0xffffffffffffffff, 0xb, &(0x7f0000000100), 0x0)
sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newsa={0x154, 0x10, 0x633, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}}, {@in6=@empty, 0x4d5, 0x32}, @in=@multicast1, {}, {0x0, 0x0, 0x0, 0x3}, {}, 0x0, 0x0, 0xa, 0x1, 0x0, 0x4}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @encap={0x1c, 0x4, {0x2, 0x0, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}]}, 0x154}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x7, 0x10000, 0x9}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000200)=ANY=[@ANYBLOB="18000107000000000000000000008ee700006935b814000000", @ANYRES32, @ANYRES8], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f5a}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r6}, 0x10)

307.863073ms ago: executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000d8ffffffb703000008000000b70400000000925e8500000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10)
ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000000)={'geneve1\x00', 0x400})
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)

74.610488ms ago: executing program 4:
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
mknodat$loop(r0, &(0x7f0000000040)='./file1\x00', 0x1000, 0x1)
r1 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
chdir(0x0)
linkat(r0, &(0x7f0000000100)='./file1\x00', r1, &(0x7f0000000240)='./file0\x00', 0x0)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
mkdirat(r2, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
mkdirat(r2, &(0x7f0000000440)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', 0x0)
r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r4 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0)
renameat2(r3, &(0x7f0000000000)='./file0\x00', r4, &(0x7f00000004c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', 0x2)

0s ago: executing program 0:
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r1}, 0x10)
getdents64(0xffffffffffffffff, 0x0, 0x0)

kernel console output (not intermixed with test programs):

[    4.481159][  T100] udevd[100]: starting version 3.2.11
[    4.545524][  T101] udevd[101]: starting eudev-3.2.11
[    4.747486][  T102] udevadm (102) used greatest stack depth: 22288 bytes left
[   15.271203][   T28] kauditd_printk_skb: 50 callbacks suppressed
[   15.271219][   T28] audit: type=1400 audit(1717216943.540:61): avc:  denied  { transition } for  pid=228 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   15.281561][   T28] audit: type=1400 audit(1717216943.540:62): avc:  denied  { noatsecure } for  pid=228 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   15.287080][   T28] audit: type=1400 audit(1717216943.540:63): avc:  denied  { write } for  pid=228 comm="sh" path="pipe:[12676]" dev="pipefs" ino=12676 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[   15.302255][   T28] audit: type=1400 audit(1717216943.540:64): avc:  denied  { rlimitinh } for  pid=228 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   15.320904][   T28] audit: type=1400 audit(1717216943.540:65): avc:  denied  { siginh } for  pid=228 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   17.012615][  T229] sshd (229) used greatest stack depth: 22256 bytes left
Warning: Permanently added '10.128.0.49' (ED25519) to the list of known hosts.
2024/06/01 04:42:31 fuzzer started
2024/06/01 04:42:32 dialing manager at 10.128.0.163:30012
[   23.732744][   T28] audit: type=1400 audit(1717216952.000:66): avc:  denied  { node_bind } for  pid=287 comm="syz-fuzzer" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   23.753278][   T28] audit: type=1400 audit(1717216952.000:67): avc:  denied  { name_bind } for  pid=287 comm="syz-fuzzer" src=6060 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[   23.805955][   T28] audit: type=1400 audit(1717216952.070:68): avc:  denied  { mounton } for  pid=296 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   23.807419][  T296] cgroup: Unknown subsys name 'net'
[   23.849334][  T296] cgroup: Unknown subsys name 'devices'
[   23.855206][   T28] audit: type=1400 audit(1717216952.070:69): avc:  denied  { mount } for  pid=296 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   23.877319][   T28] audit: type=1400 audit(1717216952.110:70): avc:  denied  { setattr } for  pid=297 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=166 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   23.900418][   T28] audit: type=1400 audit(1717216952.110:71): avc:  denied  { mounton } for  pid=304 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   23.909319][  T306] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   23.925196][   T28] audit: type=1400 audit(1717216952.110:72): avc:  denied  { mount } for  pid=304 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   23.956655][   T28] audit: type=1400 audit(1717216952.120:73): avc:  denied  { unmount } for  pid=296 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   23.976529][   T28] audit: type=1400 audit(1717216952.210:74): avc:  denied  { relabelto } for  pid=306 comm="mkswap" name="swap-file" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   24.001932][   T28] audit: type=1400 audit(1717216952.210:75): avc:  denied  { write } for  pid=306 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   24.029462][  T300] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   24.098761][  T296] cgroup: Unknown subsys name 'hugetlb'
[   24.104246][  T296] cgroup: Unknown subsys name 'rlimit'
2024/06/01 04:42:32 starting 5 executor processes
[   25.268584][  T314] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.275462][  T314] bridge0: port 1(bridge_slave_0) entered disabled state
[   25.282963][  T314] device bridge_slave_0 entered promiscuous mode
[   25.290967][  T314] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.297822][  T314] bridge0: port 2(bridge_slave_1) entered disabled state
[   25.305100][  T314] device bridge_slave_1 entered promiscuous mode
[   25.445630][  T315] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.452643][  T315] bridge0: port 1(bridge_slave_0) entered disabled state
[   25.460121][  T315] device bridge_slave_0 entered promiscuous mode
[   25.468172][  T315] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.475019][  T315] bridge0: port 2(bridge_slave_1) entered disabled state
[   25.482444][  T315] device bridge_slave_1 entered promiscuous mode
[   25.488848][  T322] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.495687][  T322] bridge0: port 1(bridge_slave_0) entered disabled state
[   25.503238][  T322] device bridge_slave_0 entered promiscuous mode
[   25.511622][  T322] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.518662][  T322] bridge0: port 2(bridge_slave_1) entered disabled state
[   25.525868][  T322] device bridge_slave_1 entered promiscuous mode
[   25.603026][  T318] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.609947][  T318] bridge0: port 1(bridge_slave_0) entered disabled state
[   25.617626][  T318] device bridge_slave_0 entered promiscuous mode
[   25.624365][  T318] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.631460][  T318] bridge0: port 2(bridge_slave_1) entered disabled state
[   25.638826][  T318] device bridge_slave_1 entered promiscuous mode
[   25.649811][  T314] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.656681][  T314] bridge0: port 2(bridge_slave_1) entered forwarding state
[   25.663792][  T314] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.670675][  T314] bridge0: port 1(bridge_slave_0) entered forwarding state
[   25.694856][  T321] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.701755][  T321] bridge0: port 1(bridge_slave_0) entered disabled state
[   25.709394][  T321] device bridge_slave_0 entered promiscuous mode
[   25.732998][  T321] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.739972][  T321] bridge0: port 2(bridge_slave_1) entered disabled state
[   25.747384][  T321] device bridge_slave_1 entered promiscuous mode
[   25.851374][  T322] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.858253][  T322] bridge0: port 2(bridge_slave_1) entered forwarding state
[   25.865337][  T322] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.872140][  T322] bridge0: port 1(bridge_slave_0) entered forwarding state
[   25.941207][   T39] bridge0: port 1(bridge_slave_0) entered disabled state
[   25.948294][   T39] bridge0: port 2(bridge_slave_1) entered disabled state
[   25.955441][   T39] bridge0: port 1(bridge_slave_0) entered disabled state
[   25.963382][   T39] bridge0: port 2(bridge_slave_1) entered disabled state
[   25.971459][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   25.978872][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   26.004635][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   26.012674][    T6] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.019526][    T6] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.026883][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   26.034851][    T6] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.041703][    T6] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.056819][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   26.064630][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   26.103383][  T324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   26.131522][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   26.139537][   T39] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.146489][   T39] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.153796][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   26.162149][   T39] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.169019][   T39] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.176168][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   26.184516][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   26.192056][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   26.200105][   T39] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.206950][   T39] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.214100][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   26.222120][   T39] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.228974][   T39] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.236424][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   26.251805][  T314] device veth0_vlan entered promiscuous mode
[   26.259861][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   26.267803][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   26.275158][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   26.282797][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   26.290730][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   26.298803][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   26.306687][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   26.314840][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   26.322340][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   26.340787][  T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   26.349015][  T319] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   26.357094][  T319] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.363953][  T319] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.371630][  T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   26.380236][  T319] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   26.388281][  T319] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.395143][  T319] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.402386][  T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   26.410547][  T319] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   26.418399][  T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   26.426353][  T319] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   26.434376][  T319] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   26.453020][  T324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   26.461093][  T324] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   26.468987][  T324] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   26.476226][  T324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   26.483519][  T324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   26.491832][  T324] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   26.499806][  T324] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.506661][  T324] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.526319][  T324] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   26.533857][  T324] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   26.542590][  T324] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   26.550954][  T324] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.557943][  T324] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.565090][  T324] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   26.573279][  T324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   26.584100][  T322] device veth0_vlan entered promiscuous mode
[   26.593404][  T324] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   26.601312][  T324] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   26.609366][  T324] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   26.617718][  T324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   26.625585][  T324] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   26.632982][  T324] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   26.653700][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   26.662078][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   26.670442][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   26.678841][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   26.686932][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   26.694870][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   26.706137][  T314] device veth1_macvtap entered promiscuous mode
[   26.714901][  T321] device veth0_vlan entered promiscuous mode
[   26.721278][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   26.729301][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   26.737554][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   26.744947][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   26.753253][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   26.760680][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   26.771618][  T322] device veth1_macvtap entered promiscuous mode
[   26.789145][  T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   26.797429][  T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   26.805381][  T319] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   26.813000][  T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   26.821194][  T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   26.829909][  T319] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   26.838019][  T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   26.846098][  T319] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   26.854408][  T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   26.876585][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   26.884466][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   26.892781][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   26.901193][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   26.909395][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   26.917490][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   26.925581][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   26.933793][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   26.941926][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   26.949684][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   26.957816][  T318] device veth0_vlan entered promiscuous mode
[   26.968583][  T315] device veth0_vlan entered promiscuous mode
[   26.981659][  T318] device veth1_macvtap entered promiscuous mode
[   26.999197][  T324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   27.008694][  T324] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   27.016047][  T324] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   27.023962][  T324] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   27.031576][  T324] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   27.042688][  T321] device veth1_macvtap entered promiscuous mode
[   27.058992][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   27.067656][  T343] futex_wake_op: syz-executor.4 tries to shift op by 32; fix this program
[   27.070695][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   27.085022][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   27.126490][  T315] device veth1_macvtap entered promiscuous mode
[   27.141987][  T324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   27.155565][  T324] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   27.166478][  T324] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   27.174798][  T324] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   27.183358][  T324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   27.191659][  T324] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   27.199912][  T324] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   27.208400][  T324] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   27.246206][  T337] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   27.254494][  T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   27.264969][  T337] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   27.276442][  T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   27.284337][  T362] overlayfs: missing 'lowerdir'
[   27.350756][  T369] loop3: detected capacity change from 0 to 512
[   27.357904][  T369] =======================================================
[   27.357904][  T369] WARNING: The mand mount option has been deprecated and
[   27.357904][  T369]          and is ignored by this kernel. Remove the mand
[   27.357904][  T369]          option from the mount to silence this warning.
[   27.357904][  T369] =======================================================
[   27.394144][  T369] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   27.407826][   T19] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   27.421979][  T369] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[   27.431887][  T369] ext4 filesystem being mounted at /root/syzkaller-testdir3076896672/syzkaller.pEkHGd/1/file0 supports timestamps until 2038 (0x7fffffff)
[   27.454794][  T369] EXT4-fs error (device loop3): ext4_xattr_block_get:546: inode #15: comm syz-executor.3: corrupted xattr block 19
[   27.466311][    T6] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   27.468073][  T369] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop3 ino=15
[   27.483449][  T369] EXT4-fs error (device loop3): ext4_xattr_block_get:546: inode #15: comm syz-executor.3: corrupted xattr block 19
[   27.493932][  T376] futex_wake_op: syz-executor.1 tries to shift op by 32; fix this program
[   27.502280][  T369] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop3 ino=15
[   27.522468][  T369] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[   27.537517][  T369] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2926: inode #15: comm syz-executor.3: corrupted xattr block 19
[   27.555472][  T369] EXT4-fs warning (device loop3): ext4_evict_inode:299: xattr delete (err -117)
[   27.586411][  T324] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   27.666394][   T19] usb 3-1: Using ep0 maxpacket: 16
[   27.706388][    T6] usb 5-1: Using ep0 maxpacket: 32
[   27.786429][   T19] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   27.797256][   T19] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   27.806961][   T19] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[   27.815814][   T19] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   27.824806][   T19] usb 3-1: config 0 descriptor??
[   27.836396][  T324] usb 1-1: Using ep0 maxpacket: 32
[   27.836389][    T6] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   27.836420][    T6] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   27.861620][    T6] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[   27.871314][    T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   27.896394][  T356] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   27.919824][    T6] hub 5-1:4.0: USB hub found
[   27.976349][  T324] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   27.987139][  T324] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   27.996860][  T324] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[   28.005736][  T324] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   28.047413][  T324] hub 1-1:4.0: USB hub found
[   28.136400][    T6] hub 5-1:4.0: 2 ports detected
[   28.187546][  T315] EXT4-fs (loop3): unmounting filesystem.
[   28.256447][  T356] usb 2-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   28.267248][  T356] usb 2-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[   28.276421][  T324] hub 1-1:4.0: 2 ports detected
[   28.277158][  T356] usb 2-1: config 0 interface 0 has no altsetting 0
[   28.289126][   T19] savu 0003:1E7D:2D5A.0001: item fetching failed at offset 2/5
[   28.296651][  T356] usb 2-1: New USB device found, idVendor=ffff, idProduct=ffff, bcdDevice= 0.00
[   28.305442][  T356] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   28.313514][   T19] savu 0003:1E7D:2D5A.0001: parse failed
[   28.319129][   T19] savu: probe of 0003:1E7D:2D5A.0001 failed with error -22
[   28.332052][  T356] usb 2-1: config 0 descriptor??
[   28.396402][    T6] hub 5-1:4.0: hub_hub_status failed (err = -71)
[   28.402647][    T6] hub 5-1:4.0: config failed, can't get hub status (err -71)
[   28.436829][    T6] usb 5-1: USB disconnect, device number 2
[   28.493025][   T19] usb 3-1: USB disconnect, device number 2
[   28.516411][  T337] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   28.526492][  T324] hub 1-1:4.0: hub_hub_status failed (err = -71)
[   28.532733][  T324] hub 1-1:4.0: config failed, can't get hub status (err -71)
[   28.566602][  T324] usb 1-1: USB disconnect, device number 2
[   28.676367][  T356] usbhid 2-1:0.0: can't add hid device: -71
[   28.682424][  T356] usbhid: probe of 2-1:0.0 failed with error -71
[   28.689959][  T356] usb 2-1: USB disconnect, device number 2
[   28.756307][  T337] usb 4-1: Using ep0 maxpacket: 32
[   28.766722][   T28] kauditd_printk_skb: 48 callbacks suppressed
[   28.766738][   T28] audit: type=1400 audit(1717216957.040:124): avc:  denied  { read } for  pid=83 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[   28.905744][  T396] overlayfs: missing 'lowerdir'
[   28.910579][  T337] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   28.921919][  T337] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   28.931747][  T337] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[   28.941012][  T337] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   28.987533][  T337] hub 4-1:4.0: USB hub found
[   29.032401][  T402] futex_wake_op: syz-executor.0 tries to shift op by 32; fix this program
[   29.111497][  T410] loop1: detected capacity change from 0 to 512
[   29.120422][  T410] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   29.138468][  T410] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   29.147438][  T410] ext4 filesystem being mounted at /root/syzkaller-testdir2451884647/syzkaller.kgYzFY/8/file0 supports timestamps until 2038 (0x7fffffff)
[   29.162724][  T410] EXT4-fs error (device loop1): ext4_xattr_block_get:546: inode #15: comm syz-executor.1: corrupted xattr block 19
[   29.176938][  T410] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=15
[   29.189085][  T410] EXT4-fs error (device loop1): ext4_xattr_block_get:546: inode #15: comm syz-executor.1: corrupted xattr block 19
[   29.201750][  T410] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=15
[   29.212734][   T19] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   29.216435][  T337] hub 4-1:4.0: 2 ports detected
[   29.228048][  T410] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[   29.249784][  T410] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2926: inode #15: comm syz-executor.1: corrupted xattr block 19
[   29.270953][  T410] EXT4-fs warning (device loop1): ext4_evict_inode:299: xattr delete (err -117)
[   29.279137][  T426] overlayfs: missing 'lowerdir'
[   29.304339][  T318] EXT4-fs (loop1): unmounting filesystem.
[   29.322738][  T430] futex_wake_op: syz-executor.1 tries to shift op by 32; fix this program
[   29.466342][   T19] usb 5-1: Using ep0 maxpacket: 32
[   29.476368][  T337] hub 4-1:4.0: hub_hub_status failed (err = -71)
[   29.482624][  T337] hub 4-1:4.0: config failed, can't get hub status (err -71)
[   29.526959][  T337] usb 4-1: USB disconnect, device number 2
[   29.536449][  T316] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   29.566355][  T363] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   29.586369][   T19] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   29.597535][   T19] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   29.607311][  T356] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   29.614659][   T19] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[   29.623617][   T19] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   29.666905][   T19] hub 5-1:4.0: USB hub found
[   29.776308][  T316] usb 3-1: Using ep0 maxpacket: 32
[   29.806349][  T363] usb 1-1: Using ep0 maxpacket: 16
[   29.846314][  T356] usb 2-1: Using ep0 maxpacket: 32
[   29.886444][   T19] hub 5-1:4.0: 2 ports detected
[   29.896444][  T316] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   29.907349][  T316] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   29.917033][  T316] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[   29.925881][  T316] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   29.936363][  T363] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   29.947167][  T363] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   29.956772][  T363] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[   29.966382][  T356] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   29.968600][  T363] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   29.989200][  T356] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   29.993748][  T363] usb 1-1: config 0 descriptor??
[   30.000205][  T316] hub 3-1:4.0: USB hub found
[   30.008794][  T356] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[   30.017937][  T356] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   30.066909][  T356] hub 2-1:4.0: USB hub found
[   30.106404][   T19] hub 5-1:4.0: hub_hub_status failed (err = -71)
[   30.112779][   T19] hub 5-1:4.0: config failed, can't get hub status (err -71)
[   30.146627][   T19] usb 5-1: USB disconnect, device number 3
[   30.186382][  T316] hub 3-1:4.0: 2 ports detected
[   30.286354][  T356] hub 2-1:4.0: 2 ports detected
[   30.346336][  T319] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[   30.446346][  T316] hub 3-1:4.0: hub_hub_status failed (err = -71)
[   30.452664][  T316] hub 3-1:4.0: config failed, can't get hub status (err -71)
[   30.467343][  T363] savu 0003:1E7D:2D5A.0002: item fetching failed at offset 2/5
[   30.474972][  T363] savu 0003:1E7D:2D5A.0002: parse failed
[   30.480730][  T363] savu: probe of 0003:1E7D:2D5A.0002 failed with error -22
[   30.486823][  T316] usb 3-1: USB disconnect, device number 3
[   30.546379][  T356] hub 2-1:4.0: hub_hub_status failed (err = -71)
[   30.552753][  T356] hub 2-1:4.0: config failed, can't get hub status (err -71)
[   30.586336][  T319] usb 4-1: Using ep0 maxpacket: 32
[   30.591891][  T356] usb 2-1: USB disconnect, device number 3
[   30.670459][  T363] usb 1-1: USB disconnect, device number 3
[   30.693119][   T28] audit: type=1400 audit(1717216958.960:125): avc:  denied  { unlink } for  pid=442 comm="syz-executor.4" name="#1" dev="sda1" ino=1971 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=chr_file permissive=1
[   30.715443][  T319] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   30.726986][  T319] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   30.736817][  T319] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[   30.745716][  T319] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   30.796856][  T319] hub 4-1:4.0: USB hub found
[   30.983257][  T451] overlayfs: missing 'lowerdir'
[   30.994174][  T453] futex_wake_op: syz-executor.2 tries to shift op by 32; fix this program
[   31.003193][  T319] hub 4-1:4.0: 2 ports detected
[   31.086577][  T461] loop4: detected capacity change from 0 to 1024
[   31.093425][  T461] EXT4-fs: Ignoring removed orlov option
[   31.099028][  T461] EXT4-fs: Ignoring removed nomblk_io_submit option
[   31.110074][  T461] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[   31.122993][   T28] audit: type=1400 audit(1717216959.390:126): avc:  denied  { create } for  pid=460 comm="syz-executor.4" name="blkio.bfq.avg_queue_size" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   31.151484][   T28] audit: type=1400 audit(1717216959.390:127): avc:  denied  { read append open } for  pid=460 comm="syz-executor.4" path="/root/syzkaller-testdir125411774/syzkaller.UuUtUW/11/file1/file0/blkio.bfq.avg_queue_size" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   31.153988][  T461] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.4'.
[   31.181793][   T28] audit: type=1400 audit(1717216959.390:128): avc:  denied  { lock } for  pid=460 comm="syz-executor.4" path="/root/syzkaller-testdir125411774/syzkaller.UuUtUW/11/file1/file0/blkio.bfq.avg_queue_size" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   31.228348][   T28] audit: type=1400 audit(1717216959.390:129): avc:  denied  { write } for  pid=460 comm="syz-executor.4" path="/root/syzkaller-testdir125411774/syzkaller.UuUtUW/11/file1/file0/bus" dev="loop4" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   31.231569][  T469] EXT4-fs error (device loop4): ext4_check_all_de:655: inode #12: block 7: comm syz-executor.4: bad entry in directory: rec_len is smaller than minimal - offset=56, inode=0, rec_len=0, size=124 fake=0
[   31.257623][   T28] audit: type=1400 audit(1717216959.390:130): avc:  denied  { mounton } for  pid=460 comm="syz-executor.4" path="/root/syzkaller-testdir125411774/syzkaller.UuUtUW/11/file1/file0/bus" dev="loop4" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   31.275653][  T319] hub 4-1:4.0: hub_hub_status failed (err = -71)
[   31.304743][   T28] audit: type=1400 audit(1717216959.400:131): avc:  denied  { map } for  pid=460 comm="syz-executor.4" path="/root/syzkaller-testdir125411774/syzkaller.UuUtUW/11/file1/file0/bus" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   31.309934][  T356] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[   31.351075][   T28] audit: type=1400 audit(1717216959.500:132): avc:  denied  { create } for  pid=460 comm="syz-executor.4" name=131377C5FC35D41454D5D41D29AD1A6029598146E6BE166E41AD0DBD4054033C9F33BBDA8224A2F3D772E7636E48B33CBF708372E8F1B9933EC5127743BE2206209EF02DF9CBF2F6E880D338 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[   31.388779][  T461] EXT4-fs error (device loop4): ext4_find_dest_de:2112: inode #12: block 7: comm syz-executor.4: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=0, rec_len=50689, size=68 fake=0
[   31.407648][  T319] hub 4-1:4.0: config failed, can't get hub status (err -71)
[   31.434360][  T314] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2810: Unable to expand inode 11. Delete some EAs or run e2fsck.
[   31.448370][   T28] audit: type=1400 audit(1717216959.720:133): avc:  denied  { rmdir } for  pid=314 comm="syz-executor.4" name="lost+found" dev="loop4" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   31.448903][  T314] EXT4-fs error (device loop4): ext4_read_inline_dir:1589: inode #12: block 7: comm syz-executor.4: path /root/syzkaller-testdir125411774/syzkaller.UuUtUW/11/file1/file0: bad entry in directory: rec_len is smaller than minimal - offset=80, inode=0, rec_len=0, size=148 fake=0
[   31.472100][  T319] usb 4-1: USB disconnect, device number 3
[   31.502774][  T314] EXT4-fs error (device loop4): ext4_read_inline_dir:1589: inode #12: block 7: comm syz-executor.4: path /root/syzkaller-testdir125411774/syzkaller.UuUtUW/11/file1/file0: bad entry in directory: rec_len is smaller than minimal - offset=80, inode=0, rec_len=0, size=148 fake=0
[   31.531857][  T314] ==================================================================
[   31.539753][  T314] BUG: KASAN: use-after-free in __ext4_check_dir_entry+0x700/0x880
[   31.547473][  T314] Read of size 2 at addr ffff888132262008 by task syz-executor.4/314
[   31.555376][  T314] 
[   31.557543][  T314] CPU: 1 PID: 314 Comm: syz-executor.4 Not tainted 6.1.78-syzkaller-00132-g92704e00b599 #0
[   31.567349][  T314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[   31.576387][   T19] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   31.577255][  T314] Call Trace:
[   31.577263][  T314]  <TASK>
[   31.577272][  T314]  dump_stack_lvl+0x151/0x1b7
[   31.594954][  T314]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   31.600255][  T314]  ? _printk+0xd1/0x111
[   31.604248][  T314]  ? __virt_addr_valid+0x242/0x2f0
[   31.609186][  T314]  print_report+0x158/0x4e0
[   31.613524][  T314]  ? __virt_addr_valid+0x242/0x2f0
[   31.618472][  T314]  ? kasan_addr_to_slab+0xd/0x80
[   31.623247][  T314]  ? __ext4_check_dir_entry+0x700/0x880
[   31.628627][  T314]  kasan_report+0x13c/0x170
[   31.632962][  T314]  ? __ext4_check_dir_entry+0x700/0x880
[   31.638439][  T314]  __asan_report_load2_noabort+0x14/0x20
[   31.643901][  T314]  __ext4_check_dir_entry+0x700/0x880
[   31.646312][  T356] usb 3-1: Using ep0 maxpacket: 16
[   31.649112][  T314]  empty_inline_dir+0x54f/0xa30
[   31.658742][  T314]  ? __ext4_find_entry+0x16e9/0x1af0
[   31.663883][  T314]  ? ext4_delete_inline_entry+0x610/0x610
[   31.669592][  T314]  ? ext4_ci_compare+0x660/0x660
[   31.674364][  T314]  ext4_empty_dir+0x121/0xa10
[   31.678885][  T314]  ? ext4_append+0x5b0/0x5b0
[   31.683394][  T314]  ext4_rmdir+0x30b/0xad0
[   31.688001][  T314]  ? ext4_mkdir+0xce0/0xce0
[   31.692336][  T314]  ? rwsem_mark_wake+0x6b0/0x6b0
[   31.697105][  T314]  ? security_inode_rmdir+0xcd/0x110
[   31.702224][  T314]  vfs_rmdir+0x398/0x500
[   31.706306][  T314]  do_rmdir+0x3ab/0x630
[   31.710295][  T314]  ? d_delete_notify+0x160/0x160
[   31.715078][  T314]  __x64_sys_unlinkat+0xdf/0xf0
[   31.719844][  T314]  do_syscall_64+0x3d/0xb0
[   31.724097][  T314]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   31.730091][  T314] RIP: 0033:0x7fe73bc7c6c7
[   31.734336][  T314] Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   31.753777][  T314] RSP: 002b:00007ffd75481408 EFLAGS: 00000207 ORIG_RAX: 0000000000000107
[   31.762021][  T314] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007fe73bc7c6c7
[   31.766361][  T356] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   31.769921][  T314] RDX: 0000000000000200 RSI: 00007ffd754825b0 RDI: 00000000ffffff9c
[   31.769938][  T314] RBP: 00007fe73bcc8336 R08: 0000000000000000 R09: 0000000000000000
[   31.780894][  T356] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   31.788491][  T314] R10: 0000000000000100 R11: 0000000000000207 R12: 00007ffd754825b0
[   31.788509][  T314] R13: 00007fe73bcc8336 R14: 000000000000794c R15: 0000000000000017
[   31.788529][  T314]  </TASK>
[   31.788536][  T314] 
[   31.788540][  T314] The buggy address belongs to the physical page:
[   31.788565][  T314] page:ffffea0004c89880 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x132262
[   31.798363][  T356] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[   31.805971][  T314] flags: 0x4000000000000000(zone=1)
[   31.805999][  T314] raw: 4000000000000000 ffffea0004c8bb88 ffffea0004c8bb48 0000000000000000
[   31.814390][  T356] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   31.821827][  T314] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   31.821838][  T314] page dumped because: kasan: bad access detected
[   31.821859][  T314] page_owner tracks the page as freed
[   31.828936][   T19] usb 2-1: Using ep0 maxpacket: 32
[   31.833107][  T314] page last allocated via order 0, migratetype Movable, gfp_mask 0x8140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO|__GFP_CMA), pid 460, tgid 460 (syz-executor.4), ts 31119379151, free_ts 31429867983
[   31.844008][  T356] usb 3-1: config 0 descriptor??
[   31.852027][  T314]  post_alloc_hook+0x213/0x220
[   31.852052][  T314]  prep_new_page+0x1b/0x110
[   31.852069][  T314]  get_page_from_freelist+0x27ea/0x2870
[   31.936901][  T314]  __alloc_pages+0x3a1/0x780
[   31.941324][  T314]  __folio_alloc+0x15/0x40
[   31.945580][  T314]  wp_page_copy+0x23b/0x1690
[   31.950002][  T314]  do_wp_page+0xc25/0xdf0
[   31.954281][  T314]  handle_mm_fault+0x15a2/0x2f40
[   31.959147][  T314]  exc_page_fault+0x3b3/0x700
[   31.963658][  T314]  asm_exc_page_fault+0x27/0x30
[   31.968365][  T314] page last free stack trace:
[   31.972872][  T314]  free_unref_page_prepare+0x83d/0x850
[   31.976437][   T19] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   31.978328][  T314]  free_unref_page_list+0xf1/0x7b0
[   31.989091][   T19] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   31.993945][  T314]  release_pages+0xf7f/0xfe0
[   31.993974][  T314]  free_pages_and_swap_cache+0x8a/0xa0
[   32.004934][   T19] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[   32.007920][  T314]  tlb_finish_mmu+0x1e0/0x3f0
[   32.007947][  T314]  exit_mmap+0x421/0x940
[   32.007963][  T314]  __mmput+0x95/0x310
[   32.013549][   T19] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   32.022066][  T314]  mmput+0x56/0x170
[   32.022092][  T314]  do_exit+0xb29/0x2b80
[   32.022109][  T314]  do_group_exit+0x21a/0x2d0
[   32.022127][  T314]  __x64_sys_exit_group+0x3f/0x40
[   32.059216][  T314]  do_syscall_64+0x3d/0xb0
[   32.063468][  T314]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   32.069293][  T314] 
[   32.070875][   T19] hub 2-1:4.0: USB hub found
[   32.071453][  T314] Memory state around the buggy address:
[   32.071466][  T314]  ffff888132261f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2024/06/01 04:42:40 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF
[   32.089352][  T314]  ffff888132261f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.097239][  T314] >ffff888132262000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.105133][  T314]                       ^
[   32.108041][  T457] loop2: detected capacity change from 0 to 2048
[   32.109396][  T314]  ffff888132262080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.109411][  T314]  ffff888132262100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   32.131440][  T314] ==================================================================
[   32.142622][  T314] Disabling lock debugging due to kernel taint
[   32.151732][  T314] EXT4-fs error (device loop4): empty_inline_dir:1858: inode #12: block 7: comm syz-executor.4: bad entry in directory: rec_len % 4 != 0 - offset=60, inode=0, rec_len=50689, size=68 fake=0
[   32.171111][  T314] EXT4-fs warning (device loop4): empty_inline_dir:1865: bad inline directory (dir #12) - inode 0, rec_len 50689, name_len 213inline size 68