last executing test programs:

54.554419052s ago: executing program 4 (id=257):
creat(&(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006380)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x10408, 0x0, 0x0, 0x2}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
dup2(r2, r0)

54.446945813s ago: executing program 4 (id=258):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x80000, 0x0, 0x0, 0x41100}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x43, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
syz_clone3(&(0x7f0000000340)={0x42107480, &(0x7f00000003c0), 0x0, 0x0, {0x19}, 0x0, 0x0, 0x0, 0x0}, 0x58)

52.902821455s ago: executing program 4 (id=262):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='environ\x00')
preadv(r1, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x71}], 0x1, 0xfffffffd, 0x0)

52.60836871s ago: executing program 4 (id=264):
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="1500000065ffff097b00000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000002c00)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_CREATE_OPEN(r2, &(0x7f0000000280)={0xa0, 0x0, 0x0, {{0x20, 0x1, 0x5, 0x6, 0x1000, 0x6, {0x1, 0x0, 0x65cd, 0x0, 0xffffffffffff15ef, 0x9, 0x1, 0x7fff, 0x7, 0x4000, 0xe, 0x0, 0x0, 0x4, 0x10000}}, {0x0, 0x1}}}, 0xa0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
newfstatat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000500), 0x800)

52.403702013s ago: executing program 4 (id=268):
creat(&(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006380)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x10408, 0x0, 0x0, 0x2}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
dup2(r2, r0)

51.836034871s ago: executing program 4 (id=273):
r0 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r0, &(0x7f0000514ff4), 0xc)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0)
ioctl$MON_IOCX_MFETCH(r1, 0xc0109207, &(0x7f0000000180)={0x0, 0x0, 0xfffffffd})
ioctl$MON_IOCH_MFLUSH(r1, 0x9208, 0x0)

51.781591272s ago: executing program 32 (id=273):
r0 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r0, &(0x7f0000514ff4), 0xc)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0)
ioctl$MON_IOCX_MFETCH(r1, 0xc0109207, &(0x7f0000000180)={0x0, 0x0, 0xfffffffd})
ioctl$MON_IOCH_MFLUSH(r1, 0x9208, 0x0)

7.975324585s ago: executing program 2 (id=486):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
socket(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b700000000000000"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa70f8231e9c3cebb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
chroot(&(0x7f00000001c0)='./file0\x00')

6.840075021s ago: executing program 2 (id=494):
socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x6a)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000480)='cgroup.threads\x00', 0x2, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x6}]})
ioctl$IOC_PR_RELEASE(0xffffffffffffffff, 0x401070ca, 0x0)
lseek(r1, 0x4, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000300)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
readv(r1, &(0x7f0000000340)=[{&(0x7f0000001740)=""/153, 0x99}], 0x1)

4.594731444s ago: executing program 2 (id=501):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r0}, &(0x7f0000000000), &(0x7f0000000080)=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000040)='sys_enter\x00', r2}, 0x10)
syslog(0x2, &(0x7f0000001940)=""/87, 0x57)

4.380480187s ago: executing program 2 (id=506):
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x1e, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0xfffffffffffffe3c, 0x0, 0x40f00, 0xaf, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7ffd}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x10)
syz_mount_image$fuse(0x0, &(0x7f0000000580)='./file0\x00', 0x0, 0x0, 0x8, 0x0, 0x0)
open(&(0x7f00000002c0)='./file0/file0\x00', 0x151a42, 0x0)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000180), 0x0, 0x0)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000002c0)='.\x00', 0x0, 0x0)

4.281688998s ago: executing program 2 (id=508):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000180)='./file0\x00', 0x20044e, &(0x7f00000001c0)={[{@dioread_nolock}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1ff}}, {@data_err_abort}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6}}, {@minixdf}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x3}}]}, 0x3, 0x45a, &(0x7f0000001600)="$eJzs3M9vFFUcAPDvzHYLCNiK+IMfahWNjT9aCqgcPKjRxAMmJnrQY9MWgizU0JoIIQrG4MkYE+/Go/+CJ70Y48nEq94NCTFcAE9rZncGdpfdZVm2LHQ/n2TgvZk3fe/bN2/3zbzdBjCyprJ/kogtEfFXREzUs80Fpur/Xbl0ZuHqpTMLSVSr7/2b1MpdvnRmoShanLc5z0ynEemXSexqU+/KqdPH5iuVpZN5fnb1+MezK6dOv3j0+PyRpSNLJ/YdPHhg/9wrL+97aSBxZm26vPOz5d073v7w23cOfd0Uf0scLTb2WeVUt4PPVKt9/ti709aGdDLWwwm9lGHNlfKuKNfG/0SUGjpmIt76YqiNA9ZUtVqtbu58+GwVWMeSaM4b8jAqijf67P632FonAa+t3fRj6C6+Xr8ByuK+km/1I2OR5mXKLfe3gzQVER+c/e/7bIvuzyEAAAbi52z+80K7+V8aDzeUuz9fG5qMiAciYltEPBgR2yPioYha2Uci4tFbrL91keTG+U96oa/AepTN/17N17aa53/F7C8mS3luay3+cnL4aGVpb/47mY7yhiw/16WOX97885tOxxrnf9mW1V/MBfN2XBjb0HzO4vzq/O3E3OjiuYidY+3iT66tBCQRsSMidvZZx9Hnftzd6djN4+9iAGtI1R8inq33/9loib+QdF+fnN0YlaW9s8VVcaPf/zj/bqf6byv+Acj6/7621/+1+CeTxvXalVuv4/zfX3W8p+n3+h9P3q+lx/N9n86vrp6cixhPDtUb3bh/3/Vzi3xRPot/ek/78b8trv8mdkVEdhE/FhGPR8QTedufjIinImJPl/h/e+Ppj/qPf21l8S/eUv9fT4xH6572idKxX39qqnTyhvivdu//A7XUdL6nl9e/XtrV39UMAAAA9540IrZEks5cS6fpzEz98/LbI9LK8srq84eXPzmxWP+OwGSU0+JJ10TD89C5/La+nj8XEfWPFhTH9+fPjb8rbarlZxaWK4vDDh5G3OYO4z/zT2nYrQPWnO9iwegy/mF0Gf8wuox/GF1txv+mYbQDuPPavf9/PoR2AHdey/i37AcjJB//6bDbAdx5HZ//ree//APUeP4PI2llU9z8S/JdE8VP6vP0dZuI8l3RjNtPVJO2nRtpj6e7Nu7JxHBflwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbl/wAAAP//9vPfmQ==")
creat(&(0x7f0000001cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x100)
symlink(&(0x7f00000006c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', &(0x7f00000005c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1)
creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xec)
creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)

3.887018454s ago: executing program 2 (id=512):
syz_usb_connect(0x2, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000009968810524711004f320102030109021b0001000000000904000001ff01320009050d"], 0x0)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0xfe)
ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc020662a, &(0x7f00000000c0)={0xa, 0x7, 0x7, 0x10001})
r1 = socket(0x1e, 0x4, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001780)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r7, &(0x7f00000001c0)={0x40000000, 0x0, 0x0}, 0x0)
r8 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r8, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x0, 0xfffffffd}, 0x10)
dup3(r8, r1, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x400002, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r9 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000380)={0x0, @private=0xa010101, @broadcast}, 0xc)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000c80)={'lo\x00', <r10=>0x0})
ioctl$sock_inet6_SIOCADDRT(r9, 0x890b, &(0x7f0000000300)={@dev={0xfe, 0x80, '\x00', 0xe}, @dev={0xfe, 0x80, '\x00', 0x2f}, @empty, 0x8, 0x0, 0x0, 0x500, 0x0, 0x4d30356, r10})

3.320027162s ago: executing program 5 (id=517):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x2a08018, &(0x7f0000000080), 0x1, 0x4a3, &(0x7f0000000b80)="$eJzs3E1sVEUcAPD/breFQoGKIvKh1q9I/KC0fMjBi0YTD5qY6AG91VIIUsTQmghpbDUGj4bEOzGeTLx546QXo55MvOrdkBDTC/iRuOa9nVf63W2721X290sWZt7Me2/mzZvuvJn2BdC2+rJ/ShE9EfFLFi7n0RnVlCnLd2t6YviP6YnhUlSrr/1eytNuTk8MF3mL/XpS5EA5ovxxKfYtct6xi5fODo2OjlxI8f7xc+/2j1289PSZc0OnR06PvDN4/PiRwwPPHBs82pB6bsvKuveD8/v3vPTGlVeGT1x564evKkVZ59WjUfqib861nO2xRp+sxbbNCpcqLSwIq9IREVlzdeb9f0d0xO3G2xEvftTSwgFNVa1Wq9tTeHJh8lQVuIOVou6slaYWBNhgxRf9zenuiJgYbsZz8H/ZjedqD0BZvW+lTy2lEuWUp3Pe820jbU7zJiem/rwaeTtsaqvrDwBsvG+y8c9TtfFP8aml9Ma9s/Jtz+eDs60Rd0XEzoi4OyLuiYhdEXne3RFx3yrP3zcvvnD8Wb6+porVKRv/PZvWtuaO/9Lo759qb0eKbYvu6I3O0qkzoyOH0jU5EJ2bsvjAMuf49oWfP10qrS9i97XaUPxqNgbMzl+MBVM5rlc2zd3n5ND40PpqfduND/M5wMmF9b+9cpWF9kTE3jUcPxs3n3niy/1LpfelsW/xWVj/ZTRgnan6ecTjtfafimXqP399sjulHRs82r85RkcO9Rd3xUI//nT51aXOv676N0DW/lsWvf9n6t9bmr1eO7b6c1z+9ZMln2lWrv/M/f9msSW7/7tKr+fhrtqmrztTWlfp5dnb4/2h8fELg8WelZl4/v9AxI2eXRGPLN7/d9Z2ya/EvojIbuL7I+KBiHgwlf2hiHg48kMsZvJWRHz//KNvr6X+5RWuayNk7X9yTvtHmhZYqv1XH+g4+921tdS/Jmv/I3noQNpSz8+/egu4zssHAAAA/xs9USofTPMNPVEuHzwYsTWf291SHj0/Nv7kqfPv/XWy9rvyvdFZLma6avPBtfnQgTQ3XMQH58UPp3njzzq68/iWtPYNtM7W1P+75vX/zG8drS4d0HSVNX8Zb8QSBdBM/l4T2pf+D+1L/4f2VW//rza5HMDGW6z/L/IyEOAOZPwP7avu/v/FqeYWBNhwvv+hfen/0JbW83f9d26gNxpynMkGX96uBhynNFX/yxGWDUQ5D1QnW9hef6fXsNSXuXnlKd6WsXLm4j0lrb7DVw607mcSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAI/0bAAD//zpT4NQ=")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10)
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000240)=@base={0xe, 0x4, 0x70be, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x50)

3.174088504s ago: executing program 0 (id=519):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="09000000040000"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000020001801000020646c2100000000002020007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$selinux_access(r2, &(0x7f0000000100)={'system_u:object_r:klogd_var_run_t:s0', 0x20, '/usr/lib/telepathy/mission-control-5', 0x20, 0x2}, 0x5f)

3.157222515s ago: executing program 0 (id=520):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x3000000, &(0x7f0000000180), 0x1, 0x512, &(0x7f0000000c40)="$eJzs3W1rZFcdAPD/vcmk2d3UTFVkLdgWW9ktujNJY9so0lYQfVVQ6/s1JpMQMsmEzKRuQtEsfgBBRAU/gG8EP4Ag+xFEWND3oqKI7upL3St35kbzMJMMySSzTn4/OJlz7sP5n3PJ3LkPh3sDuLJeioh3ImIsIl6NiOlielqk2OukfLnHjz5YzFMSWfbe35JIimn7deXl8Yi4Uaw2GRFf/0rEt5LjcZs7u2sL9XptqyhXW+ub1ebO7p3V9YWV2kptY25u9o35N+dfn5/JCufqZzki3vrSn370/Z99+a1ffebbv7/7l9vfyZv1hY912h0Ri+cK0EOn7lJ7W+zLt9HWRQQbkrw/pbFhtwIAgH7kx/gfjohPto//p2OsfTQHAAAAjJLs7an4VxKRAQAAACMrjYipSNJKMRZgKtK0UumM4f1oXE/rjWbr08uN7Y2lfF5EOUrp8mq9NlOMFS5HKcnLs8UY2/3ya0fKcxHxXET8cPpau1xZbNSXhn3xAwAAAK6IGy8ePv//53TazgMAAAAjptyzAAAAAIwKp/wAAAAw+pz/AwAAwEj76rvv5inbf4/30vs722uN9+8s1ZprlfXtxcpiY2uzstJorLSf2bd+Wn31RmPzs7Gxfa/aqjVb1ebO7t31xvZG6+7qoVdgAwAAAJfouRcf/C6JiL3PX2unKJ4DCHDIH4fdAGCQxobdAGBoxofdAGBoSqcuYQ8Boy45Zf7xwTuda4Xx64tpDwAAMHi3Pn78/v9EMe/0awPA/zNjfQDg6nF3D66u0llHAN4cdEuAYflQ5+OZXvN7Pryjj/v/nWsMWXamhgEAAAMz1U5JWimO06ciTSuViGfbrwUoJcur9dpMcX7w2+nSM3l5tr1mcuqYYQAAAAAAAAAAAAAAAAAAAAAAAACgI8uSyAAAAICRFpH+OWk/zT/i1vQrU4evDhx569dP3/vxvYVWa2s2YiL5+3Q+aSIiWj8ppr+WeSUAAAAAPAU65+nF5+ywWwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqHn86IPF/XSZcf/6xYgod4s/HpPtz8koRcT1fyQxfmC9JCLGBhB/735E3OwWP4knWZaVi1Z0i3/tguOX25ume/w0Im4MID5cZQ/y/c873b5/abzU/uz+/Rsv0nn13v+l/93/jfXY/zx7pNzL8w9/Ue0Z/37E8+Pd9z/78ZNO/EMh8sLLffbxm9/Y3e0640CV3eIfjFVtrW9Wmzu7d1bXF1ZqK7WNubnZN+bfnH99fqa6vFqvFX+7hvnBJ3755KT+X+8Rv3y4/8e2/yt99T6Lfz+89+gjnUKpW/zbL3f//b3ZI35a/PZ9qsjn82/t5/c6+YNe+PlvXjip/0s9+j95Sv9v99X/+NyrX/veH7rOObY1AIDL0NzZXVuo12tbJ2Qm+1jmkjNvPx3NGGAmno5mDCuTfbfz/3i+es65+rFMdp7Vx2MAzZg49j0di7NWmETs5XX1+Q8JAACMmP8d9J90BwkAAAAAAAAAAAAAAAAAAAC4SGd8LNlkRPS98NGYe8PpKgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAif4TAAD//4RX0Xo=")
r0 = fsopen(0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x5}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r1, <r3=>0xffffffffffffffff}, &(0x7f0000000800), &(0x7f0000000840)=r2}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r4}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r5 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x200)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000580)={0x6, 0x15, &(0x7f0000000340)=@raw=[@map_fd={0x18, 0x3, 0x1, 0x0, r0}, @cb_func={0x18, 0x6, 0x4, 0x0, 0xfffffffffffffffa}, @map_fd={0x18, 0x7, 0x1, 0x0, r3}, @map_val={0x18, 0x9, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x9}, @btf_id={0x18, 0xb, 0x3, 0x0, 0x1}, @tail_call={{0x18, 0x2, 0x1, 0x0, r1}}, @map_val={0x18, 0x8, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x3, 0x6, 0x0, 0x6, 0x0, 0x0, 0x0, 0x5}, @cb_func={0x18, 0xb, 0x4, 0x0, 0xfffffffffffffffd}], &(0x7f0000000400)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000500)={0x4, 0x8, 0x2, 0xd4b6}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000540)=[r3, r1, r1], 0x0, 0x10, 0xb1f4}, 0x94)
r8 = socket$can_raw(0x1d, 0x3, 0x1)
write$cgroup_devices(r8, 0x0, 0xffdd)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x1, 0x0)
open(&(0x7f0000000300)='.\x02\x00', 0x14927e, 0x44)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002ac0)={0x1a, 0x3, &(0x7f00000015c0)=ANY=[@ANYBLOB="1800000000000000200000000000000095000000000000996d04739dfeda7f9159b21306aeb6a6c3d1e15ec30601bd65910431a74171f59c5b51de34a42d9c037bca454f40e2cdd72d06ae4d902eb951f7d01b066c43fd7a6479c9766417e29bd7b935d83f08c4efc1a07f7b214c9bc14b920c6e91c31d3ccdae655e77b767084702cd625c5a78ff11dcd365"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x2008}, 0x80)

1.773106805s ago: executing program 5 (id=525):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x42000, 0x0)
ioctl$TCSETSW(r0, 0x5403, &(0x7f00000000c0)={0x6, 0xa0, 0x6, 0x4, 0x8, "47cb8991b0af252e6f41c5410503b8273639df"})

1.718781706s ago: executing program 1 (id=526):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='sched_switch\x00', r3}, 0x10)
capset(0x0, 0x0)
r4 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="5400000012000103"], 0x54}, 0x1, 0x0, 0x0, 0x2000c001}, 0x0)

1.497903689s ago: executing program 0 (id=527):
bpf$MAP_CREATE(0x0, 0x0, 0xd4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
pipe(&(0x7f00000004c0))
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)
ioctl$sock_SIOCBRDELBR(r5, 0x89a2, &(0x7f0000000000)='bridge0\x00')
syz_emit_ethernet(0x0, 0x0, 0x0)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
socket$inet_udplite(0x2, 0x2, 0x88)
sendmsg$nl_xfrm(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in6=@mcast1, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x2}, {@in6=@mcast2, 0x0, 0x32}, @in6=@loopback, {0x0, 0x0, 0x0, 0x8}, {0x0, 0x0, 0x0, 0x2}, {}, 0x0, 0x0, 0x2, 0x0, 0x0, 0x14}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0)
bpf$MAP_LOOKUP_ELEM(0x15, &(0x7f0000000200)={0xffffffffffffffff, 0x0, &(0x7f0000001780)=""/4096}, 0x20)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r7, 0x0, 0x40, &(0x7f00000001c0)=@filter={'filter\x00', 0x42, 0x4, 0x278, 0xffffffff, 0xf8, 0xf8, 0x1b8, 0xffffffff, 0xffffffff, 0x2d8, 0x2d8, 0x2d8, 0xffffffff, 0x4, 0x0, {[{{@ip={@empty, @loopback, 0x0, 0x0, 'veth0_to_batadv\x00', 'wlan0\x00', {}, {}, 0x11}, 0x0, 0x70, 0x98, 0x0, {0x100000000000000}}, @REJECT={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x8}}}, {{@ip={@multicast2, @private=0xa010102, 0x0, 0x0, 'veth1_virt_wifi\x00', '\x00', {}, {}, 0x0, 0x1}, 0x0, 0x70, 0xb0}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2d8)

1.495894379s ago: executing program 1 (id=528):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r0}, 0x10)
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x0, &(0x7f0000001280)=ANY=[], 0xff, 0x1f1, &(0x7f0000000900)="$eJzsmb2LE0EYxp+Z3cveHSLYWNhYeOCJ3n5F5ZorThArQThFLYO3CcFNIskKSUAk2NhYigi2/gMWFqks7OxstVBBsDClYCGMzOy4mSRuSLgigbw/yOR53/l6Z0ieLRYEQaws377++vLsyu7NCwCOYQuOzv+whmM4kEWfXz48/3zv6qs3n16/rx9/1B9fbx2AELPvvwHg3b6FREVCiMej/VuyeTGauwWOc1rfBoObyj9CkQYRGO4qZQOZBhobWsSRe68RH5arceTLJpBNKJuiuZecPegxHGZnE4IZ/a1O934pjqPmuFgT//aZ6JpXTLs/Vd8+x56OZX0cwJ2nT3oy1ncDHzy9SwABOAKti2A40HoXDlzXHV6Jcf5T9nB9a5bzL0qw3+nPQGZO7Cy+npURwlmKMmYQbDwj/9BZ5uSg/2Fy1vdlKT5fMOQ4jjIuAFnmmh7zcTOOrx9h04LecbLLMv2J2cBZw59s2Jl/eEntgdfqdHeqtVIlqkT1MCxe9i/6/qXQK1cd+J6yoyn+t678adNYf80cYDxQCqyAdilJmkEbSJpBFodpazjuwdvGTzWHK//j2D6TriEvWR3b+X89TH+4+pZq28otniAIgiAIgiAIgiAIgiAIYi5OgyF9BaJeVIkcwhtq9N8AAAD//zSFbeI=")

1.42975689s ago: executing program 5 (id=529):
socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x6a)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x4)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x6}]})
ioctl$IOC_PR_RELEASE(0xffffffffffffffff, 0x401070ca, 0x0)
lseek(0xffffffffffffffff, 0x4, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000300)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
readv(0xffffffffffffffff, &(0x7f0000000340)=[{&(0x7f0000001740)=""/153, 0x99}], 0x1)

1.353859891s ago: executing program 3 (id=531):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
wait4(0x0, 0x0, 0x4, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000000)={0x1c, 0x3, 0x1, 0x101, 0x0, 0x0, {0x0, 0x0, 0x7}, [@CTA_MARK={0x8, 0x8, 0x1, 0x0, 0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40814}, 0x810)

1.265453662s ago: executing program 3 (id=532):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000010850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10)
syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x410c84, &(0x7f0000000640), 0x1, 0x775, &(0x7f0000001180)="$eJzs3c9rXNUeAPDvnSRNm/a95MGD9+oqIGigdGJqbBVcVFyIYKGga9thMg01k0zJTEoTAlpEcCOouBB007U/6s6tP7b6X7gQS9W0WHEhkTu5t502M2mSJpnqfD5wM+fceyfnfOf+OGfmHu4NoGeNpn8KEYcj4t0kYjibn0TEQDPVH3Fybb1bK8vldEpidfXlX5LmOjdXlsvR8p7UwSzz/4j45q2II4X15dYXl2ZK1WplPsuPN2YvjNcXl46eny1NV6Yrc8cnJiePnXjqxPGdi/W375cOXXvvhcc/P/nHm/+7+s63SZyMQ9my1jh2ymiMZp/JQPoR3uX5nS6sy5JuV4BtSQ/NvrWjPA7HcPQ1UwDAP9nrEbEKAPSYRPsPAD0m/x3g5spyOZ+6+4vE3rr+XETsX4s/v765tqQ/u2a3v3kddOhmcteVkSQiRnag/NGI+PjLVz9Np9il65AA7bxxOSLOjoyuP/8n68YsbNUTGyzbl72O3jPf+Q/2zldp/+fpdv2/wu3+T7Tp/wy2OXa3477H/4EdKGQDaf/v2Zaxbbda4s+M9GW5fzX7fAPJufPVSnpu+3dEjMXAYJqf2KCMsRt/3ui0rLX/9+v7r32Slp++3lmj8FP/4N3vmSo1Sg8Sc6vrlyMe6W8Xf3J7+ycd+r+nN1nGi8+8/VGnZWn8abz5tD7+yEYn7Y7VKxGPtd3+d0a0JRuOTxxv7g7j+U7Rxhc/fDjUqfzW7Z9Oafn5d4G9kG7/oY3jH0lax2vWt17Gd1eGv+607P7xt9//9yWvNNN5P+JSqdGYn4jYl7y0fv6xO+/N8/n6afxjj7Y//jfa/9PvhGc3GX//tZ8/2378uyuNf2pL23/riau3Zvo6lb+57T/ZTI1lczZz/ttsBR/kswMAAAAAAAAAAAAAAAAAAAAAAACAzSpExKFICsXb6UKhWFx7hvd/Y6hQrdUbR87VFuamovms7JEYKOS3uhxuuR/qRHY//Dx/7J78kxHxn4j4YPBAkt9HcarLsQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA7mCH5/+nfhzsdu0AgF2zv9sVAAD2nPYfAHqP9h8Aeo/2HwB6j/YfAHqP9h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBddvrUqXRa/X1luZzmpy4uLszULh6dqtRnirML5WK5Nn+hOF2rTVcrxXJt9n7/r1qrXZiMuYVL441KvTFeX1w6M1tbmGucOT9bmq6cqQzsSVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsDX1xaWZUrVamZfYRmL14ahG9xN92e70sNRnTxPJw1GNHU50+cQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DfxVwAAAP//02Ii/w==")
r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0xc6)
getdents(r2, &(0x7f0000001fc0)=""/184, 0x20002078)

1.264913072s ago: executing program 3 (id=533):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x110e22fff6)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000fd"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000800"], 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
ioctl$TUNSETOFFLOAD(r1, 0x4004743d, 0x110e22fff6)
write$cgroup_type(r1, &(0x7f0000000280), 0x9)

1.184806873s ago: executing program 3 (id=534):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000fd"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000cc0), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
syz_emit_ethernet(0x3e, &(0x7f0000000180)={@multicast, @multicast, @val={@val={0x88a8, 0x6, 0x0, 0x3}, {0x8100, 0x0, 0x1, 0x3}}, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x67, 0x0, 0x20, 0x6, 0x0, @dev, @loopback}, {{0xfffd, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x40}}}}}}, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x189081, 0x0)
close(r4)
socket$nl_audit(0x10, 0x3, 0x9)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
write$cgroup_subtree(r3, &(0x7f0000000180)=ANY=[], 0x36)

1.184084093s ago: executing program 1 (id=535):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x400, 0x0)
close(r1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340))
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
r2 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0xc00}}}]}, 0x38}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)

982.017816ms ago: executing program 0 (id=536):
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x90, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x10408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
dup2(r2, r0)
creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)

842.767418ms ago: executing program 0 (id=537):
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x1e, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0xfffffffffffffe3c, 0x0, 0x40f00, 0xaf, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7ffd}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x10)
syz_mount_image$fuse(0x0, &(0x7f0000000580)='./file0\x00', 0x0, 0x0, 0x8, 0x0, 0x0)
open(&(0x7f00000002c0)='./file0/file0\x00', 0x151a42, 0x0)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000180), 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
openat(0xffffffffffffff9c, &(0x7f00000002c0)='.\x00', 0x0, 0x0)

736.568119ms ago: executing program 0 (id=538):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x3000000, &(0x7f0000000180), 0x1, 0x512, &(0x7f0000000c40)="$eJzs3W1rZFcdAPD/vcmk2d3UTFVkLdgWW9ktujNJY9so0lYQfVVQ6/s1JpMQMsmEzKRuQtEsfgBBRAU/gG8EP4Ag+xFEWND3oqKI7upL3St35kbzMJMMySSzTn4/OJlz7sP5n3PJ3LkPh3sDuLJeioh3ImIsIl6NiOlielqk2OukfLnHjz5YzFMSWfbe35JIimn7deXl8Yi4Uaw2GRFf/0rEt5LjcZs7u2sL9XptqyhXW+ub1ebO7p3V9YWV2kptY25u9o35N+dfn5/JCufqZzki3vrSn370/Z99+a1ffebbv7/7l9vfyZv1hY912h0Ri+cK0EOn7lJ7W+zLt9HWRQQbkrw/pbFhtwIAgH7kx/gfjohPto//p2OsfTQHAAAAjJLs7an4VxKRAQAAACMrjYipSNJKMRZgKtK0UumM4f1oXE/rjWbr08uN7Y2lfF5EOUrp8mq9NlOMFS5HKcnLs8UY2/3ya0fKcxHxXET8cPpau1xZbNSXhn3xAwAAAK6IGy8ePv//53TazgMAAAAjptyzAAAAAIwKp/wAAAAw+pz/AwAAwEj76rvv5inbf4/30vs722uN9+8s1ZprlfXtxcpiY2uzstJorLSf2bd+Wn31RmPzs7Gxfa/aqjVb1ebO7t31xvZG6+7qoVdgAwAAAJfouRcf/C6JiL3PX2unKJ4DCHDIH4fdAGCQxobdAGBoxofdAGBoSqcuYQ8Boy45Zf7xwTuda4Xx64tpDwAAMHi3Pn78/v9EMe/0awPA/zNjfQDg6nF3D66u0llHAN4cdEuAYflQ5+OZXvN7Pryjj/v/nWsMWXamhgEAAAMz1U5JWimO06ciTSuViGfbrwUoJcur9dpMcX7w2+nSM3l5tr1mcuqYYQAAAAAAAAAAAAAAAAAAAAAAAACgI8uSyAAAAICRFpH+OWk/zT/i1vQrU4evDhx569dP3/vxvYVWa2s2YiL5+3Q+aSIiWj8ppr+WeSUAAAAAPAU65+nF5+ywWwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqHn86IPF/XSZcf/6xYgod4s/HpPtz8koRcT1fyQxfmC9JCLGBhB/735E3OwWP4knWZaVi1Z0i3/tguOX25ume/w0Im4MID5cZQ/y/c873b5/abzU/uz+/Rsv0nn13v+l/93/jfXY/zx7pNzL8w9/Ue0Z/37E8+Pd9z/78ZNO/EMh8sLLffbxm9/Y3e0640CV3eIfjFVtrW9Wmzu7d1bXF1ZqK7WNubnZN+bfnH99fqa6vFqvFX+7hvnBJ3755KT+X+8Rv3y4/8e2/yt99T6Lfz+89+gjnUKpW/zbL3f//b3ZI35a/PZ9qsjn82/t5/c6+YNe+PlvXjip/0s9+j95Sv9v99X/+NyrX/veH7rOObY1AIDL0NzZXVuo12tbJ2Qm+1jmkjNvPx3NGGAmno5mDCuTfbfz/3i+es65+rFMdp7Vx2MAzZg49j0di7NWmETs5XX1+Q8JAACMmP8d9J90BwkAAAAAAAAAAAAAAAAAAAC4SGd8LNlkRPS98NGYe8PpKgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAif4TAAD//4RX0Xo=")
r0 = fsopen(0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x5}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r1, <r3=>0xffffffffffffffff}, &(0x7f0000000800), &(0x7f0000000840)=r2}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r4}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r5 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x200)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000580)={0x6, 0x15, &(0x7f0000000340)=@raw=[@map_fd={0x18, 0x3, 0x1, 0x0, r0}, @cb_func={0x18, 0x6, 0x4, 0x0, 0xfffffffffffffffa}, @map_fd={0x18, 0x7, 0x1, 0x0, r3}, @map_val={0x18, 0x9, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x9}, @btf_id={0x18, 0xb, 0x3, 0x0, 0x1}, @tail_call={{0x18, 0x2, 0x1, 0x0, r1}}, @map_val={0x18, 0x8, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x3}, @map_idx_val={0x18, 0x3, 0x6, 0x0, 0x6, 0x0, 0x0, 0x0, 0x5}, @cb_func={0x18, 0xb, 0x4, 0x0, 0xfffffffffffffffd}], &(0x7f0000000400)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000500)={0x4, 0x8, 0x2, 0xd4b6}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000540)=[r3, r1, r1], 0x0, 0x10, 0xb1f4}, 0x94)
r8 = socket$can_raw(0x1d, 0x3, 0x1)
write$cgroup_devices(r8, 0x0, 0xffdd)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x1, 0x0)
open(&(0x7f0000000300)='.\x02\x00', 0x14927e, 0x44)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002ac0)={0x1a, 0x3, &(0x7f00000015c0)=ANY=[@ANYBLOB="1800000000000000200000000000000095000000000000996d04739dfeda7f9159b21306aeb6a6c3d1e15ec30601bd65910431a74171f59c5b51de34a42d9c037bca454f40e2cdd72d06ae4d902eb951f7d01b066c43fd7a6479c9766417e29bd7b935d83f08c4efc1a07f7b214c9bc14b920c6e91c31d3ccdae655e77b767084702cd625c5a78ff11dcd365"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x2008}, 0x80)

688.12567ms ago: executing program 3 (id=539):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='sched_switch\x00', r3}, 0x10)
capset(0x0, 0x0)
r4 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="5400000012000103"], 0x54}, 0x1, 0x0, 0x0, 0x2000c001}, 0x0)

649.650001ms ago: executing program 1 (id=540):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={0x0, r0}, 0x18)
syz_mount_image$exfat(&(0x7f0000000280), &(0x7f00000000c0)='./file2\x00', 0x810, &(0x7f00000018c0)=ANY=[], 0xfd, 0x1500, &(0x7f0000001900)="$eJzs3Au0TlX3MPA511qb4+TyJLnvuebmSS6LJAklySVJkpA7CUmSJEnikFsSkpDrSXIPuaeTjvv9knvSyStJkpCQZH3jdPn8ey//3vf99//0vWf+xtjjrPnsPdee68zxnGfvPcZ5vuo2vHqjGlXqMzP8O/SvA/z5RxIAJADAIADIAQABAJTNWTZn+v4sGpP+rZOI/yUNZl7pCsSVJP3P2KT/GZv0P2OT/mds0v+MTfqfsUn/MzbpvxAZ2ux8V8uWcTd5/v//OfU/SZbP/wwB/9EO6f9/Gv0vHS39z9ik/xmb9D9jk/5nZMGVLkBcYfL+z9ik/0JkaH/4M+WN56/0M23Z/oVNCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYT4f+C8v8wAwK/jK12XEEIIIYQQQggh/jj+nStdgRBCCCGEEEIIIf73ISjQYCCATJAZEiALJMJVkBWyQXbIATG4GnLCNZALroXckAfyQj7IDwWgIIRAYIEhgkJQGOJwHRSB66EoFIPiUAIclIRScAOUhhuhDNwEZeFmKAe3QHmo8NM5090OleEOqAJ3QlWoBtWhBtwFNeFuqAX3QG24F+rAfVAX7od68ADUhwbQEB6ERtAYmkBTaAbNoQW0hFa/k5+c4+/lPwc94XnoBb0hCfpAX3gB+kF/GAADYRC8CIPhJRgCL8NQGAbD4RUYAa/CSHgNRsFoGAOvw1gYB+NhAkyESZAMb8BkeBOmwFuNs8E0mA4zYCbMgtnwNsyBuTAP3oH5sAAWQnKWxbAElsK7sAzegxR4H5bDB5AKK2AlrILVsAbWwjpYDxtgI2yCzbAFtsI22A4fwg7YCbtgN+yBvbAPPoL98DEcgE8gDT/9F/PP/TYfuiMgoEKFBg1mwkyYgAmYiImYFbNidsyOMYxhTsyJuTAX5sbcmBfzYhLmx4JYEAkJGRkLYSGMYxyLYBEsikWxOBZHhw5LYSksjTdiGSyDZbEslsNyWB4rYAW8FW/FSlgJK2NlrIJVsCpWxepYHe/Cu/BurIW1sDbWxjpYB+tiXayH9bA+1seG2BAbYSNsgk2wGTbDFtgCW2ErbI2tsQ22wXbYDttje+yAHbAjdsRO2Ak7Y2fsgl2wK3bFbtgNu+Oz+Cw+h8/h8/g89saqqg/2xb7YD/vhAByIA/FFHIwv4Uv4Mg7FYTgcX8FX8FUciWdxFI7GMTgGK6lxOB4nIKtJmIzJmBkm4xScglNxGk7DGTgTZ+FsnI1zcC7OxXdwPi7ABbgIF+ESXIpLcRm+hymYgsvxHKbiClyJq3A1rsHVuA7X4zrciJtwI27BLbgNt+GH+CHuxJ24G3fjXtyLH+FH+DF+jEMxDdPwIB7EQ3gID+NhPIJH8CgexWN4DI/jcTyBJ/AknsLTeArP4Bk8i+fwPABcwAt4ES/iJbyU/uZX6YwyKpPKpBJUgkpUiSqryqqyq+wqpmIqp8qpcqlcKrfKrfKqvCq/yq8KqoKKFClWkSqkCqm4iqsiqogqqoqq4qq4csqpUqqUKq1KqzKqjCqrblbl1C2qvKqg2rpb1a2qkmrnKqs7VBVVRVVV1VR1VUPVUDVVTVVL1VK1VW1VR9VRddX9qp7qgwOwgUrvTCM1DJuo4dhMNVctVEv1Kj6kWquR2Ea1Ve3UI2o0jsIOqrXrqB5XndR47KyeVBPwKdVVTcJu6hnVXT2reqjnVE/VxvVSvdVU7KP6qhnYT/VXA9RANQerqfSOVVcvq+cyD1PD1StqCb6qRqrX1Cg1Wo1Rr6uxapwaryaoiWqSSlZvqMnqTTVFvaWmqmlqupqhZqpZarZ6W81Rc9U89Y6arxaohWqRWqyWqKXqXbVMvadS1PtqufpApaoVaqVapVarNWqtWqfWqw1qo9qkNqstaqvaprarD9UOtVPtUrvVHrVX7VMfqf3qY3VAfaLS1KfqoPqLOqQ+U4fV5+qI+kIdVV+qY+ordVx9rU6ob9RJdUqdVt+qM+o7dVadU+fV9+qC+kFdVD+qS8or0KiV1troQGfSmXWCzqIT9VU6q86ms+scOqav1jn1NTqXvlbn1nl0XpNP59cFdEEdatJWs450IV1Yx/V1uoi+XhfVxXRxXUI7XVKX0jfo0vpGXUbfpMvqm3U5fYsuryvoih70bbqSvl1X1nfoKvpOXVVX09V1DX2Xrqnv1rX0Pbq2vlfX0ffpuvp+XU8/oOvrBrqhflA30o11E91UN9PNdQvdUrfSD+nW+mHdRrfV7fQjur1+VHfQj+mO+nHdST+hO+sndRf9lO6qn9bd9DO6u35W99A/6kva6166t07SfXRf/YLup/vrAXqgHqRf1IP1S3qIflkP1cP0cP2KHqFf1SP1a3qUHq3H6Nf1WD1Oj9cT9EQ9SSfrN/Rk/aaeot/SU/U0PV3P0DP1LD3gl5nm/RP5b/6d/CE/nX2b3q4/1Dv0Tr1L79Z79F69T+/T+/V+fUAf0Gk6TR/UB/UhfUgf1of1EX1EH9VH9TF9TB/Xx/UJfUKf1Kf09/pbfUZ/p8/qc/qc/l5f0Bf0xV9+B2DQKKONMYHJZDKbBJPFJJqrTFaTzWQ3OUzMXG1ymmtMLnOtyW3ymLwmn8lvCpiCJjRkrGETmUKmsImb60wRc70paoqZ4qaEcaakKWVu+B/n/159rUwr09q0Nm1MG9POtDPtTXvTwXQwHU1H08l0Mp1NZ9PFdDFdTVfTzXQz3U1308P0MD1NT9PL9DJJJsn0NS+Yfqa/GWAGmkHmRTPYDDZDzBAz1Aw1w81wM8KMMCPNSDPKjDJjzBgz1ow14814M9FMNMk+h5lsJpspZoqZaqaa6YNymJlmppltZps5Zo6ZZ+aZ+Wa+WWgWmsVmsVlqlpplZplJMSlmuVluUs0Ks8KsMqvMGrPGrDPrzAazwWwym8wWs8Wkmu1mu9lhdphdZpfZY/aYfWaf2W/2mwPmgEkzaeagOWgOmUPmsDlsjpgj5qg5ao6ZY+a4OW5OmBPmpDlpTpvT5ow5Y86as+a8OW8umAvmorloLplL6Zd9gQpUYAITZAoyBQlBQpAYJAZZg6xB9iB7EAtiQc4gZ5AruDbIHeQJ8gb5gvxBgaBgEAYU2ICDKCgUFA7iwXVBkeD6oGhQLCgelAhcUDIoFdwQlA5uDMoENwVlg5uDcsEtQfmgQlAxuDW4LagU3B5UDu4IqgR3BlWDakH1oEZwV1AzuDuoFdwT1A7uDeoE9wV1g/uDesEDQf2gQdAweDBoFDQOmgRNg2ZB86BF0DJo9YfO7/3ZPA+7XmHvMCnsE/YNXwj7hf3DAeHAcFD4Yjg4fCkcEr4cDg2HhcPDV8IR4avhyPC1cFQ4OhwTvh6ODceF48MJ4cRwUpgcvhFODt8Mp4RvhVPDaeH0YEY4M5wVzg7fDueEc8N54Tvh/HBBuDBcFC4Ol4T48yUxpITvh8vDD8LUcEW4MlwVrg7XhGvDdeH6cEO4MdwUbg63lB3886HhjnBnuCvcHe4J94b7wo/C/eHH4YHwkzAt/DQ8GP4lPBR+Fh4OPw+PhF+ER8Mvw2PhV+Hx8OvwRPhNeDI8FZ4Ovw3PhN+FZ8Nz4fnw+/BC+EN4MfwxvBT69Iv79I93MmQoE2WiBEqgREqkrJSVslN2ilGMclJOykW5KDflpryUl/JTfipIBSkdE1MhKkRxilMRKkJFqSgVp+LkyFEpKkWlqTSVoTJUlspSOSpH5ak8VaSKdBvdRrfT7XQH3UF30p1UjapRDapBNakm1aJaVJtqUx2qQ3WpLtWjelSf6lNDakiNqBE1oSbUjJpRC2pBragVtabW1IbaUDtqR+2pPXWgDtSROlIn6kSdqTN1oS7UlbpSN+pG3ak79aAe1JN6Ui/qRUmURH2pL/WjfjSABtAgGkSDaTANoSE0lIbScBpOI2gEjaSRNIpG0xh6ncbSOBpPE2giTaJkSqbJNJmm0BSaSlNpOk2nmTSTZtNsmkNzaB7No/k0nxbSQlpMi2kpLaVltIxSKIWW03JKpVRaSStpNa2mtbSW1tN62kgbaTNtpq20lbbTdtpBO2gX7aI9tIf20T7aT/vpAB2gNEqjg3SQDtEhOkyH6QgdoaN0lI7RMTpOx+kEnaCTdJJO02k6Q2foLJ2l83SeLtAPdJF+pEvkKcFmsYn2KpvVZrPZbQ7713Fem8/mtwVsQRva3DbPb2Ky1ha1xWxxW8I6W9KWsjf8TVzeVrAV7a32NlvJ3m4r2/I2C/zXuKa929ay99ja9l5bw971m7iOvc/WtY1tPdvU1rfNbUPb0jayjW0T29Q2s81tC9vStreP2g72MdvRPm472Sf+Jl5m37Pr7Qa70W6y++3H9rz93h6zX9kL9gfby/a2g+yLdrB9yQ6xL9uhdthvYwA7xr5ux9pxdrydYCfaSX8TT7cz7Ew7y862b9s5du7fxEvtu3a+TbEL7SK72C75KU6vKcW+b5fbD2yqXWFX2lV2tV1j19p1/7fWVXaL3Wq32X32I7vD7rS77G67x+79KU5fxwH7iU2zn9qj9kt7yH5mD9vj9oj94qc4fX3H7df2hP3GnrSn7Gn7rT1jv7Nn7bmf1p++9m/tj/aS9RYYWbFmwwFn4sycwFk4ka/irJyNs3MOjvHVnJOv4Vx8LefmPJyX83F+LsAFOWRiy8wRF+LCHOfruAhfz0W5GBfnEuy4JJfiG7g038hl+CYuyzdzOb6Fy3MFrsi38m1ciW/nynwHV+E7uSpX4+pcg+/imnw31+J7uDbfy3X4Pq7L93M9foDrcwNuyA9yI27MTbgpN+Pm3IJbcit+iFvzw9yG23I7foTb86PcgR/jjvw4d+InuDM/yV34Ke7KT3M3foa787Pcg5/jnvw89+LenMR9uC+/wP24Pw/ggTyIX+TB/BIP4Zd5KA/j4fwKj+BXeSS/xqN4NI/h13ksj+PxPIEn8iRO5jd4Mr/JU/gtnsrTeDrP4Jk8i2fz2zyH5/I8fofn8wJeyIt4MS/hpfwuL+P3OIXf5+X8AafyCl7Jq3g1r+G1vI7X8wbeyJt4M2/hrbyNt/OHvIN38i7ezXt4L+/jj3g/f8wH+BNO40/5IP+FD/FnfJg/5yP8BR/lL/kYf8XH+Ws+wd/wST7Fp/lbPsPf8Vk+x+f5e77AP/BF/pEvsWeIMFKRjkwURJmizFFClCVKjK6KskbZouxRjigWXR3ljK6JckXXRrmjPFHeKF+UPyoQFYzCiCIbcRRFhaLCUTy6LioSXR8VjYpFxaMSkYtKRqWiG6LS0Y1RmeimqGx0c1QuuiUqH1WIKka3RrdFlaLbo8rRHVGV6M6oalQtqh7ViO6KakZ3R7Wie6La0b1Rmei+qG50f1QveiCqHzWIGkYPRo2ixlGTqGnULGoetYhaRq2ih6LW0cNRm6ht1C56JGofPRp1iB6LOkaPR52iJy7vLxb8/Gn6V/uToj6R/uUJ2T16cXxJfGn83fiy+Hvxxt1+fjU1viK+Mr4qvjq+Jr42vi6+Pr4hvjG+Kb45viW+Nb4t7n2NzOAw/UYYjAtcJpfZJbgsLtFd5bK6bC67y+Fi7mqX013jcrlrXW6Xx+V1+Vx+V8AVdKEjZx27yBVyhV3cXeeKuOtdUVfMFXclnHMlXSnX0rVyrVxr97Br49q6du4R94h71D3qHkv4pXDX2T3purinXFf3tHvaPeO6u2ddD/ec6+med71cb5fkklxf19f1c/3cADfADXKD3GA32A1xQ9xQN9QNd8PdCDfCjXQj3Sg3yo1xY9xYN9aNd+PdRDfRJbtkN9lNdlPcFDfVTXXT3XQ30810s91sN8fNcfPcPDffzXcL3UK32C12S91St8wtcykuxS13y12qS3Ur3Uq32q12a91at96tdxvdRrfZbXZb3Va33W13O9wOt8vtcnvcHrfP7XP73X53wB1waS7NHXQH3SF3yB12n7sj7gt31H3pjrmv3HH3tTvhvnEn3Sl32nl9xn3nzrpz7rz73l1wP7iL7kd3yXmXHHsjNjn2ZmxK7K3Y1Ni02PTYjNjM2KzY7NjbsTmxubF5sXdi82MLYgtji2KLY0tiS2PvxpbF3oulxN6PLY99EEuNrYitjK2KrY6tiXlfYEfkC/nCPu6v80X89b6oL+aL+xLe+ZK+lL/Bl/Y3+jL+Jl/W3+zL+Vt8eV/BV/RNfTPf3LfwLX0r/5Bv7R/2bXxb384/4tv7R30H/5jv6B/3nfwTvrN/0nfxT/mu/mnfzT+z4Jcu+57+ed/L9/ZJvo/v61/w/Xx/P8AP9IP8i36wf8kP8S/7oX6YH+5f8SP8q36kf82P8qP9GP+6H+vH+fF+gp/oJ/lk/4af7N/0U/xbfqqf5qf7GX6mn+Vn+7f9HD/Xz/Pv+Pl+gV/oF/nFfolf6t/1y/x7PsW/75f7D3yqX+FX+lV+tV/j1/p1fr3f4Df6TX6z3+K3+m1+u//Q7/A7/S6/2+/xe/0+/5Hf7z/2B/wnPs1/6g/6v/hD/jN/2H/uj/gv/FH/pT/mv/LH/df+hP/Gn/Sn/Gn/rT/jv/Nn/Tl/3n/vL/gf/EX/o78k/7MmhBBCCPFP0b+zv8/feU39sqXrCwDZduY78tdzbs7987i/2t8pBgCP9+7W4NetQYOkpKRfjk3VEBReBACxy/k/ff/AL/EKaAePQkdoC6X/bn39VcWfrvv+u/njNwMkAmT5NSf99igR/nr+G//B/E3f5d+bfxFA0cKXc9JP9Gt8ef4y/2D+ve1/Z/4snyUDtPkvOVnhcnx5/lLwMDwBHX9zpBBCCCGEEEII8bP+6kL337u/Tb8/z28u52SGy/Hv3Z//jsp/xBqEEEIIIYQQQgjx33vq2R6PPdSxY9su/8mDzH+OMv4EAwSAP0EZMvjzD670XyYhhBBCCCHEH+3yRf+VrkQIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhMi4/v1vCFP/9MFXeo1CCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCHElfZ/AgAA///M7VMc")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020700000000000002030207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000100850000002d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10)
fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x42000, 0x0)
add_key$user(&(0x7f0000000340), &(0x7f0000000440)={'syz', 0x0}, &(0x7f00000004c0)="406a87ea113d74cb6f0e41c09cfd164777760afefe8e5b6f56373c4c1db6ef27bdc408ddfea26b3c54465cb66b6a09642f899bbea1e72440504e026d0dda91c58032f3c02859c96b1f35c9a0a011e82822e1825ef2d429fc35a440ae499fc24aeba8625152787b4949079e08284d42d60a680db06d4045ab6ec6392275cff3082dc2ac3bec305f35e966ac6a0fb88a21fce4c082179c71b81b17920b74464c8ae931d334ff77dca9e434f36514ee41ae0395d9d9fa3b7c88f2228b479fdc4242728c025f21137eba19dd245f7d57f0ddd25c6ca550a1fdaf5bd6856213be33e42ca77707a7eaf7", 0xe7, 0xfffffffffffffffb)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1a, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r7}, 0x10)
quotactl$Q_GETQUOTA(0xffffffff80000700, &(0x7f0000000040)=@loop={'/dev/loop', 0x0}, 0x0, 0x0)
ioctl$TCSETSW(r5, 0x5403, &(0x7f00000000c0)={0x6, 0xa0, 0x6, 0x4, 0x8, "47cb8991b0af252e6f41c5410503b8273639df"})
openat(0xffffffffffffff9c, 0x0, 0x14f540, 0x1)
r8 = socket(0x1e, 0x4, 0x0)
setsockopt$TIPC_DEST_DROPPABLE(r8, 0x10f, 0x81, &(0x7f0000000480), 0x4)
sendmsg$tipc(r8, &(0x7f0000000000)={&(0x7f0000000c00)=@id={0x1e, 0x3, 0x3}, 0x10, 0x0}, 0x0)
socket$packet(0x11, 0x2, 0x300)

501.114463ms ago: executing program 5 (id=541):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="09000000040000000800"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000020001801000020646c2100000000002020007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$selinux_access(r2, &(0x7f0000000100)={'system_u:object_r:klogd_var_run_t:s0', 0x20, '/usr/lib/telepathy/mission-control-5', 0x20, 0x2}, 0x5f)

494.075793ms ago: executing program 5 (id=542):
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000300)='\x00', 0x81901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x0, 0x0)
chdir(&(0x7f0000000240)='./file0\x00')
rename(&(0x7f0000000240)='./file0\x00', &(0x7f00000003c0)='./file1\x00')
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000003000000850000008600000095", @ANYRESDEC=0x0, @ANYRESHEX=r2, @ANYRES64=r3], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r4}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/cpuinfo\x00', 0x0, 0x0)
pread64(r6, &(0x7f00000000c0)=""/83, 0x4da, 0x0)
setsockopt$sock_int(r0, 0x1, 0x27, &(0x7f0000000080)=0x7, 0x4)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="0700000000000000000005000000180001801400020073797a5f74756e0000000000000000000800038004000380080005"], 0x3c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000001a00010000200080fbdbdf250a8080fd17"], 0x1c}}, 0x20000050)

403.343854ms ago: executing program 5 (id=543):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)
sendmmsg$inet(r1, &(0x7f0000004540)=[{{&(0x7f0000000040)={0x2, 0x4e22, @multicast1}, 0x10, 0x0}}, {{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000180)="15b26f226e2966667482d50703b0a8d92ccd9e69d5cc4cb3d467a670b237a9225fb56c0f7ea725dee27c4bb43bb50c6748c83b71d59f0537405dfab648c096607340fac939a2efd31cbe2f8ca29c409e87ea0974b7bceff9afef5dffd691575f5115f2f961ad488e3386036913e98181a6034febaab853a3e928b9035b0e3a8e1cb393c70f6d0448970e0af2476f8b923ee09c19deca55d58f70e8eeff55dda6381cb96afe97196c0af0a8fd450a1447a1a521e2c211fb84cbcf4aebd31298972ec6be", 0xc3}, {&(0x7f0000000d80)="7d68e6de85f9b0cbc9d710267f321ec64eab043ecad9af7e01e9463218ec45924a99867163e468d36a682fadd749caa325e685d75559a87139e02fae7271be8f55671cfd32a09896278d1941370174720838039d0989bc3394b8a4c4f4a30f0496be313d6d60fe47966c634a3ee1f659e8ef310647725bda0130d5de5028220a4cf5fc808a75694738ee26cb21302b4bba4265b845a5d5dce706d9820c6936b122f9658446d74a9016b94424971dd443a6907eb5c73b6b200e92b23f2c36a214729b0bc231511e4c", 0xc8}, {&(0x7f0000000380)="73fd71361e8d6c80ae1bc9953e2a4aeac7a314273066fc7f65a51969b46df1774bb0be94ccd4824f2d57ad2cd37242b1258402395481f9f07e067652e52aa8ccefcd0962ba0c48757b68d493f3ad702e65d4daa7dfc1605a173185472ae12470eea64c70ef4e64793b8a830447de0f423bef3964934eef4243cac42939ba6fa68d821b9373b5f3e2c26e7ca75ed8fb3203aef3a6637cecdd0251532b99537e02f604058f50e66c8a657d59beeed127695475f082d3d2b9790181fc987ad000ac00887d1506be89f388ecb405660b4ea196ee8f5a92b12ec43bbf49567db613d478ebe2358364f7600bf4f80ef4b2756fb13416c4fa22880cc96a03f07888575aedb001d5a74bb2f906797912b5ac080a0a3d361425f1a92ab03bbe65d5dcb235f43b5ad1162a16ebdc647baac013bf076945126cdd5a080853976a97ad55184601102fbb8df86b21aa8162858d74465c5fb7dc766602a3567f6eaf441f85ec50ca7fb3a4fdb450d1420531da25d01a412958a5e3895c59542238cf8e188e7fb5641eb24a5f1819bf8d2e9dd6c1d0e93564d723e311db9cd268bb1e477036e822b135cdbaf40f812aa7db01d22c829ab01ae24997dae96ddeed49e62d285701d5419e3f94a8b95790cf5a296ed15bffae1f71470c6a6eda872528844a2df42590d898630263cab5cccec57b7cea365ad8c91bfbe7cb419635ce6bf340a56115c0ad922b6fade9538e543bc5def2a85d35ab16d20c219c4733837be2c14ba4d3d32c3a6882ce6857626f55109b4cdcb634425d710bf3108f9b31b4af0cc17a58e49e871a56126dd8bed08e038ba64008587237b3442d28032e52fc9fae1a5784ba59d0edfa03d38352724903ed6f6970b3f4dfa6e40bf933b6765c6ee648174765f1e8ec71b80cac86abd065a3005b40a43a665707cc590997c5048183006a9dd8026d39def05950183b3d4f12f4e1644ef78cddac7c5569985c2c232bb350f28857675339e53f63a868704d2e0b38993dc57a02d3e297fc9a5b9384622841018c303a05bac25d509df5a2d0e3232927283fcc3ec67e4fa7b71d22f115cf693851dcceab4bce38cbfbb32829e211cdcb6a359e14fe416663541050d340aef2555dbd292bd9cbab8fcf20378149cc994569c2bc95fb33fd2d9321b8ac8e5160b02e202492f470eb719a8f2ac3a4be37ea0918b54b14789b7aa228d47f7b13fd9af608740c5a8fe02109a7cc0e555b22628ef790e513ecadfd338d30aed8ca219e64ee4fb0bd0e21e5101bf2072ffa071eb1aa0454caccc015ff1e166813f819a142b56a22e4ff387bb319288a0ef747c6fc8fdee3a0e193b0d086eb816e97e0322fcdaa30da61cd26ac9d8d0748fccd911ce0fd4adc953e9486e137fe66bc8aedfd5b78c562ebfc578ac9f96a453311766564541e16955e30b95914e9411a0b4cd95e0d8732d5ff7a4f921ef41d986a195334266585353b16b9449955523913a30c087532bcb899f733af3abea59baea174cf04359547a633b5f8a582ae3ef12a1d0125bef8c6e8c9fb589d3597c5ab3879491b0c5e3607203f06836a6805d3f7979c4325f9fecb2aceddedb272237132460cda812ef7d613a585898d59f92ef68ec95f12b47b440f6d899ecbfab48055e0c1605ba4cd9dbc17c4cbfec8a953ebbd38c45a6737a57ee58e21a20e530171137968ae4f0d0366cdb0b9d6a4667b011fcd7cd9e77364e5221989d8f0d80793260e748e3bd394849c090c744f6044328304cd6f02e941c5405647daffc1fd2f2864b37f92bbf4931c8e4a7c6bafd0ea79d39d330e70e6776bf6a926de227e5a43653bba04883e98d67bb64aa86e8bf271ba87604bc598e47f2992c7618ad25068860a481554b53352c7339de7e79c3bd1aed5bef8f398432858c888a5d8651969ea40eb3d486e9fe61d49b20500fdfd1548f567da970103d36730657c35d03d2c36b142665f62203b1fb12d616478cfef6f38b34cda87a634dd06d359f33e98b94a5e5b46b2a8d73126352d1d5b65af75055455cc903e384c41876fbdff935d047284d9d203b147a6ba0e9cb50beef7798886c33d2f2f0c0d9abe0e32c7c809f8b0b28fc59471987353c862a311776b8275bf319d5cb9a59f8f103b6e567ef5dd8859973cc3fe41e356bf5bd3186240e49286977eca36a8ad44185973b276cd7958b73e14a221b7fd567818bebf54ad27ee95161bd2aeeb356482ff467500a7d36f0464f58a591ec6b728f984ec78d0abe14c6d3411ac3ffc4c3179d1f95d029f26cceb545723519d3d4209a2b1243e78767273c13dc2bd320512674b6f1a50313bae7b9d16aebb476dbc829e8fd8dd46a1696efaff5795cf75de57c90f05ed9ef4a5cdfbf20d3d9ed95fb4114b1d5c9ade0856212e7ba330ce5bccf2c993dff89112b28bd3b17d3fcfacef7590f62bf948977dd79e2d8025946c80bf263e34035409b5ba1443d4929727180761bd56d258c3670a0aa4de21111fc3172367582de2d164ff3a18d0696b8dd8e5c1423b2ea1e2c0cfe141e4cf04f8cdaed48976b94c40d6a581300458661bbdbfeeb4969af6319eb1798843d0872f68f0c6537bbc9c7dd1e9b0564bf442d8d25f8aa884aba1df074d374f99750d9227bb821ba0355f60de2829a5c8cd47c89d29a2e3d7d53d59db5c3ace8f484664202c210c68a3b33076fb00d59938e84fbad6d6618c0bb89cf94035fa2de4da351e0d71df416450ea7ec3af33aa5c0313c63e654bd79c73b39dc1933636956761058d76648746daca469f8fce62c17a8160cdefc6a927eef9ec4a8dd684e46f35282546ce2362ab8afedd39bf699fd7c2cde538f52ea43c08558f42ba77b2986b800c45fa76a130b30919b3e1d504573e3c1e7dd2dc5d81379df53d736511f1da4ad8791e46adb27bb5c38129e89edda0aed99dcc03fe400f7d05d48e3e9e17744e8487f8ac464c86f7332211fb9799e9d27a6832d5f17ccd1a2da255f6da047e4728dd80860c04391bca4b7833f0346866401ec20033bcf6dfa85fd1520de5a03b4f9f6f5d2f8d7b6e7d7df1cbe5c05e23e080cf335639c94c48aaeb0bfebbe79530d67d35fb101c91839954c0e50dd4b90a86428b22b0be1e906fee30f68d7ce4bf9c68eafe695f07f5e4e4d473d77104b7b1b5dcfeb84e8c83624c0068d4e1cccfe740f8e5d5699603f8481ef2a1f2d4b8fd2314c5cb1985fe34cf8ede7d2e8bddea269422490903489c7f5951114d7ccb29a19455a987d538955712a460243105b25ccb6e6f34c370a6bbb234bee150dbcea5188e45305253f1014f7c0b5d60d517d2d05707f5ca9249a921d6c5307caf41deca0509b49102d801320db65c00f6e1c05fb8c2e1cc554673bf6168dd64086b19af28eec508fd0c304837e802173ac9947c4d73929c61d9632ab929a25f2a04350954612c2de705c1c25215284fe933fc8ccfd30ab3fc9ff5e04dd68d4720d95a29d6da176ac9d332c9ce77358f3c262777ea828fe6473638bc77be2aa586a3733e275744bc42c3742c1ad8f89d25c31958902f2f498c58fc85e9b78fb7a331734cb081cfa9ccfd262df927c0ff46983f8765af4add3532de2b91f2436df028", 0x9fd}], 0x3}}, {{0x0, 0x0, &(0x7f00000017c0)=[{&(0x7f0000001700)="c9", 0x1}], 0x300}}], 0x3, 0x240080e4)

350.118985ms ago: executing program 3 (id=544):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r0 = socket(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa70f8231e9c3cebb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c0000005200018100000000000000000a"], 0x1c}}, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
chroot(&(0x7f00000001c0)='./file0\x00')
syz_open_dev$tty1(0xc, 0x4, 0x1)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)

190.593337ms ago: executing program 1 (id=545):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x110e22fff6)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000fd"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000800"], 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
ioctl$TUNSETOFFLOAD(r1, 0x4004743d, 0x110e22fff6)
write$cgroup_type(r1, &(0x7f0000000280), 0x9)

0s ago: executing program 1 (id=546):
socket$inet6_udp(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000780)={0x8, 0x248}, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000240)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000d00)='sched_switch\x00', r1}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x409, 0x0, 0x8000000, {0x0, 0x0, 0x0, r4, 0x0, 0x20004}, [@IFLA_MASTER={0x8}]}, 0x28}}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.115' (ED25519) to the list of known hosts.
[   21.494615][   T30] audit: type=1400 audit(1751176571.335:64): avc:  denied  { mounton } for  pid=273 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   21.496300][  T273] cgroup: Unknown subsys name 'net'
[   21.517320][   T30] audit: type=1400 audit(1751176571.335:65): avc:  denied  { mount } for  pid=273 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   21.544739][   T30] audit: type=1400 audit(1751176571.365:66): avc:  denied  { unmount } for  pid=273 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   21.544975][  T273] cgroup: Unknown subsys name 'devices'
[   21.685448][  T273] cgroup: Unknown subsys name 'hugetlb'
[   21.691201][  T273] cgroup: Unknown subsys name 'rlimit'
[   21.921013][   T30] audit: type=1400 audit(1751176571.755:67): avc:  denied  { setattr } for  pid=273 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   21.944434][   T30] audit: type=1400 audit(1751176571.755:68): avc:  denied  { mounton } for  pid=273 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   21.957489][  T275] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   21.969560][   T30] audit: type=1400 audit(1751176571.755:69): avc:  denied  { mount } for  pid=273 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   22.001234][   T30] audit: type=1400 audit(1751176571.845:70): avc:  denied  { relabelto } for  pid=275 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   22.026698][   T30] audit: type=1400 audit(1751176571.845:71): avc:  denied  { write } for  pid=275 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   22.043560][  T273] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   22.052601][   T30] audit: type=1400 audit(1751176571.885:72): avc:  denied  { read } for  pid=273 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   22.086701][   T30] audit: type=1400 audit(1751176571.885:73): avc:  denied  { open } for  pid=273 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   23.682877][  T283] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.689986][  T283] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.697516][  T283] device bridge_slave_0 entered promiscuous mode
[   23.704279][  T281] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.711322][  T281] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.718766][  T281] device bridge_slave_0 entered promiscuous mode
[   23.731946][  T284] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.739208][  T284] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.746730][  T284] device bridge_slave_0 entered promiscuous mode
[   23.753515][  T283] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.760564][  T283] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.768142][  T283] device bridge_slave_1 entered promiscuous mode
[   23.774727][  T281] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.781765][  T281] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.789168][  T281] device bridge_slave_1 entered promiscuous mode
[   23.803309][  T285] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.810373][  T285] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.817833][  T285] device bridge_slave_0 entered promiscuous mode
[   23.824567][  T284] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.831610][  T284] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.839077][  T284] device bridge_slave_1 entered promiscuous mode
[   23.855941][  T285] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.863009][  T285] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.870491][  T285] device bridge_slave_1 entered promiscuous mode
[   23.951242][  T282] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.958359][  T282] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.965905][  T282] device bridge_slave_0 entered promiscuous mode
[   23.982084][  T282] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.989180][  T282] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.996713][  T282] device bridge_slave_1 entered promiscuous mode
[   24.102804][  T281] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.109896][  T281] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.117221][  T281] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.124266][  T281] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.171342][  T284] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.178431][  T284] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.185735][  T284] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.192765][  T284] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.222115][  T285] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.229449][  T285] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.236766][  T285] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.243825][  T285] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.259369][  T282] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.266465][  T282] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.273746][  T282] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.280772][  T282] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.291690][  T283] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.298924][  T283] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.306212][  T283] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.313280][  T283] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.326338][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   24.334216][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.341491][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.348906][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.356622][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.363958][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.371161][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.378424][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.385632][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.392783][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.400159][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.427830][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   24.436269][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.443352][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.451148][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   24.459622][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.466717][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.474203][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   24.481649][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   24.489224][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   24.497500][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.504568][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.512034][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   24.520374][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.527436][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.534918][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   24.542880][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   24.566487][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   24.584054][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   24.607422][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   24.615377][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   24.623046][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   24.631417][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.638475][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.646283][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   24.654693][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.661727][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.669175][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   24.677413][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.684454][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.695387][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   24.703944][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   24.712083][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.719131][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.737133][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   24.745712][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   24.756701][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   24.765224][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   24.773905][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   24.781840][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   24.790776][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   24.798517][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   24.812797][  T284] device veth0_vlan entered promiscuous mode
[   24.819472][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   24.827839][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   24.836075][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   24.843748][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   24.853323][  T281] device veth0_vlan entered promiscuous mode
[   24.877948][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   24.886402][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   24.894642][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   24.902666][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   24.911752][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   24.920088][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.927134][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[   24.934750][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   24.943390][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   24.951565][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.958624][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   24.966316][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   24.974524][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   24.982423][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   24.990562][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   24.998631][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   25.006903][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   25.015026][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   25.030877][  T285] device veth0_vlan entered promiscuous mode
[   25.042993][  T281] device veth1_macvtap entered promiscuous mode
[   25.050058][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   25.057959][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   25.065839][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   25.074194][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   25.082166][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   25.090500][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   25.098726][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   25.107043][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   25.115546][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   25.123688][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   25.131775][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   25.140055][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   25.148324][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   25.156887][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   25.165332][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   25.172948][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   25.181216][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   25.197301][  T284] device veth1_macvtap entered promiscuous mode
[   25.204847][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   25.212474][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   25.221036][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   25.229652][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   25.237960][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   25.249107][  T282] device veth0_vlan entered promiscuous mode
[   25.258673][  T285] device veth1_macvtap entered promiscuous mode
[   25.268684][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   25.276895][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   25.285554][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   25.294072][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   25.301539][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   25.314128][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   25.322698][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   25.345665][  T283] device veth0_vlan entered promiscuous mode
[   25.355733][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   25.364497][  T281] request_module fs-gadgetfs succeeded, but still no fs?
[   25.364700][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   25.381026][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   25.389438][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   25.397922][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   25.406480][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   25.414923][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   25.423364][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   25.431665][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   25.439686][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   25.447909][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   25.455554][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   25.469218][  T282] device veth1_macvtap entered promiscuous mode
[   25.485896][  T302] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   25.495858][  T302] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   25.504597][  T302] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   25.518570][  T283] device veth1_macvtap entered promiscuous mode
[   25.541886][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   25.559299][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   25.568827][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   25.577414][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   25.648244][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   25.656872][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   25.665320][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   25.833706][  T309] device syzkaller0 entered promiscuous mode
[   27.024923][   T30] kauditd_printk_skb: 36 callbacks suppressed
[   27.024938][   T30] audit: type=1400 audit(1751176576.865:110): avc:  denied  { prog_run } for  pid=328 comm="syz.0.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   27.066798][   T30] audit: type=1326 audit(1751176576.895:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=331 comm="syz.1.6" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7745376929 code=0x7ffc0000
[   27.092122][   T30] audit: type=1326 audit(1751176576.895:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=331 comm="syz.1.6" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7745376929 code=0x7ffc0000
[   27.118486][   T30] audit: type=1326 audit(1751176576.895:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=331 comm="syz.1.6" exe="/root/syz-executor" sig=0 arch=c000003e syscall=89 compat=0 ip=0x7f7745376929 code=0x7ffc0000
[   27.152151][   T30] audit: type=1326 audit(1751176576.895:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=331 comm="syz.1.6" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7745376929 code=0x7ffc0000
[   27.188177][   T30] audit: type=1326 audit(1751176576.895:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=331 comm="syz.1.6" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7745376929 code=0x7ffc0000
[   27.217770][   T30] audit: type=1400 audit(1751176576.985:116): avc:  denied  { unmount } for  pid=282 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[   27.353864][  T348] loop4: detected capacity change from 0 to 16
[   27.425384][  T348] erofs: (device loop4): mounted with root inode @ nid 36.
[   28.046596][  T348] serio: Serial port pts0
[   28.054922][   T30] audit: type=1400 audit(1751176577.415:117): avc:  denied  { mount } for  pid=337 comm="syz.4.9" name="/" dev="loop4" ino=36 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   28.773435][   T30] audit: type=1400 audit(1751176577.515:118): avc:  denied  { create } for  pid=337 comm="syz.4.9" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   28.883352][   T30] audit: type=1400 audit(1751176577.535:119): avc:  denied  { connect } for  pid=337 comm="syz.4.9" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   29.031721][  T338] loop3: detected capacity change from 0 to 40427
[   29.090180][  T338] F2FS-fs (loop3): invalid crc value
[   29.121830][  T366] netlink: 4 bytes leftover after parsing attributes in process `syz.1.14'.
[   29.135140][  T338] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109)
[   29.280028][  T338] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   29.425163][  T376] device syzkaller0 entered promiscuous mode
[   29.921621][  T404] bridge0: port 3(syz_tun) entered blocking state
[   29.928177][  T404] bridge0: port 3(syz_tun) entered disabled state
[   29.937397][  T404] device syz_tun entered promiscuous mode
[   29.943704][  T404] bridge0: port 3(syz_tun) entered blocking state
[   29.950149][  T404] bridge0: port 3(syz_tun) entered forwarding state
[   30.132255][  T409] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   30.507090][  T416] tipc: Started in network mode
[   30.512189][  T416] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711
[   30.521429][  T416] tipc: Enabled bearer <udp:s>, priority 10
[   30.669127][  T416] loop1: detected capacity change from 0 to 40427
[   30.713855][  T416] F2FS-fs (loop1): Unrecognized mount option "0xffffffffffffffff" or missing value
[   31.116069][  T428] process 'syz.0.35' launched '/dev/fd/3' with NULL argv: empty string added
[   31.303568][  T438] netlink: 4 bytes leftover after parsing attributes in process `syz.0.36'.
[   31.334416][  T438] netlink: 12 bytes leftover after parsing attributes in process `syz.0.36'.
[   31.411677][  T422] loop3: detected capacity change from 0 to 40427
[   31.495281][  T451] loop2: detected capacity change from 0 to 256
[   31.748258][  T456] loop4: detected capacity change from 0 to 512
[   31.755245][   T26] tipc: Node number set to 4269801488
[   31.815904][  T456] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   31.829164][  T456] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   31.966826][  T451] FAT-fs (loop2): Directory bread(block 64) failed
[   32.055327][  T456] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2825: Unable to expand inode 15. Delete some EAs or run e2fsck.
[   32.069495][  T456] EXT4-fs (loop4): 1 truncate cleaned up
[   32.075291][  T456] EXT4-fs (loop4): mounted filesystem without journal. Opts: nogrpid,min_batch_time=0x0000000000000004,debug_want_extra_isize=0x0000000000000068,nombcache,noinit_itable,quota,,errors=continue. Quota mode: writeback.
[   32.115189][   T30] kauditd_printk_skb: 83 callbacks suppressed
[   32.115212][   T30] audit: type=1400 audit(1751176581.895:203): avc:  denied  { write } for  pid=443 comm="syz.4.42" name="/" dev="loop4" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   32.227199][  T422] F2FS-fs (loop3): Found nat_bits in checkpoint
[   32.251470][  T451] FAT-fs (loop2): Directory bread(block 65) failed
[   32.441396][  T451] FAT-fs (loop2): Directory bread(block 66) failed
[   32.466280][  T451] FAT-fs (loop2): Directory bread(block 67) failed
[   32.493371][   T30] audit: type=1400 audit(1751176581.905:204): avc:  denied  { add_name } for  pid=443 comm="syz.4.42" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   32.523353][  T451] FAT-fs (loop2): Directory bread(block 68) failed
[   32.560310][  T451] FAT-fs (loop2): Directory bread(block 69) failed
[   32.584614][  T451] FAT-fs (loop2): Directory bread(block 70) failed
[   32.613198][  T422] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   32.642194][   T30] audit: type=1400 audit(1751176581.905:205): avc:  denied  { create } for  pid=443 comm="syz.4.42" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   32.662592][  T451] FAT-fs (loop2): Directory bread(block 71) failed
[   32.676674][   T30] audit: type=1400 audit(1751176581.935:206): avc:  denied  { read write } for  pid=443 comm="syz.4.42" name="file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   32.692861][  T451] FAT-fs (loop2): Directory bread(block 72) failed
[   32.700355][   T30] audit: type=1400 audit(1751176581.935:207): avc:  denied  { open } for  pid=443 comm="syz.4.42" path="/10/file2/file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   32.709952][  T421] attempt to access beyond end of device
[   32.709952][  T421] loop3: rw=10241, want=45104, limit=40427
[   32.728658][   T30] audit: type=1326 audit(1751176582.035:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=459 comm="syz.1.45" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7745376929 code=0x7ffc0000
[   32.763016][  T451] FAT-fs (loop2): Directory bread(block 73) failed
[   32.800992][  T422] attempt to access beyond end of device
[   32.800992][  T422] loop3: rw=2049, want=45104, limit=40427
[   32.837196][   T30] audit: type=1326 audit(1751176582.055:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=459 comm="syz.1.45" exe="/root/syz-executor" sig=0 arch=c000003e syscall=89 compat=0 ip=0x7f7745376929 code=0x7ffc0000
[   32.881704][   T30] audit: type=1326 audit(1751176582.055:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=459 comm="syz.1.45" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7745376929 code=0x7ffc0000
[   32.973582][  T479] tipc: Enabling of bearer <udp:s> rejected, already enabled
[   33.237204][  T481] bridge: RTM_NEWNEIGH with invalid ether address
[   33.256980][   T30] audit: type=1400 audit(1751176582.265:211): avc:  denied  { connect } for  pid=465 comm="syz.1.46" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   33.300188][  T479] loop1: detected capacity change from 0 to 40427
[   33.307034][   T30] audit: type=1326 audit(1751176582.405:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=421 comm="syz.3.33" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe77d3b3290 code=0x7ffc0000
[   33.353727][  T479] F2FS-fs (loop1): Unrecognized mount option "0xffffffffffffffff" or missing value
[   33.462463][  T494] incfs: iterate_incfs_dir / -22
[   33.500759][  T496] loop2: detected capacity change from 0 to 256
[   33.515902][  T496] =======================================================
[   33.515902][  T496] WARNING: The mand mount option has been deprecated and
[   33.515902][  T496]          and is ignored by this kernel. Remove the mand
[   33.515902][  T496]          option from the mount to silence this warning.
[   33.515902][  T496] =======================================================
[   33.519176][  T311] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   33.597773][  T503] loop1: detected capacity change from 0 to 2048
[   33.610726][  T496] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   33.621965][  T496] exFAT-fs (loop2): Medium has reported failures. Some data may be lost.
[   33.632241][  T496] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[   33.722829][  T503] EXT4-fs (loop1): mounted filesystem without journal. Opts: nodioread_nolock,min_batch_time=0x0000000000000000,barrier=0x0000000000000040,nodelalloc,,errors=continue. Quota mode: none.
[   33.800543][  T511] loop0: detected capacity change from 0 to 256
[   34.585904][  T516] netlink: 'syz.1.61': attribute type 4 has an invalid length.
[   34.586222][  T311] usb 4-1: Using ep0 maxpacket: 32
[   34.600505][  T516] netlink: 'syz.1.61': attribute type 4 has an invalid length.
[   34.774675][  T516] syz.1.61 (516) used greatest stack depth: 21312 bytes left
[   34.953270][  T311] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   34.973525][  T311] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   34.988970][  T311] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[   34.998291][  T311] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   35.021161][  T522] loop4: detected capacity change from 0 to 2048
[   35.092125][  T311] usb 4-1: config 0 descriptor??
[   35.133781][  T311] hub 4-1:0.0: USB hub found
[   35.142608][  T522] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   35.295660][  T533] netlink: 4 bytes leftover after parsing attributes in process `syz.0.69'.
[   35.309658][  T533] netlink: 12 bytes leftover after parsing attributes in process `syz.0.69'.
[   35.318907][  T302] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   35.327281][  T302] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   35.363224][  T311] hub 4-1:0.0: 1 port detected
[   35.536335][  T542] tipc: Started in network mode
[   35.541599][  T542] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711
[   35.551577][  T542] tipc: Enabled bearer <udp:s>, priority 10
[   35.804272][  T542] loop4: detected capacity change from 0 to 40427
[   35.886728][  T542] F2FS-fs (loop4): Unrecognized mount option "0xffffffffffffffff" or missing value
[   36.325171][   T26] hub 4-1:0.0: activate --> -90
[   36.445553][  T554] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[   36.543144][    T6] tipc: Node number set to 4269801488
[   36.548806][  T554] loop4: detected capacity change from 0 to 256
[   36.920999][  T554] attempt to access beyond end of device
[   36.920999][  T554] loop4: rw=2049, want=260, limit=256
[   37.058894][  T327] usb 4-1: USB disconnect, device number 2
[   37.130734][   T26] hub 4-1:0.0: hub_ext_port_status failed (err = -71)
[   37.428481][  T573] netlink: 'syz.2.80': attribute type 12 has an invalid length.
[   38.198941][  T583] 9pnet: Insufficient options for proto=fd
[   38.205464][  T583] 9pnet: Insufficient options for proto=fd
[   38.524281][  T311] Bluetooth: hci0: command 0x1003 tx timeout
[   38.534671][  T559] Bluetooth: hci0: sending frame failed (-49)
[   38.548374][   T30] kauditd_printk_skb: 55 callbacks suppressed
[   38.548389][   T30] audit: type=1400 audit(1751176588.335:268): avc:  denied  { create } for  pid=596 comm="syz.1.88" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   38.684354][   T30] audit: type=1400 audit(1751176588.475:269): avc:  denied  { unmount } for  pid=282 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   38.860825][   T30] audit: type=1400 audit(1751176588.585:270): avc:  denied  { create } for  pid=596 comm="syz.1.88" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   39.003720][   T30] audit: type=1400 audit(1751176588.595:271): avc:  denied  { bind } for  pid=596 comm="syz.1.88" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   39.050936][  T602] tipc: Started in network mode
[   39.081980][   T30] audit: type=1400 audit(1751176588.605:272): avc:  denied  { connect } for  pid=596 comm="syz.1.88" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   39.120749][  T602] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711
[   39.138302][  T602] tipc: Enabled bearer <udp:s>, priority 10
[   39.147107][   T30] audit: type=1400 audit(1751176588.935:273): avc:  denied  { name_bind } for  pid=604 comm="syz.0.90" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1
[   39.256420][  T608] loop0: detected capacity change from 0 to 1024
[   39.292019][  T608] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   39.304222][   T30] audit: type=1326 audit(1751176589.095:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=609 comm="syz.3.92" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe77d3b4929 code=0x0
[   39.305165][  T608] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869)
[   39.336951][  T608] EXT4-fs (loop0): can't mount with data=, fs mounted w/o journal
[   39.490835][  T616] netlink: 24 bytes leftover after parsing attributes in process `syz.1.94'.
[   39.501711][   T45] attempt to access beyond end of device
[   39.501711][   T45] loop3: rw=2049, want=45112, limit=40427
[   39.545871][  T618] 9pnet: Insufficient options for proto=fd
[   39.552212][  T618] 9pnet: Insufficient options for proto=fd
[   39.568583][   T30] audit: type=1400 audit(1751176589.355:275): avc:  denied  { setopt } for  pid=607 comm="syz.0.91" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   39.703146][   T26] usb 3-1: new full-speed USB device number 2 using dummy_hcd
[   40.083233][   T26] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   40.093589][   T26] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[   40.124774][  T625] loop0: detected capacity change from 0 to 1024
[   40.133223][  T327] tipc: Node number set to 4269801488
[   40.183257][   T26] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[   40.192377][   T26] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[   40.200750][   T26] usb 3-1: SerialNumber: syz
[   40.219852][  T625] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   40.231000][   T30] audit: type=1400 audit(1751176590.015:276): avc:  denied  { mount } for  pid=624 comm="syz.0.97" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   40.243991][   T26] usb 3-1: bad CDC descriptors
[   40.264700][  T632] netlink: 4 bytes leftover after parsing attributes in process `syz.3.98'.
[   40.274866][   T26] usb-storage 3-1:1.0: USB Mass Storage device detected
[   40.301364][  T632] netlink: 12 bytes leftover after parsing attributes in process `syz.3.98'.
[   40.311346][   T26] usb-storage 3-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[   40.485948][   T30] audit: type=1400 audit(1751176590.275:277): avc:  denied  { compute_member } for  pid=638 comm="syz.1.100" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[   40.603174][   T26] Bluetooth: hci0: command 0x1001 tx timeout
[   40.609304][  T559] Bluetooth: hci0: sending frame failed (-49)
[   40.805894][  T645] loop0: detected capacity change from 0 to 1024
[   40.864210][  T645] EXT4-fs (loop0): Ignoring removed orlov option
[   40.870815][  T645] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[   41.043215][  T645] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[   41.684807][  T656] 9pnet: Insufficient options for proto=fd
[   41.691213][  T656] 9pnet: Insufficient options for proto=fd
[   41.789258][  T661] tipc: Enabling of bearer <udp:s> rejected, already enabled
[   42.044575][  T660] syz.0.105[660] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   42.044668][  T660] syz.0.105[660] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   42.103688][  T661] loop1: detected capacity change from 0 to 40427
[   42.172811][  T661] F2FS-fs (loop1): Unrecognized mount option "0xffffffffffffffff" or missing value
[   42.323177][  T311] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   42.505953][  T327] usb 3-1: USB disconnect, device number 2
[   42.615777][  T670] loop1: detected capacity change from 0 to 128
[   42.742754][  T671] overlayfs: overlapping lowerdir path
[   42.979143][   T42] Bluetooth: hci0: command 0x1009 tx timeout
[   43.053383][  T311] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   43.123819][  T670] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   43.135314][  T670] ext4 filesystem being mounted at /24/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   43.466726][  T670] netlink: 32 bytes leftover after parsing attributes in process `syz.1.108'.
[   43.667845][  T311] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   43.683658][   T30] kauditd_printk_skb: 13 callbacks suppressed
[   43.683753][   T30] audit: type=1400 audit(1751176593.085:291): avc:  denied  { create } for  pid=664 comm="syz.1.108" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[   43.926043][  T311] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   43.949415][  T311] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   43.958819][  T670] syz.1.108 (670) used greatest stack depth: 20736 bytes left
[   43.983321][   T30] audit: type=1400 audit(1751176593.135:292): avc:  denied  { connect } for  pid=664 comm="syz.1.108" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[   44.004115][   T30] audit: type=1400 audit(1751176593.145:293): avc:  denied  { write } for  pid=664 comm="syz.1.108" laddr=fe80::14 lport=1 faddr=fe80::3d fport=20004 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[   44.084203][  T311] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   44.176478][  T311] usb 1-1: config 0 descriptor??
[   44.372921][  T684] loop1: detected capacity change from 0 to 512
[   44.433154][   T42] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[   44.516064][  T684] EXT4-fs (loop1): 1 orphan inode deleted
[   44.521893][  T684] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   44.533031][  T684] ext4 filesystem being mounted at /25/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   44.674124][  T311] plantronics 0003:047F:FFFF.0001: ignoring exceeding usage max
[   45.129900][   T30] audit: type=1400 audit(1751176594.495:294): avc:  denied  { write } for  pid=683 comm="syz.1.112" path="socket:[16111]" dev="sockfs" ino=16111 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   45.160983][   T42] usb 4-1: Using ep0 maxpacket: 16
[   45.168805][  T311] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving
[   45.179125][  T311] plantronics 0003:047F:FFFF.0001: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[   45.195389][  T311] usb 1-1: USB disconnect, device number 2
[   45.214911][  T691] fido_id[691]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[   45.283213][   T42] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   45.301613][   T42] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   45.313346][   T42] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[   45.328586][   T42] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[   45.357937][   T42] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   45.376227][   T42] usb 4-1: config 0 descriptor??
[   45.411468][  T699] loop1: detected capacity change from 0 to 128
[   45.468119][  T699] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   45.478855][  T699] ext4 filesystem being mounted at /28/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   45.494050][  T699] fscrypt: Adiantum using implementation "adiantum(xchacha12-simd,aes-aesni,nhpoly1305-generic)"
[   45.505982][   T30] audit: type=1400 audit(1751176595.295:295): avc:  denied  { create } for  pid=698 comm="syz.1.116" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1
[   45.507516][  T699] fscrypt: loop1: 2 inode(s) still busy after removing key with identifier 69b2f6edeee720cce0577937eb8a6751, including ino 13
[   45.670796][  T710] loop1: detected capacity change from 0 to 1024
[   45.754510][  T710] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   45.787176][  T714] syz.0.120[714] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   45.787229][  T714] syz.0.120[714] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   45.904397][   T42] microsoft 0003:045E:07DA.0002: No inputs registered, leaving
[   45.924013][   T42] microsoft 0003:045E:07DA.0002: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0
[   45.935724][   T42] microsoft 0003:045E:07DA.0002: no inputs found
[   45.942106][   T42] microsoft 0003:045E:07DA.0002: could not initialize ff, continuing anyway
[   46.270710][   T42] usb 4-1: USB disconnect, device number 3
[   46.332330][  T716] loop0: detected capacity change from 0 to 40427
[   46.424985][  T716] F2FS-fs (loop0): invalid crc value
[   46.437073][  T716] F2FS-fs (loop0): Found nat_bits in checkpoint
[   46.470547][  T716] F2FS-fs (loop0): Start checkpoint disabled!
[   46.477551][  T716] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[   46.583283][   T30] audit: type=1400 audit(1751176596.365:296): avc:  denied  { ioctl } for  pid=715 comm="syz.0.122" path="/24/file0/file0" dev="loop0" ino=10 ioctlcmd=0xf50d scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   46.943587][  T302] attempt to access beyond end of device
[   46.943587][  T302] loop0: rw=2049, want=45104, limit=40427
[   47.033776][  T735] bridge0: port 3(syz_tun) entered blocking state
[   47.040317][  T735] bridge0: port 3(syz_tun) entered disabled state
[   47.050327][  T735] device syz_tun entered promiscuous mode
[   47.057128][  T735] bridge0: port 3(syz_tun) entered blocking state
[   47.063629][  T735] bridge0: port 3(syz_tun) entered forwarding state
[   47.212345][   T30] audit: type=1326 audit(1751176596.995:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=741 comm="syz.4.130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1312733929 code=0x7ffc0000
[   47.330659][  T743] overlayfs: overlapping lowerdir path
[   47.505013][   T30] audit: type=1326 audit(1751176597.185:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=741 comm="syz.4.130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=89 compat=0 ip=0x7f1312733929 code=0x7ffc0000
[   47.588843][   T30] audit: type=1326 audit(1751176597.185:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=741 comm="syz.4.130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1312733929 code=0x7ffc0000
[   47.623445][   T30] audit: type=1400 audit(1751176597.405:300): avc:  denied  { create } for  pid=744 comm="syz.2.131" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[   47.725493][  T749] tipc: Enabling of bearer <udp:s> rejected, already enabled
[   47.781047][   T45] Bluetooth: hci0: Frame reassembly failed (-84)
[   47.864989][  T749] loop4: detected capacity change from 0 to 40427
[   47.925117][  T749] F2FS-fs (loop4): Unrecognized mount option "0xffffffffffffffff" or missing value
[   48.173259][  T301] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   48.246236][  T777] loop4: detected capacity change from 0 to 512
[   48.285952][  T777] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   48.423668][  T777] EXT4-fs (loop4): 1 truncate cleaned up
[   48.429441][  T777] EXT4-fs (loop4): mounted filesystem without journal. Opts: nogrpid,min_batch_time=0x0000000000000004,debug_want_extra_isize=0x0000000000000068,nombcache,noinit_itable,quota,,errors=continue. Quota mode: writeback.
[   49.015878][  T784] capability: warning: `syz.3.147' uses deprecated v2 capabilities in a way that may be insecure
[   49.149279][  T769] loop1: detected capacity change from 0 to 40427
[   49.168599][  T769] F2FS-fs (loop1): invalid crc value
[   49.179382][  T769] F2FS-fs (loop1): Found nat_bits in checkpoint
[   49.266513][  T790] tipc: Started in network mode
[   49.271440][  T790] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711
[   49.272919][  T769] F2FS-fs (loop1): Start checkpoint disabled!
[   49.281211][  T790] tipc: Enabled bearer <udp:s>, priority 10
[   49.287643][  T769] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[   49.427456][  T769] attempt to access beyond end of device
[   49.427456][  T769] loop1: rw=2049, want=45104, limit=40427
[   49.511122][  T797] overlayfs: overlapping lowerdir path
[   49.615052][  T302] attempt to access beyond end of device
[   49.615052][  T302] loop1: rw=2049, want=40968, limit=40427
[   49.627406][  T302] attempt to access beyond end of device
[   49.627406][  T302] loop1: rw=2049, want=41000, limit=40427
[   49.753125][  T301] usb 1-1: Using ep0 maxpacket: 16
[   49.873271][  T301] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   49.884366][  T301] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   49.895272][  T301] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[   49.908826][  T301] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[   49.918095][  T301] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   49.937407][  T301] usb 1-1: config 0 descriptor??
[   50.213394][  T327] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[   50.243987][  T816] overlayfs: overlapping lowerdir path
[   50.397627][  T823] loop4: detected capacity change from 0 to 512
[   50.404185][    T6] tipc: Node number set to 4269801488
[   50.471316][  T823] EXT4-fs (loop4): 1 orphan inode deleted
[   50.477181][  T823] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   50.488310][  T823] ext4 filesystem being mounted at /26/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   50.504220][  T327] usb 4-1: Using ep0 maxpacket: 32
[   50.511107][  T301] microsoft 0003:045E:07DA.0003: No inputs registered, leaving
[   50.527343][  T301] microsoft 0003:045E:07DA.0003: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0
[   50.539377][  T301] microsoft 0003:045E:07DA.0003: no inputs found
[   50.546181][  T301] microsoft 0003:045E:07DA.0003: could not initialize ff, continuing anyway
[   50.633209][  T327] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   50.644405][  T327] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   50.654573][  T327] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[   50.663904][  T327] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   50.676855][  T327] usb 4-1: config 0 descriptor??
[   50.713480][  T452] usb 1-1: USB disconnect, device number 3
[   50.722164][  T327] hub 4-1:0.0: USB hub found
[   50.943177][  T327] hub 4-1:0.0: 1 port detected
[   51.005271][  T835] loop4: detected capacity change from 0 to 1024
[   51.074515][  T835] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   51.243419][   T30] kauditd_printk_skb: 18 callbacks suppressed
[   51.243800][   T30] audit: type=1400 audit(1751176600.925:319): avc:  denied  { name_bind } for  pid=828 comm="syz.1.164" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[   51.332538][   T30] audit: type=1400 audit(1751176600.925:320): avc:  denied  { node_bind } for  pid=828 comm="syz.1.164" saddr=::ffff:172.20.20.170 src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   51.351948][  T843] loop0: detected capacity change from 0 to 256
[   51.380909][  T843] FAT-fs (loop0): Directory bread(block 64) failed
[   51.395129][  T843] FAT-fs (loop0): Directory bread(block 65) failed
[   51.405136][  T843] FAT-fs (loop0): Directory bread(block 66) failed
[   51.417420][  T843] FAT-fs (loop0): Directory bread(block 67) failed
[   51.424278][  T843] FAT-fs (loop0): Directory bread(block 68) failed
[   51.436730][  T843] FAT-fs (loop0): Directory bread(block 69) failed
[   51.450913][  T843] FAT-fs (loop0): Directory bread(block 70) failed
[   51.458461][  T843] FAT-fs (loop0): Directory bread(block 71) failed
[   51.465161][  T843] FAT-fs (loop0): Directory bread(block 72) failed
[   51.471813][  T843] FAT-fs (loop0): Directory bread(block 73) failed
[   51.638799][  T855] overlayfs: overlapping lowerdir path
[   51.933200][  T327] hub 4-1:0.0: activate --> -90
[   52.000057][  T867] loop1: detected capacity change from 0 to 1024
[   52.011585][  T868] loop2: detected capacity change from 0 to 512
[   52.092194][  T868] EXT4-fs (loop2): 1 orphan inode deleted
[   52.098150][  T868] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   52.109361][  T868] ext4 filesystem being mounted at /41/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   52.165573][  T867] EXT4-fs (loop1): Ignoring removed nobh option
[   52.179094][  T867] EXT4-fs (loop1): Ignoring removed bh option
[   52.193172][  T867] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   52.235334][  T874] loop0: detected capacity change from 0 to 1024
[   52.254886][  T867] EXT4-fs (loop1): mounted filesystem without journal. Opts: noload,noquota,barrier=0x0000000000000002,minixdf,data_err=ignore,resgid=0x0000000000000000,data_err=ignore,journal_dev=0x0000000000000800,nobh,inlinecrypt,bh,dioread_nolock,,errors=continue. Quota mode: none.
[   52.371582][  T867] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3876: comm syz.1.175: Allocating blocks 385-513 which overlap fs metadata
[   52.387848][  T874] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   52.427585][  T882] EXT4-fs (loop1): pa ffff8881119957e0: logic 16, phys. 129, len 24
[   52.435818][  T882] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:4893: group 0, free 0, pa_free 8
[   52.572176][  T452] usb 4-1: USB disconnect, device number 4
[   53.068476][  T898] loop1: detected capacity change from 0 to 16
[   53.125585][  T898] erofs: (device loop1): mounted with root inode @ nid 36.
[   53.166725][  T327] usb 4-1-port1: config error
[   54.053092][    C0] sched: RT throttling activated
[   54.069200][  T918] loop0: detected capacity change from 0 to 1024
[   54.158088][  T918] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   54.471882][  T679] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   54.491256][  T936] serio: Serial port pts0
[   54.659347][  T941] tipc: Enabling of bearer <udp:s> rejected, already enabled
[   54.733121][  T679] usb 3-1: Using ep0 maxpacket: 32
[   54.903160][  T679] usb 3-1: unable to get BOS descriptor or descriptor too short
[   54.983201][  T679] usb 3-1: config index 0 descriptor too short (expected 29108, got 2228)
[   54.991839][  T679] usb 3-1: config 196 has an invalid interface number: 127 but max is 0
[   55.000253][  T679] usb 3-1: config 196 has an invalid descriptor of length 0, skipping remainder of the config
[   55.010581][  T679] usb 3-1: config 196 has no interface number 0
[   55.016889][  T679] usb 3-1: config 196 interface 127 altsetting 14 endpoint 0x5 has an invalid bInterval 217, changing to 11
[   55.028428][  T679] usb 3-1: config 196 interface 127 altsetting 14 endpoint 0x5 has invalid maxpacket 49188, setting to 1024
[   55.039970][  T679] usb 3-1: config 196 interface 127 has no altsetting 0
[   55.253359][  T679] usb 3-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55
[   55.262539][  T679] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   55.270830][  T679] usb 3-1: Product: syz
[   55.275262][  T679] usb 3-1: Manufacturer: syz
[   55.279925][  T679] usb 3-1: SerialNumber: syz
[   55.645095][  T958] serio: Serial port pts0
[   55.816500][  T679] usb 3-1: USB disconnect, device number 3
[   55.853239][  T452] usb 4-1: new full-speed USB device number 5 using dummy_hcd
[   55.897825][  T962] device syzkaller0 entered promiscuous mode
[   56.078237][  T969] serio: Serial port pts1
[   56.260388][  T976] loop0: detected capacity change from 0 to 512
[   56.306548][  T976] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   56.432419][  T976] EXT4-fs (loop0): 1 truncate cleaned up
[   56.438198][  T976] EXT4-fs (loop0): mounted filesystem without journal. Opts: nogrpid,min_batch_time=0x0000000000000004,debug_want_extra_isize=0x0000000000000068,nombcache,noinit_itable,quota,,errors=continue. Quota mode: writeback.
[   57.083525][   T42] usb 3-1: new full-speed USB device number 4 using dummy_hcd
[   57.235554][  T452] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   57.246624][  T452] usb 4-1: config 1 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping
[   57.257509][  T452] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[   57.345383][  T994] tipc: Enabling of bearer <udp:s> rejected, already enabled
[   57.381146][  T452] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[   57.390315][  T452] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[   57.398379][  T452] usb 4-1: SerialNumber: syz
[   57.653296][   T42] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[   57.674202][  T452] usb 4-1: bad CDC descriptors
[   57.679229][  T452] usb-storage 4-1:1.0: USB Mass Storage device detected
[   57.720171][  T452] usb-storage 4-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[   57.883354][   T42] usb 3-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f
[   57.892593][   T42] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   57.900668][   T42] usb 3-1: Product: syz
[   57.910197][   T42] usb 3-1: Manufacturer: syz
[   57.914892][   T42] usb 3-1: SerialNumber: syz
[   57.922380][   T42] usb 3-1: config 0 descriptor??
[   57.963705][   T42] hub 3-1:0.0: bad descriptor, ignoring hub
[   57.971506][   T42] hub: probe of 3-1:0.0 failed with error -5
[   57.978747][   T42] snd-usb-audio: probe of 3-1:0.0 failed with error -2
[   57.994951][ T1012] serio: Serial port pts0
[   58.822379][ T1023] loop0: detected capacity change from 0 to 16
[   58.828988][   T30] audit: type=1400 audit(1751176608.315:321): avc:  denied  { create } for  pid=980 comm="syz.2.211" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   58.860775][   T30] audit: type=1400 audit(1751176608.335:322): avc:  denied  { setopt } for  pid=980 comm="syz.2.211" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   58.936299][ T1023] erofs: (device loop0): mounted with root inode @ nid 36.
[   59.087772][ T1023] serio: Serial port pts0
[   59.429520][   T26] usb 4-1: USB disconnect, device number 5
[   59.850603][ T1033] tipc: Enabling of bearer <udp:s> rejected, already enabled
[   59.895762][   T30] audit: type=1400 audit(1751176609.685:323): avc:  denied  { nlmsg_read } for  pid=1044 comm="syz.0.232" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   60.039781][   T58] usb 3-1: USB disconnect, device number 4
[   60.069696][   T30] audit: type=1326 audit(1751176609.855:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1061 comm="syz.1.238" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7745376929 code=0x7ffc0000
[   60.093871][   T30] audit: type=1326 audit(1751176609.855:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1061 comm="syz.1.238" exe="/root/syz-executor" sig=0 arch=c000003e syscall=89 compat=0 ip=0x7f7745376929 code=0x7ffc0000
[   60.162383][   T30] audit: type=1326 audit(1751176609.855:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1061 comm="syz.1.238" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7745376929 code=0x7ffc0000
[   60.360448][ T1069] loop4: detected capacity change from 0 to 2048
[   60.369564][   T26] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[   60.484579][ T1069] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   60.557978][ T1078] loop1: detected capacity change from 0 to 16
[   60.587077][ T1078] erofs: (device loop1): mounted with root inode @ nid 36.
[   60.643202][   T26] usb 4-1: Using ep0 maxpacket: 32
[   60.789001][ T1078] serio: Serial port pts0
[   60.943288][   T26] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   61.031922][   T26] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   61.043115][   T26] usb 4-1: New USB device found, idVendor=0925, idProduct=8866, bcdDevice= 0.00
[   61.052301][   T26] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   61.063822][   T26] usb 4-1: config 0 descriptor??
[   61.290961][ T1083] loop0: detected capacity change from 0 to 1024
[   61.338127][ T1083] EXT4-fs (loop0): Ignoring removed orlov option
[   61.344843][ T1083] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[   61.505287][ T1083] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[   61.934214][   T26] smartjoyplus 0003:0925:8866.0004: unknown main item tag 0x2
[   61.943416][ T1088] netlink: 'syz.1.245': attribute type 24 has an invalid length.
[   61.951168][ T1088] netlink: 32 bytes leftover after parsing attributes in process `syz.1.245'.
[   61.980460][   T26] smartjoyplus 0003:0925:8866.0004: hidraw0: USB HID v0.00 Device [HID 0925:8866] on usb-dummy_hcd.3-1/input0
[   62.006115][   T26] smartjoyplus 0003:0925:8866.0004: no output reports found
[   62.410349][ T1098] netlink: 8 bytes leftover after parsing attributes in process `syz.1.248'.
[   62.873376][  T452] usb 4-1: USB disconnect, device number 6
[   62.920677][   T30] audit: type=1400 audit(1751176612.705:327): avc:  denied  { name_bind } for  pid=1101 comm="syz.4.243" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[   62.949450][ T1098] syz.1.248 (1098) used greatest stack depth: 20472 bytes left
[   63.014504][ T1104] loop1: detected capacity change from 0 to 512
[   63.146936][   T30] audit: type=1400 audit(1751176612.925:328): avc:  denied  { setopt } for  pid=1101 comm="syz.4.243" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   63.277102][ T1104] EXT4-fs (loop1): 1 orphan inode deleted
[   63.319444][ T1104] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   63.539590][ T1104] ext4 filesystem being mounted at /67/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   63.856888][ T1116] loop0: detected capacity change from 0 to 512
[   63.905324][ T1116] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   64.064154][ T1116] EXT4-fs (loop0): 1 truncate cleaned up
[   64.069864][ T1116] EXT4-fs (loop0): mounted filesystem without journal. Opts: noload,discard,journal_ioprio=0x0000000000000003,errors=remount-ro,lazytime,minixdf,noquota,usrjquota=,. Quota mode: none.
[   64.810890][ T1136] serio: Serial port pts0
[   65.455279][   T30] audit: type=1400 audit(1751176615.245:329): avc:  denied  { connect } for  pid=1115 comm="syz.0.253" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   65.923417][ T1086] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 256: padding at end of block bitmap is not set
[   65.946642][ T1086] EXT4-fs (loop0): Remounting filesystem read-only
[   66.533189][   T30] audit: type=1404 audit(1751176616.315:330): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295 enabled=1 old-enabled=1 lsm=selinux res=1
[   66.602211][   T30] audit: type=1400 audit(1751176616.345:331): avc:  denied  { unmount } for  pid=285 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=0
[   66.920316][ T1168] binder_alloc: 1166: binder_alloc_buf, no vma
[   66.924050][   T30] audit: type=1404 audit(1751176616.355:332): enforcing=0 old_enforcing=1 auid=4294967295 ses=4294967295 enabled=1 old-enabled=1 lsm=selinux res=1
[   66.933272][ T1167] binder: 1166:1167 ioctl c0306201 200000000300 returned -14
[   66.949463][   T30] audit: type=1400 audit(1751176616.355:333): avc:  denied  { map_create } for  pid=1159 comm="syz.1.266" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   66.950179][  T285] bridge0: port 3(syz_tun) entered disabled state
[   66.973786][   T30] audit: type=1400 audit(1751176616.365:334): avc:  denied  { unmount } for  pid=281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[   66.996598][  T285] device syz_tun left promiscuous mode
[   67.011399][  T285] bridge0: port 3(syz_tun) entered disabled state
[   67.043337][   T30] audit: type=1400 audit(1751176616.365:335): avc:  denied  { read write } for  pid=281 comm="syz-executor" name="loop3" dev="devtmpfs" ino=119 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   67.070084][   T30] audit: type=1400 audit(1751176616.365:336): avc:  denied  { open } for  pid=281 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=119 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   67.095437][   T30] audit: type=1400 audit(1751176616.365:337): avc:  denied  { ioctl } for  pid=281 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=119 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   67.122300][   T30] audit: type=1326 audit(1751176616.375:338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1163 comm="syz.3.267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe77d3b4929 code=0x7ffc0000
[   67.145666][  T448] tipc: Disabling bearer <udp:s>
[   67.152614][  T448] tipc: Left network mode
[   67.350198][ T1181] tipc: Enabling of bearer <udp:s> rejected, already enabled
[   67.476673][ T1180] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.582003][ T1180] bridge0: port 1(bridge_slave_0) entered disabled state
[   67.656259][ T1180] device bridge_slave_0 entered promiscuous mode
[   67.735733][ T1180] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.773776][ T1180] bridge0: port 2(bridge_slave_1) entered disabled state
[   67.781491][ T1180] device bridge_slave_1 entered promiscuous mode
[   67.947878][ T1180] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.954980][ T1180] bridge0: port 2(bridge_slave_1) entered forwarding state
[   67.962297][ T1180] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.969369][ T1180] bridge0: port 1(bridge_slave_0) entered forwarding state
[   68.014534][  T448] device bridge_slave_1 left promiscuous mode
[   68.020728][  T448] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.031588][  T448] device bridge_slave_0 left promiscuous mode
[   68.039936][  T448] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.052638][  T448] device veth1_macvtap left promiscuous mode
[   68.061908][  T448] device veth0_vlan left promiscuous mode
[   68.574759][ T1200] loop1: detected capacity change from 0 to 2048
[   68.606522][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.625547][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.674611][ T1200] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   68.686396][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   68.695949][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   68.713725][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   68.733899][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   68.744385][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.751451][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   68.760244][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   68.768880][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   68.778668][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.785761][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   69.122117][  T302] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   69.214306][  T302] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   69.694059][  T302] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   69.702786][ T1225] loop0: detected capacity change from 0 to 16
[   69.709924][  T302] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   69.736621][ T1225] erofs: (device loop0): erofs_read_inode: unsupported chunk format 7fff of nid 36
[   69.762365][  T302] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   69.773872][  T302] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   69.795611][ T1180] device veth0_vlan entered promiscuous mode
[   69.832069][  T302] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   69.845426][  T302] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   69.922204][ T1180] device veth1_macvtap entered promiscuous mode
[   70.016450][  T302] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   70.024535][  T302] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   70.032451][  T302] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   70.042061][  T302] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   70.051147][  T302] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   70.067072][  T302] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   70.476779][  T302] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   70.485510][  T302] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   70.495203][  T302] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   70.503979][ T1234] bridge0: port 3(syz_tun) entered blocking state
[   70.510449][ T1234] bridge0: port 3(syz_tun) entered disabled state
[   70.517709][ T1234] device syz_tun entered promiscuous mode
[   70.523667][ T1234] bridge0: port 3(syz_tun) entered blocking state
[   70.530107][ T1234] bridge0: port 3(syz_tun) entered forwarding state
[   70.621431][   T30] kauditd_printk_skb: 61 callbacks suppressed
[   70.621445][   T30] audit: type=1400 audit(1751176620.405:400): avc:  denied  { mounton } for  pid=1180 comm="syz-executor" path="/root/syzkaller.PBIh1q/syz-tmp" dev="sda1" ino=2047 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   70.623895][ T1239] loop2: detected capacity change from 0 to 2048
[   70.632620][   T30] audit: type=1400 audit(1751176620.415:401): avc:  denied  { mount } for  pid=1180 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[   71.026557][   T30] audit: type=1400 audit(1751176620.415:402): avc:  denied  { mount } for  pid=1180 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[   71.058118][   T30] audit: type=1400 audit(1751176620.415:403): avc:  denied  { mounton } for  pid=1180 comm="syz-executor" path="/root/syzkaller.PBIh1q/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[   71.070721][ T1239] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   71.105431][   T30] audit: type=1400 audit(1751176620.415:404): avc:  denied  { mounton } for  pid=1180 comm="syz-executor" path="/root/syzkaller.PBIh1q/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=19151 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[   71.140413][   T30] audit: type=1400 audit(1751176620.455:405): avc:  denied  { name_bind } for  pid=1242 comm="syz.0.293" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[   71.169644][   T30] audit: type=1400 audit(1751176620.455:406): avc:  denied  { node_bind } for  pid=1242 comm="syz.0.293" saddr=127.0.0.1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   71.192097][   T30] audit: type=1400 audit(1751176620.465:407): avc:  denied  { mounton } for  pid=1180 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=556 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   71.217892][   T30] audit: type=1400 audit(1751176620.475:408): avc:  denied  { mounton } for  pid=1180 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[   75.034328][   T30] audit: type=1400 audit(1751176624.745:409): avc:  denied  { read } for  pid=1298 comm="syz.0.309" name="ashmem" dev="devtmpfs" ino=265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   75.355107][ T1314] loop5: detected capacity change from 0 to 512
[   76.317705][   T30] kauditd_printk_skb: 3 callbacks suppressed
[   76.317731][   T30] audit: type=1400 audit(1751176626.105:413): avc:  denied  { ioctl } for  pid=1312 comm="syz.5.313" path="socket:[19220]" dev="sockfs" ino=19220 ioctlcmd=0x8916 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   76.741241][ T1326] loop0: detected capacity change from 0 to 256
[   76.791602][   T30] audit: type=1400 audit(1751176626.105:414): avc:  denied  { write } for  pid=1312 comm="syz.5.313" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   76.847074][ T1326] exFAT-fs (loop0): failed to load upcase table (idx : 0x00011bf5, chksum : 0xcea91b8a, utbl_chksum : 0xe619d30d)
[   76.908080][ T1326] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186)
[   76.919400][   T30] audit: type=1326 audit(1751176626.705:415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1336 comm="syz.1.321" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7745376929 code=0x7ffc0000
[   76.974464][   T30] audit: type=1326 audit(1751176626.705:416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1336 comm="syz.1.321" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7745376929 code=0x7ffc0000
[   77.105536][   T30] audit: type=1326 audit(1751176626.735:417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1336 comm="syz.1.321" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7745376929 code=0x7ffc0000
[   77.130587][   T30] audit: type=1326 audit(1751176626.735:418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1336 comm="syz.1.321" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7745376929 code=0x7ffc0000
[   77.154135][   T30] audit: type=1326 audit(1751176626.735:419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1336 comm="syz.1.321" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7745376929 code=0x7ffc0000
[   77.177919][   T30] audit: type=1326 audit(1751176626.735:420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1336 comm="syz.1.321" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7745376929 code=0x7ffc0000
[   77.202702][   T30] audit: type=1400 audit(1751176626.735:421): avc:  denied  { write } for  pid=1325 comm="syz.0.316" name="/" dev="loop0" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   77.224490][   T30] audit: type=1400 audit(1751176626.735:422): avc:  denied  { remove_name } for  pid=1325 comm="syz.0.316" name="file1" dev="loop0" ino=1048601 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   78.727770][ T1357] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[   78.745952][ T1357] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[   78.774420][ T1366] bridge: RTM_NEWNEIGH with invalid ether address
[   79.640962][ T1373] loop5: detected capacity change from 0 to 131072
[   79.659385][ T1373] F2FS-fs (loop5): Invalid log_blocksize (32), supports only 12
[   79.688146][ T1373] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[   79.749072][ T1388] loop0: detected capacity change from 0 to 40427
[   79.756544][ T1373] F2FS-fs (loop5): Found nat_bits in checkpoint
[   79.777453][ T1388] F2FS-fs (loop0): invalid crc value
[   79.818284][ T1373] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[   79.825585][ T1373] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[   79.860425][ T1388] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109)
[   79.896647][ T1388] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   81.332938][ T1418] loop1: detected capacity change from 0 to 2048
[   81.361883][  T282] attempt to access beyond end of device
[   81.361883][  T282] loop0: rw=2049, want=45104, limit=40427
[   81.410947][ T1418] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   81.561356][ T1423] bridge: RTM_NEWNEIGH with invalid ether address
[   81.914241][ T1429] loop0: detected capacity change from 0 to 128
[   84.136008][ T1429] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   84.147055][ T1429] ext4 filesystem being mounted at /72/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   84.183281][   T30] kauditd_printk_skb: 28 callbacks suppressed
[   84.183306][   T30] audit: type=1400 audit(1751176633.965:451): avc:  denied  { create } for  pid=1424 comm="syz.0.347" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[   84.430367][ T1438] loop1: detected capacity change from 0 to 2048
[   84.446200][   T30] audit: type=1400 audit(1751176633.965:452): avc:  denied  { write } for  pid=1424 comm="syz.0.347" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[   84.514013][ T1438]  loop1: p1 < > p3
[   84.553038][ T1438] loop1: p3 size 134217728 extends beyond EOD, truncated
[   84.714762][  T101]  loop1: p1 < > p3
[   84.719628][  T101] loop1: p3 size 134217728 extends beyond EOD, truncated
[   84.756240][  T304] udevd[304]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory
[   84.797545][  T332] udevd[332]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory
[   84.818159][ T1438] kvm: emulating exchange as write
[   84.883044][  T304] udevd[304]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory
[   84.883346][  T332] udevd[332]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory
[   85.006916][   T30] audit: type=1400 audit(1751176634.795:453): avc:  denied  { create } for  pid=1452 comm="syz.1.355" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   85.007387][ T1456] netlink: 24 bytes leftover after parsing attributes in process `syz.1.355'.
[   85.039492][   T30] audit: type=1400 audit(1751176634.795:454): avc:  denied  { write } for  pid=1452 comm="syz.1.355" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   85.102448][ T1458] bridge: RTM_NEWNEIGH with invalid ether address
[   85.117634][ T1460] loop2: detected capacity change from 0 to 2048
[   85.145907][ T1463] loop1: detected capacity change from 0 to 256
[   85.165217][ T1460] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   85.222987][ T1463] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x89cb6648, utbl_chksum : 0xe619d30d)
[   85.255265][   T30] audit: type=1400 audit(1751176635.045:455): avc:  denied  { create } for  pid=1462 comm="syz.1.358" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[   85.275334][   T30] audit: type=1400 audit(1751176635.045:456): avc:  denied  { associate } for  pid=1462 comm="syz.1.358" name="bus" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[   85.297825][   T30] audit: type=1400 audit(1751176635.055:457): avc:  denied  { rename } for  pid=1462 comm="syz.1.358" name="bus" dev="loop1" ino=1048603 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   85.320340][   T30] audit: type=1400 audit(1751176635.055:458): avc:  denied  { rmdir } for  pid=1462 comm="syz.1.358" name="file0" dev="loop1" ino=1048604 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   85.469173][ T1476] netlink: 4 bytes leftover after parsing attributes in process `syz.1.360'.
[   85.487725][ T1473] netlink: 12 bytes leftover after parsing attributes in process `syz.1.360'.
[   85.760741][ T1480] overlayfs: overlapping lowerdir path
[   85.944353][   T30] audit: type=1400 audit(1751176635.725:459): avc:  denied  { write } for  pid=1478 comm="syz.3.362" path="socket:[20514]" dev="sockfs" ino=20514 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   86.475325][ T1498] netlink: 24 bytes leftover after parsing attributes in process `syz.0.368'.
[   87.074134][ T1507] loop0: detected capacity change from 0 to 2048
[   87.759014][ T1507] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   87.849024][ T1533] loop2: detected capacity change from 0 to 512
[   88.693425][ T1539] overlayfs: overlapping lowerdir path
[   88.771084][   T30] audit: type=1400 audit(1751176638.505:460): avc:  denied  { mount } for  pid=1537 comm="syz.0.380" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[   88.791120][ T1545] loop5: detected capacity change from 0 to 16
[   88.801780][ T1545] erofs: (device loop5): erofs_read_inode: unsupported chunk format 7fff of nid 36
[   88.816240][ T1533] EXT4-fs (loop2): 1 orphan inode deleted
[   88.877517][ T1533] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   88.912330][ T1533] ext4 filesystem being mounted at /78/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   89.928845][ T1567] loop1: detected capacity change from 0 to 2048
[   90.007194][ T1567] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   90.161746][ T1553] loop0: detected capacity change from 0 to 40427
[   90.245531][ T1553] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[   90.283703][ T1553] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[   90.619424][ T1589] overlayfs: overlapping lowerdir path
[   90.878866][ T1553] F2FS-fs (loop0): Found nat_bits in checkpoint
[   91.095076][ T1553] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[   91.102183][ T1553] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   91.284162][ T1553] attempt to access beyond end of device
[   91.284162][ T1553] loop0: rw=34817, want=79912, limit=40427
[   91.427684][   T30] kauditd_printk_skb: 2 callbacks suppressed
[   91.427700][   T30] audit: type=1400 audit(1751176641.215:463): avc:  denied  { write } for  pid=1600 comm="syz.1.396" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   91.723189][   T42] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   91.781514][ T1609] loop0: detected capacity change from 0 to 16
[   91.825968][ T1609] erofs: (device loop0): mounted with root inode @ nid 36.
[   91.904037][   T30] audit: type=1400 audit(1751176641.635:464): avc:  denied  { connect } for  pid=1603 comm="syz.0.397" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   92.303379][   T42] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[   92.711739][   T30] audit: type=1326 audit(1751176642.495:465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1620 comm="syz.2.401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd05165c929 code=0x7ffc0000
[   92.763519][   T42] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   92.764129][   T30] audit: type=1326 audit(1751176642.525:466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1620 comm="syz.2.401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=225 compat=0 ip=0x7fd05165c929 code=0x7ffc0000
[   92.866815][   T42] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   92.876994][   T30] audit: type=1326 audit(1751176642.525:467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1620 comm="syz.2.401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd05165c929 code=0x7ffc0000
[   93.925471][ T1627] loop2: detected capacity change from 0 to 512
[   94.138343][   T42] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[   94.205669][ T1627] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   94.346738][   T42] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[   94.560469][ T1627] EXT4-fs (loop2): 1 truncate cleaned up
[   94.566366][ T1627] EXT4-fs (loop2): mounted filesystem without journal. Opts: nogrpid,min_batch_time=0x0000000000000004,debug_want_extra_isize=0x0000000000000068,nombcache,noinit_itable,quota,,errors=continue. Quota mode: writeback.
[   94.885744][ T1637] loop5: detected capacity change from 0 to 128
[   95.054418][   T42] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[   95.059918][   T30] audit: type=1400 audit(1751176644.385:468): avc:  denied  { read write } for  pid=1624 comm="syz.2.403" name="file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   95.063157][   T42] usb 2-1: Manufacturer: syz
[   95.960929][ T1637] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   95.972116][ T1637] ext4 filesystem being mounted at /18/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   96.056697][   T42] usb 2-1: config 0 descriptor??
[   96.069722][   T30] audit: type=1400 audit(1751176644.385:469): avc:  denied  { open } for  pid=1624 comm="syz.2.403" path="/83/file2/file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   96.104100][ T1636] netlink: 32 bytes leftover after parsing attributes in process `syz.5.404'.
[   96.116387][   T42] usb 2-1: can't set config #0, error -71
[   96.189892][   T42] usb 2-1: USB disconnect, device number 2
[   96.192511][   T30] audit: type=1400 audit(1751176645.895:470): avc:  denied  { connect } for  pid=1630 comm="syz.5.404" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[   96.322015][   T30] audit: type=1326 audit(1751176646.105:471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1655 comm="syz.2.408" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd05165c929 code=0x0
[   96.359009][   T30] audit: type=1400 audit(1751176646.145:472): avc:  denied  { setopt } for  pid=1657 comm="syz.1.412" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   96.823110][   T42] usb 2-1: new full-speed USB device number 3 using dummy_hcd
[   97.353722][   T42] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[   98.068632][   T42] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   98.078691][   T42] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   98.163160][   T42] usb 2-1: New USB device found, idVendor=1b96, idProduct=0009, bcdDevice= 0.00
[   98.186269][ T1683] loop2: detected capacity change from 0 to 40427
[   98.203993][   T42] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   98.303648][ T1683] F2FS-fs (loop2): invalid crc value
[   98.321568][   T42] usb 2-1: config 0 descriptor??
[   98.350564][ T1683] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109)
[   98.566197][ T1683] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   98.687883][ T1700] netlink: 32 bytes leftover after parsing attributes in process `syz.3.421'.
[  100.533245][   T42] usbhid 2-1:0.0: can't add hid device: -71
[  100.539237][   T42] usbhid: probe of 2-1:0.0 failed with error -71
[  100.574162][   T30] kauditd_printk_skb: 3 callbacks suppressed
[  100.574180][   T30] audit: type=1400 audit(1751176650.365:476): avc:  denied  { compute_member } for  pid=1712 comm="syz.3.427" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  100.645418][   T42] usb 2-1: USB disconnect, device number 3
[  100.661375][ T1720] loop5: detected capacity change from 0 to 1024
[  100.682204][ T1721] loop0: detected capacity change from 0 to 2048
[  100.697587][ T1720] EXT4-fs (loop5): Ignoring removed orlov option
[  100.724231][ T1720] EXT4-fs (loop5): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback.
[  100.758440][   T30] audit: type=1400 audit(1751176650.545:477): avc:  denied  { setattr } for  pid=1728 comm="syz.2.434" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  100.818726][ T1721] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  100.874128][   T30] audit: type=1400 audit(1751176650.665:478): avc:  denied  { create } for  pid=1719 comm="syz.5.432" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  100.945920][ T1742] loop1: detected capacity change from 0 to 256
[  100.990493][ T1742] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x89cb6648, utbl_chksum : 0xe619d30d)
[  101.070085][ T1751] loop2: detected capacity change from 0 to 256
[  101.456246][ T1756] loop0: detected capacity change from 0 to 128
[  101.469486][   T30] audit: type=1400 audit(1751176651.005:479): avc:  denied  { write } for  pid=1741 comm="syz.1.439" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  101.651883][ T1756] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  101.663165][ T1756] ext4 filesystem being mounted at /89/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  101.696225][ T1756] netlink: 32 bytes leftover after parsing attributes in process `syz.0.438'.
[  101.916908][ T1751] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x89cb6648, utbl_chksum : 0xe619d30d)
[  102.189422][ T1738] syz.5.432 (1738) used greatest stack depth: 19760 bytes left
[  102.353044][   T30] audit: type=1400 audit(1751176652.135:480): avc:  denied  { bind } for  pid=1765 comm="syz.0.446" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  102.372803][ T1758] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  102.385110][   T30] audit: type=1400 audit(1751176652.175:481): avc:  denied  { read write } for  pid=1769 comm="syz.5.447" name="vhost-vsock" dev="devtmpfs" ino=264 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  102.416912][   T30] audit: type=1400 audit(1751176652.205:482): avc:  denied  { open } for  pid=1769 comm="syz.5.447" path="/dev/vhost-vsock" dev="devtmpfs" ino=264 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  102.493164][ T1772] loop2: detected capacity change from 0 to 1024
[  102.554922][ T1772] EXT4-fs (loop2): Ignoring removed orlov option
[  102.561578][ T1772] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option
[  102.685049][ T1776] loop0: detected capacity change from 0 to 512
[  102.736413][ T1776] EXT4-fs (loop0): Quota format mount options ignored when QUOTA feature is enabled
[  102.825178][   T30] audit: type=1400 audit(1751176652.205:483): avc:  denied  { ioctl } for  pid=1769 comm="syz.5.447" path="/dev/vhost-vsock" dev="devtmpfs" ino=264 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  102.847470][ T1776] EXT4-fs (loop0): orphan cleanup on readonly fs
[  102.896864][ T1776] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.446: bg 0: block 248: padding at end of block bitmap is not set
[  102.928172][ T1776] Quota error (device loop0): write_blk: dquota write failed
[  102.936128][ T1776] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  102.946458][ T1776] EXT4-fs error (device loop0): ext4_acquire_dquot:6195: comm syz.0.446: Failed to acquire dquot type 1
[  102.974688][ T1776] EXT4-fs (loop0): 1 truncate cleaned up
[  102.994318][ T1776] EXT4-fs (loop0): mounted filesystem without journal. Opts: bsdgroups,resgid=0x0000000000000000,noblock_validity,grpjquota=,grpjquota=,resuid=0x0000000000000000,auto_da_alloc,noload,jqfmt=vfsv1,,errors=continue. Quota mode: writeback.
[  103.104546][ T1776] netlink: 4 bytes leftover after parsing attributes in process `syz.0.446'.
[  103.142952][ T1776] bridge0: port 3(syz_tun) entered disabled state
[  103.170898][ T1776] device syz_tun left promiscuous mode
[  103.176625][ T1776] bridge0: port 3(syz_tun) entered disabled state
[  104.869707][ T1772] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  104.983116][ T1758] usb 2-1: Using ep0 maxpacket: 16
[  105.155312][ T1790] fuse: Bad value for 'fd'
[  105.303179][ T1758] usb 2-1: device descriptor read/all, error -71
[  106.287696][   T30] kauditd_printk_skb: 18 callbacks suppressed
[  106.287715][   T30] audit: type=1400 audit(1751176656.075:502): avc:  denied  { create } for  pid=1805 comm="syz.0.456" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  106.407707][   T30] audit: type=1400 audit(1751176656.195:503): avc:  denied  { setopt } for  pid=1805 comm="syz.0.456" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  106.677179][ T1813] loop0: detected capacity change from 0 to 256
[  106.891017][ T1813] FAT-fs (loop0): Directory bread(block 64) failed
[  106.907833][ T1813] FAT-fs (loop0): Directory bread(block 65) failed
[  106.916706][ T1813] FAT-fs (loop0): Directory bread(block 66) failed
[  106.929856][ T1813] FAT-fs (loop0): Directory bread(block 67) failed
[  106.942690][ T1813] FAT-fs (loop0): Directory bread(block 68) failed
[  106.955568][ T1813] FAT-fs (loop0): Directory bread(block 69) failed
[  106.967403][ T1813] FAT-fs (loop0): Directory bread(block 70) failed
[  106.979360][ T1813] FAT-fs (loop0): Directory bread(block 71) failed
[  106.986270][ T1813] FAT-fs (loop0): Directory bread(block 72) failed
[  106.992952][ T1813] FAT-fs (loop0): Directory bread(block 73) failed
[  107.003116][   T30] audit: type=1400 audit(1751176656.785:504): avc:  denied  { mount } for  pid=1811 comm="syz.0.460" name="/" dev="loop0" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[  107.086997][   T30] audit: type=1400 audit(1751176656.875:505): avc:  denied  { unmount } for  pid=282 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[  107.290805][ T1819] loop1: detected capacity change from 0 to 1024
[  107.370956][ T1819] EXT4-fs (loop1): Ignoring removed orlov option
[  107.412698][ T1819] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option
[  107.724440][ T1819] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  107.947490][ T1831] fuse: Bad value for 'fd'
[  108.278998][ T1828] loop0: detected capacity change from 0 to 2048
[  108.347268][ T1835] loop5: detected capacity change from 0 to 512
[  108.385708][ T1828] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  108.418586][ T1835] EXT4-fs (loop5): 1 orphan inode deleted
[  108.454236][ T1835] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  108.534207][ T1838] loop2: detected capacity change from 0 to 40427
[  108.540975][ T1835] ext4 filesystem being mounted at /32/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  108.631371][ T1838] F2FS-fs (loop2): invalid crc value
[  108.655902][   T30] audit: type=1400 audit(1751176658.425:506): avc:  denied  { mounton } for  pid=1853 comm="syz.3.474" path="/69/file0" dev="incremental-fs" ino=395 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  109.989016][   T30] audit: type=1400 audit(1751176658.425:507): avc:  denied  { read } for  pid=1853 comm="syz.3.474" name="file0" dev="incremental-fs" ino=396 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  110.014425][ T1870] fuse: Bad value for 'fd'
[  110.021545][ T1838] F2FS-fs (loop2): Found nat_bits in checkpoint
[  110.028753][   T30] audit: type=1400 audit(1751176658.425:508): avc:  denied  { open } for  pid=1853 comm="syz.3.474" path="/69/file0/file0" dev="incremental-fs" ino=396 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  110.107111][ T1876] loop5: detected capacity change from 0 to 2048
[  110.217610][ T1880] loop0: detected capacity change from 0 to 1024
[  110.257525][ T1880] EXT4-fs (loop0): Ignoring removed orlov option
[  110.264227][ T1880] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[  110.378264][   T30] audit: type=1400 audit(1751176658.425:509): avc:  denied  { write } for  pid=1853 comm="syz.3.474" path="/69/file0/file0" dev="incremental-fs" ino=396 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  110.457799][ T1880] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  110.791507][ T1838] F2FS-fs (loop2): Start checkpoint disabled!
[  110.833318][ T1876] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  110.854232][ T1838] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  110.966567][   T30] audit: type=1400 audit(1751176659.515:510): avc:  denied  { bind } for  pid=1851 comm="syz.0.471" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  111.027729][   T30] audit: type=1400 audit(1751176659.515:511): avc:  denied  { listen } for  pid=1851 comm="syz.0.471" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  111.042979][ T1642] attempt to access beyond end of device
[  111.042979][ T1642] loop2: rw=2049, want=45104, limit=40427
[  111.091274][ T1899] loop1: detected capacity change from 0 to 512
[  111.163341][ T1899] EXT4-fs (loop1): 1 orphan inode deleted
[  111.203225][ T1899] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  111.221720][ T1899] ext4 filesystem being mounted at /131/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  111.235786][ T1644] usb 4-1: new full-speed USB device number 7 using dummy_hcd
[  111.439404][ T1913] loop0: detected capacity change from 0 to 512
[  111.605896][ T1913] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  112.028646][ T1913] EXT4-fs (loop0): 1 truncate cleaned up
[  112.034461][ T1913] EXT4-fs (loop0): mounted filesystem without journal. Opts: nogrpid,min_batch_time=0x0000000000000004,debug_want_extra_isize=0x0000000000000068,nombcache,noinit_itable,quota,,errors=continue. Quota mode: writeback.
[  112.365815][   T30] kauditd_printk_skb: 5 callbacks suppressed
[  112.365832][   T30] audit: type=1326 audit(1751176662.155:517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1920 comm="syz.2.494" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd05165c929 code=0x0
[  112.413878][ T1644] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[  112.465706][ T1925] loop5: detected capacity change from 0 to 2048
[  112.513636][ T1925] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  112.627401][ T1644] usb 4-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f
[  112.649430][ T1644] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  113.095196][ T1644] usb 4-1: Product: syz
[  113.099544][ T1644] usb 4-1: Manufacturer: syz
[  113.105544][ T1644] usb 4-1: SerialNumber: syz
[  113.464217][ T1940] loop0: detected capacity change from 0 to 1024
[  113.585503][ T1644] usb 4-1: config 0 descriptor??
[  113.639015][ T1940] EXT4-fs (loop0): Ignoring removed orlov option
[  113.645736][ T1940] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[  113.677325][ T1644] hub 4-1:0.0: bad descriptor, ignoring hub
[  113.781763][ T1644] hub: probe of 4-1:0.0 failed with error -5
[  113.843485][ T1940] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  113.889749][ T1940] overlayfs: failed to resolve './file4': -2
[  114.117397][   T30] audit: type=1400 audit(1751176663.895:518): avc:  denied  { read } for  pid=1935 comm="syz.0.499" name="file1" dev="loop0" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1
[  114.366764][ T1644] snd-usb-audio: probe of 4-1:0.0 failed with error -2
[  114.555128][ T1644] usb 4-1: USB disconnect, device number 7
[  114.572991][   T30] audit: type=1400 audit(1751176664.355:519): avc:  denied  { setopt } for  pid=1945 comm="syz.1.503" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  114.661627][   T30] audit: type=1400 audit(1751176664.365:520): avc:  denied  { write } for  pid=1945 comm="syz.1.503" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  114.732658][ T1960] loop1: detected capacity change from 0 to 2048
[  114.803363][ T1934] loop5: detected capacity change from 0 to 40427
[  114.824196][ T1965] loop2: detected capacity change from 0 to 512
[  114.840939][ T1934] F2FS-fs (loop5): invalid crc value
[  114.862877][ T1960] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  114.864163][ T1934] F2FS-fs (loop5): Found nat_bits in checkpoint
[  114.895472][ T1965] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  114.913102][ T1965] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  114.929357][ T1934] F2FS-fs (loop5): Start checkpoint disabled!
[  114.936569][ T1965] EXT4-fs (loop2): 1 truncate cleaned up
[  114.942252][ T1965] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_nolock,max_dir_size_kb=0x00000000000001ff,data_err=abort,debug_want_extra_isize=0x0000000000000006,minixdf,max_dir_size_kb=0x0000000000000003,,errors=continue. Quota mode: none.
[  114.967221][   T30] audit: type=1326 audit(1751176664.755:521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1971 comm="syz.0.511" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5bd5f00929 code=0x0
[  114.990817][ T1934] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  114.998532][   T30] audit: type=1400 audit(1751176664.785:522): avc:  denied  { create } for  pid=1961 comm="syz.2.508" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1
[  115.139053][ T1642] attempt to access beyond end of device
[  115.139053][ T1642] loop5: rw=2049, want=45104, limit=40427
[  115.639204][ T1987] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  115.643180][ T1644] usb 3-1: new full-speed USB device number 5 using dummy_hcd
[  115.663835][ T1986] tipc: Resetting bearer <eth:syzkaller0>
[  115.677700][ T1991] loop5: detected capacity change from 0 to 512
[  115.677930][ T1986] tipc: Disabling bearer <eth:syzkaller0>
[  115.730585][ T1991] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #13: comm syz.5.517: invalid indirect mapped block 10 (level 1)
[  115.744293][ T1991] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #13: comm syz.5.517: invalid indirect mapped block 8 (level 1)
[  115.758832][   T30] audit: type=1400 audit(1751176665.545:523): avc:  denied  { name_bind } for  pid=1993 comm="syz.3.518" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1
[  115.759015][ T1991] EXT4-fs (loop5): 1 truncate cleaned up
[  115.786182][ T1991] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  115.842989][ T2000] loop0: detected capacity change from 0 to 512
[  115.984530][ T2004] bridge: RTM_NEWNEIGH with invalid ether address
[  115.995373][ T2000] EXT4-fs (loop0): 1 orphan inode deleted
[  116.003148][ T2000] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  116.143312][ T1644] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[  116.154069][ T2000] ext4 filesystem being mounted at /104/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  116.423518][ T1644] usb 3-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f
[  117.230047][ T1644] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  117.451131][ T1644] usb 3-1: Product: syz
[  117.455492][ T1644] usb 3-1: Manufacturer: syz
[  117.460110][ T1644] usb 3-1: SerialNumber: syz
[  117.465739][ T1644] usb 3-1: config 0 descriptor??
[  117.500145][ T2019] loop1: detected capacity change from 0 to 16
[  117.510393][ T1644] hub 3-1:0.0: bad descriptor, ignoring hub
[  117.529901][ T1644] hub: probe of 3-1:0.0 failed with error -5
[  117.558787][ T1644] snd-usb-audio: probe of 3-1:0.0 failed with error -2
[  117.568814][   T30] audit: type=1326 audit(1751176667.355:524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2021 comm="syz.5.529" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd3630ec929 code=0x0
[  117.621234][ T2019] erofs: (device loop1): erofs_read_inode: unsupported chunk format 7fff of nid 36
[  117.880887][ T2039] device syzkaller0 entered promiscuous mode
[  117.974126][   T30] audit: type=1400 audit(1751176667.755:525): avc:  denied  { create } for  pid=1978 comm="syz.2.512" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  118.230673][ T2038] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  118.245007][ T2037] tipc: Resetting bearer <eth:syzkaller0>
[  118.254637][ T2046] loop0: detected capacity change from 0 to 512
[  118.269906][ T2037] tipc: Disabling bearer <eth:syzkaller0>
[  118.278025][ T2046] EXT4-fs (loop0): 1 orphan inode deleted
[  118.300383][ T2046] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  118.317586][ T2046] ext4 filesystem being mounted at /108/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  118.348681][ T2053] loop1: detected capacity change from 0 to 256
[  118.366204][ T2053] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x89cb6648, utbl_chksum : 0xe619d30d)
[  118.513756][ T1180] ------------[ cut here ]------------
[  118.524232][ T1180] WARNING: CPU: 0 PID: 1180 at fs/inode.c:335 drop_nlink+0xc5/0x110
[  118.532367][ T1180] Modules linked in:
[  118.544595][ T1180] CPU: 0 PID: 1180 Comm: syz-executor Not tainted 5.15.185-syzkaller-00032-g0d918fa8e88d #0
[  118.555164][   T30] audit: type=1400 audit(1751176668.315:526): avc:  denied  { write } for  pid=2052 comm="syz.1.540" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  118.575660][ T1180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  118.586209][ T1180] RIP: 0010:drop_nlink+0xc5/0x110
[  118.591358][ T1180] Code: 1b 48 8d bb b8 04 00 00 be 08 00 00 00 e8 63 3b f2 ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 db c2 b3 ff <0f> 0b eb 86 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 5e ff ff ff 4c
[  118.646863][ T1180] RSP: 0018:ffffc90001147ca8 EFLAGS: 00010293
[  118.655256][ T1180] RAX: ffffffff81b4e505 RBX: ffff8881113a8068 RCX: ffff88811bc5cf00
[  118.664123][ T1180] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  118.672226][ T1180] RBP: ffffc90001147cd0 R08: 0000000000000004 R09: 0000000000000003
[  118.680597][ T1180] R10: fffff52000228f84 R11: 1ffff92000228f84 R12: dffffc0000000000
[  118.689224][ T1180] R13: 1ffff11022275016 R14: ffff8881113a80b0 R15: 0000000000000000
[  118.697508][ T1180] FS:  0000555556b94500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[  118.735743][ T1180] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  118.756790][ T1180] CR2: 000000110c2be998 CR3: 000000013625d000 CR4: 00000000003506b0
[  118.778399][ T1180] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  118.806582][ T1180] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  118.834808][ T1180] Call Trace:
[  118.838223][ T1180]  <TASK>
[  118.841206][ T1180]  shmem_rmdir+0x5b/0x90
[  118.853675][ T1180]  vfs_rmdir+0x313/0x460
[  118.858049][ T1180]  incfs_kill_sb+0x105/0x220
[  118.862946][ T1180]  deactivate_locked_super+0xa0/0x100
[  118.868406][ T1180]  deactivate_super+0xaf/0xe0
[  118.873187][ T1180]  cleanup_mnt+0x446/0x500
[  118.878759][ T1180]  __cleanup_mnt+0x19/0x20
[  118.883282][ T1180]  task_work_run+0x127/0x190
[  118.887950][ T1180]  exit_to_user_mode_loop+0xd0/0xe0
[  118.893265][ T1180]  exit_to_user_mode_prepare+0x5a/0xa0
[  118.898796][ T1180]  syscall_exit_to_user_mode+0x1a/0x30
[  118.904328][ T1180]  do_syscall_64+0x58/0xa0
[  118.908801][ T1180]  ? clear_bhb_loop+0x50/0xa0
[  118.918923][ T1180]  ? clear_bhb_loop+0x50/0xa0
[  118.924696][ T1180]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  118.930707][ T1180] RIP: 0033:0x7fd3630edc57
[  118.935691][ T1180] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  118.963125][ T1180] RSP: 002b:00007fff5f2d4568 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  118.973229][ T2065] overlayfs: overlapping lowerdir path
[  118.991750][ T1180] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fd3630edc57
[  119.002406][ T1180] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff5f2d4620
[  119.010981][ T1180] RBP: 00007fff5f2d4620 R08: 0000000000000000 R09: 0000000000000000
[  119.020581][ T1180] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff5f2d56b0
[  119.021384][ T2069] device bridge_slave_1 left promiscuous mode
[  119.029057][ T1180] R13: 00007fd36316e925 R14: 000000000001cee2 R15: 00007fff5f2d56f0
[  119.043379][ T2069] bridge0: port 2(bridge_slave_1) entered disabled state
[  119.050074][ T1180]  </TASK>
[  119.053951][ T1180] ---[ end trace 04e15482cadb2422 ]---
[  119.059580][ T1180] ==================================================================
[  119.067668][ T1180] BUG: KASAN: null-ptr-deref in ihold+0x20/0x60
[  119.073936][ T1180] Write of size 4 at addr 0000000000000170 by task syz-executor/1180
[  119.082021][ T1180] 
[  119.084374][ T1180] CPU: 0 PID: 1180 Comm: syz-executor Tainted: G        W         5.15.185-syzkaller-00032-g0d918fa8e88d #0
[  119.095844][ T1180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  119.105933][ T1180] Call Trace:
[  119.109231][ T1180]  <TASK>
[  119.112190][ T1180]  __dump_stack+0x21/0x30
[  119.116542][ T1180]  dump_stack_lvl+0xee/0x150
[  119.121327][ T1180]  ? show_regs_print_info+0x20/0x20
[  119.126537][ T1180]  ? _raw_spin_lock+0x8e/0xe0
[  119.131234][ T1180]  ? _raw_spin_trylock_bh+0x130/0x130
[  119.136625][ T1180]  ? ihold+0x20/0x60
[  119.140540][ T1180]  kasan_report+0xe7/0x140
[  119.144972][ T1180]  ? ihold+0x20/0x60
[  119.148885][ T1180]  kasan_check_range+0x280/0x290
[  119.153850][ T1180]  __kasan_check_write+0x14/0x20
[  119.158813][ T1180]  ihold+0x20/0x60
[  119.162550][ T1180]  vfs_rmdir+0x1f0/0x460
[  119.166809][ T1180]  incfs_kill_sb+0x105/0x220
[  119.171421][ T1180]  deactivate_locked_super+0xa0/0x100
[  119.176901][ T1180]  deactivate_super+0xaf/0xe0
[  119.181594][ T1180]  cleanup_mnt+0x446/0x500
[  119.186030][ T1180]  __cleanup_mnt+0x19/0x20
[  119.190466][ T1180]  task_work_run+0x127/0x190
[  119.195072][ T1180]  exit_to_user_mode_loop+0xd0/0xe0
[  119.200288][ T1180]  exit_to_user_mode_prepare+0x5a/0xa0
[  119.205763][ T1180]  syscall_exit_to_user_mode+0x1a/0x30
[  119.211248][ T1180]  do_syscall_64+0x58/0xa0
[  119.215677][ T1180]  ? clear_bhb_loop+0x50/0xa0
[  119.220382][ T1180]  ? clear_bhb_loop+0x50/0xa0
[  119.225088][ T1180]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  119.230996][ T1180] RIP: 0033:0x7fd3630edc57
[  119.235432][ T1180] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  119.255063][ T1180] RSP: 002b:00007fff5f2d4568 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  119.263612][ T1180] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fd3630edc57
[  119.271612][ T1180] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff5f2d4620
[  119.279602][ T1180] RBP: 00007fff5f2d4620 R08: 0000000000000000 R09: 0000000000000000
[  119.287590][ T1180] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff5f2d56b0
[  119.295574][ T1180] R13: 00007fd36316e925 R14: 000000000001cee2 R15: 00007fff5f2d56f0
[  119.303568][ T1180]  </TASK>
[  119.306597][ T1180] ==================================================================
[  119.314665][ T1180] Disabling lock debugging due to kernel taint
[  119.328751][ T1180] BUG: kernel NULL pointer dereference, address: 0000000000000170
[  119.336600][ T1180] #PF: supervisor write access in kernel mode
[  119.342686][ T1180] #PF: error_code(0x0002) - not-present page
[  119.348695][ T1180] PGD 11fa43067 P4D 11fa43067 PUD 0 
[  119.354014][ T1180] Oops: 0002 [#1] PREEMPT SMP KASAN
[  119.359235][ T1180] CPU: 1 PID: 1180 Comm: syz-executor Tainted: G    B   W         5.15.185-syzkaller-00032-g0d918fa8e88d #0
[  119.370717][ T1180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  119.380798][ T1180] RIP: 0010:ihold+0x26/0x60
[  119.385338][ T1180] Code: 00 00 00 00 55 48 89 e5 41 56 53 48 89 fb e8 f1 ba b3 ff 48 8d bb 70 01 00 00 be 04 00 00 00 e8 50 33 f2 ff 41 be 01 00 00 00 <f0> 44 0f c1 b3 70 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 71
[  119.404971][ T1180] RSP: 0018:ffffc90001147ce8 EFLAGS: 00010246
[  119.411067][ T1180] RAX: ffff88811bc5cf00 RBX: 0000000000000000 RCX: ffff88811bc5cf00
[  119.419063][ T1180] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 00000000ffffffff
[  119.427050][ T1180] RBP: ffffc90001147cf8 R08: 0000000000000004 R09: 0000000000000003
[  119.435044][ T1180] R10: fffffbfff0e17a4c R11: 1ffffffff0e17a4c R12: 1ffff1102230c428
[  119.443043][ T1180] R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000000000
[  119.451032][ T1180] FS:  0000555556b94500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[  119.459991][ T1180] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  119.466602][ T1180] CR2: 0000000000000170 CR3: 000000013625d000 CR4: 00000000003506a0
[  119.474611][ T1180] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  119.482614][ T1180] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  119.490610][ T1180] Call Trace:
[  119.493909][ T1180]  <TASK>
[  119.496847][ T1180]  vfs_rmdir+0x1f0/0x460
[  119.501101][ T1180]  incfs_kill_sb+0x105/0x220
[  119.505703][ T1180]  deactivate_locked_super+0xa0/0x100
[  119.511099][ T1180]  deactivate_super+0xaf/0xe0
[  119.515796][ T1180]  cleanup_mnt+0x446/0x500
[  119.520228][ T1180]  __cleanup_mnt+0x19/0x20
[  119.524669][ T1180]  task_work_run+0x127/0x190
[  119.529259][ T1180]  exit_to_user_mode_loop+0xd0/0xe0
[  119.534454][ T1180]  exit_to_user_mode_prepare+0x5a/0xa0
[  119.539909][ T1180]  syscall_exit_to_user_mode+0x1a/0x30
[  119.545367][ T1180]  do_syscall_64+0x58/0xa0
[  119.549777][ T1180]  ? clear_bhb_loop+0x50/0xa0
[  119.554446][ T1180]  ? clear_bhb_loop+0x50/0xa0
[  119.559117][ T1180]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  119.565005][ T1180] RIP: 0033:0x7fd3630edc57
[  119.569417][ T1180] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  119.589020][ T1180] RSP: 002b:00007fff5f2d4568 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  119.597430][ T1180] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fd3630edc57
[  119.605402][ T1180] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff5f2d4620
[  119.613364][ T1180] RBP: 00007fff5f2d4620 R08: 0000000000000000 R09: 0000000000000000
[  119.621328][ T1180] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff5f2d56b0
[  119.629298][ T1180] R13: 00007fd36316e925 R14: 000000000001cee2 R15: 00007fff5f2d56f0
[  119.637268][ T1180]  </TASK>
[  119.640280][ T1180] Modules linked in:
[  119.644178][ T1180] CR2: 0000000000000170
[  119.648330][ T1180] ---[ end trace 04e15482cadb2423 ]---
[  119.653788][ T1180] RIP: 0010:ihold+0x26/0x60
[  119.658290][ T1180] Code: 00 00 00 00 55 48 89 e5 41 56 53 48 89 fb e8 f1 ba b3 ff 48 8d bb 70 01 00 00 be 04 00 00 00 e8 50 33 f2 ff 41 be 01 00 00 00 <f0> 44 0f c1 b3 70 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 71
[  119.677892][ T1180] RSP: 0018:ffffc90001147ce8 EFLAGS: 00010246
[  119.683956][ T1180] RAX: ffff88811bc5cf00 RBX: 0000000000000000 RCX: ffff88811bc5cf00
[  119.691924][ T1180] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 00000000ffffffff
[  119.699894][ T1180] RBP: ffffc90001147cf8 R08: 0000000000000004 R09: 0000000000000003
[  119.707864][ T1180] R10: fffffbfff0e17a4c R11: 1ffffffff0e17a4c R12: 1ffff1102230c428
[  119.715831][ T1180] R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000000000
[  119.723799][ T1180] FS:  0000555556b94500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[  119.732741][ T1180] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  119.739320][ T1180] CR2: 0000000000000170 CR3: 000000013625d000 CR4: 00000000003506a0
[  119.747290][ T1180] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  119.755253][ T1180] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  119.763220][ T1180] Kernel panic - not syncing: Fatal exception
[  119.769595][ T1180] Kernel Offset: disabled
[  119.773924][ T1180] Rebooting in 86400 seconds..