last executing test programs:

45.834475896s ago: executing program 0 (id=879):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x2810000, &(0x7f0000000380)={[{@user_xattr}, {@noquota}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@jqfmt_vfsv1}, {@block_validity}, {@dioread_nolock}, {@noquota}, {@min_batch_time={'min_batch_time', 0x3d, 0x8}}, {@delalloc}, {@user_xattr}, {@quota}]}, 0x1, 0x54f, &(0x7f0000000b00)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbZdnamc8HbnvOvTc995t7v6fn5iQkgKE1kf0oRLwcEd8kEQfbto1GvnFibb/V+1dnsyWJRuPTv5JI8nWt/ZP89/688lJE/PZVxPHCxnZryysLpXI5Xczrk/XKpcna8sqJC5XSfDqfXpyemTn19sz0e+++M7BY3zj7z/ef3P7w1NdHV7/75e6hm0mcjgP5tvY4nsC19spETOTPyVicfmTHqQE0tpMk230A9GUkz/OxyPqAgzGSZz3w//dlRDSAIZXIfxhSrXFA695+QPfBz417H6zdAG2Mf3TttZHY07w32reaPHRnlN3vjg+g/ayNX/+8dTNbYnCvQwBs6dr1iDg5Orqx/0vy/q9/J3vY59E29H/w7NzOxj9vdhr/FNbHP9Fh/LO/Q+72Y+v8L9wdQDNdZeO/9zuOf9cnrcZH8toLzTHfWHL+QjnN+rYXI+JYjO3O6pvN55xavdPotq19/JctWfutsWB+HHdHdz/8mLlSvfQkMbe7dz3ilY7j32T9/Ccdzn/2fJztsY0j6a3Xum3bOv6nq/FTxOsdz/+DGa1k8/nJyeb1MNm6Kjb6+8aR37u1v93xZ+d/3+bxjyft87W1x2/jxz3/pt229Xv970o+a5Z35euulOr1xamIXcnHG9dPP3hsq97aP4v/2NHN+79O1//eiPi8x/hvHP751f7jf7qy+Oce6/w/fuHOR1/80K393s7/W83SsXxNL/1frwf4JM8dAAAAAAAA7DSFiDgQSaG4Xi4UisW193ccjn2FcrVWP36+unRxLpqflR2PsUJrpvtg2/shpvL3w7bq04/UZyLiUER8O7K3WS/OVstz2x08AAAAAAAAAAAAAAAAAAAA7BD7u3z+P/PHyHYfHfDU+cpvGF5b5v8gvukJ2JH8/4fhJf9heMl/GF7yH4aX/IfhJf9heMl/GF7yHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAbq7Jkz2dJYvX91NqvPXV5eWqhePjGX1haKlaXZ4mx18VJxvlqdL6fF2Wplq79XrlYvTU3H0pXJelqrT9aWV85VqksX6+cuVErz6bl07JlEBQAAAAAAAAAAAAAAAAAAAM+X2vLKQqlcThcVFPoqjO6Mw1AYcGG7eyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeOC/AAAA///ktDiZ")
sched_setscheduler(0x0, 0x1, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0xd, 0x86, 0x4, 0x5, 0x100, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000003000200850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r5}, 0x10)
open(&(0x7f0000000200)='./bus\x00', 0x14507e, 0x0)
socket$inet(0x2, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0)

44.84163028s ago: executing program 0 (id=883):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_GETKMSGREDIRECT(r4, 0x4b4d, &(0x7f00000000c0))
socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_RESET_LINK_STATS(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYRES32, @ANYRES16=<r7=>r6, @ANYBLOB="01002dbd7000fcdbdf2501000000000000000c4100000014001462726f6164636173742d6c696e6b"], 0x30}, 0x1, 0x0, 0x0, 0x10}, 0x810)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r8 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r8, @ANYRES16=r7], 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800, @void, @value}, 0x94)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r10}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)

43.759925826s ago: executing program 0 (id=887):
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f0000000a80)=ANY=[@ANYBLOB="180000000000002000000000ff000000850000000f000000850000000500000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r1}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@ipv6_newnexthop={0x24, 0x68, 0xa898cf170ab9f9b9, 0x1, 0x0, {0xa, 0x0, 0x4}, [@NHA_ID={0x8, 0x1, 0x2}, @NHA_FDB={0x4}]}, 0x24}}, 0x90)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000004f4b000000000000000000180100002020702000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000fdffffff850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket(0x10, 0x3, 0x0)
r6 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x48, 0x0, &(0x7f0000000000)='\x00', 0x0}, 0x48)

42.112712684s ago: executing program 0 (id=894):
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mountinfo\x00')
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000380))
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0)
mount$bind(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x12f451, 0x0)
mount$tmpfs(0x20, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, 0x0)

42.112464644s ago: executing program 0 (id=895):
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000)
r3 = epoll_create1(0x0)
ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x40187013, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r0, &(0x7f0000000000)={0xa0000001})
ppoll(&(0x7f0000000200)=[{r3, 0x1}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x18)
epoll_wait(r0, &(0x7f0000000040)=[{}], 0x1, 0x400)
bind$packet(0xffffffffffffffff, 0x0, 0x0)
openat2(0xffffffffffffff9c, 0x0, &(0x7f0000000600)={0x517002, 0x0, 0xc}, 0x18)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)

42.081536244s ago: executing program 0 (id=896):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_GETKMSGREDIRECT(r4, 0x4b4d, &(0x7f00000000c0))
socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_RESET_LINK_STATS(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYRES32, @ANYRES16=r6, @ANYBLOB="01002dbd7000fcdbdf2501000000000000000c4100000014001462726f6164636173742d6c696e6b"], 0x30}, 0x1, 0x0, 0x0, 0x10}, 0x810)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x104, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0a00000004000000ff0f"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r7}, &(0x7f0000000000), &(0x7f00000003c0)}, 0x20)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r8}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

42.036434294s ago: executing program 32 (id=896):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_GETKMSGREDIRECT(r4, 0x4b4d, &(0x7f00000000c0))
socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_RESET_LINK_STATS(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYRES32, @ANYRES16=r6, @ANYBLOB="01002dbd7000fcdbdf2501000000000000000c4100000014001462726f6164636173742d6c696e6b"], 0x30}, 0x1, 0x0, 0x0, 0x10}, 0x810)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x104, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0a00000004000000ff0f"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r7}, &(0x7f0000000000), &(0x7f00000003c0)}, 0x20)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r8}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

7.396539774s ago: executing program 5 (id=1045):
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000)
r3 = epoll_create1(0x0)
ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x40187013, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0xb3324d85a3be24c5})
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r0, &(0x7f0000000000)={0xa0000001})
ppoll(&(0x7f0000000200)=[{r3, 0x1}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x18)
epoll_wait(r0, &(0x7f0000000040)=[{}], 0x1, 0x400)
bind$packet(0xffffffffffffffff, 0x0, 0x0)
openat2(0xffffffffffffff9c, 0x0, &(0x7f0000000600)={0x517002, 0x0, 0xc}, 0x18)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)

6.881588307s ago: executing program 3 (id=1050):
prlimit64(0x0, 0xe, &(0x7f0000000780)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r3}, &(0x7f0000000240), &(0x7f0000000280)=r4}, 0x20)
r5 = bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x11, 0x3, &(0x7f0000000540)=@framed={{0x18, 0x0, 0x0, 0x0, 0xf6, 0x0, 0x0, 0x0, 0x4}}, &(0x7f0000000380)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x62, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000003c0)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000400)={0x0, 0xe, 0x6, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000480)=[r5, r3, r3], &(0x7f00000007c0), 0x10, 0x3, @void, @value}, 0x94)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x34, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
syz_mount_image$ext4(0x0, &(0x7f0000000440)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r6 = socket(0x10, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000100)={'syz_tun\x00', &(0x7f0000000040)=@ethtool_pauseparam={0x50}})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mlock2(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1)
mlock2(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x1)
r7 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
epoll_ctl$EPOLL_CTL_DEL(0xffffffffffffffff, 0x2, r7)

5.351699844s ago: executing program 5 (id=1053):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10)
r2 = openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$selinux_create(r2, &(0x7f00000002c0)=@access={'system_u:object_r:init_var_run_t:s0', 0x20, '/usr/sbin/cupsd', 0x20, 0x0, 0x2b}, 0x49)
syz_read_part_table(0x1052, &(0x7f0000000000)="$eJzsz7GtwkAQBND5Hx8+Z5RAG0SmCfpxDVABKQE10AElGWHAESlCSO8Fp7mVZqUN33Xs7m+TdI//kMM1/0nabUlKSZp63qTPpX/TbjMupvA3j0qWcx7qM6xey/d1XadeMo7ZnT53GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8jlsAAAD//+upCxY=")
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x15, &(0x7f0000000440)={{r3}, 0x0, 0x0}, 0x20)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_STOP(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a40)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="45f7000000000000000032000000040006"], 0x1c}}, 0x0)
sendmsg$NL80211_CMD_REQ_SET_REG(r3, &(0x7f0000001340)={&(0x7f0000001080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000001300)={&(0x7f00000010c0)={0x22c, r5, 0x4, 0xfa, 0x25dfdbfc, {}, [@NL80211_ATTR_REG_RULES={0xe4, 0x22, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0xd}]}, {0x4}, {0x3c, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x8}, @NL80211_ATTR_FREQ_RANGE_END={0x8}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x9}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0xed}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x9}, @NL80211_ATTR_FREQ_RANGE_START={0x8}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0xfffffffc}]}, {0x54, 0x0, 0x0, 0x1, [@NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x3}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x60e}, @NL80211_ATTR_FREQ_RANGE_START={0x8}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0xf}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x9}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x101}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0xffff}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x40}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x40}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0xfffffff9}]}, {0x2c, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x400}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x1}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x9ad}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x4}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x9}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0xffffff98}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0xcd39}]}]}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x3}, @NL80211_ATTR_REG_RULES={0x128, 0x22, 0x0, 0x1, [{0x3c, 0x0, 0x0, 0x1, [@NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x200}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x5}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x6}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x2}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0xf3}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x4}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0xfff}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0xf}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0xffffffff}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x45c}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0xdc7}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x7fffffff}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0xffff6a9d}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x3}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x5}]}, {0x3c, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x8}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x9}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x4}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x7}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x4}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x6eecd0a1}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0xfffffffe}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x6}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x6}]}, {0x24, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x800}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x4}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0xd}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x7fffffff}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x4}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x200}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x2}]}]}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0x22c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4)

5.319592344s ago: executing program 2 (id=1055):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000e000000c500000001f0ffff95"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10)
syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b00000800395032303030"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18)
mount$9p_fd(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000500)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}})
memfd_create(&(0x7f0000000000)='prodM\xb0\xea\a\x06\xbe\xaen/\xce4\xb7\xc1\xef\xba!\x9d\rSt\xa24\t\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1dz\xd05\xe2e,\xb1\x84\xea\x91^%A\xe5\x9e\x13TdT\xc6^p\xb0#R\x04\x06\xae\xebA;Y\xeb\x8f\xec\xb4\xf9\x17\xb7\x04\xc2\xc0\xc6\xb4\v\xff\xfc\x88\x90\xabC\x02\x00\xf04\x03\x88\xae9\'>R^P{Vr!\xe2W\xc72\xea\xb7Wp\xc36\x96\xffZ\\A@\x00\x00\x00\xc9\xf3Y\xb8\x89#\xa1\xb1)Dk\xeb\xa1\t\x00{u[\xbd\x9d\xf4\xbf\\\xce\x02P\xf2MY\x05^\xffj\x9c\x14\xb7\xb6v\x1d*1>\x00 \x00\x00\x00\x00\x14C?]\x8c\xb4Y\xcf\x80\x85\xd6\x036\xc8~\xa8\f\x00\x00\xb5M\x9a\x9dc\xaaAU\xec\xe06\xed\xe4\xfb\xdf\a\xd0lg\x13\xf9\x8b:s>\xd7s\xef\xb3\x9f#\x15)\xf9\xe10\xc7\xb262<k\xa8\x88\x01\x00fhD\xe7\xb6\x17\x80\x95\xa8\x1e\t\xb01KB\xcb\x00\x1e\x7fE\x7f\x02\x00\x00\x00y<nGR\x94\x99\xb8\x89\x9b\x8f\xd5\xe6\x02\xb5C\xad\"u\xf4>\x00\x00\x00\x00\x00\x00\x00\x00Nz\x0eu\x8f\x01\x00\x00\x00\x00\x00\x00\xdd\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc3\xa7/\x0f\x9b`\xa5\x98\x81a\xeev\x00\x00\x00\x00\a\x10\x00m2\xf2\xd8,\x17\xf8\x8e\xae\xc8\xad\xed<\"\x8e\n\x9d\xb13\x8d\xef\x96\xd2I\"8=tg\xdfU\xd0q\x95/f\xec\xdc\xa3\xe1[\xc0\xaa\xefz\xc9\xf4[\x00\x00\x00Q\xff}5\x94\x88\xa1\xdc\xa1g\xe0q\xc5:\xe4\xdf\x80\xb3,\xb9\xb2\xdc\x81\x9f6\x0f\x84WY\xbfSY`\xb8\a\x19\xb1\x058\xa4\xc3\xbb\xf8aB:\x84\x02?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3o-GU\xb0\x00F\xb3o(aI[\xd6\x9fG\xaeI\x83\x93\x8cC\xc0#\xe0q\xd0Ex|\xdb\xa8\x16\xfe>:\t0\xfd\x8a\xc7\x84\xb5\xc7M-0A\xf0\x94\xf3\xcc\x8d\xbb3\\\"\x882\xb3\xa84\xac\x00\xdd}Ft\xc6\xcc\f}1X#\xe4\xe1\x94i\xce\xa1\xff\x95\x80\xb4T\x9c\x01\xf3\x1cLB\x94m(m\f\xbc\xebY\xa0\xf7\xf0\x9d\x10\xbd\x86\x1by\xe6\xdf\xc0\xc5\xb9\xb9\xbf\xdf~9\nC\xe9\xc5\x0e\xda\x9c(\x9b\"\xc7\x97\xfc\b\xd9\xc2T\xa7*}]\xc8\xb3 .\x9b\x89\x0f\xf8$\xdd>lU\x13EG\xbb1] \xda\x19\xc5\x9b\x15\x95\xc4\xfcw\xbb\x92\x91\xc4\xa6\x907XK\xfc\x17]\xfa\xff\'\xef\x92\x1c\xb8\x1fK\xb2o \xd1\xbd\xb2\x11+\xa3R\xefQ\xc2\xbdW\x05\xec\xb3=@\x03\xc6^\xa2\x15%\xb0\'D#\xb6Q\x8f\x82?S>\x0fP\x9cE\x92{d\xe6\x9cj1\x87\xb3\x01\xde\xe8\x89\xc4s\xb7\x14~}\xaa\x8c\xc3\x95BAE\xf2.\x8f#;a\x94\"\xd1U\xff\xe8v\xd3\x84d\xf4\x134\xa6XI\xe5h\xaa\x15\x9a\xf7Z\xe3%\x88p\x90\xbb\x9dt\xa3\xe1\r\x8d\x94\"\x19\x8b\x17)\xea\xd5\x17\xeb\xe4\x1b\x0fBZ1\xbe\xee\xfa\x1c\xf9\xa6\x11\x94\x06\\P:\xaf\xcex\xc2\x82\x9a\x16\xfc\xa1\xf9q\x12\xe3\x1a\xdc\xb7\x12\xbba\b\xbb\xed\xb2\xd1W\xe2\x8b\x8d8}\x10W\xbd\xa60A\xc3\x03\xfa\x890\x86#\bQ\xcb)\x00]\x9e\x14\xd2\xea\x82\xa8\xb7ZG\x15r\xf1\t\x00\x00\x00 \xc1\xaf\x19?\x00\\\x91\x13\x1b8\xe1\xc3\xa4\v\x94\xbfJ\xb5\xde\x95\x82\x00]B|\xe2[%\xe3\xf0\x04\xba\xed\xdb\xf5\x7f\x9d\xfe>\xf6m$M&\x7fq]\xe4\xf6\x82\xc3\x00\xb1zg}\x99E\xa4\x19\xe9\x1a4a\xd75D-k\x84\xa6\x12+\xebk\xa1\xfek\x89\xef\x18\xc1)6\xa65\xe2D\xbe\xe1\xdfq\xdd68\xf37g\xab9m\xe7\xddO\v?\xe0\xbe}\xa9U\xc7{\xd3\x16W\xbb\xe5\xd2\x93\xfe\xa4\x9d\r$\xe91c8`\x86\xbc)\xe29\xc3}\xb9P\xd5F\xc6\x12\x8c_x\xa8\xfa\xb5K\x03\x85\x93k\xe1\x8e\x1f)\".\xcc\'\v\xa6\x1bj\\\n\xe98yA\xd8T\x85\x80A\xcbo\x99\x99\xeb)r\x1a\xce\x18(\x185LL\xbcOeO\'\xe2\x86&\xe4\xe2\xe7~\x92\xa2\xb2\x1b\xc3\x00\x85\xce\xad7\x87\xa0\xfcc\xf5\xf8\xaf\v,q\xd4\x18\xbdM\x1a\xde\xba*L\x05m6\xecH\xd0T\xb8m\xdb\b\xa6\x02\xfb\x13\xac\x91\x8a\x8d\x94\x93\x8d=\xb1\x84\x9c\x9b\xe5\xc7\xa6\xc9Q\xc1eUc\xcc\x180^\x00\x00\x00\x00\x00\x00\x00\x00\xe7]6+\\\x00\x00\x00\x00?#C.\x1dj\xd9\xc3\xdd&\x80g:N\xec\x06[\x8f\x92\xe2\xb01\xb0\xef\x10,\xde\xf3\x86D\x8b\xf7\xf1>AH\xef\\\xf9\x8b\a\xe0\xb2\xcb\xf0\x97\b\r\xd5`\xb9\xd6\xa4\x1e\xbe\x12-}\xc5\x84\xde@\x18\x87\f\x01O\xedS\x8f\x9en,\xbce\xb2\xe4\x82v\x1c\xed\x84-s\xab\x06b\x9c\xba\xec\xa5\xc9A\x84\xd0\xe0 S\xc8\xa2\xaf\x85\v\xad\xa5\x88\xcf\xb6}`\x14\'\xea\xbfN\xac)\xa1\xe8\xb2\x9f\x112TJ\x16\x8c9\xe9\xf5\x18\x15Dd\x8a%>\x91\x93\x88\xe9\x18\x82]\x9e&\xfa\xaa\xfa8Z2\x00'/1301, 0x0)
syz_usb_connect(0x0, 0xf5, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000772aed408680070bb96c010203010902e30003dc2000000904003f000e01000505240600010524007f000d240f0104000000080000000006241a02000a05240101070424020a1524120009a317a88b045e4f01a607c0ffcb7e392a09044c03003a92a2010a240109008102010205240401050c240203010104030700ff070c24020600020505c60200d07f072408040700470c24"], 0x0)

5.235157215s ago: executing program 3 (id=1056):
r0 = openat$ashmem(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$ASHMEM_PURGE_ALL_CACHES(r0, 0x40087707, 0x0)

5.154923305s ago: executing program 3 (id=1057):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_GETKMSGREDIRECT(r4, 0x4b4d, &(0x7f00000000c0))
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x104, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000080000000", @ANYRES32=r5], 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

5.123298395s ago: executing program 5 (id=1058):
socket$inet6(0xa, 0x80002, 0x0)
r0 = socket(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b000000050000000004000009000000", @ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'ip6_vti0\x00', <r1=>0x0})
sendto$packet(0xffffffffffffffff, &(0x7f0000000180)="10031400e0ff020002004788aa96a13bb100001100007fca1a00", 0x1000a, 0x0, &(0x7f0000000140)={0x11, 0x0, r1}, 0x14)
r2 = gettid()
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
readv(r3, &(0x7f0000001340)=[{&(0x7f0000001280)=""/151, 0x97}], 0x1)
readv(r3, &(0x7f0000001240)=[{&(0x7f0000000040)=""/65, 0x41}], 0x1)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r4 = syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501020000000000090582020002"], 0x0)
syz_usb_control_io(r4, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r5 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$AUTOFS_IOC_READY(r5, 0x9360, 0x1000)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r6 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)

4.353702529s ago: executing program 3 (id=1059):
r0 = gettid()
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
readv(r1, &(0x7f0000001340)=[{&(0x7f0000001280)=""/151, 0x97}], 0x1)
readv(r1, &(0x7f0000001240)=[{&(0x7f0000000040)=""/65, 0x41}], 0x1)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501020000000000090582020002"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)

3.613974213s ago: executing program 2 (id=1060):
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r3, 0x541b, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f00000000c0)='syzkaller\x00', 0x2000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
setsockopt$XDP_UMEM_FILL_RING(0xffffffffffffffff, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4)
bind$xdp(0xffffffffffffffff, 0x0, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000c80)={'lo\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001240)=@newqdisc={0x6c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x0, r8, {0x0, 0xa}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x40, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x63, 0x2, 0x0, 0x2, 0x7, 0x7}, {0x9, 0x1, 0x50b, 0x0, 0x9, 0x3904}, 0xf, 0x7fffffff, 0xbb7}}, @TCA_TBF_BURST={0x8, 0x6, 0x200005}, @TCA_TBF_PRATE64={0xc, 0x5, 0xf123a84f7362196c}]}}]}, 0x6c}}, 0x14)
sendmmsg$inet(r5, &(0x7f0000005200)=[{{0x0, 0x4b, &(0x7f0000000000), 0x1}}], 0x1, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)

2.826796786s ago: executing program 4 (id=1062):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000020000006b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0xf4240, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

2.777752327s ago: executing program 4 (id=1063):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000000000800000000000", @ANYBLOB="000000ffffffffffff0d00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
ioctl$TCSETSW(0xffffffffffffffff, 0x5403, &(0x7f0000000040)={0x3d17, 0xffffffff, 0x4001, 0x7, 0x0, "7e12105588e633bbb1df022dace17a32d211ee"})
ioctl$TIOCL_GETMOUSEREPORTING(0xffffffffffffffff, 0x5412, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0x17, &(0x7f0000000140)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff6a, 0x0, 0x0, 0x0, 0xb, @void, @value}, 0x94)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = memfd_create(&(0x7f0000000480)='\x9d#\x00%\xa5\x83\xa6#\r\x83y\xf3\xb2\xe6b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x17?$^\xe1Ob\xe1Y\xd6\xaa\x8d\x83;\xeb\xf1\xd0\xce\xe5\x19\x9f\xd9\xae\xcf>/\x05\x00\x00\x00\x15\x00\x00\x00\xa1\xa2\xe0g\x98\xbf*\xa2c\x12.\xb7\xbe`\'\xcb\xb6\xaf\xdc\xa0\xb04\xb7T5\\\xe4h\xfc\x14\x06\xb5\x03\x8a\xc40\xbe\xe3\x93A\x15\xec\xdb\xaa\t9\x01\x00\x00\x00&0\xdd\xcbC\x15\xfcp\x11\xda|\x99\xfd\x9eS\x80\xcb\x14G\xfa\xff\xff\xff\xff\x04\xa0\x05}\xff\xff\xff\xcd\xf0%\x97!\xba\xe3J\x82t\x96\xf8\xb1\xd2\x168\xbf`$\xbf\xca\xea\xa3\x83\x8e-k\x12F\x03\b\x9dh\xcb)\xf4f\x12[\xf9w\xd2\r\t\xef{h\xb0\xc0:\x8f|\x8f\x06\x00\x00\x00\x00\x00\x00\x00\x04\t0\xaf\\H\x06x-\x01\x13\xa0\xf9\xe8\xdf;\xb9\x03\x00^!\xc2\xff\xac\xb8\xac\xc5\n4\xe7\xd5\xf5@L\b\xd3\x88\xc7\xb2G\f^B\xfeR/\xd7\xf9a[Y\xe0;5!r\x92?FB\xde\xa0>0\xdc\xa6\xbf\xce\xd6?\x1f%7>i\x8d\xd0Nw=,\xcc<\v\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x000\xf5+\x1c\'\x06\x00\xd1\xc9k:\x9d\x18cP\x14\xb6\x91AT\xb5w\xe71\xf3\xf8]\xc4\xa6+\xb6\xdcZ\xf2\x82*f\x0etDt\xbf\xa4)\x8e<%\xbcijzt\xf7\x7fN\x8fR\n>\xa0\t\ae\x8d~\xa3!\"\xec&\x83\xec\xac\x01\a\xe9\x17\x0f\xce\x9f}4\xf3P\fx\xa3/]E\xd3\xdbc\xa9\x9d$T\a\x83\n$r\xcf\xf5\xaa\x19\xe2\xb2~\xa3N\x03\x90K\xf7\x9fR_y\x80t\xa2\"!5\xf1R\x90~iLeNm\x9c\\Wv\xe5\xbbK \xc2\xa7wx\xd7\xe1P\a\'<\xa2\x02\x84\xb7\x15\x99\xb4\x85\x9b\xe4\a\xc4\xbe\xe9\xd7~\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x88\xa1\x95\x8d\xad\x13\x10G\x99 !>\x01BS\x01w\xfc\xba\x1cu\x9d\x1aB\xaam\xddc\x1a`\xaflVlj\xb8G\xeb\xbe\a\xe4\xf38\xfba\xe8\xaf\xaa\x19\xa08\x0e\x80\xe2\x17\xde\x81\xd9fi\xca\xfa5\xb9\xf01{\xf5\xd4;Tj\xe7\xef\xfc\xdfAv\xd4\x9a\x83\xa5^\xbd\xa9\xb3\x9cE\xf3\x00Kg\x8aa\xd9|\xaa\xaa2\xf0/\\J\xc7\x13\x00\x00\x00\x00\x00\x00\x00\x00', 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
fallocate(r3, 0x0, 0x0, 0x2400001)
lseek(r3, 0x0, 0x3)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000001200)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e200c422053dcd0f29902cbb0000c4e2b1ba8c88d900000066ba4000ec0f7842280f07b8010000000f01d9", 0x49}], 0x1, 0x0, 0x0, 0x28)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x18)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f000049c000/0x18000)=nil, &(0x7f0000000400)=[@text64={0x40, 0x0}], 0x1, 0x10, 0x0, 0x0)

2.777445277s ago: executing program 2 (id=1064):
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000)
r3 = epoll_create1(0x0)
ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x40187013, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0xb3324d85a3be24c5})
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r0, &(0x7f0000000000)={0xa0000001})
ppoll(&(0x7f0000000200)=[{r3, 0x1}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x18)
epoll_wait(r0, &(0x7f0000000040)=[{}], 0x1, 0x400)
bind$packet(0xffffffffffffffff, 0x0, 0x0)
openat2(0xffffffffffffff9c, 0x0, &(0x7f0000000600)={0x517002, 0x0, 0xc}, 0x18)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)

2.408905649s ago: executing program 4 (id=1065):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f0000000a80)=ANY=[@ANYBLOB="180000000000002000000000ff000000850000000f000000850000000500000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=@newnexthop={0x1c, 0x68, 0x1, 0x3, 0x80000000, {}, [@NHA_GROUP={0x4}]}, 0x1c}}, 0x4000)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000980)=ANY=[@ANYBLOB="b702000026000000bfa300000000000007030000007effff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000050404000001007d60b7030000000000006a0a00fe00000000850000002b000000b7000000000000009500000000000000496cf27fb6d2c643db7e2d5fb4b1936cdf827fb43a431ca711fcd0cdfa146ed3d09a6175037958e27106e225b7937f02008b5e5a076d83923dd29c034055b67dafe6c8dc525d78c07f17e4d5b3185b310efcfa89147a09000000f110026e6d2ef831ab7ea0c34f17e3ad6eecbb622003b534dfd8e012e79578e51bc53099e90f4580d760551b5b0a341a2d7cbdb9cd38bdb2ca8e050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c214733a18c8b6619f28d9961b6fbce3f897226c57c2691208173656d60a17e3c184b751c51160fbcbbdb5b1e7be6148ba532e60a0ac346dfebd31a0806000000020000000000000048f941b13d924bcf334d83239dd27080e71113610e10d858e8327ef01fb6c86acac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab35eb4eea0c6e957bc73ddc4eabba08ab1e1ad828267d4eadd3964663e88535c063f7130856f756436303767d2e24f29e5dad9796edb697a6ea1182babc190ae2ebf8aad34732181feb215139f15ea7e8cb0bae7c34d5ac5e7c805210600000000000000c3dec04b25dfc17975238345d4f71ab158c36657b7218baa0700f781c0a99bd50499ccc421ace59645885efb5b9964e4beba3da8223fe5308e4e65ee93e107000000f8ddebf70132a4d0175b989b8eccf707882042e716df9b57b290c661d4e85031086197bcc5cb0e221a0c34323c129102b6ff0100002e88a1940b3c02ed9c92d6f64b1282dc51bb001598cb30711c599e1c72ffa11ed8be1a6830d7507005154c46bd3ca96318c570f0721fc7aa2a5836ba99fe1f86468694f22cdf550ef091a78098534f0d973059594119d06d5ea9a8d0857382ec6e2a071474cfc12346e47ad97f4ead7cf70a9d1cdac944779dc08a705414888700a30e2366c6a06b3367a389ca39059787790017b0689a411f450f173db9c20000000000015c1d093dab18fd0699fe3304000000323e9c7080397bc49d70c060d57bc88fbe3bbaa058b040362ab926150363fb099408885afc2bf9a46a076b7babfcddeff8c35030669ea69f5e4be1b8e0d6697e97186f9ae97d5670dba6623279f73db9dec75070cd9ab0fda6b069ef6d2857ca3e4effcf7462710d133d541da86e0477e4a6cc999dc21c3ef408e6b178e7c9f274d7fafc8d757d33dfa35aa2000034837d365e63845f3c1092f8dde8af3904ea0f4b82649b83ed4fa0f873339c4cadecc13219ba7518aa4f7db34ead13484742067ab743c1d82a5687f2ed690000000000000000000000000000000000000000000099d4fa0000000000003f0ecdc7c82e72919c91d2039afe17e95ec2eeba72205beff7771bcb293747b88486cacee403000000a2919a4bff2ed893f2c814679fa69fc7e0cf761f918725704a01c56009a9f748e5aaf30a10bd8c409b1870c1f75ee93f9959e3d3f8e0048e55ae289ce2ad779ce71d4dc30cbb2cc4289d2f884d66cddc76eb7f601110ff39053c262279f4ef00fbdb8c328615a9ec84f27a9f3938ae736138b8c1ec220c1540bf3d162dc1c27fa30f0dc60b9f257db5d1c7ed2e152cb2cf06f8edb30177fead735a952ffce676a93110904d5ee2abdab2ef3ff84c4d61443f73552195c7ccfbf9f03c44432eaa3b7501d4239354da8de21eada75d3a3afb2c76ff0700007981699b6c0f0e946766f57544ff52cef0dd811bec4e3c0a30f2d7d19d26d2503a3ea376721b8eded3bc475958dd498ee2b2d6146e33fc0de1dc2e0516ac565ddb1d4ae89e6712824a85eb9ee0a3b68c9e209756623adf685dd715d68ed11e4b4d5502f5124948f8f98c615cac3666c58f785c3f758be352a71871d5c081197d37980e4f4e26b5476fb20407ff7098b7174bef660200a99b5c0c20b378065fac4ef9ac2d0d804b9400000060e5d3f1749feaecf69ba83a71caa9bdddc679f1b826f54b6563a4be1fd82b73c8c2bc65f63982b951fb058fd3c7b6341c4580376b6c16bd94d2da66059de81abfa15eeeb88b6ae5882ad341032c73f1285e21fff5a1d138e061b1dc7bbda199b5fab8e0719e9cd69b47dcb52b0be6a3a73afdf328132e1d4f21065716be0c53a23940d07188b015fa341dbc92231c8b5e5717eac184f46c9f61b69f55cd2231bcf821052429a1f250e8b734be0605a15f25923d599544b319319ff0a32621019347df460a098119a6f47eb1bac47946d7a009cbc6ec74c19a93cc7c7138b28c95270116181fd5f553573c48104d2ad0e10d3663488e664401453f22f0d76d2162635365258af61ae1f46f4a7862f302d91e3f7c2781f602220522e84602a939a8d5e4137ae31ccd397404dc72e06715a6503d4d865182803ee6725da7293b23daeebefd6fce7411c9624a7e8d5ba5a13e1c32adc4f3274497c6882a72475e4280a4d9a47c003c6ed30713304811d889a70c22232496c479a0a71e2f6f9bad8c84bc6be20281bde0b348cd2c60538a505ad4a0510eebb023e4954c9eb6cd70627f5c03d867dbf3ad5d1f1dc852064dd0efafc3df20ed65af3d194db76127f88f284fa1b71ab964fdd2474488da76373e65e9a8bf844bdfdd348bc7d00c4c7e7afe8a1f8cde79b7a6c5aafe954b8ba37818e40c14b37c23f9f614576b689436fef2f27f8b1e756e00262e22bca49c43fd73e7e99b2fa44a8c1db99c2cf2735ad6c5fabf082e0df0f8ba7e24272165f2f5b28230c02b53d44bc84bf6770157e96bbb96b5e1f165c87e7ad68a3600b3d357fa9a7d53c281d88ebb175a4dbb82130e6870982947913110f091d21760d985af5b07cb20488ea035df7f5dccd3163f2e6880682432f9b3b97d57a9f980edfa1116a3d04d58872a07d6a7e12db673acd2f7b8988d833e71943fe2c1c65a3cf36b955c56b55bfd3ecf0af694c71a03f2996c15b1ba971de1cb9c7e6a0000000000000014783ef54c51199317413f98dca8ff3d0bda50f6c0af58dbd6c031b1a5a7512c5896514adfa17d31429c68db50a93d88199defd3b4625fea426ff9293a28a544a6a9e2a79b55daa1b3c6b14c4ec6d164e902ce4913843d65d841973468729ea12bf6d3499036dbb66718f3497855c3baa6cc07c0fa388ec9df0617c1a28ef5a595ee267a76175b8a057e6efaf4fefe46def451f2858fe71a53e77b1a44e98843bb3a40102da3703dfb9f61bdcea2fb810b32d52e2157a150a63ea6135d1cf6f864c2e68884d7245bc5d61dc5a114d10ffb22e76678bbfc1e3865d17d128306d1b81884a934cb00000000000000000098a4526e6468987dbc63bff7590eb388afaba43d811996333eef7e9f472bee293f0c40d434b8be07cbd52325296e22802493edb5c590ad208bac683a8b2d4c9d2d57ff846ae8c422e0b28546671f11d8157bb762c91f3fbcca8e21589c92446ae65d408c0637ffcc2d44d715ce003dd1e12b085e186d069a55c2e96efbe5024d61a56a36d988c0f51a973a6c238e545b28211a92000000001501aed8d72af0fcd540a9d4e293690c5e697b3a1480e46df5371bca1cfb28a57c1b3c956ec81397e81fbf870a67385fea04220423f52ad8178b9fd04bdc7e5fee4bd52db996e633792118efdb6b88023e80da74fdf723c7f0b2e9f3bb90613508c00a292a0c5b87a4f8ff35eba73ce9ebf77d0c842063a7b42c757d008678d38e6a868eaead4f19cdeb7cfc100ceabb4a3999cce5d36ecfe80def20f7187bab75515226f4d9b30e0567612210d492468781999ce795522b726bdf37b15e9afde32a7052cc909efe6ae7804e5044f9f7ae2d8cb08cca312c557bff04cf1fbb0dcfe8ac000000000000000000d4ffcfca7266a0ef3a12fd18925d2a64e10e5c8f381cb10a19864b19d4799a32669c11684eb4b1e71ed7e6b7ad3f3dbdd6458c88a8e17bfe6f"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff4f, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r2, 0x18000000000002a0, 0x41, 0x0, &(0x7f00000003c0)="76389e147583ddd0569ba56a5cfd3c4c6df7f0a6b3d9b7add34497ec27fa4a8543aa3b9ae7c0d5473bdb9e99222e376b5d810cca491dfc98cfd3cd8b16025271bd", 0x0, 0x3404, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)

2.408582389s ago: executing program 4 (id=1066):
prlimit64(0x0, 0xe, &(0x7f0000000780)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r3}, &(0x7f0000000240), &(0x7f0000000280)=r4}, 0x20)
r5 = bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x11, 0x3, &(0x7f0000000540)=@framed={{0x18, 0x0, 0x0, 0x0, 0xf6, 0x0, 0x0, 0x0, 0x4}}, &(0x7f0000000380)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x62, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000003c0)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000400)={0x0, 0xe, 0x6, 0x8}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000480)=[r5, r3, r3], &(0x7f00000007c0), 0x10, 0x3, @void, @value}, 0x94)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x34, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
syz_mount_image$ext4(0x0, &(0x7f0000000440)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r6 = socket(0x10, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000100)={'syz_tun\x00', &(0x7f0000000040)=@ethtool_pauseparam={0x50}})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mlock2(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1)
mlock2(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x1)
r7 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
epoll_ctl$EPOLL_CTL_DEL(0xffffffffffffffff, 0x2, r7)

2.18864164s ago: executing program 1 (id=1069):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22, 0x4, @remote}, 0x1c)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r1}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000580)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'batadv_slave_0\x00'})
r5 = socket$packet(0x11, 0x2, 0x300)
r6 = io_uring_setup(0x4ea0, &(0x7f0000002200)={0x0, 0xf4b, 0x0, 0x2, 0x73})
io_uring_register$IORING_REGISTER_FILES2(r6, 0xd, &(0x7f0000002640)={0x5, 0x0, 0x0, &(0x7f00000025c0)=[{&(0x7f0000002280)=""/208, 0xd0}, {&(0x7f0000002380)=""/102, 0x66}, {&(0x7f0000000080)=""/17, 0x11}, {&(0x7f0000002400)=""/243, 0xf3}, {&(0x7f0000002500)=""/129, 0x81}], &(0x7f0000000100)=[0x3f4, 0xb1]}, 0x20)
sendto$packet(r5, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0xe, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14)
write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000040)={0x18, 0xffffffffffffffda, 0x0, {0xfffffffffffffff7}}, 0x18)

993.516006ms ago: executing program 4 (id=1070):
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000280)={0x0, 0x0, <r0=>0x0}, &(0x7f00000002c0)=0xc)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x4000, &(0x7f00000004c0)={[{@stripe={'stripe', 0x3d, 0x4}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x84}}, {@stripe={'stripe', 0x3d, 0x7}}, {@commit={'commit', 0x3d, 0x5}}, {@barrier_val={'barrier', 0x3d, 0x1}}, {@barrier_val={'barrier', 0x3d, 0x4}}, {@errors_remount}, {@resgid={'resgid', 0x3d, r0}}]}, 0xd, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x104880, 0x0, 0x1, 0x0, &(0x7f0000000200))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r2}, 0x10)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff010000850000000e000000850000005000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x9)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1)
link(&(0x7f0000001240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000bc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
syz_mount_image$fuse(0x0, &(0x7f0000000080)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
rename(&(0x7f0000000100)='./file1\x00', &(0x7f0000000300)='./file0\x00')

960.569936ms ago: executing program 2 (id=1071):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_open_procfs$namespace(0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, 0x0, 0x0)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000180)=0x4000000, 0x4)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{}, 0x0, &(0x7f0000000040)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
recvmsg(r1, &(0x7f0000000500)={&(0x7f0000000780)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000680)=""/246, 0xf6}], 0x1}, 0x0)
sendmsg$tipc(r2, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x2200c851, 0x0, 0x0)
poll(&(0x7f0000000040)=[{r0, 0x680}], 0x1, 0x800)
sendto$inet6(r0, &(0x7f0000000080)="44f9b108b1cdc885c9c533d21f474bec8bfef1df1e2da71e578dc6b91d09f7ab15378571d8e27546090011006e75436914ab717528ee4b7a9beaf908d11137c11903064e83b4951f", 0x48, 0x1, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000200)={0x0, 0x0, 0xf000, 0x2000, &(0x7f0000f99000/0x2000)=nil})
r7 = dup(r6)
ioctl$KVM_SET_VAPIC_ADDR(r6, 0x4008ae93, &(0x7f0000000000)=0x10000)
ioctl$KVM_SET_VAPIC_ADDR(r7, 0x4008ae93, &(0x7f00000000c0)=0xffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r8, 0x0, 0x60, &(0x7f00000001c0)={'filter\x00', 0x5, 0x4, 0x3f0, 0x110, 0x0, 0x220, 0x220, 0x308, 0x308, 0x4, 0x0, {[{{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @private, @empty}}}, {{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @local, @private}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x440)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$netlink(0x10, 0x3, 0x0)

955.835426ms ago: executing program 1 (id=1072):
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000180)=0x7f, 0x4)
connect$inet6(r0, &(0x7f0000000840)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000002040)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000000c0)="efce4d823cf6c009f98bb1916d6bf172fc99275a2f2183f996fef723355c4bc16cff2269896d30721ecb3acd2dfd7a3c4921b5fc34578714d51a76718fe93120766d9ab49c2bbc82b0", 0x49}, {&(0x7f00000001c0)="cd9bfb0eb9838e8c51f87c119e38c7d51ce2c543f3f497563926b1601d90bcfa0f33771927b8fbcb86455eb46ce78c1b31a4c510b367a9", 0x37}], 0x2, 0x0, 0x0, 0x20000000}, 0xa}], 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x0, 0x13, r1, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='fd\x00')
getdents64(r2, &(0x7f00000000c0)=""/32, 0x20)
getdents(r2, &(0x7f0000001180)=""/120, 0x78)

916.170246ms ago: executing program 3 (id=1073):
r0 = gettid()
r1 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
readv(r1, &(0x7f0000001340)=[{&(0x7f0000001280)=""/151, 0x97}], 0x1)
readv(r1, &(0x7f0000001240)=[{&(0x7f0000000040)=""/65, 0x41}], 0x1)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501020000000000090582020002"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)

863.465976ms ago: executing program 1 (id=1074):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = gettid()
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000093850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r3}, 0x10)
r4 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$selinux_access(r4, &(0x7f0000000300)=ANY=[@ANYBLOB="73797374656d5f753a6f626af7db745f723a6c6f67696e5f657865635f743a7330202f7573728b944cefe3332f6c69622f74656c6570617468792f6d697373696f6e2d636f6e74726f6c2d352030"], 0x5c)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x3, 0x1}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x48, 0x2, {{0x0, 0x2, 0x0, 0xfffffffc, 0xffffffff}, [@TCA_NETEM_SLOT={0x2c, 0xc, {0x7, 0xfffffffffffffffc, 0x6, 0x800, 0x8000000000000000, 0x3}}]}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x90}, 0x0)

863.058126ms ago: executing program 5 (id=1075):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x9, 0x7, 0x8000, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r0, <r1=>0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000d0039000000000000b4a518110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
r3 = openat$selinux_relabel(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
write$selinux_access(r3, &(0x7f00000004c0)=ANY=[@ANYBLOB="2a797374656d5f753a6f626a6563745f723a7570647077645f657865635f742073797374656d5f753a73797374656d5f723afaffffffffffffff3a73302030"], 0x56)

838.508446ms ago: executing program 1 (id=1076):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000000c0)=0xffffffff, 0x4)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f0000000000), 0x1, 0x797, &(0x7f00000017c0)="$eJzs3c9rXNUeAPDvnSRNk/a95MGD9+oqIGigdGJqbBVcVFyIYKGga9thMg01k0zJTEoTAraI4EZQcSHopmt/1J1bf2z1v3AhLVXTYsWFRO78SKdmpp3EzEw0nw/czDn33Mk53zn3x7lzL3cC2Lcm0j+ZiCMR8U4SMVafn0TEUDU1GHGqttzd9bV8OiWxsfHyT0l1mTvra/loek/qUD3z/4j4+s2Io5mt9ZZXVudzxWJhqZ6fqixcnCqvrB67sJCbK8wVFk9Mz8wcP/nUyRO7F+sv360evvnuC49/duq3N/53/e1vkjgVh+tlzXHslomYqH8mQ+lHeJ/nd7uyPkv63QB2JN00B2pbeRyJsRioptoY6WXLAIBueT0iNgCAfSZx/AeAfabxPcCd9bV8Y+rvNxK9deu5iDhYi79xfbNWMli/Zneweh109E5y35WRJCLGd6H+iYj46ItXP0mnqPeDa2lAL1y5GhHnxie27v+TLfcsbNcTDyrcGK6+TPxp9n47/kA/fZmOf55uNf7LbI5/osX4Z7jFtrsTD9/+Mzd2oZq20vHfs033tt1tir9ufKCe+1d1zDeUnL9QLKT7tn9HxGQMDaf56eqirUduk7d/v92u/ubx38/vvfZxWn/6em+JzI3B4fvfM5ur5P5q3A23rkY8Mtgq/mSz/5M2498zHdbx4jNvfdiuLI0/jbcxbY2/uzauRTzWsv/v9WXywPsTp6qrw1RjpWjh8+8/GG1Xf3P/p1Naf+NcoBfS/h99cPzjSfP9muXt1/HttbGv2pU9PP7W6/+B5JVq+kB93uVcpbI0HXEgeWnr/OP33tvIN5ZP4598tPX2X6u29fqfnhOe6zD+wZs/frrz+LsrjX92W/2//cT1u/MD7ervrP9nqqnJ+pzO9n+dNXDnnxwAAAAAAAAAAAAAAAAAAAAAAAAAdC4TEYcjyWQ305lMNlv7De//xmimWCpXjp4vLS/ORvW3ssdjKNN41OVY0/NQpzefuFjLH68/H79R/mRE/Cci3h8eqeaz+VJxts+xAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDDoTa//5/6YbjfrQMAuuZgvxsAAPSc4z8A7D/bO/6PdK0dAEDvOP8HgP2n4+P/ue62AwDoHef/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdNmZ06fTaePX9bV8mp+9tLI8X7p0bLZQns8uLOez+dLSxexcqTRXLGTzpYW2/+hK7aVYKl2cicXly1OVQrkyVV5ZPbtQWl6snL2wkJsrnC0M9SwyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOhceWV1PlcsFpb2VCJTb91eaU+xMLI3mrFnEoOxJ5rxj04M9rX25r3ESH92TgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB/A38EAAD//ywiJds=")
r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x143042, 0x8d)
pwritev2(r1, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfe}], 0x1, 0x5405, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='rss_stat\x00', r3}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r1, r1, 0x0, 0x7a680000)

799.856456ms ago: executing program 5 (id=1077):
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000200)='./file2\x00', 0x0, &(0x7f0000000240), 0x1, 0x539, &(0x7f0000000800)="$eJzs3e9rJGcdAPDvzO6mubvUbFWkVmyLrdwVvd1LY9sg0lYQ9U1Bre+vMdkL4TbZkN3USyia4h8giKjgK1/5RvAPEKR/gggFfS8qiuhVQRC9kdmdNdlk97Jnfuw1+Xxgss8zzzPzfZ65m9mZnYeZAC6spyPi1YgoRcRzETFbzE+L6Wae2e3Ve+/uW0v5lESWvf7XJJJiXn9deb4cEVd6i8R0RHztSxHfSA7HbW/v3F5sNhubRb7eWduot7d3rq+uLa40Vhrr8/NzLy68tPDCwo2scKx+ViPi5S/88Qff/ekXX/7lp7/5u5t/vvatvFmf+0jysaJ5S8cKMEJv3ZXutujLt9HmaQSbgFLRn0pp0i0BAGAc+Tn+ByPiE93z/9kodc/mAAAAgPMke2Um/p1EZAAAAMC5lUbETCRprRgLMBNpWqv1xvB+OC6nzVa786lbra315bwsohqV9NZqs3GjGCtcjUqS5+eKMbb9/PMH8vMR8VhEfH/2UjdfW2o1lyf94wcAAABcEFeeGrz+/8ds2k0DAAAA50x1ZAYAAAA4L1zyAwAAwPn2r+JBAHtz7h3vTVsAAADAw+Yrr72WT1n/Pd7Lb25v3W69eX250b5dW9taqi21NjdqK63WSveZfWtHra/Zam18Jta37tQ7jXan3t7eubnW2lrv3FwdeAU2AAAAcIYee+qd3yYRsfvZS90piucAAgz4w6QbAJyk0olXBN4vyvmfNybdCmASKkfWKJ9JO4DJSY4oHzl451cn3xYAAOB0XP3o4fv/U0XZ0b8NAO9nxvoAwMXj7h5cXJUoucyHC+4DvY9HRpU/+P3/g2cWmceKAgDAhM10R/4maa24FzgTaVqrRTzafS1gJbm12mzcKK4PfjNbeSTPz3WXTI4cMwwAAAAAAAAAAAAAAAAAAAAAAAAA9GRZEtkD+OeDVAYAAAAeChHpn7pvAIiIq7PPzgz+OnDgrV8/fv2HdxY7nc25iKnkb7P5rKmI6PyomP985pUAAAAA8BDoXacXn3OTbg0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5817d99a6k8DBdOnG/cvn4+I6rD45SL0dFQi4vLfkyjvWy6JiNIJxN99OyIeHxY/iXtZllWLVgyLf+mU41e7m2Z4/DQirpxAfLjI3smPP68O2//SeLr7OXz/KxfTcY0+/qX/O/6Viv19v/z48+iYMZ549+f1kfHfjniiPPz404+f9PqfHIz/zJjx3/j6zs6osuwnEVeHfv8kA7HqnbWNent75/rq2uJKY6WxPj8/9+LCSwsvLNyo31ptNoq/Q2N87+O/uHe//l8eEb862P9Dx/9nx+z/f969c/dDvWRlWPxrzwz//n18RPy0+O77ZJHOy6/207u99H5P/uzXT96v/8sj+r/3758N7f+1Mfv/3Fe/8/sxqwIAZ6C9vXN7sdlsbPYT+UnE4JzN6YN19ifys6QRRaeYeOXsYs2cZb/G2ODnM5F9u/f/8XjrOebihxLZEXWm4j6Ll09iv5gatZ+eemKSRyUAAOA07J3057ksmXR7AAAAAAAAAAAAAAAAAAAA4CL6P58QNh0RY1c+GHN3L7n65TPuLwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAKP8NAAD//yTO3Pc=")

780.019687ms ago: executing program 4 (id=1078):
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = epoll_create1(0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000)
r1 = epoll_create1(0x0)
ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x40187013, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0xb3324d85a3be24c5})
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)={0xa0000001})
ppoll(&(0x7f0000000200)=[{r1, 0x1}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x18)
epoll_wait(r0, &(0x7f0000000040), 0x0, 0x400)
bind$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
openat2(0xffffffffffffff9c, 0x0, &(0x7f0000000600)={0x517002, 0x0, 0xc}, 0x18)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)

544.309228ms ago: executing program 1 (id=1079):
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f00000000c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/110, 0x14b}, {&(0x7f0000000280)=""/85, 0x14}, {&(0x7f0000000fc0)=""/4096, 0x70}, {&(0x7f0000000400)=""/106, 0x56c}, {&(0x7f0000000740)=""/73, 0x17}, {&(0x7f0000000200)=""/77, 0x630}, {&(0x7f00000007c0)=""/154, 0x4a}, {&(0x7f0000000100)=""/16, 0x158}], 0x8, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
r3 = socket(0x1, 0x3, 0x0)
r4 = epoll_create1(0x0)
epoll_pwait(r4, &(0x7f00008c9fc4)=[{}], 0x1, 0xfffffffffffffff7, 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r3, 0x89f3, &(0x7f0000000340)={'ip6gre0\x00', &(0x7f0000000540)={'syztnl1\x00', 0x0, 0x2f, 0x4, 0x3, 0xb99, 0x49, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, 0x7800, 0x720, 0x1ff, 0x1}})
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r6=>0x0})
r7 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r6, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYRES16, @ANYRES32=r7], 0x44}}, 0x0)

485.183428ms ago: executing program 5 (id=1080):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_GETKMSGREDIRECT(r4, 0x4b4d, &(0x7f00000000c0))
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x104, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000080000000", @ANYRES32=r5], 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

407.390528ms ago: executing program 1 (id=1081):
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000)
r3 = epoll_create1(0x0)
ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x40187013, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0xb3324d85a3be24c5})
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r0, &(0x7f0000000000)={0xa0000001})
ppoll(&(0x7f0000000200)=[{r3, 0x1}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x18)
epoll_wait(r0, &(0x7f0000000040)=[{}], 0x1, 0x400)
bind$packet(0xffffffffffffffff, 0x0, 0x0)
openat2(0xffffffffffffff9c, 0x0, &(0x7f0000000600)={0x517002, 0x0, 0xc}, 0x18)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)

371.807899ms ago: executing program 33 (id=1081):
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000)
r3 = epoll_create1(0x0)
ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x40187013, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0xb3324d85a3be24c5})
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r0, &(0x7f0000000000)={0xa0000001})
ppoll(&(0x7f0000000200)=[{r3, 0x1}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x18)
epoll_wait(r0, &(0x7f0000000040)=[{}], 0x1, 0x400)
bind$packet(0xffffffffffffffff, 0x0, 0x0)
openat2(0xffffffffffffff9c, 0x0, &(0x7f0000000600)={0x517002, 0x0, 0xc}, 0x18)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)

62.05073ms ago: executing program 3 (id=1083):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22, 0x4, @remote}, 0x1c)
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x840, &(0x7f0000000540)={[{@test_dummy_encryption}]}, 0x1, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=")
mkdir(&(0x7f00000002c0)='./bus\x00', 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r1}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000580)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}]})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'batadv_slave_0\x00'})
r5 = socket$packet(0x11, 0x2, 0x300)
r6 = io_uring_setup(0x4ea0, &(0x7f0000002200)={0x0, 0xf4b, 0x0, 0x2, 0x73})
io_uring_register$IORING_REGISTER_FILES2(r6, 0xd, &(0x7f0000002640)={0x5, 0x0, 0x0, &(0x7f00000025c0)=[{&(0x7f0000002280)=""/208, 0xd0}, {&(0x7f0000002380)=""/102, 0x66}, {&(0x7f0000000080)=""/17, 0x11}, {&(0x7f0000002400)=""/243, 0xf3}, {&(0x7f0000002500)=""/129, 0x81}], &(0x7f0000000100)=[0x3f4, 0xb1]}, 0x20)
sendto$packet(r5, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x11, 0xe, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14)
write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000040)={0x18, 0xffffffffffffffda, 0x0, {0xfffffffffffffff7}}, 0x18)

25.94ms ago: executing program 2 (id=1084):
r0 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x600, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="540000001400b59500000000000000000a000000", @ANYRES32=r0, @ANYBLOB="140001000040000000000000000000000000000014000200fe8000000000000000000000000000aa140006"], 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x80)

0s ago: executing program 2 (id=1085):
quotactl_fd$Q_GETINFO(0xffffffffffffffff, 0xffffffff80000500, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000002700)=ANY=[@ANYBLOB="1800007fbf890ef1d0a038fade081776eb0000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bda100000000000007010000f8ffffffb702000008000000b70300000000a5df850100002d00000095dd0b7291c53658a6dff7c447ffd1159b1d154e1cdaf2416e831a6362d5f02252c17abac3f5bbfb10b01f1e370abb18e6d86860670b54320f2c073cb014c2a7be1f43d13fdf4c51684b0397e0613a523e982fb073d6600298ce86ef20f94817a3d38dd513cbd61ffaa9b807ff6fdeee280e2a10481baef7ea98a61254c51019713862c8f5a3f7644160489f798322e5d8db8369ba11410a810ea83809b4068888"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x10)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000280)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x800780, &(0x7f0000000880), 0xff, 0x467, &(0x7f0000002280)="$eJzs3M9rHFUcAPDvzCb93SbWKrRWjRYx+CNp0qo9eFEUPFQU9FCPcZOW0m0jTQRbio0i9SJIQc/iUfAv8OZF1JPgVe9SKBqEVk+R2Z1JN9vdZNNsdmv384Fp39t5M/O+O+/tvJm3mwD61kj2TxKxKyJ+i4ihWnZlgZHafzcXL5X/WbxUTmJp6a0/k2q5G4uXykXRYrudeWY0jUg/SfKDxNb63c5duHhmqlKZOZ/nx+fPvjc+d+His6fPTp2aOTVzbvLYsaNHJl54fvK5tuJI1lifxXXjwIezB/e/9s7V18snrr7707fZNrvy9fVxdMpIFvhfS1WN657o9MF6bHddOhnoYUVYl1JEZKdrsNr/h6IUt07eULz6cU8rB2yq7Nq0tfXqhSXgHpbE2mX+7kZFgC4rLvTZ/W+xdGnocVe4/lLtBiiL+2a+1NYMRJqXGWy4v+2kkYg4sfDvV9kSm/QcAgCg3mflL4/HM83Gf2k8WFduTz6HMhwR90XE3oi4PyL2RcQDEVnZxiFlW0Ya8rePf9JrdxhaW7Lx34v53NbK8V8x+ovhUp7bXY1/MDl5ujJzOH9PRmNwa5afWOUY37/y6+et1tWP/7IlO34xFszrcW2g4QHd9NT8VHVQ2gHXP4o4MNAs/mR5JiCJiP0RcWB9u95TJE4/9c3B7QebF1o7/lV0YJ5p6euIJ2vnfyEa4i8kq89Pjm+Lyszh8aJV3O7nX6682er4LeLfsvHI2pOd/x0r239jkeGkfr52bv3HuPL7py3vae60/W9J3q6el+KN+mBqfv78RMSW5Hg1v+L1yVvbFvmifBb/6KHm/X9vvk12nIciImvCD0fEIxHxaF73xyLi8Yg4tEr8P76cJ5q01w21/w7I4p9u+vm33P4bzv/6E6UzP3xX7GzbuuPPzv/Ramo0f6X6+beGdiu40fcPAAAA/g/S6nfgk3RsOZ2mY2O17/Dvix1pZXZu/umTs++fm659V344BtPiSddQ3fPQiWQh32MtP5k/Ky7WH8mfG39R2l7Nj5VnK9M9jh363c4W/T/zR6nXtQM2XbN5tMmuTUEBvdTY/9OV2ctvdLMyQFf5vTb0rzX6f9qtegDd5/oP/atZ/7/ckDcXAPcm13/oX/o/9C/9H/qX/g99aSO/65fo50Sklcr0tojVCxd/EOjuqLNE+4lefzIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0xn8BAAD///xQ9VA=")
chdir(&(0x7f0000000140)='./file0\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='net_prio.prioidx\x00', 0x275a, 0x0)
mkdir(&(0x7f00000002c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x5)
r1 = creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
symlink(&(0x7f0000000dc0)='./file0\x00', &(0x7f0000000cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
mkdirat(0xffffffffffffff9c, &(0x7f00000005c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
rmdir(&(0x7f00000003c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff)
r2 = socket(0x10, 0x5, 0x0)
r3 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0)
sendmsg$nl_route_sched(r2, 0x0, 0x40000)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, 0x0)
bind$bt_hci(0xffffffffffffffff, 0x0, 0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r4, 0xaf01, 0x0)
r5 = eventfd(0x0)
ioctl$VHOST_SET_LOG_BASE(r4, 0x4008af04, &(0x7f0000000500)=&(0x7f0000000240))
ioctl$VHOST_SET_LOG_FD(r4, 0x4004af07, &(0x7f0000000740)=r5)
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x2})
setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f00000020c0)={0xfffffff7, {{0xa, 0x4e20, 0x4f0, @empty, 0xfffffffb}}, {{0xa, 0x4e22, 0x6, @dev={0xfe, 0x80, '\x00', 0x24}, 0x9}}}, 0x108)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f0000000580)=""/99, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000001f80)={0x9, 0x0, [{0x1000, 0xa, &(0x7f0000000080)=""/10}, {0x100000, 0x48, &(0x7f00000006c0)=""/72}, {0x4000, 0xa5, &(0x7f0000000780)=""/165}, {0x80a0000, 0xf7, &(0x7f0000000940)=""/247}, {0x5000, 0xbe, &(0x7f0000000b00)=""/190}, {0xeeee0000, 0x66, &(0x7f0000000a40)=""/102}, {0x80a0000, 0x92, &(0x7f0000000bc0)=""/146}, {0x10000, 0x1000, &(0x7f0000000f80)=""/4096}, {0x80a0000, 0xf0, &(0x7f0000000e00)=""/240}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f0000000000)=0x20000)

kernel console output (not intermixed with test programs):

ge from 0 to 256
[  273.862624][ T3683] exfat: Unknown parameter 'um0×P½a000000000'
[  275.009379][ T3683] loop4: detected capacity change from 0 to 2048
[  275.093795][ T3683]  loop4: p2 p3 p7
[  275.123811][  T290] EXT4-fs (loop1): unmounting filesystem.
[  275.147338][ T3670] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  275.295240][   T28] audit: type=1400 audit(1732978993.148:175): avc:  denied  { write } for  pid=3686 comm="syz.2.692" name="ppp" dev="devtmpfs" ino=154 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  275.326180][ T3680] loop3: detected capacity change from 0 to 1024
[  275.370948][ T3680] EXT4-fs: Ignoring removed orlov option
[  275.390467][ T3680] EXT4-fs (loop3): Test dummy encryption mode enabled
[  275.398882][ T3680] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  275.498297][ T3680] FAULT_INJECTION: forcing a failure.
[  275.498297][ T3680] name failslab, interval 1, probability 0, space 0, times 1
[  275.527698][ T3680] CPU: 1 PID: 3680 Comm: syz.3.690 Not tainted 6.1.115-syzkaller-00041-ga887a44ace2a #0
[  275.537240][ T3680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  275.547123][ T3680] Call Trace:
[  275.550254][ T3680]  <TASK>
[  275.553028][ T3680]  dump_stack_lvl+0x151/0x1b7
[  275.557538][ T3680]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[  275.562838][ T3680]  ? __down_common+0x690/0x690
[  275.567435][ T3680]  dump_stack+0x15/0x19
[  275.571425][ T3680]  should_fail_ex+0x3d0/0x520
[  275.575949][ T3680]  __should_failslab+0xaf/0xf0
[  275.580540][ T3680]  ? ext4_read_inline_dir+0x257/0xf60
[  275.585747][ T3680]  should_failslab+0x9/0x20
[  275.590086][ T3680]  __kmem_cache_alloc_node+0x3d/0x2a0
[  275.595293][ T3680]  ? ext4_read_inline_dir+0x257/0xf60
[  275.600503][ T3680]  __kmalloc+0xa3/0x1e0
[  275.604503][ T3680]  ext4_read_inline_dir+0x257/0xf60
[  275.609531][ T3680]  ? _parse_integer+0x2a/0x40
[  275.614041][ T3680]  ? ext4_inlinedir_to_tree+0x1230/0x1230
[  275.619600][ T3680]  ? putname+0xfa/0x150
[  275.623590][ T3680]  ext4_readdir+0x3d1/0x3860
[  275.628044][ T3680]  ? _kstrtol+0x150/0x150
[  275.632210][ T3680]  ? __kasan_check_write+0x14/0x20
[  275.637125][ T3680]  ? kstrtouint_from_user+0x124/0x180
[  275.642335][ T3680]  ? kstrtol_from_user+0x180/0x180
[  275.647284][ T3680]  ? down_read_killable+0x1206/0x1ff0
[  275.652500][ T3680]  ? ext4_dir_llseek+0x540/0x540
[  275.657273][ T3680]  ? down_read_interruptible+0x1ed0/0x1ed0
[  275.662903][ T3680]  ? proc_fail_nth_read+0x210/0x210
[  275.667938][ T3680]  ? fsnotify_perm+0x6a/0x5b0
[  275.672455][ T3680]  ? security_file_permission+0x86/0xb0
[  275.677835][ T3680]  iterate_dir+0x265/0x600
[  275.682084][ T3680]  ? ext4_dir_llseek+0x540/0x540
[  275.686884][ T3680]  __se_sys_getdents64+0x1c1/0x460
[  275.691804][ T3680]  ? __kasan_check_write+0x14/0x20
[  275.696754][ T3680]  ? __x64_sys_getdents64+0x90/0x90
[  275.701810][ T3680]  ? filldir+0x670/0x670
[  275.705864][ T3680]  ? __ia32_sys_read+0x90/0x90
[  275.710465][ T3680]  ? debug_smp_processor_id+0x17/0x20
[  275.715672][ T3680]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  275.721574][ T3680]  __x64_sys_getdents64+0x7b/0x90
[  275.726434][ T3680]  x64_sys_call+0x5ae/0x9a0
[  275.730772][ T3680]  do_syscall_64+0x3b/0xb0
[  275.735025][ T3680]  ? clear_bhb_loop+0x55/0xb0
[  275.739546][ T3680]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  275.745269][ T3680] RIP: 0033:0x7f3b6b580849
[  275.749522][ T3680] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  275.768964][ T3680] RSP: 002b:00007f3b6c47b058 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[  275.777208][ T3680] RAX: ffffffffffffffda RBX: 00007f3b6b745fa0 RCX: 00007f3b6b580849
[  275.785030][ T3680] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[  275.792829][ T3680] RBP: 00007f3b6c47b0a0 R08: 0000000000000000 R09: 0000000000000000
[  275.800642][ T3680] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  275.808453][ T3680] R13: 0000000000000000 R14: 00007f3b6b745fa0 R15: 00007ffc582cc8b8
[  275.816266][ T3680]  </TASK>
[  275.837162][   T28] audit: type=1400 audit(1732978993.688:176): avc:  denied  { unlink } for  pid=85 comm="syslogd" name="messages.0" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  276.014293][  T293] EXT4-fs (loop3): unmounting filesystem.
[  276.064077][   T28] audit: type=1400 audit(1732978993.918:177): avc:  denied  { create } for  pid=3686 comm="syz.2.692" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  276.087436][   T28] audit: type=1400 audit(1732978993.918:178): avc:  denied  { write } for  pid=3686 comm="syz.2.692" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  276.129404][ T3704] loop4: detected capacity change from 0 to 512
[  276.144288][ T3704] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  276.196189][ T3704] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  276.205822][ T3704] ext4 filesystem being mounted at /133/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  276.347575][  T292] EXT4-fs (loop0): unmounting filesystem.
[  276.357756][   T28] audit: type=1400 audit(1732978993.918:179): avc:  denied  { read } for  pid=3686 comm="syz.2.692" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  276.383413][  T291] EXT4-fs (loop4): unmounting filesystem.
[  276.903203][ T3726] loop3: detected capacity change from 0 to 1024
[  276.935500][ T3726] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  276.967680][  T497] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  276.985852][ T3726] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  277.157713][  T497] usb 3-1: Using ep0 maxpacket: 32
[  277.164215][  T497] usb 3-1: config index 0 descriptor too short (expected 29220, got 36)
[  277.187962][  T497] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  277.324959][  T497] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81
[  277.486646][ T3735] loop1: detected capacity change from 0 to 512
[  277.495778][ T3737] loop0: detected capacity change from 0 to 1024
[  277.507608][  T497] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  277.517337][  T497] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  277.526960][  T497] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  277.540270][ T3737] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  277.543689][  T497] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  277.561222][  T497] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  277.567411][ T3735] EXT4-fs error (device loop1): ext4_orphan_get:1400: inode #15: comm syz.1.701: casefold flag without casefold feature
[  277.570282][  T497] usb 3-1: config 0 descriptor??
[  277.586372][ T3735] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.701: couldn't read orphan inode 15 (err -117)
[  277.590145][ T3737] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  277.598245][ T3735] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  278.211312][  T497] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 13 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  278.482578][  T293] EXT4-fs (loop3): unmounting filesystem.
[  278.886182][ T3755] loop4: detected capacity change from 0 to 256
[  278.892843][ T3755] exfat: Unknown parameter 'um0×P½a000000000'
[  279.411534][  T290] EXT4-fs (loop1): unmounting filesystem.
[  279.611167][ T3755] loop4: detected capacity change from 0 to 2048
[  279.682168][  T292] EXT4-fs (loop0): unmounting filesystem.
[  279.690257][ T3755]  loop4: p2 p3 p7
[  280.016287][ T3761] loop1: detected capacity change from 0 to 1024
[  280.050396][ T3761] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  280.096577][ T3761] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  280.150728][ T3769] loop3: detected capacity change from 0 to 512
[  280.160404][ T3769] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  280.179509][ T3769] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  280.188320][ T3769] ext4 filesystem being mounted at /142/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  280.819963][   T19] usb 3-1: USB disconnect, device number 13
[  280.828130][   T19] usblp0: removed
[  280.834612][  T293] EXT4-fs (loop3): unmounting filesystem.
[  280.894180][  T290] EXT4-fs (loop1): unmounting filesystem.
[  281.639753][ T3795] loop2: detected capacity change from 0 to 256
[  281.649903][ T3795] exfat: Unknown parameter 'um0×P½a000000000'
[  283.385869][ T3795] loop2: detected capacity change from 0 to 2048
[  283.454983][ T3795]  loop2: p2 p3 p7
[  283.682188][ T3800] loop1: detected capacity change from 0 to 1024
[  283.823712][ T3800] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  284.140144][ T3800] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  284.219986][ T3810] loop2: detected capacity change from 0 to 1024
[  284.226780][ T3810] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  284.258856][ T3810] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  284.701130][  T290] EXT4-fs (loop1): unmounting filesystem.
[  285.149040][ T3830] loop4: detected capacity change from 0 to 256
[  285.155433][ T3830] exfat: Unknown parameter 'um0×P½a000000000'
[  288.844125][  T294] EXT4-fs (loop2): unmounting filesystem.
[  288.848146][ T3828] loop4: detected capacity change from 0 to 2048
[  288.878381][ T3839] loop0: detected capacity change from 0 to 1024
[  288.900351][ T3839] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  288.914236][ T3828]  loop4: p2 p3 p7
[  288.991595][ T3846] loop2: detected capacity change from 0 to 512
[  288.998150][ T3846] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  289.033999][ T3846] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  289.042888][ T3846] ext4 filesystem being mounted at /146/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  289.071146][ T3839] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  289.397477][  T497] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  289.848041][  T294] EXT4-fs (loop2): unmounting filesystem.
[  289.863448][ T3858] loop3: detected capacity change from 0 to 1024
[  289.983325][ T3858] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  290.277736][  T497] usb 2-1: Using ep0 maxpacket: 32
[  290.328292][  T497] usb 2-1: config index 0 descriptor too short (expected 29220, got 36)
[  290.329323][ T3858] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  290.355737][  T292] EXT4-fs (loop0): unmounting filesystem.
[  290.393967][  T497] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  290.402676][  T497] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81
[  290.451516][  T497] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  290.461405][  T497] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  291.335179][  T497] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  291.605816][ T3875] overlayfs: missing 'lowerdir'
[  291.792610][  T497] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  291.801803][  T497] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  291.802095][  T293] EXT4-fs (loop3): unmounting filesystem.
[  291.815504][  T497] usb 2-1: config 0 descriptor??
[  291.848835][ T3886] loop3: detected capacity change from 0 to 1024
[  291.914456][ T3886] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  291.945801][  T497] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 11 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  291.973893][  T497] usb 2-1: USB disconnect, device number 11
[  292.075532][ T3886] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  292.080458][  T497] usblp0: removed
[  293.517995][   T28] audit: type=1400 audit(1732979011.338:180): avc:  denied  { create } for  pid=3908 comm="syz.0.733" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  293.521429][  T293] EXT4-fs (loop3): unmounting filesystem.
[  293.560591][   T28] audit: type=1400 audit(1732979011.418:181): avc:  denied  { map } for  pid=3908 comm="syz.0.733" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=24265 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  293.560620][   T28] audit: type=1400 audit(1732979011.418:182): avc:  denied  { read write } for  pid=3908 comm="syz.0.733" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=24265 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  294.181066][ T3918] loop1: detected capacity change from 0 to 256
[  294.181502][ T3918] exfat: Unknown parameter 'um0×P½a000000000'
[  294.907107][ T3919] loop3: detected capacity change from 0 to 256
[  294.907345][ T3919] exfat: Unknown parameter 'um0×P½a000000000'
[  295.344134][ T3919] loop3: detected capacity change from 0 to 2048
[  295.377611][ T3916] loop1: detected capacity change from 0 to 2048
[  295.492394][ T3919]  loop3: p2 p3 p7
[  295.586689][ T3916]  loop1: p2 p3 p7
[  296.231668][  T103]  loop3: p2 p3 p7
[  296.241822][ T3909] tty tty2: ldisc open failed (-12), clearing slot 1
[  296.415223][  T103] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  296.437668][  T103] Buffer I/O error on dev loop3, logical block 0, async page read
[  296.474041][  T103]  loop3: unable to read partition table
[  296.479848][  T103] loop3: partition table beyond EOD, truncated
[  296.497763][  T334] udevd[334]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory
[  297.419414][  T334] udevd[334]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory
[  297.430463][  T619] udevd[619]: inotify_add_watch(7, /dev/loop3p7, 10) failed: No such file or directory
[  297.436207][  T621] udevd[621]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory
[  297.443581][  T326] udevd[326]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory
[  297.498832][  T464] udevd[464]: inotify_add_watch(7, /dev/loop1p7, 10) failed: No such file or directory
[  297.514377][ T3941] overlayfs: missing 'lowerdir'
[  297.581646][  T619] udevd[619]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory
[  297.592158][  T621] udevd[621]: inotify_add_watch(7, /dev/loop3p7, 10) failed: No such file or directory
[  297.602883][  T334] udevd[334]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory
[  298.037835][ T3964] loop3: detected capacity change from 0 to 1024
[  298.055283][ T3964] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  298.157754][   T19] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  298.170264][ T3964] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  299.286162][  T293] EXT4-fs (loop3): unmounting filesystem.
[  299.328668][ T3978] loop4: detected capacity change from 0 to 512
[  299.338708][ T3978] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  299.367691][   T19] usb 3-1: Using ep0 maxpacket: 32
[  299.373786][   T19] usb 3-1: config index 0 descriptor too short (expected 29220, got 36)
[  299.393433][   T19] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  299.406162][ T3984] loop3: detected capacity change from 0 to 1024
[  299.413022][   T19] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81
[  299.414456][ T3978] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  299.431975][ T3978] ext4 filesystem being mounted at /143/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  299.433552][   T19] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  299.453690][ T3984] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  299.466376][   T19] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  299.476625][   T19] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  299.490177][   T19] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  299.506065][ T3984] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  299.520255][  T291] EXT4-fs (loop4): unmounting filesystem.
[  299.532626][   T19] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  299.540723][   T28] audit: type=1400 audit(1732979017.398:183): avc:  denied  { write } for  pid=3981 comm="syz.1.749" name="ip6_flowlabel" dev="proc" ino=4026532350 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[  299.568740][   T19] usb 3-1: config 0 descriptor??
[  299.620572][ T3982] loop1: detected capacity change from 0 to 512
[  299.631528][   T28] audit: type=1400 audit(1732979017.428:184): avc:  denied  { read } for  pid=3981 comm="syz.1.749" name="binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  299.658261][   T28] audit: type=1400 audit(1732979017.428:185): avc:  denied  { open } for  pid=3981 comm="syz.1.749" path="/dev/binderfs/binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  299.701460][ T3982] EXT4-fs error (device loop1): ext4_orphan_get:1400: inode #15: comm syz.1.749: casefold flag without casefold feature
[  299.724164][ T3982] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.749: couldn't read orphan inode 15 (err -117)
[  299.736487][ T3982] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  300.050653][   T19] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 14 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  300.082393][  T290] EXT4-fs (loop1): unmounting filesystem.
[  301.358363][ T4015] overlayfs: missing 'lowerdir'
[  301.460409][  T293] EXT4-fs (loop3): unmounting filesystem.
[  301.552492][   T28] audit: type=1400 audit(1732979019.408:186): avc:  denied  { write } for  pid=4020 comm="syz.3.756" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  301.592905][   T28] audit: type=1400 audit(1732979019.408:187): avc:  denied  { nlmsg_write } for  pid=4020 comm="syz.3.756" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  301.750427][ T4026] overlayfs: missing 'lowerdir'
[  302.090036][  T497] usb 3-1: USB disconnect, device number 14
[  302.110967][  T497] usblp0: removed
[  302.213573][ T4035] loop2: detected capacity change from 0 to 1024
[  302.221515][ T4032] incfs: Backing dir is not set, filesystem can't be mounted.
[  302.228947][ T4032] incfs: mount failed -2
[  302.233704][ T4032] xt_hashlimit: size too large, truncated to 1048576
[  302.248256][ T4035] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  302.299535][ T4035] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  302.457783][ T4038] loop1: detected capacity change from 0 to 40427
[  302.486847][ T4038] F2FS-fs (loop1): Invalid Fs Meta Ino: node(0) meta(2) root(0)
[  302.498594][ T4038] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  302.512742][ T4038] F2FS-fs (loop1): invalid crc value
[  302.572993][ T4038] F2FS-fs (loop1): Found nat_bits in checkpoint
[  302.623592][ T4046] loop0: detected capacity change from 0 to 512
[  302.630792][ T4046] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  302.659568][ T4046] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  302.668344][ T4046] ext4 filesystem being mounted at /160/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  302.695446][ T4038] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  302.702533][ T4038] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  302.732746][   T28] audit: type=1400 audit(1732979020.588:188): avc:  denied  { ioctl } for  pid=4037 comm="syz.1.760" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=24470 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  303.028413][  T292] EXT4-fs (loop0): unmounting filesystem.
[  303.038533][   T28] audit: type=1400 audit(1732979020.898:189): avc:  denied  { create } for  pid=4053 comm="syz.3.762" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  303.086081][   T28] audit: type=1400 audit(1732979020.938:190): avc:  denied  { getopt } for  pid=4053 comm="syz.3.762" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  303.253466][ T4065] overlayfs: missing 'lowerdir'
[  304.341255][  T294] EXT4-fs (loop2): unmounting filesystem.
[  305.317669][   T19] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  305.767700][   T19] usb 3-1: Using ep0 maxpacket: 32
[  305.774968][   T19] usb 3-1: config index 0 descriptor too short (expected 29220, got 36)
[  305.797210][   T19] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  305.805949][   T19] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81
[  305.821720][   T19] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  305.831789][   T19] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  305.846624][   T19] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  305.859689][   T19] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  305.870523][   T19] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  305.881234][ T4105] loop1: detected capacity change from 0 to 512
[  305.887819][ T4105] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  305.898885][   T19] usb 3-1: config 0 descriptor??
[  305.910719][ T4105] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  305.919573][ T4105] ext4 filesystem being mounted at /149/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  305.946952][  T290] EXT4-fs (loop1): unmounting filesystem.
[  305.979067][ T4112] loop1: detected capacity change from 0 to 1024
[  305.987190][ T4112] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  306.008687][ T4112] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  306.150046][   T19] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 15 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  306.394081][ T4119] overlayfs: missing 'lowerdir'
[  306.512210][  T497] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  306.867718][  T497] usb 1-1: Using ep0 maxpacket: 32
[  306.874688][  T497] usb 1-1: config index 0 descriptor too short (expected 29220, got 36)
[  307.223981][  T497] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  307.232567][  T497] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81
[  307.244632][  T497] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  307.254607][  T497] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  307.258318][ T4133] loop4: detected capacity change from 0 to 1024
[  307.264286][  T497] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  307.283129][  T497] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  307.292035][  T497] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  307.293855][ T4133] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  307.306394][  T497] usb 1-1: config 0 descriptor??
[  307.336275][ T4133] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  307.417167][  T290] EXT4-fs (loop1): unmounting filesystem.
[  308.264272][  T291] EXT4-fs (loop4): unmounting filesystem.
[  308.290016][ T4146] loop3: detected capacity change from 0 to 256
[  308.327806][   T19] usb 3-1: USB disconnect, device number 15
[  308.336072][ T4146] overlayfs: missing 'lowerdir'
[  308.342754][   T28] audit: type=1400 audit(1732979026.198:191): avc:  denied  { name_bind } for  pid=4147 comm="syz.4.782" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[  308.400775][   T19] usblp0: removed
[  308.452769][ T4160] loop2: detected capacity change from 0 to 512
[  308.462648][ T4160] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  308.479142][ T4160] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  308.488192][ T4160] ext4 filesystem being mounted at /154/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  308.523861][  T294] EXT4-fs (loop2): unmounting filesystem.
[  308.868142][    T6] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  309.047665][    T6] usb 4-1: Using ep0 maxpacket: 16
[  309.053863][    T6] usb 4-1: config 0 has no interfaces?
[  309.060588][    T6] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  309.069504][    T6] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  309.077271][    T6] usb 4-1: Product: syz
[  309.081350][    T6] usb 4-1: Manufacturer: syz
[  309.085778][    T6] usb 4-1: SerialNumber: syz
[  309.091020][    T6] r8152-cfgselector 4-1: config 0 descriptor??
[  309.587485][ T4146] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  309.721426][ T4146] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  310.747216][  T497] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 15 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  310.769232][ T3835] usb 4-1: config 0 descriptor??
[  311.222433][  T497] usb 1-1: USB disconnect, device number 15
[  311.231819][ T4190] loop4: detected capacity change from 0 to 1024
[  311.235051][   T28] audit: type=1400 audit(1732979029.088:192): avc:  denied  { create } for  pid=4192 comm="syz.0.794" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  311.238260][  T497] usblp0: removed
[  311.327832][ T4190] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  311.406661][ T4190] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  311.971486][ T4209] loop2: detected capacity change from 0 to 256
[  311.977951][ T4209] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  311.994456][ T4209] FAT-fs (loop2): Directory bread(block 64) failed
[  312.000920][ T4209] FAT-fs (loop2): Directory bread(block 65) failed
[  312.007300][ T4209] FAT-fs (loop2): Directory bread(block 66) failed
[  312.013656][ T4209] FAT-fs (loop2): Directory bread(block 67) failed
[  312.019952][ T4209] FAT-fs (loop2): Directory bread(block 68) failed
[  312.026274][ T4209] FAT-fs (loop2): Directory bread(block 69) failed
[  312.032638][ T4209] FAT-fs (loop2): Directory bread(block 70) failed
[  312.038947][ T4209] FAT-fs (loop2): Directory bread(block 71) failed
[  312.045282][ T4209] FAT-fs (loop2): Directory bread(block 72) failed
[  312.051625][ T4209] FAT-fs (loop2): Directory bread(block 73) failed
[  312.091103][   T28] audit: type=1400 audit(1732979029.948:193): avc:  denied  { mount } for  pid=4208 comm="syz.2.797" name="/" dev="loop2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[  312.113008][   T28] audit: type=1400 audit(1732979029.968:194): avc:  denied  { create } for  pid=4208 comm="syz.2.797" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  312.142416][  T291] EXT4-fs (loop4): unmounting filesystem.
[  312.189743][ T4213] loop0: detected capacity change from 0 to 128
[  312.197866][ T4213] EXT4-fs (loop0): Test dummy encryption mode enabled
[  312.206217][ T4215] syz.4.798[4215] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  312.206287][ T4215] syz.4.798[4215] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  312.217714][   T28] audit: type=1400 audit(1732979030.068:195): avc:  denied  { create } for  pid=4216 comm="syz.1.800" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  312.253295][ T4213] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  312.262467][ T4213] ext4 filesystem being mounted at /165/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  312.321473][   T28] audit: type=1400 audit(1732979030.158:196): avc:  denied  { unmount } for  pid=294 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[  312.383367][    T6] usb 4-1: USB disconnect, device number 13
[  312.401488][ T4227] loop3: detected capacity change from 0 to 1024
[  312.408590][ T4227] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  312.428898][ T4227] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  313.353331][ T4238] FAULT_INJECTION: forcing a failure.
[  313.353331][ T4238] name failslab, interval 1, probability 0, space 0, times 0
[  313.390510][ T4243] loop1: detected capacity change from 0 to 512
[  313.407073][ T4238] CPU: 0 PID: 4238 Comm: syz.2.804 Not tainted 6.1.115-syzkaller-00041-ga887a44ace2a #0
[  313.416607][ T4238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  313.426501][ T4238] Call Trace:
[  313.429623][ T4238]  <TASK>
[  313.432403][ T4238]  dump_stack_lvl+0x151/0x1b7
[  313.436924][ T4238]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[  313.442211][ T4238]  dump_stack+0x15/0x19
[  313.446200][ T4238]  should_fail_ex+0x3d0/0x520
[  313.450714][ T4238]  __should_failslab+0xaf/0xf0
[  313.455315][ T4238]  ? selinux_sk_alloc_security+0x7d/0x1a0
[  313.460869][ T4238]  should_failslab+0x9/0x20
[  313.465209][ T4238]  __kmem_cache_alloc_node+0x3d/0x2a0
[  313.470415][ T4238]  ? __kasan_slab_alloc+0x6c/0x80
[  313.475274][ T4238]  ? selinux_sk_alloc_security+0x7d/0x1a0
[  313.480830][ T4238]  kmalloc_trace+0x2a/0xa0
[  313.485087][ T4238]  selinux_sk_alloc_security+0x7d/0x1a0
[  313.490466][ T4238]  security_sk_alloc+0x72/0xb0
[  313.495064][ T4238]  sk_prot_alloc+0x114/0x330
[  313.499492][ T4238]  sk_alloc+0x38/0x440
[  313.503582][ T4238]  ? security_inode_alloc+0x29/0x120
[  313.508716][ T4238]  tipc_sk_create+0x103/0x1ac0
[  313.513306][ T4238]  ? __kasan_check_write+0x14/0x20
[  313.518250][ T4238]  ? _raw_spin_trylock_bh+0x190/0x190
[  313.523457][ T4238]  ? security_inode_alloc+0xc0/0x120
[  313.528577][ T4238]  ? inode_init_always+0x737/0x970
[  313.533614][ T4238]  __sock_create+0x3be/0x7e0
[  313.538040][ T4238]  __sys_socketpair+0x29f/0x6e0
[  313.542743][ T4238]  ? __ia32_sys_socket+0x90/0x90
[  313.547498][ T4238]  ? __ia32_sys_read+0x90/0x90
[  313.552101][ T4238]  ? debug_smp_processor_id+0x17/0x20
[  313.557304][ T4238]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  313.563220][ T4238]  __x64_sys_socketpair+0x9b/0xb0
[  313.568071][ T4238]  x64_sys_call+0x19b/0x9a0
[  313.572406][ T4238]  do_syscall_64+0x3b/0xb0
[  313.576661][ T4238]  ? clear_bhb_loop+0x55/0xb0
[  313.581174][ T4238]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  313.586902][ T4238] RIP: 0033:0x7f15ff180849
[  313.591156][ T4238] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  313.610597][ T4238] RSP: 002b:00007f1600014058 EFLAGS: 00000246 ORIG_RAX: 0000000000000035
[  313.618858][ T4238] RAX: ffffffffffffffda RBX: 00007f15ff345fa0 RCX: 00007f15ff180849
[  313.626652][ T4238] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 000000000000001e
[  313.634464][ T4238] RBP: 00007f16000140a0 R08: 0000000000000000 R09: 0000000000000000
[  313.642276][ T4238] R10: 0000000020000940 R11: 0000000000000246 R12: 0000000000000001
[  313.650086][ T4238] R13: 0000000000000000 R14: 00007f15ff345fa0 R15: 00007ffef3cb45c8
[  313.657901][ T4238]  </TASK>
[  313.662370][ T4243] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  313.675257][ T4243] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  313.686157][ T4243] EXT4-fs (loop1): 1 truncate cleaned up
[  313.692742][  T292] EXT4-fs (loop0): unmounting filesystem.
[  313.698617][ T4243] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  313.740624][   T28] audit: type=1400 audit(1732979031.598:197): avc:  denied  { append } for  pid=4239 comm="syz.1.805" path="/157/bus/cpuset.effective_cpus" dev="loop1" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  313.774004][ T4252] loop2: detected capacity change from 0 to 1024
[  314.028359][ T4252] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  315.404853][   T28] audit: type=1400 audit(1732979031.958:198): avc:  denied  { read } for  pid=4239 comm="syz.1.805" name="usbmon9" dev="devtmpfs" ino=182 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  315.435116][   T28] audit: type=1400 audit(1732979031.958:199): avc:  denied  { open } for  pid=4239 comm="syz.1.805" path="/dev/usbmon9" dev="devtmpfs" ino=182 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  315.523376][   T28] audit: type=1400 audit(1732979033.258:200): avc:  denied  { validate_trans } for  pid=4239 comm="syz.1.805" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  315.578220][ T4252] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  315.732119][  T290] EXT4-fs (loop1): unmounting filesystem.
[  315.938081][ T4266] loop4: detected capacity change from 0 to 512
[  315.944767][ T4266] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  316.075869][ T4266] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  316.084650][ T4266] ext4 filesystem being mounted at /158/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  316.098012][  T294] EXT4-fs (loop2): unmounting filesystem.
[  316.132063][ T4270] loop1: detected capacity change from 0 to 512
[  316.138793][ T4270] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  316.154102][  T291] EXT4-fs (loop4): unmounting filesystem.
[  316.166469][ T4272] netlink: 'syz.2.813': attribute type 32 has an invalid length.
[  316.175250][ T4270] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  316.184012][ T4270] ext4 filesystem being mounted at /158/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  316.260092][  T293] EXT4-fs (loop3): unmounting filesystem.
[  316.283391][  T290] EXT4-fs (loop1): unmounting filesystem.
[  317.287386][ T4297] netlink: 'syz.4.819': attribute type 32 has an invalid length.
[  317.298335][ T4296] syz.1.817[4296] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  317.298401][ T4296] syz.1.817[4296] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  317.344277][   T28] audit: type=1400 audit(1732979035.168:201): avc:  denied  { ioctl } for  pid=4281 comm="syz.0.818" path="socket:[25726]" dev="sockfs" ino=25726 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  317.485083][ T4305] loop4: detected capacity change from 0 to 256
[  317.504160][ T4305] exfat: Unknown parameter 'um0×P½a000000000'
[  317.864049][ T4305] loop4: detected capacity change from 0 to 2048
[  317.929738][ T4305]  loop4: p2 p3 p7
[  318.262026][  T103]  loop4: p2 p3 p7
[  318.264508][ T4314] loop3: detected capacity change from 0 to 1024
[  318.281148][ T4314] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  318.310244][ T4319] loop1: detected capacity change from 0 to 1024
[  318.319944][ T4314] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  318.321004][ T4319] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  318.437513][ T4319] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  318.475509][ T4329] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  318.708572][   T28] audit: type=1400 audit(1732979036.568:202): avc:  denied  { ioctl } for  pid=4328 comm="syz.4.826" path="socket:[25760]" dev="sockfs" ino=25760 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  318.847671][   T19] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  319.017657][    T6] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  319.037655][   T19] usb 1-1: Using ep0 maxpacket: 32
[  319.044473][   T19] usb 1-1: config index 0 descriptor too short (expected 29220, got 36)
[  319.052673][   T19] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  319.061083][   T19] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81
[  319.069871][   T19] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  319.079315][   T19] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  319.088757][   T19] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  319.106308][   T19] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  319.136397][   T19] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  319.146993][  T293] EXT4-fs (loop3): unmounting filesystem.
[  319.160749][   T19] usb 1-1: config 0 descriptor??
[  319.192511][ T4336] loop3: detected capacity change from 0 to 1024
[  319.211226][ T4336] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  319.222836][    T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  319.237716][    T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  319.249866][    T6] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  319.263116][    T6] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  319.263795][ T4336] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  319.272094][    T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  319.291636][    T6] usb 5-1: config 0 descriptor??
[  319.367030][   T19] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 16 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  319.406115][  T290] EXT4-fs (loop1): unmounting filesystem.
[  319.440670][   T28] audit: type=1400 audit(1732979037.298:203): avc:  denied  { unlink } for  pid=4342 comm="syz.1.829" name="#45" dev="tmpfs" ino=933 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  320.032993][    T6] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  320.042989][    T6] plantronics 0003:047F:FFFF.0007: No inputs registered, leaving
[  320.059894][    T6] plantronics 0003:047F:FFFF.0007: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  320.171152][  T293] EXT4-fs (loop3): unmounting filesystem.
[  320.206560][ T4355] FAULT_INJECTION: forcing a failure.
[  320.206560][ T4355] name failslab, interval 1, probability 0, space 0, times 0
[  320.219344][ T4355] CPU: 1 PID: 4355 Comm: syz.3.831 Not tainted 6.1.115-syzkaller-00041-ga887a44ace2a #0
[  320.228882][ T4355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  320.238776][ T4355] Call Trace:
[  320.241905][ T4355]  <TASK>
[  320.244692][ T4355]  dump_stack_lvl+0x151/0x1b7
[  320.249212][ T4355]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[  320.254487][ T4355]  dump_stack+0x15/0x19
[  320.258476][ T4355]  should_fail_ex+0x3d0/0x520
[  320.263078][ T4355]  ? security_file_alloc+0x29/0x120
[  320.268113][ T4355]  __should_failslab+0xaf/0xf0
[  320.272713][ T4355]  should_failslab+0x9/0x20
[  320.277051][ T4355]  kmem_cache_alloc+0x3b/0x320
[  320.281656][ T4355]  ? __alloc_file+0x29/0x2a0
[  320.286081][ T4355]  security_file_alloc+0x29/0x120
[  320.290941][ T4355]  __alloc_file+0xb2/0x2a0
[  320.295193][ T4355]  alloc_empty_file+0x95/0x180
[  320.299802][ T4355]  path_openat+0xec/0x2d60
[  320.304046][ T4355]  ? kasan_set_track+0x60/0x70
[  320.308646][ T4355]  ? kasan_set_track+0x4b/0x70
[  320.313245][ T4355]  ? kasan_save_alloc_info+0x1f/0x30
[  320.318365][ T4355]  ? __kasan_slab_alloc+0x6c/0x80
[  320.323224][ T4355]  ? slab_post_alloc_hook+0x53/0x2c0
[  320.328345][ T4355]  ? getname_flags+0xba/0x520
[  320.332858][ T4355]  ? getname+0x19/0x20
[  320.336766][ T4355]  ? do_sys_openat2+0xe0/0x870
[  320.341407][ T4355]  ? __x64_sys_openat+0x243/0x290
[  320.346235][ T4355]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  320.352227][ T4355]  ? do_filp_open+0x480/0x480
[  320.356730][ T4355]  do_filp_open+0x230/0x480
[  320.361068][ T4355]  ? vfs_tmpfile+0x480/0x480
[  320.365498][ T4355]  ? alloc_fd+0x4fe/0x5a0
[  320.369663][ T4355]  do_sys_openat2+0x151/0x870
[  320.374172][ T4355]  ? bit_wait_io_timeout+0x120/0x120
[  320.379330][ T4355]  ? __mutex_lock_slowpath+0x10/0x10
[  320.384425][ T4355]  ? do_sys_open+0x220/0x220
[  320.388840][ T4355]  ? fput+0x15b/0x1b0
[  320.392660][ T4355]  ? ksys_write+0x260/0x2c0
[  320.397007][ T4355]  ? __this_cpu_preempt_check+0x13/0x20
[  320.402382][ T4355]  __x64_sys_openat+0x243/0x290
[  320.407068][ T4355]  ? __ia32_sys_open+0x270/0x270
[  320.411841][ T4355]  ? debug_smp_processor_id+0x17/0x20
[  320.417080][ T4355]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  320.422951][ T4355]  ? exit_to_user_mode_prepare+0x39/0xa0
[  320.428419][ T4355]  x64_sys_call+0x6bf/0x9a0
[  320.432756][ T4355]  do_syscall_64+0x3b/0xb0
[  320.437019][ T4355]  ? clear_bhb_loop+0x55/0xb0
[  320.441530][ T4355]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  320.447249][ T4355] RIP: 0033:0x7f3b6b580849
[  320.451504][ T4355] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  320.470946][ T4355] RSP: 002b:00007f3b6c47b058 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  320.479189][ T4355] RAX: ffffffffffffffda RBX: 00007f3b6b745fa0 RCX: 00007f3b6b580849
[  320.487002][ T4355] RDX: 0000000000121042 RSI: 0000000020000040 RDI: ffffffffffffff9c
[  320.494813][ T4355] RBP: 00007f3b6c47b0a0 R08: 0000000000000000 R09: 0000000000000000
[  320.502626][ T4355] R10: 0000000000000018 R11: 0000000000000246 R12: 0000000000000001
[  320.510437][ T4355] R13: 0000000000000000 R14: 00007f3b6b745fa0 R15: 00007ffc582cc8b8
[  320.518262][ T4355]  </TASK>
[  320.581017][ T4358] loop2: detected capacity change from 0 to 512
[  320.596283][ T4364] bridge0: port 1(bridge_slave_0) entered blocking state
[  320.603262][ T4364] bridge0: port 1(bridge_slave_0) entered forwarding state
[  320.610730][   T28] audit: type=1400 audit(1732979038.448:204): avc:  denied  { bind } for  pid=4363 comm="syz.1.835" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  320.617441][ T4358] EXT4-fs: Mount option(s) incompatible with ext3
[  320.637224][  T497] usb 5-1: USB disconnect, device number 16
[  320.648955][   T28] audit: type=1400 audit(1732979038.508:205): avc:  denied  { ioctl } for  pid=4363 comm="syz.1.835" path="socket:[25872]" dev="sockfs" ino=25872 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  320.752246][ T4358] loop2: detected capacity change from 0 to 1024
[  320.788371][ T4358] ext4: Bad value for 'max_batch_time'
[  321.161225][   T28] audit: type=1400 audit(1732979039.018:206): avc:  denied  { setopt } for  pid=4371 comm="syz.2.836" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  321.258415][ T4375] syz.2.837[4375] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  321.258644][ T4375] syz.2.837[4375] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  321.268868][  T497] usb 1-1: USB disconnect, device number 16
[  321.337504][  T497] usblp0: removed
[  321.373050][ T4377] loop4: detected capacity change from 0 to 1024
[  321.473337][ T4383] loop3: detected capacity change from 0 to 1024
[  321.474842][ T4377] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  321.480239][ T4383] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  322.151724][ T4377] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  322.161371][ T4383] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  323.276899][ T4407] loop0: detected capacity change from 0 to 1024
[  323.302877][ T4407] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  323.328819][ T4407] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  323.396968][  T291] EXT4-fs (loop4): unmounting filesystem.
[  323.544301][ T4422] netlink: 4 bytes leftover after parsing attributes in process `syz.4.846'.
[  323.893460][  T293] EXT4-fs (loop3): unmounting filesystem.
[  323.912567][ T4426] device erspan1 entered promiscuous mode
[  324.029988][ T4430] kvm: apic: phys broadcast and lowest prio
[  324.118387][  T292] EXT4-fs (loop0): unmounting filesystem.
[  324.382401][ T4422] syz.4.846 (4422) used greatest stack depth: 21736 bytes left
[  324.413728][   T28] audit: type=1400 audit(1732979042.268:207): avc:  denied  { connect } for  pid=4448 comm="syz.4.853" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  324.444811][   T28] audit: type=1400 audit(1732979042.288:208): avc:  denied  { mount } for  pid=4448 comm="syz.4.853" name="/" dev="configfs" ino=14468 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[  324.477555][   T28] audit: type=1400 audit(1732979042.288:209): avc:  denied  { search } for  pid=4448 comm="syz.4.853" name="/" dev="configfs" ino=14468 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  324.506390][   T28] audit: type=1400 audit(1732979042.288:210): avc:  denied  { read } for  pid=4448 comm="syz.4.853" name="/" dev="configfs" ino=14468 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  324.593583][    T6] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  324.602248][   T28] audit: type=1400 audit(1732979042.288:211): avc:  denied  { open } for  pid=4448 comm="syz.4.853" path="/" dev="configfs" ino=14468 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  325.173924][ T4456] tun0: tun_chr_ioctl cmd 1074025677
[  325.195914][ T4456] tun0: linktype set to 825
[  325.436645][   T28] audit: type=1400 audit(1732979043.288:212): avc:  denied  { create } for  pid=4459 comm="syz.0.856" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  325.507259][   T28] audit: type=1400 audit(1732979043.318:213): avc:  denied  { setopt } for  pid=4459 comm="syz.0.856" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  325.567497][   T28] audit: type=1400 audit(1732979043.318:214): avc:  denied  { getopt } for  pid=4459 comm="syz.0.856" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  325.807654][    T6] usb 4-1: Using ep0 maxpacket: 32
[  325.813773][    T6] usb 4-1: config index 0 descriptor too short (expected 29220, got 36)
[  325.825072][    T6] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  325.838646][    T6] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81
[  325.854637][    T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  325.864450][    T6] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  325.877287][    T6] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  325.890124][    T6] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  325.898938][    T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  325.907883][    T6] usb 4-1: config 0 descriptor??
[  327.482558][  T497] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  327.635297][ T4482] loop0: detected capacity change from 0 to 1024
[  327.639031][    T6] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 14 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  327.931816][ T4482] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  327.964529][ T4482] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  327.973350][  T497] usb 5-1: Using ep0 maxpacket: 32
[  327.985565][  T497] usb 5-1: config index 0 descriptor too short (expected 29220, got 36)
[  327.994028][  T497] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  328.002987][  T497] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81
[  328.015411][ T4489] loop1: detected capacity change from 0 to 512
[  328.021637][  T497] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  328.021708][  T497] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  328.021758][  T497] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  328.021825][  T497] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  328.021873][  T497] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  328.039104][  T497] usb 5-1: config 0 descriptor??
[  328.052163][ T4489] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  328.123490][ T4489] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  328.136332][ T4489] ext4 filesystem being mounted at /170/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  328.280932][  T497] usblp 5-1:0.0: usblp1: USB Bidirectional printer dev 17 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  328.296925][  T290] EXT4-fs (loop1): unmounting filesystem.
[  328.331446][   T28] audit: type=1400 audit(1732979046.188:215): avc:  denied  { read write } for  pid=4496 comm="syz.1.864" name="event2" dev="devtmpfs" ino=268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  328.355499][   T28] audit: type=1400 audit(1732979046.188:216): avc:  denied  { open } for  pid=4496 comm="syz.1.864" path="/dev/input/event2" dev="devtmpfs" ino=268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  328.410325][   T28] audit: type=1400 audit(1732979046.218:217): avc:  denied  { ioctl } for  pid=4496 comm="syz.1.864" path="/dev/input/event2" dev="devtmpfs" ino=268 ioctlcmd=0x4590 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  328.443428][ T4497] device syzkaller0 entered promiscuous mode
[  328.561828][  T292] EXT4-fs (loop0): unmounting filesystem.
[  328.577216][    C0] usblp0: nonzero read bulk status received: -71
[  328.583830][    T6] usb 4-1: USB disconnect, device number 14
[  328.699756][  T497] usb 5-1: USB disconnect, device number 17
[  328.710401][  T497] usblp1: removed
[  328.719093][ T4509] capability: warning: `syz.1.867' uses deprecated v2 capabilities in a way that may be insecure
[  328.739322][    T6] usblp0: removed
[  328.752205][ T4511] loop0: detected capacity change from 0 to 512
[  328.791579][ T4511] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz.0.869: inode #1: comm syz.0.869: iget: illegal inode #
[  328.805216][ T4511] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.869: error while reading EA inode 1 err=-117
[  328.826518][ T4511] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2809: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  328.839563][ T4511] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz.0.869: inode #1: comm syz.0.869: iget: illegal inode #
[  328.852901][ T4511] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.869: error while reading EA inode 1 err=-117
[  328.865565][ T4511] EXT4-fs (loop0): 1 orphan inode deleted
[  328.871268][ T4511] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  328.888354][   T28] audit: type=1400 audit(1732979046.748:218): avc:  denied  { append } for  pid=4510 comm="syz.0.869" name="001" dev="devtmpfs" ino=178 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  328.914519][  T292] EXT4-fs (loop0): unmounting filesystem.
[  329.357679][    T6] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  329.510940][ T4536] loop1: detected capacity change from 0 to 512
[  329.530951][ T4536] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  329.569157][    T6] usb 4-1: Using ep0 maxpacket: 32
[  329.574424][ T4536] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  329.576635][ T4539] loop2: detected capacity change from 0 to 512
[  329.583297][ T4536] ext4 filesystem being mounted at /174/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  329.655337][    T6] usb 4-1: config index 0 descriptor too short (expected 29220, got 36)
[  329.684342][  T290] EXT4-fs (loop1): unmounting filesystem.
[  329.695678][ T4539] EXT4-fs error (device loop2): ext4_do_update_inode:5226: inode #3: comm syz.2.877: corrupted inode contents
[  329.707488][    T6] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  329.716133][ T4539] EXT4-fs error (device loop2): ext4_dirty_inode:6091: inode #3: comm syz.2.877: mark_inode_dirty error
[  329.716155][    T6] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81
[  329.737960][ T4539] EXT4-fs error (device loop2): ext4_do_update_inode:5226: inode #3: comm syz.2.877: corrupted inode contents
[  329.749801][    T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  329.753871][ T4539] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #3: comm syz.2.877: mark_inode_dirty error
[  329.770470][    T6] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  329.780118][ T4539] __quota_error: 4 callbacks suppressed
[  329.780131][ T4539] Quota error (device loop2): write_blk: dquota write failed
[  329.788179][    T6] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  329.797769][ T4539] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[  329.818926][    T6] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  329.823901][ T4539] EXT4-fs error (device loop2): ext4_acquire_dquot:6788: comm syz.2.877: Failed to acquire dquot type 0
[  329.835007][    T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  329.847505][ T4539] EXT4-fs (loop2): 1 orphan inode deleted
[  329.850310][ T2021] Quota error (device loop2): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  329.853885][ T4539] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  329.865927][    T6] usb 4-1: config 0 descriptor??
[  329.876129][ T2021] EXT4-fs error (device loop2): ext4_release_dquot:6811: comm kworker/u4:7: Failed to release dquot type 1
[  329.887506][ T4539] ext4 filesystem being mounted at /179/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  330.132832][ T4550] loop0: detected capacity change from 0 to 1024
[  330.139731][ T4550] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  330.168942][ T4550] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  330.417959][ T4539] syz.2.877 (4539) used greatest stack depth: 20040 bytes left
[  330.452578][  T294] EXT4-fs (loop2): unmounting filesystem.
[  330.479573][ T4560] loop2: detected capacity change from 0 to 1024
[  330.498818][ T4560] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  330.637697][  T497] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  330.817732][  T497] usb 5-1: Using ep0 maxpacket: 32
[  330.837211][  T497] usb 5-1: config index 0 descriptor too short (expected 29220, got 36)
[  330.876978][  T497] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  330.885795][  T497] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81
[  330.891111][ T4567] loop1: detected capacity change from 0 to 2048
[  330.894863][  T497] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  330.911291][  T497] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  330.920907][  T497] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  330.929791][ T4567] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  330.933814][  T497] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  330.950868][  T497] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  330.951612][ T4567] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  330.959295][  T497] usb 5-1: config 0 descriptor??
[  330.977676][   T28] audit: type=1400 audit(1732979048.808:223): avc:  denied  { read write } for  pid=4566 comm="syz.1.882" name="file1" dev="loop1" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  330.979032][ T4567] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 13 with max blocks 1 with error 28
[  331.012469][ T4567] EXT4-fs (loop1): This should not happen!! Data will be lost
[  331.012469][ T4567] 
[  331.013495][ T4570] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  331.032228][ T4567] EXT4-fs (loop1): Total free blocks count 0
[  331.034273][   T28] audit: type=1400 audit(1732979048.808:224): avc:  denied  { open } for  pid=4566 comm="syz.1.882" path="/176/file0/file1" dev="loop1" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  331.048982][ T4567] EXT4-fs (loop1): Free/Dirty block details
[  331.062843][   T28] audit: type=1400 audit(1732979048.868:225): avc:  denied  { append } for  pid=4566 comm="syz.1.882" name="file1" dev="loop1" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  331.085812][ T4567] EXT4-fs (loop1): free_blocks=2415919104
[  331.091329][ T4570] EXT4-fs (loop1): This should not happen!! Data will be lost
[  331.091329][ T4570] 
[  331.095828][ T4567] EXT4-fs (loop1): dirty_blocks=16
[  331.105357][ T4570] EXT4-fs (loop1): Total free blocks count 0
[  331.116624][  T292] EXT4-fs (loop0): unmounting filesystem.
[  331.189515][  T497] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 18 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  332.143544][  T294] EXT4-fs (loop2): unmounting filesystem.
[  332.172074][ T4585] loop1: detected capacity change from 0 to 1024
[  332.217941][    T6] usblp 4-1:0.0: usblp1: USB Bidirectional printer dev 15 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  332.254604][ T4585] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  332.268094][ T4590] loop2: detected capacity change from 0 to 1024
[  332.275058][    T6] usb 4-1: USB disconnect, device number 15
[  332.303153][    T6] usblp1: removed
[  332.318589][ T4590] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  332.468008][ T4600] FAULT_INJECTION: forcing a failure.
[  332.468008][ T4600] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  332.480995][ T4600] CPU: 1 PID: 4600 Comm: syz.1.885 Not tainted 6.1.115-syzkaller-00041-ga887a44ace2a #0
[  332.490485][ T4600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  332.500385][ T4600] Call Trace:
[  332.503502][ T4600]  <TASK>
[  332.506279][ T4600]  dump_stack_lvl+0x151/0x1b7
[  332.510794][ T4600]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[  332.516085][ T4600]  ? finish_task_switch+0x167/0x7b0
[  332.521120][ T4600]  dump_stack+0x15/0x19
[  332.525109][ T4600]  should_fail_ex+0x3d0/0x520
[  332.529624][ T4600]  should_fail+0xb/0x10
[  332.533624][ T4600]  should_fail_usercopy+0x1a/0x20
[  332.538486][ T4600]  _copy_from_user+0x1e/0xc0
[  332.542906][ T4600]  do_ipv6_setsockopt+0x2a7/0x4190
[  332.547849][ T4600]  ? cpupri_find_fitness+0xf0/0x290
[  332.552885][ T4600]  ? find_lowest_rq+0x181/0x730
[  332.557575][ T4600]  ? sk_dst_reset+0xa0/0xa0
[  332.561912][ T4600]  ? __kasan_check_write+0x14/0x20
[  332.566857][ T4600]  ? __switch_to+0x62c/0x1190
[  332.571634][ T4600]  ? __kasan_check_read+0x11/0x20
[  332.576489][ T4600]  ? __cpupri_find+0x3a/0x210
[  332.581004][ T4600]  ? cpupri_find_fitness+0xf0/0x290
[  332.586039][ T4600]  ? get_push_task+0x180/0x180
[  332.590637][ T4600]  ? find_lowest_rq+0x196/0x730
[  332.595323][ T4600]  ? pick_next_pushable_task+0x210/0x210
[  332.600823][ T4600]  ? __kasan_check_write+0x14/0x20
[  332.605740][ T4600]  ? __switch_to+0x62c/0x1190
[  332.610279][ T4600]  ? find_lock_lowest_rq+0x75/0x480
[  332.615285][ T4600]  ? __kasan_check_write+0x14/0x20
[  332.620233][ T4600]  ? push_rt_task+0x46e/0x5c0
[  332.624756][ T4600]  ? _raw_spin_unlock+0x4c/0x70
[  332.629438][ T4600]  ? finish_task_switch+0x167/0x7b0
[  332.634556][ T4600]  ? requeue_task_rt+0x410/0x410
[  332.639331][ T4600]  ? __schedule+0xcbd/0x1560
[  332.643798][ T4600]  ? __sched_text_start+0x8/0x8
[  332.648444][ T4600]  ? queued_write_lock_slowpath+0x4b0/0x547
[  332.654170][ T4600]  ? __kasan_check_read+0x11/0x20
[  332.659048][ T4600]  ? preempt_schedule_irq+0xe7/0x140
[  332.664152][ T4600]  ? preempt_schedule_notrace+0x140/0x140
[  332.669752][ T4600]  ? selinux_socket_getsockopt+0x340/0x340
[  332.675378][ T4600]  ? __kasan_check_write+0x14/0x20
[  332.680305][ T4600]  ipv6_setsockopt+0x60/0x1a0
[  332.684811][ T4600]  udpv6_setsockopt+0x8c/0xa0
[  332.689325][ T4600]  sock_common_setsockopt+0xa2/0xc0
[  332.694359][ T4600]  ? sock_common_recvmsg+0x240/0x240
[  332.699473][ T4600]  __sys_setsockopt+0x4dc/0x8b0
[  332.704159][ T4600]  ? __ia32_sys_recv+0xb0/0xb0
[  332.708761][ T4600]  ? fpregs_restore_userregs+0x130/0x290
[  332.714226][ T4600]  __x64_sys_setsockopt+0xbf/0xd0
[  332.719088][ T4600]  x64_sys_call+0x1a2/0x9a0
[  332.723435][ T4600]  do_syscall_64+0x3b/0xb0
[  332.727690][ T4600]  ? clear_bhb_loop+0x55/0xb0
[  332.732192][ T4600]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  332.737920][ T4600] RIP: 0033:0x7f247b580849
[  332.742177][ T4600] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  332.761619][ T4600] RSP: 002b:00007f247c42d058 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  332.769866][ T4600] RAX: ffffffffffffffda RBX: 00007f247b746160 RCX: 00007f247b580849
[  332.777676][ T4600] RDX: 000000000000002e RSI: 0000000000000029 RDI: 0000000000000006
[  332.785496][ T4600] RBP: 00007f247c42d0a0 R08: 0000000000000108 R09: 0000000000000000
[  332.793302][ T4600] R10: 0000000020000200 R11: 0000000000000246 R12: 0000000000000001
[  332.801112][ T4600] R13: 0000000000000000 R14: 00007f247b746160 R15: 00007ffc65906af8
[  332.808925][ T4600]  </TASK>
[  333.096355][  T290] EXT4-fs (loop1): unmounting filesystem.
[  333.117491][  T294] EXT4-fs (loop2): unmounting filesystem.
[  333.566302][  T497] usb 5-1: USB disconnect, device number 18
[  333.576677][  T497] usblp0: removed
[  333.626033][   T28] audit: type=1400 audit(1732979051.478:226): avc:  denied  { unmount } for  pid=291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[  333.665393][ T4620] loop4: detected capacity change from 0 to 1024
[  333.682826][ T4620] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  333.729136][ T4620] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  333.806723][   T28] audit: type=1400 audit(1732979051.658:227): avc:  denied  { unmount } for  pid=292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  334.108915][ T4630] loop2: detected capacity change from 0 to 512
[  334.116423][ T4630] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  334.176730][ T4630] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  334.185655][ T4630] ext4 filesystem being mounted at /183/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  334.222251][ T4635] syz.1.899[4635] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  334.222553][ T4635] syz.1.899[4635] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  334.278466][  T294] EXT4-fs (loop2): unmounting filesystem.
[  334.404451][ T4632] bridge0: port 1(bridge_slave_0) entered blocking state
[  334.421425][ T4632] bridge0: port 1(bridge_slave_0) entered disabled state
[  334.428813][ T4632] device bridge_slave_0 entered promiscuous mode
[  334.435534][ T4632] bridge0: port 2(bridge_slave_1) entered blocking state
[  334.442504][ T4632] bridge0: port 2(bridge_slave_1) entered disabled state
[  334.449922][ T4632] device bridge_slave_1 entered promiscuous mode
[  334.498556][ T4402] device bridge_slave_1 left promiscuous mode
[  334.507785][ T4402] bridge0: port 2(bridge_slave_1) entered disabled state
[  334.527985][ T4402] device bridge_slave_0 left promiscuous mode
[  334.545050][ T4402] bridge0: port 1(bridge_slave_0) entered disabled state
[  334.566017][ T4402] device veth1_macvtap left promiscuous mode
[  334.584229][ T4402] device veth0_vlan left promiscuous mode
[  334.613921][ T4639] loop2: detected capacity change from 0 to 40427
[  334.641959][ T4639] F2FS-fs (loop2): Invalid SB checksum offset: 0
[  334.654429][ T4639] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock
[  334.698410][ T4639] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[  334.772273][  T291] EXT4-fs (loop4): unmounting filesystem.
[  334.781753][ T4639] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0
[  334.800148][ T4639] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  334.893602][ T4632] bridge0: port 2(bridge_slave_1) entered blocking state
[  334.900473][ T4632] bridge0: port 2(bridge_slave_1) entered forwarding state
[  334.907543][ T4632] bridge0: port 1(bridge_slave_0) entered blocking state
[  334.914384][ T4632] bridge0: port 1(bridge_slave_0) entered forwarding state
[  334.922509][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[  334.929734][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[  334.989910][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  334.999294][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  335.025113][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  335.043411][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  335.058745][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[  335.065598][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[  335.086990][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  335.106290][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  335.124064][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[  335.130936][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[  335.159386][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  335.173031][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  335.187488][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  335.201447][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  335.204245][ T4664] loop1: detected capacity change from 0 to 256
[  335.223939][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  335.232201][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  335.243427][ T4664] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x4849718e, utbl_chksum : 0xe619d30d)
[  335.244774][ T4632] device veth0_vlan entered promiscuous mode
[  335.261694][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  335.269617][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  335.281842][   T28] audit: type=1400 audit(1732979053.138:228): avc:  denied  { write } for  pid=4663 comm="syz.1.906" name="/" dev="loop1" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  335.283697][ T4632] device veth1_macvtap entered promiscuous mode
[  335.312748][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  335.323247][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  335.329104][   T28] audit: type=1400 audit(1732979053.158:229): avc:  denied  { add_name } for  pid=4663 comm="syz.1.906" name="file2" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  335.333646][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  335.370977][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  335.382109][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  335.382526][   T28] audit: type=1400 audit(1732979053.158:230): avc:  denied  { associate } for  pid=4663 comm="syz.1.906" name="file2" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  335.411435][   T28] audit: type=1400 audit(1732979053.178:231): avc:  denied  { unmount } for  pid=290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  335.416254][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  335.451668][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  335.469062][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  335.477255][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  335.489449][   T28] audit: type=1400 audit(1732979053.348:232): avc:  denied  { mount } for  pid=4632 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  335.520163][   T28] audit: type=1400 audit(1732979053.368:233): avc:  denied  { mounton } for  pid=4632 comm="syz-executor" path="/dev/binderfs" dev="devtmpfs" ino=522 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  335.574619][   T28] audit: type=1400 audit(1732979053.428:234): avc:  denied  { read } for  pid=4675 comm="syz.5.897" name="rtc0" dev="devtmpfs" ino=259 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  335.606706][   T28] audit: type=1400 audit(1732979053.428:235): avc:  denied  { open } for  pid=4675 comm="syz.5.897" path="/dev/rtc0" dev="devtmpfs" ino=259 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  336.179546][   T28] audit: type=1400 audit(1732979053.428:236): avc:  denied  { ioctl } for  pid=4675 comm="syz.5.897" path="/dev/rtc0" dev="devtmpfs" ino=259 ioctlcmd=0x700c scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  336.202688][   T24] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  337.067343][ T4694] loop1: detected capacity change from 0 to 1024
[  337.102496][ T4694] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  337.148892][ T4694] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  337.494818][   T24] usb 3-1: Using ep0 maxpacket: 32
[  337.501449][   T24] usb 3-1: config index 0 descriptor too short (expected 29220, got 36)
[  337.517823][   T24] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  337.522595][   T28] audit: type=1400 audit(1732979055.378:237): avc:  denied  { sqpoll } for  pid=4705 comm="syz.5.914" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  337.526327][   T24] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81
[  337.553963][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  337.563421][   T24] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  337.579629][   T24] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  337.592453][   T24] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  337.601262][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  337.609858][   T24] usb 3-1: config 0 descriptor??
[  337.679546][ T4706] kvm: emulating exchange as write
[  337.817643][ T4704] loop3: detected capacity change from 0 to 40427
[  337.824891][   T24] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 16 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  337.838077][ T4704] F2FS-fs (loop3): Invalid SB checksum offset: 0
[  337.847848][ T4704] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[  337.863635][ T4704] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[  337.895705][ T4704] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[  337.910735][ T4704] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  337.960439][  T290] EXT4-fs (loop1): unmounting filesystem.
[  338.143966][ T4724] syz.1.917[4724] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  338.144065][ T4724] syz.1.917[4724] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  338.245910][ T4727] netlink: 20 bytes leftover after parsing attributes in process `syz.3.918'.
[  338.587718][  T425] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  338.807638][  T425] usb 4-1: Using ep0 maxpacket: 32
[  338.813724][  T425] usb 4-1: config 0 has an invalid interface number: 205 but max is 0
[  338.828971][  T425] usb 4-1: config 0 has no interface number 0
[  338.842533][  T425] usb 4-1: New USB device found, idVendor=0079, idProduct=245b, bcdDevice=85.be
[  338.859648][  T425] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  338.875741][  T425] usb 4-1: Product: syz
[  338.883939][  T425] usb 4-1: Manufacturer: syz
[  338.893665][  T425] usb 4-1: SerialNumber: syz
[  338.899117][  T425] usb 4-1: config 0 descriptor??
[  339.014857][ T4745] loop1: detected capacity change from 0 to 128
[  339.027318][ T4745] EXT4-fs (loop1): Test dummy encryption mode enabled
[  339.036237][ T4745] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  339.045105][ T4745] ext4 filesystem being mounted at /189/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  339.122034][  T425] usb 4-1: USB disconnect, device number 16
[  339.147158][  T311] usb 3-1: USB disconnect, device number 16
[  339.157166][  T311] usblp0: removed
[  339.426011][ T4752] overlayfs: missing 'lowerdir'
[  340.763650][  T290] EXT4-fs (loop1): unmounting filesystem.
[  340.777385][ T4758] loop4: detected capacity change from 0 to 1024
[  340.802132][ T4758] EXT4-fs: Ignoring removed oldalloc option
[  340.819295][ T4758] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  340.834448][   T28] kauditd_printk_skb: 4 callbacks suppressed
[  340.834458][   T28] audit: type=1400 audit(1732979058.688:242): avc:  denied  { ioctl } for  pid=4757 comm="syz.4.925" path="/177/file1/blkio.bfq.idle_time" dev="loop4" ino=18 ioctlcmd=0x587d scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  340.865871][ T4758] EXT4-fs (loop4): shut down requested (0)
[  340.878044][  T291] EXT4-fs (loop4): unmounting filesystem.
[  341.003866][ T4764] loop2: detected capacity change from 0 to 1024
[  341.011186][ T4764] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  341.030633][   T28] audit: type=1326 audit(1732979058.888:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4765 comm="syz.5.928" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f59580849 code=0x7ffc0000
[  341.032658][ T4764] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  341.068437][ T4770] loop4: detected capacity change from 0 to 512
[  341.086474][   T28] audit: type=1326 audit(1732979058.888:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4765 comm="syz.5.928" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f4f59580849 code=0x7ffc0000
[  341.110881][   T28] audit: type=1326 audit(1732979058.888:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4765 comm="syz.5.928" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f59580849 code=0x7ffc0000
[  341.137032][   T28] audit: type=1326 audit(1732979058.888:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4765 comm="syz.5.928" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7f4f59580849 code=0x7ffc0000
[  341.160396][   T28] audit: type=1326 audit(1732979058.888:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4765 comm="syz.5.928" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f59580849 code=0x7ffc0000
[  341.187946][   T28] audit: type=1326 audit(1732979058.888:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4765 comm="syz.5.928" exe="/root/syz-executor" sig=0 arch=c000003e syscall=442 compat=0 ip=0x7f4f59580849 code=0x7ffc0000
[  341.195889][ T4776] loop3: detected capacity change from 0 to 1024
[  341.211009][   T28] audit: type=1326 audit(1732979058.888:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4765 comm="syz.5.928" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f59580849 code=0x7ffc0000
[  341.218202][ T4770] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  341.240143][   T28] audit: type=1326 audit(1732979058.888:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4765 comm="syz.5.928" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f59580849 code=0x7ffc0000
[  341.321160][ T4776] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  341.336024][ T4772] loop5: detected capacity change from 0 to 40427
[  341.342821][ T4770] ext4 filesystem being mounted at /178/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  341.353126][ T4772] F2FS-fs (loop5): Invalid SB checksum offset: 0
[  341.365223][ T4772] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock
[  341.375301][ T4776] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  341.392417][ T4772] F2FS-fs (loop5): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[  341.421593][ T4772] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0
[  341.433317][ T4772] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  341.599283][   T28] audit: type=1400 audit(1732979059.458:251): avc:  denied  { setopt } for  pid=4768 comm="syz.4.926" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  341.895726][  T294] EXT4-fs (loop2): unmounting filesystem.
[  341.907537][  T291] EXT4-fs (loop4): unmounting filesystem.
[  342.729750][ T4809] loop4: detected capacity change from 0 to 512
[  342.742964][ T4809] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  342.836358][ T4809] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  342.845285][ T4809] ext4 filesystem being mounted at /180/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  342.895667][  T293] EXT4-fs (loop3): unmounting filesystem.
[  342.974577][ T1051] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  343.008957][  T291] EXT4-fs (loop4): unmounting filesystem.
[  343.892124][ T1051] usb 2-1: Using ep0 maxpacket: 32
[  344.041484][ T4830] netlink: 20 bytes leftover after parsing attributes in process `syz.2.941'.
[  344.493498][ T1051] usb 2-1: config index 0 descriptor too short (expected 29220, got 36)
[  344.503796][ T1051] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  344.512333][ T1051] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81
[  344.521314][ T1051] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  344.530835][ T1051] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  344.540258][ T1051] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  344.553123][ T1051] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  344.568157][ T1051] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  344.580866][ T1051] usb 2-1: config 0 descriptor??
[  344.605079][ T4847] loop3: detected capacity change from 0 to 1024
[  344.646312][ T4847] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  344.688294][ T4847] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  344.792044][ T1051] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 12 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  344.987860][ T4857] loop5: detected capacity change from 0 to 4096
[  345.017103][ T4857] EXT4-fs: Ignoring removed nomblk_io_submit option
[  345.064783][ T4857] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  345.110549][ T4857] syz.5.946 (pid 4857) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[  345.171193][ T4632] EXT4-fs (loop5): unmounting filesystem.
[  345.227581][ T4865] loop5: detected capacity change from 0 to 1024
[  345.246252][ T4865] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  345.292554][ T4865] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  345.497867][  T311] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  345.544315][ T4872] loop4: detected capacity change from 0 to 512
[  345.556819][ T4872] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  345.626048][  T293] EXT4-fs (loop3): unmounting filesystem.
[  345.652920][ T4872] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  345.677651][ T4872] ext4 filesystem being mounted at /183/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  345.677742][  T311] usb 3-1: Using ep0 maxpacket: 32
[  345.725995][  T311] usb 3-1: config index 0 descriptor too short (expected 29220, got 36)
[  345.733546][ T4879] xt_CT: You must specify a L4 protocol and not use inversions on it
[  345.739086][  T311] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  345.753227][  T291] EXT4-fs (loop4): unmounting filesystem.
[  345.757851][  T311] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81
[  345.767924][  T311] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  345.777523][  T311] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  345.787025][  T311] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  345.805963][ T4881] loop3: detected capacity change from 0 to 1024
[  345.816395][  T311] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  345.825723][  T311] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  345.835877][ T4881] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  345.857665][  T311] usb 3-1: config 0 descriptor??
[  345.869655][   T28] kauditd_printk_skb: 4 callbacks suppressed
[  345.869669][   T28] audit: type=1400 audit(1732979063.728:256): avc:  denied  { link } for  pid=4880 comm="syz.3.953" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop3" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  345.920493][   T28] audit: type=1400 audit(1732979063.778:257): avc:  denied  { rename } for  pid=4880 comm="syz.3.953" name="file1" dev="loop3" ino=20 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[  345.948598][ T4884] loop4: detected capacity change from 0 to 128
[  345.980622][  T293] EXT4-fs (loop3): unmounting filesystem.
[  345.988396][ T4884] EXT4-fs (loop4): Test dummy encryption mode enabled
[  346.005320][ T4884] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  346.013959][ T4884] ext4 filesystem being mounted at /184/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  346.208311][  T425] usb 2-1: USB disconnect, device number 12
[  346.300724][  T425] usblp0: removed
[  346.388659][ T4894] overlayfs: missing 'lowerdir'
[  347.222408][  T291] EXT4-fs (loop4): unmounting filesystem.
[  347.237466][ T4632] EXT4-fs (loop5): unmounting filesystem.
[  347.266621][ T4909] loop4: detected capacity change from 0 to 1024
[  347.275230][ T4909] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  347.288659][ T4909] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  347.527650][   T24] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  347.677648][   T24] usb 6-1: device descriptor read/64, error -71
[  347.947644][   T24] usb 6-1: device descriptor read/64, error -71
[  348.128024][ T4923] loop3: detected capacity change from 0 to 512
[  348.170574][ T4923] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  348.217853][   T24] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  348.228812][  T311] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 17 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  348.284119][ T4923] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  348.294054][ T4923] ext4 filesystem being mounted at /190/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  348.296575][  T311] usb 3-1: USB disconnect, device number 17
[  348.347401][  T311] usblp0: removed
[  348.352829][  T293] EXT4-fs (loop3): unmounting filesystem.
[  348.359890][  T291] EXT4-fs (loop4): unmounting filesystem.
[  348.467945][   T24] usb 6-1: device descriptor read/64, error -71
[  349.117704][   T24] usb 6-1: device descriptor read/64, error -71
[  349.141075][ T4942] FAULT_INJECTION: forcing a failure.
[  349.141075][ T4942] name failslab, interval 1, probability 0, space 0, times 0
[  349.154038][ T4942] CPU: 1 PID: 4942 Comm: syz.1.968 Not tainted 6.1.115-syzkaller-00041-ga887a44ace2a #0
[  349.163669][ T4942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  349.173562][ T4942] Call Trace:
[  349.176688][ T4942]  <TASK>
[  349.179469][ T4942]  dump_stack_lvl+0x151/0x1b7
[  349.183989][ T4942]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[  349.189274][ T4942]  dump_stack+0x15/0x19
[  349.193266][ T4942]  should_fail_ex+0x3d0/0x520
[  349.197781][ T4942]  __should_failslab+0xaf/0xf0
[  349.202389][ T4942]  ? alloc_async+0x51/0xc0
[  349.206630][ T4942]  should_failslab+0x9/0x20
[  349.210983][ T4942]  __kmem_cache_alloc_node+0x3d/0x2a0
[  349.216182][ T4942]  ? alloc_async+0x51/0xc0
[  349.220494][ T4942]  kmalloc_trace+0x2a/0xa0
[  349.224686][ T4942]  alloc_async+0x51/0xc0
[  349.228765][ T4942]  proc_do_submiturb+0xda7/0x3690
[  349.233643][ T4942]  usbdev_ioctl+0x2f36/0x5f90
[  349.238156][ T4942]  ? bpf_trace_run3+0x2e0/0x2e0
[  349.242828][ T4942]  ? usbdev_poll+0x200/0x200
[  349.247252][ T4942]  ? bpf_ringbuf_notify+0x30/0x30
[  349.252114][ T4942]  ? cpudl_cleanup+0x40/0x40
[  349.256538][ T4942]  ? __kasan_check_write+0x14/0x20
[  349.261482][ T4942]  ? __switch_to+0x62c/0x1190
[  349.265995][ T4942]  ? bpf_ringbuf_output+0x179/0x1f0
[  349.271031][ T4942]  ? __kasan_check_write+0x14/0x20
[  349.275976][ T4942]  ? _raw_spin_lock_irqsave+0xf9/0x210
[  349.281274][ T4942]  ? compat_start_thread+0x20/0x20
[  349.286218][ T4942]  ? _raw_spin_lock+0x1b0/0x1b0
[  349.290908][ T4942]  ? __kasan_check_write+0x14/0x20
[  349.295867][ T4942]  ? _raw_spin_unlock_irqrestore+0x5b/0x80
[  349.301527][ T4942]  ? __bpf_ringbuf_reserve+0x478/0x520
[  349.306792][ T4942]  ? bpf_ringbuf_notify+0x30/0x30
[  349.311650][ T4942]  ? cpudl_cleanup+0x40/0x40
[  349.316089][ T4942]  ? do_vfs_ioctl+0xba7/0x29a0
[  349.320677][ T4942]  ? bpf_ringbuf_output+0x179/0x1f0
[  349.325719][ T4942]  ? __x64_compat_sys_ioctl+0x90/0x90
[  349.330922][ T4942]  ? native_set_ldt+0x130/0x130
[  349.335605][ T4942]  ? __this_cpu_preempt_check+0x13/0x20
[  349.340988][ T4942]  ? tracing_record_taskinfo_sched_switch+0x84/0x390
[  349.347497][ T4942]  ? probe_sched_switch+0x60/0x80
[  349.352358][ T4942]  ? _raw_spin_unlock+0x4c/0x70
[  349.357045][ T4942]  ? finish_task_switch+0x167/0x7b0
[  349.362096][ T4942]  ? __schedule+0xcbd/0x1560
[  349.366507][ T4942]  ? __sched_text_start+0x8/0x8
[  349.371193][ T4942]  ? __kasan_check_read+0x11/0x20
[  349.376047][ T4942]  ? preempt_schedule_irq+0xe7/0x140
[  349.381182][ T4942]  ? preempt_schedule_notrace+0x140/0x140
[  349.386725][ T4942]  ? selinux_file_ioctl+0x3cc/0x540
[  349.391762][ T4942]  ? selinux_file_alloc_security+0x120/0x120
[  349.397575][ T4942]  ? raw_irqentry_exit_cond_resched+0x2a/0x30
[  349.403475][ T4942]  ? irqentry_exit+0x30/0x40
[  349.407904][ T4942]  ? sysvec_reschedule_ipi+0x8f/0x170
[  349.413110][ T4942]  ? asm_sysvec_reschedule_ipi+0x1b/0x20
[  349.418583][ T4942]  ? usbdev_poll+0x200/0x200
[  349.423007][ T4942]  __se_sys_ioctl+0x114/0x190
[  349.427520][ T4942]  __x64_sys_ioctl+0x7b/0x90
[  349.431955][ T4942]  x64_sys_call+0x98/0x9a0
[  349.436196][ T4942]  do_syscall_64+0x3b/0xb0
[  349.440448][ T4942]  ? clear_bhb_loop+0x55/0xb0
[  349.444962][ T4942]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  349.450693][ T4942] RIP: 0033:0x7f247b580849
[  349.454947][ T4942] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  349.474389][ T4942] RSP: 002b:00007f247c46f058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  349.482640][ T4942] RAX: ffffffffffffffda RBX: 00007f247b745fa0 RCX: 00007f247b580849
[  349.490440][ T4942] RDX: 0000000020000000 RSI: 00000000802c550a RDI: 0000000000000003
[  349.498256][ T4942] RBP: 00007f247c46f0a0 R08: 0000000000000000 R09: 0000000000000000
[  349.506064][ T4942] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  349.513876][ T4942] R13: 0000000000000000 R14: 00007f247b745fa0 R15: 00007ffc65906af8
[  349.521725][ T4942]  </TASK>
[  349.642956][   T24] usb usb6-port1: attempt power cycle
[  349.707214][ T4948] loop1: detected capacity change from 0 to 1024
[  349.716639][ T4948] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  349.718911][  T311] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  349.748674][ T4948] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  349.789691][ T4954] kvm: apic: phys broadcast and lowest prio
[  349.856490][ T4958] loop4: detected capacity change from 0 to 1024
[  349.875524][ T4958] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  349.907637][  T311] usb 3-1: Using ep0 maxpacket: 32
[  349.908288][ T4958] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  349.913707][  T311] usb 3-1: config index 0 descriptor too short (expected 29220, got 36)
[  350.016042][  T311] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  350.039585][  T311] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81
[  350.057696][   T24] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  350.088841][  T311] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  350.141458][   T24] usb 6-1: device descriptor read/8, error -71
[  350.194758][  T311] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  350.298027][   T24] usb 6-1: device descriptor read/8, error -71
[  350.309494][  T311] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  350.323508][  T311] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  350.332820][  T311] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  350.345928][  T311] usb 3-1: config 0 descriptor??
[  350.552583][  T311] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 18 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  350.711943][  T291] EXT4-fs (loop4): unmounting filesystem.
[  351.310932][ T4980] overlayfs: missing 'lowerdir'
[  351.479555][  T290] EXT4-fs (loop1): unmounting filesystem.
[  351.514085][ T4984] loop1: detected capacity change from 0 to 1024
[  351.520855][ T4984] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  351.540694][ T4984] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  351.834131][   T24] usb 3-1: USB disconnect, device number 18
[  351.842917][   T24] usblp0: removed
[  351.889755][   T28] audit: type=1400 audit(1732979069.748:258): avc:  denied  { bind } for  pid=4997 comm="syz.2.981" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  351.909069][   T28] audit: type=1400 audit(1732979069.748:259): avc:  denied  { listen } for  pid=4997 comm="syz.2.981" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  351.928573][   T28] audit: type=1400 audit(1732979069.768:260): avc:  denied  { connect } for  pid=4997 comm="syz.2.981" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  351.957774][    T6] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  351.961552][ T5000] syz.2.982[5000] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  351.965328][ T5000] syz.2.982[5000] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  352.022979][ T5002] loop5: detected capacity change from 0 to 256
[  352.040441][ T5002] exfat: Deprecated parameter 'utf8'
[  352.046270][ T5002] exfat: Deprecated parameter 'utf8'
[  352.051682][ T5002] exfat: Deprecated parameter 'namecase'
[  352.060398][ T5002] exfat: Deprecated parameter 'utf8'
[  352.068135][ T5002] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d)
[  352.147631][    T6] usb 5-1: Using ep0 maxpacket: 32
[  352.153929][    T6] usb 5-1: config index 0 descriptor too short (expected 29220, got 36)
[  352.169359][    T6] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  352.184364][    T6] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81
[  352.196290][    T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  352.210450][    T6] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  352.221698][    T6] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  352.234848][    T6] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  352.243945][    T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  352.263206][    T6] usb 5-1: config 0 descriptor??
[  352.281442][   T28] audit: type=1400 audit(1732979070.138:261): avc:  denied  { read write open } for  pid=5001 comm="syz.5.983" path="/14/file1/bus" dev="loop5" ino=1048608 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  352.312050][   T28] audit: type=1400 audit(1732979070.168:262): avc:  denied  { append } for  pid=5001 comm="syz.5.983" path="/14/file1/blkio.bfq.idle_time" dev="loop5" ino=1048609 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  352.337391][   T28] audit: type=1400 audit(1732979070.168:263): avc:  denied  { ioctl } for  pid=5001 comm="syz.5.983" path="/14/file1/blkio.bfq.idle_time" dev="loop5" ino=1048609 ioctlcmd=0xf509 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  352.423255][ T5013] loop5: detected capacity change from 0 to 128
[  352.434852][  T290] EXT4-fs (loop1): unmounting filesystem.
[  352.441168][ T5013] EXT4-fs (loop5): Test dummy encryption mode enabled
[  352.449622][ T5013] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  352.458273][ T5013] ext4 filesystem being mounted at /15/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  353.000092][ T5023] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  353.008830][ T5023] overlayfs: missing 'lowerdir'
[  353.379184][ T5025] loop3: detected capacity change from 0 to 1024
[  353.385850][ T5025] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  353.409270][ T4632] EXT4-fs (loop5): unmounting filesystem.
[  353.488132][ T5025] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  353.927657][ T1051] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  354.137643][ T1051] usb 2-1: Using ep0 maxpacket: 32
[  354.143935][ T1051] usb 2-1: config index 0 descriptor too short (expected 29220, got 36)
[  354.152161][ T1051] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  354.160574][ T1051] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81
[  354.169302][ T1051] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  354.178771][ T1051] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  354.188227][ T1051] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  354.201000][ T1051] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  354.209860][ T1051] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  354.221647][ T1051] usb 2-1: config 0 descriptor??
[  354.248917][  T293] EXT4-fs (loop3): unmounting filesystem.
[  354.483182][ T5052] overlayfs: missing 'lowerdir'
[  355.465270][ T1051] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 13 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  356.159067][    T6] usblp 5-1:0.0: usblp1: USB Bidirectional printer dev 19 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  356.224395][    T6] usb 5-1: USB disconnect, device number 19
[  356.254337][    T6] usblp1: removed
[  356.432999][   T24] usb 2-1: USB disconnect, device number 13
[  356.445309][   T24] usblp0: removed
[  356.598068][ T5087] loop1: detected capacity change from 0 to 512
[  356.606969][ T5087] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  356.744602][ T5087] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  356.753985][ T5087] ext4 filesystem being mounted at /200/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  356.831747][  T290] EXT4-fs (loop1): unmounting filesystem.
[  356.858280][ T5094] loop1: detected capacity change from 0 to 1024
[  356.865092][ T5094] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  356.883269][ T5094] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  357.021350][ T5099] loop2: detected capacity change from 0 to 1024
[  357.028289][ T5099] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  357.050119][ T5099] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  357.411148][ T5114] overlayfs: missing 'lowerdir'
[  358.350525][  T290] EXT4-fs (loop1): unmounting filesystem.
[  358.411032][ T5122] loop3: detected capacity change from 0 to 256
[  358.417315][ T5122] exfat: Unknown parameter 'um0×P½a000000000'
[  358.541734][  T334] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  358.588361][  T294] EXT4-fs (loop2): unmounting filesystem.
[  358.623019][ T5122] loop3: detected capacity change from 0 to 2048
[  358.721152][ T5122]  loop3: p2 p3 p7
[  358.896058][  T621] udevd[621]: inotify_add_watch(7, /dev/loop3p7, 10) failed: No such file or directory
[  358.896095][  T334] udevd[334]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory
[  358.907447][  T619] udevd[619]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory
[  358.990725][ T5145] loop3: detected capacity change from 0 to 256
[  359.005405][ T5145] exfat: Unknown parameter 'um0×P½a000000000'
[  359.037653][    T6] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  359.227653][    T6] usb 2-1: Using ep0 maxpacket: 32
[  359.233855][    T6] usb 2-1: config index 0 descriptor too short (expected 29220, got 36)
[  359.249432][    T6] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  359.258107][   T60] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  359.274759][    T6] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81
[  359.292883][    T6] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  359.314237][    T6] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  359.333057][    T6] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  359.359225][    T6] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  359.374291][    T6] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  359.392694][    T6] usb 2-1: config 0 descriptor??
[  359.432641][ T5145] loop3: detected capacity change from 0 to 2048
[  359.457662][   T60] usb 5-1: Using ep0 maxpacket: 32
[  359.463829][   T60] usb 5-1: config index 0 descriptor too short (expected 29220, got 36)
[  359.523391][   T60] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  359.535749][ T5145]  loop3: p2 p3 p7
[  359.540679][   T60] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81
[  359.569700][  T103]  loop3: p2 p3 p7
[  359.586911][   T60] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  359.625871][   T60] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  359.635490][   T60] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  359.649311][   T60] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  359.660515][   T60] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  359.672139][   T60] usb 5-1: config 0 descriptor??
[  359.880031][   T60] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 20 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  360.018758][ T5152] loop5: detected capacity change from 0 to 40427
[  360.032685][ T5152] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  360.040462][ T5152] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  360.049343][ T5152] F2FS-fs (loop5): invalid crc value
[  360.055755][ T5152] F2FS-fs (loop5): Found nat_bits in checkpoint
[  360.156233][ T5152] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  360.163395][ T5152] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  360.374116][   T28] audit: type=1400 audit(1732979078.228:264): avc:  denied  { setopt } for  pid=5159 comm="syz.2.1018" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  360.411955][ T5162] loop2: detected capacity change from 0 to 1024
[  360.422163][ T5162] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  360.494112][ T5162] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  361.156568][  T294] EXT4-fs (loop2): unmounting filesystem.
[  361.551650][ T5187] loop3: detected capacity change from 0 to 1024
[  361.653770][ T5187] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  361.844456][ T5187] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  362.108990][   T24] usb 5-1: USB disconnect, device number 20
[  362.139474][   T24] usblp0: removed
[  362.322751][    T6] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 14 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  362.338458][    T6] usb 2-1: USB disconnect, device number 14
[  362.348583][    T6] usblp0: removed
[  362.434463][   T28] audit: type=1400 audit(1732979080.288:265): avc:  denied  { create } for  pid=5192 comm="syz.4.1024" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  362.465329][   T28] audit: type=1400 audit(1732979080.318:266): avc:  denied  { setopt } for  pid=5192 comm="syz.4.1024" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  362.507646][   T28] audit: type=1400 audit(1732979080.318:267): avc:  denied  { bind } for  pid=5192 comm="syz.4.1024" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  362.556714][   T28] audit: type=1400 audit(1732979080.358:268): avc:  denied  { checkpoint_restore } for  pid=5192 comm="syz.4.1024" capability=40  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  362.660348][   T28] audit: type=1400 audit(1732979080.518:269): avc:  denied  { unmount } for  pid=4632 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[  362.707971][ T5213] loop5: detected capacity change from 0 to 1024
[  362.731233][ T5213] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  362.788277][ T5213] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  363.360381][  T293] EXT4-fs (loop3): unmounting filesystem.
[  363.482561][ T5226] loop1: detected capacity change from 0 to 128
[  363.493789][ T5226] EXT4-fs (loop1): Test dummy encryption mode enabled
[  363.509103][ T5226] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  363.520323][ T5226] ext4 filesystem being mounted at /204/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  363.568951][ T4632] EXT4-fs (loop5): unmounting filesystem.
[  363.654474][ T5230] loop5: detected capacity change from 0 to 1024
[  363.681701][ T5230] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  363.711974][ T4632] EXT4-fs (loop5): unmounting filesystem.
[  363.781848][ T5235] overlayfs: missing 'lowerdir'
[  365.341810][  T290] EXT4-fs (loop1): unmounting filesystem.
[  365.420055][ T5251] loop1: detected capacity change from 0 to 256
[  365.438327][ T5251] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fe7f, chksum : 0xa154a131, utbl_chksum : 0xe619d30d)
[  365.935267][   T28] audit: type=1400 audit(1732979083.788:270): avc:  denied  { mounton } for  pid=5250 comm="syz.1.1037" path="/205/file2/file0" dev="loop1" ino=1048610 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  366.055608][    T6] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  366.527233][ T5260] syz.1.1037: attempt to access beyond end of device
[  366.527233][ T5260] loop1: rw=524288, sector=34359738488, nr_sectors = 3 limit=256
[  366.541381][ T5260] syz.1.1037: attempt to access beyond end of device
[  366.541381][ T5260] loop1: rw=0, sector=34359738488, nr_sectors = 3 limit=256
[  366.695480][   T28] audit: type=1400 audit(1732979084.548:271): avc:  denied  { remove_name } for  pid=290 comm="syz-executor" name=".index" dev="loop1" ino=1048611 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  366.777650][   T28] audit: type=1400 audit(1732979084.578:272): avc:  denied  { rmdir } for  pid=290 comm="syz-executor" name=".index" dev="loop1" ino=1048611 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  366.802244][    T6] usb 4-1: Using ep0 maxpacket: 32
[  366.817129][    T6] usb 4-1: config index 0 descriptor too short (expected 29220, got 36)
[  366.831089][   T28] audit: type=1400 audit(1732979084.578:273): avc:  denied  { unlink } for  pid=290 comm="syz-executor" name="file0" dev="loop1" ino=1048613 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  366.834734][    T6] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  366.879597][ T5272] loop2: detected capacity change from 0 to 256
[  366.890153][   T28] audit: type=1400 audit(1732979084.678:274): avc:  denied  { read } for  pid=5269 comm="syz.2.1040" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  366.891049][    T6] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81
[  366.925280][ T5272] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d)
[  366.942488][    T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  366.952210][    T6] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  366.962277][ T5272] exFAT-fs (loop2): hint_cluster is invalid (1)
[  366.968614][ T5272] exFAT-fs (loop2): error, invalid access to exfat cache (entry 0x00000000)
[  366.977208][    T6] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  366.990148][ T5272] exFAT-fs (loop2): Filesystem has been set read-only
[  366.996795][ T5272] exFAT-fs (loop2): error, failed to bmap (inode : ffff888139905570 iblock : 11, err : -5)
[  367.006707][    T6] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  367.015719][    T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  367.030520][    T6] usb 4-1: config 0 descriptor??
[  367.237183][    T6] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 17 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  367.337684][ T1277] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  367.434812][   T28] audit: type=1400 audit(1732979085.288:275): avc:  denied  { write } for  pid=5277 comm="syz.5.1042" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  367.454130][   T28] audit: type=1400 audit(1732979085.288:276): avc:  denied  { bind } for  pid=5277 comm="syz.5.1042" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  367.473987][   T28] audit: type=1400 audit(1732979085.288:277): avc:  denied  { listen } for  pid=5277 comm="syz.5.1042" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  367.493656][   T28] audit: type=1400 audit(1732979085.288:278): avc:  denied  { accept } for  pid=5277 comm="syz.5.1042" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  367.513255][ T1277] usb 5-1: device descriptor read/64, error -71
[  367.784552][ T5288] overlayfs: missing 'lowerdir'
[  368.340519][ T1277] usb 5-1: device descriptor read/64, error -71
[  368.572648][ T5292] usb 4-1: USB disconnect, device number 17
[  368.593432][ T5292] usblp0: removed
[  368.600099][ T5300] syz.1.1047[5300] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  368.600166][ T5300] syz.1.1047[5300] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  368.615153][ T5302] loop3: detected capacity change from 0 to 512
[  368.633337][ T5302] EXT4-fs: dax option not supported
[  368.657643][ T1277] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  368.678712][   T28] audit: type=1400 audit(1732979086.538:279): avc:  denied  { create } for  pid=5301 comm="syz.3.1048" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  369.004940][ T1277] usb 5-1: device descriptor read/64, error -71
[  370.641883][ T5327] loop5: detected capacity change from 0 to 8192
[  370.730775][ T5327]  loop5: p4
[  370.747773][ T5327] loop5: p4 size 16776960 extends beyond EOD, truncated
[  370.757384][ T5325] loop1: detected capacity change from 0 to 40427
[  370.766933][ T5325] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  370.774527][ T5325] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  370.783461][ T5325] F2FS-fs (loop1): invalid crc value
[  370.789817][ T5325] F2FS-fs (loop1): Found nat_bits in checkpoint
[  370.794254][  T103]  loop5: p4
[  370.799310][  T103] loop5: p4 size 16776960 extends beyond EOD, truncated
[  370.827708][ T1277] usb 5-1: device descriptor read/64, error -71
[  370.848949][ T5325] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  370.851316][  T334] udevd[334]: inotify_add_watch(7, /dev/loop5p4, 10) failed: No such file or directory
[  370.855832][ T5325] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  370.868883][  T334] udevd[334]: inotify_add_watch(7, /dev/loop5p4, 10) failed: No such file or directory
[  370.968748][  T311] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  371.168768][ T1277] usb usb5-port1: attempt power cycle
[  371.228630][  T311] usb 3-1: config 220 has an invalid interface number: 76 but max is 2
[  371.236694][  T311] usb 3-1: config 220 has an invalid descriptor of length 89, skipping remainder of the config
[  371.246872][  T311] usb 3-1: config 220 has no interface number 2
[  371.252978][  T311] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  371.265863][  T311] usb 3-1: config 220 interface 0 has no altsetting 0
[  371.272447][  T311] usb 3-1: config 220 interface 76 has no altsetting 0
[  371.279632][  T311] usb 3-1: config 220 interface 1 has no altsetting 0
[  371.288466][  T311] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  371.297927][  T311] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  371.305753][  T311] usb 3-1: Product: syz
[  371.310476][  T311] usb 3-1: Manufacturer: syz
[  371.314916][  T311] usb 3-1: SerialNumber: syz
[  371.534485][   T24] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  371.534505][ T5350] kernel profiling enabled (shift: 63)
[  371.547196][ T5350] profiling shift: 63 too large
[  371.555316][ T5350] xt_bpf: check failed: parse error
[  371.717670][   T24] usb 6-1: Using ep0 maxpacket: 32
[  371.723664][   T24] usb 6-1: config index 0 descriptor too short (expected 29220, got 36)
[  371.731866][   T24] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  371.740308][   T24] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81
[  371.750083][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  371.759804][   T24] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  371.769314][   T24] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  371.782471][   T24] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  371.791456][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  371.799746][  T311] usb 3-1: selecting invalid altsetting 0
[  371.805300][  T311] usb 3-1: Found UVC 7.01 device syz (8086:0b07)
[  371.807683][ T1277] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  371.811924][   T24] usb 6-1: config 0 descriptor??
[  371.823623][  T311] usb 3-1: No valid video chain found.
[  371.831696][  T311] usb 3-1: USB disconnect, device number 19
[  371.837808][ T5292] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  371.858002][ T1277] usb 5-1: Using ep0 maxpacket: 32
[  371.863932][ T1277] usb 5-1: config 0 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 32, changing to 9
[  371.874762][ T1277] usb 5-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0
[  371.884394][ T1277] usb 5-1: config 0 interface 0 has no altsetting 0
[  371.890864][ T1277] usb 5-1: New USB device found, idVendor=056a, idProduct=00c4, bcdDevice= 0.00
[  371.899660][ T1277] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  371.908082][ T1277] usb 5-1: config 0 descriptor??
[  371.987640][  T321] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  372.028706][ T5292] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  372.030906][   T24] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 6 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  372.037148][ T5292] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  372.057444][ T5292] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  372.066218][ T5292] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  372.079946][ T5292] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  372.088821][ T5292] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  372.096599][ T5292] usb 2-1: Product: syz
[  372.100604][ T5292] usb 2-1: Manufacturer: syz
[  372.106179][ T5292] cdc_wdm: probe of 2-1:1.0 failed with error -22
[  372.197629][  T321] usb 4-1: Using ep0 maxpacket: 32
[  372.203678][  T321] usb 4-1: config index 0 descriptor too short (expected 29220, got 36)
[  372.211833][  T321] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  372.220238][  T321] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81
[  372.229019][  T321] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  372.238461][  T321] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  372.247934][  T321] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  372.260747][  T321] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  372.269689][  T321] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  372.286479][  T321] usb 4-1: config 0 descriptor??
[  372.317904][ T1277] wacom 0003:056A:00C4.0008: unknown main item tag 0x0
[  372.325911][ T1277] wacom 0003:056A:00C4.0008: hidraw0: USB HID v0.00 Device [HID 056a:00c4] on usb-dummy_hcd.4-1/input0
[  372.589008][ T1277] usb 5-1: USB disconnect, device number 23
[  373.496262][ T1277] usb 2-1: USB disconnect, device number 15
[  373.513363][   T28] kauditd_printk_skb: 1 callbacks suppressed
[  373.513375][   T28] audit: type=1400 audit(1732979091.368:281): avc:  denied  { unmount } for  pid=290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  374.982739][   T60] usb 6-1: USB disconnect, device number 6
[  375.005991][  T321] usblp 4-1:0.0: usblp1: USB Bidirectional printer dev 18 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  375.019170][ T5395] loop4: detected capacity change from 0 to 1024
[  375.034744][   T28] audit: type=1400 audit(1732979092.888:282): avc:  denied  { read } for  pid=5398 comm="syz.2.1071" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  375.044922][   T60] usblp0: removed
[  375.059798][  T321] usb 4-1: USB disconnect, device number 18
[  375.078426][  T321] usblp1: removed
[  375.100438][ T5395] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  375.169576][ T5410] loop1: detected capacity change from 0 to 2048
[  375.176317][  T291] EXT4-fs (loop4): unmounting filesystem.
[  375.183343][ T5413] loop5: detected capacity change from 0 to 512
[  375.200706][ T5410] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  375.214237][ T5410] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  375.230625][ T5410] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 23 with error 28
[  375.230819][ T5413] EXT4-fs error (device loop5): ext4_do_update_inode:5226: inode #3: comm syz.5.1077: corrupted inode contents
[  375.254784][ T5410] EXT4-fs (loop1): This should not happen!! Data will be lost
[  375.254784][ T5410] 
[  375.254947][ T5413] EXT4-fs error (device loop5): ext4_dirty_inode:6091: inode #3: comm syz.5.1077: mark_inode_dirty error
[  375.264341][ T5410] EXT4-fs (loop1): Total free blocks count 0
[  375.264358][ T5410] EXT4-fs (loop1): Free/Dirty block details
[  375.264372][ T5410] EXT4-fs (loop1): free_blocks=2415919104
[  375.291565][ T5413] EXT4-fs error (device loop5): ext4_do_update_inode:5226: inode #3: comm syz.5.1077: corrupted inode contents
[  375.293241][ T5410] EXT4-fs (loop1): dirty_blocks=48
[  375.309946][ T5410] EXT4-fs (loop1): Block reservation details
[  375.315750][ T5410] EXT4-fs (loop1): i_reserved_data_blocks=3
[  375.315987][ T5413] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #3: comm syz.5.1077: mark_inode_dirty error
[  375.326590][ T5410] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 32 with error 28
[  375.333267][ T5413] Quota error (device loop5): write_blk: dquota write failed
[  375.351815][ T5413] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota
[  375.353424][  T290] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /215/file1: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=2048 fake=0
[  375.362005][ T5413] EXT4-fs error (device loop5): ext4_acquire_dquot:6788: comm syz.5.1077: Failed to acquire dquot type 0
[  375.397815][ T5413] EXT4-fs (loop5): 1 orphan inode deleted
[  375.403610][ T5413] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  375.413233][ T3344] Quota error (device loop5): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  375.413264][ T5413] ext4 filesystem being mounted at /34/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  375.422942][ T3344] EXT4-fs error (device loop5): ext4_release_dquot:6811: comm kworker/u4:13: Failed to release dquot type 1
[  375.462374][ T4632] EXT4-fs (loop5): unmounting filesystem.
[  375.891526][ T5430] loop3: detected capacity change from 0 to 128
[  375.898237][ T5430] EXT4-fs (loop3): Test dummy encryption mode enabled
[  375.906104][ T5430] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  375.926668][ T5430] ext4 filesystem being mounted at /214/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  375.957188][ T5436] loop2: detected capacity change from 0 to 512
[  375.978474][ T5436] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz.2.1085: inode #1: comm syz.2.1085: iget: illegal inode #
[  376.003643][ T5436] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.1085: error while reading EA inode 1 err=-117
[  376.016156][ T5436] EXT4-fs (loop2): 1 orphan inode deleted
[  376.022126][ T5436] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  376.045456][   T28] audit: type=1400 audit(1732979093.898:283): avc:  denied  { create } for  pid=5435 comm="syz.2.1085" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1
[  376.047323][ T5436] ==================================================================
[  376.095177][ T5436] BUG: KASAN: use-after-free in ext4_insert_dentry+0x389/0x720
[  376.102542][ T5436] Write of size 250 at addr ffff8881357bef18 by task syz.2.1085/5436
[  376.110436][ T5436] 
[  376.112606][ T5436] CPU: 1 PID: 5436 Comm: syz.2.1085 Not tainted 6.1.115-syzkaller-00041-ga887a44ace2a #0
[  376.122240][ T5436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  376.132136][ T5436] Call Trace:
[  376.135266][ T5436]  <TASK>
[  376.138041][ T5436]  dump_stack_lvl+0x151/0x1b7
[  376.142550][ T5436]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[  376.147844][ T5436]  ? _printk+0xd1/0x111
[  376.151838][ T5436]  ? __virt_addr_valid+0x242/0x2f0
[  376.156792][ T5436]  print_report+0x158/0x4e0
[  376.161126][ T5436]  ? __virt_addr_valid+0x242/0x2f0
[  376.166072][ T5436]  ? kasan_addr_to_slab+0xd/0x80
[  376.170854][ T5436]  ? ext4_insert_dentry+0x389/0x720
[  376.175877][ T5436]  kasan_report+0x13c/0x170
[  376.180217][ T5436]  ? ext4_insert_dentry+0x389/0x720
[  376.185264][ T5436]  kasan_check_range+0x294/0x2a0
[  376.190025][ T5436]  ? ext4_insert_dentry+0x389/0x720
[  376.195060][ T5436]  memcpy+0x44/0x70
[  376.198805][ T5436]  ext4_insert_dentry+0x389/0x720
[  376.203664][ T5436]  add_dirent_to_buf+0x38c/0x780
[  376.208437][ T5436]  ? ext4_dx_add_entry+0x1620/0x1620
[  376.213570][ T5436]  ? ext4_handle_dirty_dx_node+0x41c/0x580
[  376.219200][ T5436]  make_indexed_dir+0xf29/0x1590
[  376.223983][ T5436]  ? add_dirent_to_buf+0x780/0x780
[  376.228925][ T5436]  ? add_dirent_to_buf+0x558/0x780
[  376.233871][ T5436]  ? ext4_dx_add_entry+0x1620/0x1620
[  376.239003][ T5436]  ? __kasan_check_read+0x11/0x20
[  376.243883][ T5436]  ? __ext4_read_dirblock+0x56f/0x8e0
[  376.249056][ T5436]  ext4_add_entry+0xbbf/0xed0
[  376.253595][ T5436]  ? ext4_inc_count+0x190/0x190
[  376.258257][ T5436]  ? ext4_init_new_dir+0x515/0x620
[  376.263207][ T5436]  ? ext4_init_dot_dotdot+0x5d0/0x5d0
[  376.268413][ T5436]  ext4_mkdir+0x54f/0xce0
[  376.272584][ T5436]  ? ext4_symlink+0xc10/0xc10
[  376.277090][ T5436]  ? selinux_inode_mkdir+0x22/0x30
[  376.282038][ T5436]  ? security_inode_mkdir+0xbc/0x100
[  376.287157][ T5436]  vfs_mkdir+0x398/0x570
[  376.291238][ T5436]  do_mkdirat+0x1eb/0x450
[  376.295404][ T5436]  ? vfs_mkdir+0x570/0x570
[  376.299657][ T5436]  ? getname_flags+0x1fd/0x520
[  376.304255][ T5436]  __x64_sys_mkdirat+0x89/0xa0
[  376.308866][ T5436]  x64_sys_call+0x6c6/0x9a0
[  376.313195][ T5436]  do_syscall_64+0x3b/0xb0
[  376.317447][ T5436]  ? clear_bhb_loop+0x55/0xb0
[  376.321961][ T5436]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  376.327692][ T5436] RIP: 0033:0x7f15ff180849
[  376.331942][ T5436] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  376.351382][ T5436] RSP: 002b:00007f1600014058 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[  376.359627][ T5436] RAX: ffffffffffffffda RBX: 00007f15ff345fa0 RCX: 00007f15ff180849
[  376.367440][ T5436] RDX: 0000000000000000 RSI: 00000000200005c0 RDI: ffffffffffffff9c
[  376.375251][ T5436] RBP: 00007f15ff1f3986 R08: 0000000000000000 R09: 0000000000000000
[  376.383064][ T5436] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  376.390873][ T5436] R13: 0000000000000000 R14: 00007f15ff345fa0 R15: 00007ffef3cb45c8
[  376.398699][ T5436]  </TASK>
[  376.401549][ T5436] 
[  376.403717][ T5436] The buggy address belongs to the physical page:
[  376.409969][ T5436] page:ffffea0004d5ef80 refcount:3 mapcount:0 mapping:ffff88810054fdd0 index:0x3f pfn:0x1357be
[  376.420124][ T5436] memcg:ffff888113d60000
[  376.424202][ T5436] aops:def_blk_aops ino:700002
[  376.428802][ T5436] flags: 0x420000000000204a(referenced|dirty|workingset|private|zone=1)
[  376.436969][ T5436] raw: 420000000000204a 0000000000000000 dead000000000122 ffff88810054fdd0
[  376.445388][ T5436] raw: 000000000000003f ffff888116d8ba80 00000003ffffffff ffff888113d60000
[  376.453800][ T5436] page dumped because: kasan: bad access detected
[  376.460053][ T5436] page_owner tracks the page as allocated
[  376.465602][ T5436] page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE), pid 5436, tgid 5435 (syz.2.1085), ts 376046809216, free_ts 367413734570
[  376.485744][ T5436]  post_alloc_hook+0x213/0x220
[  376.490337][ T5436]  prep_new_page+0x1b/0x110
[  376.494678][ T5436]  get_page_from_freelist+0x2980/0x2a10
[  376.500061][ T5436]  __alloc_pages+0x234/0x610
[  376.504486][ T5436]  __folio_alloc+0x15/0x40
[  376.508740][ T5436]  __filemap_get_folio+0x827/0xae0
[  376.513689][ T5436]  pagecache_get_page+0x2f/0x110
[  376.518460][ T5436]  __getblk_gfp+0x205/0x7d0
[  376.522799][ T5436]  ext4_getblk+0x2a7/0x7b0
[  376.527053][ T5436]  ext4_bread+0x2f/0x180
[  376.531133][ T5436]  ext4_append+0x31f/0x5b0
[  376.535384][ T5436]  make_indexed_dir+0x518/0x1590
[  376.540159][ T5436]  ext4_add_entry+0xbbf/0xed0
[  376.544672][ T5436]  ext4_mkdir+0x54f/0xce0
[  376.548837][ T5436]  vfs_mkdir+0x398/0x570
[  376.552915][ T5436]  do_mkdirat+0x1eb/0x450
[  376.557082][ T5436] page last free stack trace:
[  376.561613][ T5436]  free_unref_page_prepare+0x83d/0x850
[  376.566889][ T5436]  free_unref_page_list+0xf1/0x7b0
[  376.571837][ T5436]  release_pages+0xf7f/0xfe0
[  376.576262][ T5436]  __pagevec_release+0x84/0x100
[  376.580951][ T5436]  shmem_undo_range+0x5fc/0x1660
[  376.585733][ T5436]  shmem_evict_inode+0x25f/0xa30
[  376.590497][ T5436]  evict+0x529/0x930
[  376.594255][ T5436]  iput+0x616/0x690
[  376.597878][ T5436]  dentry_unlink_inode+0x34e/0x430
[  376.602824][ T5436]  __dentry_kill+0x447/0x650
[  376.607251][ T5436]  dentry_kill+0xc0/0x2a0
[  376.611427][ T5436]  dput+0x40/0x80
[  376.614885][ T5436]  __fput+0x56c/0x870
[  376.618715][ T5436]  ____fput+0x15/0x20
[  376.622523][ T5436]  task_work_run+0x24d/0x2e0
[  376.626949][ T5436]  do_exit+0xbd5/0x2b80
[  376.630962][ T5436] 
[  376.633113][ T5436] Memory state around the buggy address:
[  376.638584][ T5436]  ffff8881357bef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  376.646483][ T5436]  ffff8881357bef80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  376.654380][ T5436] >ffff8881357bf000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  376.662285][ T5436]                    ^
[  376.666190][ T5436]  ffff8881357bf080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  376.674084][ T5436]  ffff8881357bf100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  376.681978][ T5436] ==================================================================
[  376.690012][  T321] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  376.781771][ T5446] overlayfs: missing 'lowerdir'
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  377.031815][ T5436] Disabling lock debugging due to kernel taint
[  377.060567][ T5433] bridge0: port 1(bridge_slave_0) entered blocking state
[  377.067556][ T5433] bridge0: port 1(bridge_slave_0) entered disabled state
[  377.101585][ T5433] device bridge_slave_0 entered promiscuous mode
[  377.124059][  T293] EXT4-fs (loop3): unmounting filesystem.
[  377.218268][  T321] usb 5-1: Using ep0 maxpacket: 32
[  377.224989][ T3344] device bridge_slave_1 left promiscuous mode
[  377.237682][ T3344] bridge0: port 2(bridge_slave_1) entered disabled state
[  377.251175][ T3344] device bridge_slave_0 left promiscuous mode
[  377.257104][ T3344] bridge0: port 1(bridge_slave_0) entered disabled state
[  377.263772][  T321] usb 5-1: device descriptor read/all, error -71
[  377.270742][ T3344] device veth1_macvtap left promiscuous mode
[  377.276544][ T3344] device veth0_vlan left promiscuous mode
[  377.399628][ T5436] EXT4-fs (loop2): unmounting filesystem.
[  378.068445][ T3344] device bridge_slave_0 left promiscuous mode
[  378.074473][ T3344] bridge0: port 1(bridge_slave_0) entered disabled state
[  378.082047][ T3344] device bridge_slave_1 left promiscuous mode
[  378.087972][ T3344] bridge0: port 2(bridge_slave_1) entered disabled state
[  378.095081][ T3344] device bridge_slave_0 left promiscuous mode
[  378.101037][ T3344] bridge0: port 1(bridge_slave_0) entered disabled state
[  378.108539][ T3344] device bridge_slave_1 left promiscuous mode
[  378.114428][ T3344] bridge0: port 2(bridge_slave_1) entered disabled state
[  378.121774][ T3344] device bridge_slave_0 left promiscuous mode
[  378.127712][ T3344] bridge0: port 1(bridge_slave_0) entered disabled state
[  378.135043][ T3344] device bridge_slave_1 left promiscuous mode
[  378.141005][ T3344] bridge0: port 2(bridge_slave_1) entered disabled state
[  378.148465][ T3344] device bridge_slave_0 left promiscuous mode
[  378.154374][ T3344] bridge0: port 1(bridge_slave_0) entered disabled state
[  378.161887][ T3344] device bridge_slave_1 left promiscuous mode
[  378.167798][ T3344] bridge0: port 2(bridge_slave_1) entered disabled state
[  378.174951][ T3344] device bridge_slave_0 left promiscuous mode
[  378.180896][ T3344] bridge0: port 1(bridge_slave_0) entered disabled state
[  378.188834][ T3344] device veth1_macvtap left promiscuous mode
[  378.194640][ T3344] device veth0_vlan left promiscuous mode
[  378.200526][ T3344] device veth1_macvtap left promiscuous mode
[  378.206339][ T3344] device veth0_vlan left promiscuous mode
[  378.212255][ T3344] device veth0_vlan left promiscuous mode
[  378.218089][ T3344] device veth1_macvtap left promiscuous mode
[  378.223886][ T3344] device veth0_vlan left promiscuous mode