last executing test programs:

4m44.781169594s ago: executing program 3 (id=6):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000000), r1)
sendmsg$TIPC_CMD_SHOW_LINK_STATS(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0180000000000000000001000000000000000b00000000030014"], 0x28}}, 0x40000)

4m44.716519155s ago: executing program 3 (id=9):
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x33, 0x0, 0x0)
socket$packet(0x11, 0x2, 0x300)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x4, 0x0, 0x7ffc0005}]})
r1 = gettid()
r2 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0x100, 0x0)
read$ptp(r2, 0x0, 0x0)
timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=<r3=>0x0)
timer_settime(r3, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

4m43.822866569s ago: executing program 3 (id=17):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000ffffffff850000000e00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000003c0)=0x2)
readv(r1, &(0x7f00000008c0)=[{&(0x7f00000002c0)=""/156, 0x9c}], 0x1)
ioctl$TIOCVHANGUP(r1, 0x5437, 0x2)

4m43.708551981s ago: executing program 3 (id=20):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000e40)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000040000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000010000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
timer_delete(0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f0000000080), 0x64, 0x50a, &(0x7f0000000200)="$eJzs3UFvG1kdAPD/OHZp2nSTBQ6wEsvCLkorqJ1s2DbiUIqE4FQJKPcSEieK4sRR7LRNVEEqPgASQoDECS5ckPgASKgSF44IqRKcQYBACFo4cIDOyvY4TVM7cVs3TuPfT5rMmzfz/H/P0YznzTzNBDC03oqIqxHxKE3TCxExnuXnsil2WlNju4cP7sw3piTS9Po/k0iyvPZnJdn8bFbsdER87csR30yejlvb2l6Zq1TKG9lyqb66XqptbV9cXp1bKi+V12Zmpi/NXp59b3aqL+08FxFXvvjXH3z3Z1+68qvP3PrTjb+f/1ajWmPZ+r3teEb5g1a2ml5ofhd7C2w8Z7DjKN9sYWa00xYjT+Xcfcl1AgCgs8Y5/gcj4pMRcSHGY+Tg01kAAADgFZR+fiz+l0SknZ3qkg8AAAC8QnLNMbBJrpiNBRiLXK5YbI3h/XCcyVWqtfqnF6ubawutsbITUcgtLlfKU9lY4YkoJI3l6Wb68fK7+5ZnIuL1iPj++GhzuThfrSwM+uIHAAAADImz+/r//xlv9f8BAACAE2Zi0BUAAAAAXjr9fwAAADj59P8BAADgRPvKtWuNKW2//3rh5tbmSvXmxYVybaW4ujlfnK9urBeXqtWl5jP7Vg/7vEq1uv7ZWNu8XaqXa/VSbWv7xmp1c61+Y/mJV2ADAAAAR+j1j9/7QxIRO58bbU4Np3or2uNmwHGV300l2bzDbv3H11rzvxxRpYAjMTLoCgADkx90BYCBKQy6AsDAJYes7zp457fZ/BP9rQ8AANB/kx/tfv8/d2DJnYNXA8eenRiGl/v/MLya9/97HcnrZAFOlIIzABh6L3z//1Bp+kwVAgAA+m6sOSW5YnZ5byxyuWIx4lzztQCFZHG5Up6KiNci4vfjhQ80lqebJZND+wwAAAAAAAAAAAAAAAAAAAAAAAAAQEuaJpECAAAAJ1pE7m/Jr1vP8p8cf2ds//WBU8l/xyN7ReitH1//4e25en1jupH/r938+o+y/HcHcQUDAAAAhsIzvcC/3U9v9+MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoJ8ePrgz356OMu4/vhARE53i5+N0c346ChFx5t9J5PeUy0XESB/ijzb+fKRT/KRRrd2Q++Mn7bIvaOfugfFjIvsWOsU/24f4MMzuNY4/Vzvtf7l4qznvvP/lI55Yfl7dj3+xe/wb6bL/n+sxxhv3f1HqGv9uxBv5zsefdvykS/y3e4z/ja9vb3dbl/4kYrLj70/yRKxSfXW9VNvavri8OrdUXiqvzcxMX5q9PPve7FRpcblSzv52jPG9j/3y0UHtP9Ml/sQh7X+nx/b///7tBx9qJQud4p9/u0P83/w02+Lp+O3fvk9l6cb6yXZ6p5Xe682f/+7Ng9q/0KX9h/3/z/fY/gtf/c6fe9wUADgCta3tlblKpbxxYhONXvoxqIbEMUx8u68fmKZp2tinXuBzkjgOX0szMegjEwAA0G+PT/oHXRMAAAAAAAAAAAAAAAAAAAAYXkfxOLH9MXd2U0k/HqENAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANAX7wcAAP//ZWfZVg==")
r0 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
r1 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
write$binfmt_register(r1, &(0x7f00000000c0)={0x3a, 'syz3', 0x3a, 'M', 0x3a, 0x9, 0x3a, '+\'', 0x3a, '', 0x3a, './file2', 0x3a, [0x46]}, 0x2a)
bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000000c00)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298700000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bff57002c1097f92e91002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff7a1ef3282830689da6b53b263339863297771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d4173731efe895ff2e1c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8096d5742db41bd61080dcbe40e0f802fc12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8e3070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1531497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750890ae71555b3228b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db39de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b0bc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d25f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c0000000000000000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f5054b078acd74b4a9c944e4505da485a3a4154387a0a88370d9ed9467b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7f661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428716a4218821176d8067997527230fa67d26950d3e4f2750fa7c872874ad3a2d11f9f6eb08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a8d5bb7f5f1028453a0562a3ea93117076dd4940b7df50d78289fe66197525f6095f8662d232970bef61b03fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9f74257c7c4a23ac4a34eec5aa17e78c5167216f5e72138d20f8325dd5f8f96c32189c904eaef580987f1ce601a7cdc35461db9981ac42f9e24b0699bbe4e3d986e38952b0b7938eefd9e7a292bbb66367ad77045fdc18855c81c031dedd185c723238373fc698d676791d04f1ff5f0825a6619e844882f31ed190233d58ecee949e310bf2b1a51b8a33ae65a06d2b6ad386bf8dc49dd328bcd75d1843a13d68560175a18af7efc3c0f20e32f84f6aaaf000000000000000000000013a6c66bce74a8fb9092023df695da2714a7933d699d42de2bc4a85e0a0e22228290a7a7553ab93a16e42453ed86869a02df2f47d4088fac1772d3cd955c81cbf91c2ca7942942f61723b558079b82547844f92df2499c4b2c2ef2539e5daa8d8727baaa6b5755e6f83bbfca000000000000000000002558e0a2db3b207ef44560820814729717ba952825b2f09f115f7248b295f790ef8fce7af7ed792ca25c03ae3ed6473c093be648d5476b3a15f2eb2badaef4a7b58b6f5fc01e9083b900d635fadbd1c867280682eb2093a614dc2b3d5da9f14d3b1d24822d09"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0)

4m42.945415232s ago: executing program 3 (id=29):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001300)=@newtaction={0x88c, 0x30, 0xffff, 0x3, 0x0, {}, [{0x878, 0x1, [@m_police={0x874, 0x1, 0x0, 0x0, {{0xb}, {0x848, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x1, 0x4, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xfffffffc, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x2, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x7fff, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x2, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x7, 0x0, 0x0, 0xfffffffe, {0x4, 0x0, 0x0, 0x0, 0xb, 0x3}, {0x4, 0x2, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x3, 0x2}}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1000000, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x6, 0x2, 0x4, 0x0, 0x0, 0x0, 0x1, 0x25d, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x2, 0x25d, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x80000, 0x0, 0x0, 0x0, 0xf9, 0x0, 0x7, 0x8000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xffffff81, 0x0, 0x0, 0xffffff7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0xfffffff9, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2, 0x8]}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa, {0x2}}}}]}]}, 0x88c}}, 0x0)

4m42.812705424s ago: executing program 3 (id=32):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)

4m42.800742475s ago: executing program 32 (id=32):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)

14.094996566s ago: executing program 0 (id=3078):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fdff00000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0xe, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001b40)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="a1ab00000000000000"], 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)

14.087223486s ago: executing program 0 (id=3079):
openat$selinux_validatetrans(0xffffffffffffff9c, 0x0, 0x1, 0x0)
pipe2$9p(0x0, 0x80000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x400)

12.536549849s ago: executing program 0 (id=3086):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
write$UHID_CREATE(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000940)=ANY=[@ANYBLOB="b4050000200080066110000000000000c6000000000000009500d800000000009f33ef60916e55893f1eeb0b2ae13d922e6235592ce847e2566c43d72918a897323fd0723043c47c896ce0bce66a245ad9d6817fd98cd824498949714ffaac8a6f77ef0000ca5d82054d54d53cd2b6db714e75d9bdae214fa68a0557eb2c5ca683a4b6fcfcff0bffffffffffd47042eaebfa6fa26fa7a347c7faa8e700458c60897d4a6148a1c11428427c40de60beacf871ab5c2ff88a02084e5b5271e45f00003826fb8579c1fb01d2c5553d2ccb5fc5b51fe6b174ebd9907dcff414ed55b0c20cdbe7009a6fe7cc78762f1d4dcdbca64920db9a50f86c21632f7a4bd344e0bd74ff05d37ef68e3b9db863c758ffffffffabe90ac5d08dd9d4e0359c41cf3626e1230bc1cd4c02c460ceb44276e9bd94d1c2e6d17dc5c2edf332a62f5fe68fbbbbfcfd00000000000fbf940e6652d357474ed5f816f66ac3027460ae66317f83cdd7a7eb2a7003d1a6cf5478533584961c329fcf5a43e05c92bfef0dcd28000000003f2915a3039c9a78f63b8ec7e60a0000fed7d67c440e23d130e51eea1e085bebabe7059de9cbfc5117c024185a062acb6b8eec31c21b3af8b9eedb4660ed2deb7acf2a33a376a5cb7d4266d5b0be14488d14b473502486ad8dd600000000000000000000c7766ea7c581782c0d90f42a85303835fc291c25d29e6bead5d7360f2e1929d7736ebc8558c4506407d3046022bdf25485bd5442169e9b4c1278343581b7a06f65e8ea6b042c4fd08381e5000000000000006398d6480000001a723b91030000006480304c66b217aea0156ce9eef911fe5b7370f79987303ecb3aabc53c60014a0101ab766754f596b41da9534d12b8306a1b36cf3b03f0d790879f523eabfbee83d8bd472ef69660cf6ec897106c51e54a17497f384c4956b41f3843e7c878b1e11316d8ddae1c6c3b85aaf7a9fcaf8f5d6186c42542d68ba72682c938d3c0a2e6e10eed71b1d31c9f300b41745329bf34495c63e43fb896e4903fb0fae54a8f0fe3b48a5b29d279070647e65097c8ecf32a15080000000000000001007ba4a70a084bd994ac5e00000000000000000000000000351a30cd97f83d72631d0fe92efa974a53f4dc1eb9a86df632a6d463688123f64d42a919bcfc44a90ffd680200000091f842a91c977f6075d07e39e669b0713af0498a99bf5261cb3269d499a5202d7a08b33ade7b38829b9bd39619688d5e"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0x12, 0x4, 0x4, 0x12}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r1, r0, 0x5}, 0x10)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000000c0)=ANY=[@ANYRES32=r1, @ANYRES32=r0, @ANYBLOB="090000000afe96c600000000", @ANYRES32, @ANYBLOB, @ANYRES64=0x0], 0x10)
syz_mount_image$ext4(&(0x7f0000000540)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x88, &(0x7f00000005c0)={[{@nogrpid}, {@min_batch_time={'min_batch_time', 0x3d, 0x1}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@nobarrier}, {@nodiscard}, {@quota}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.idle_time\x00', 0x275a, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r2, 0x8004587d, &(0x7f0000000080))
fremovexattr(r2, &(0x7f0000000000)=@known='trusted.overlay.impure\x00')
socket$nl_route(0x10, 0x3, 0x0)
openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0)

12.50789821s ago: executing program 0 (id=3087):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000008500000070000000850000005000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r0}, 0x10)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
utime(&(0x7f0000000200)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
fstat(r1, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000700)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r5}, 0x0, &(0x7f0000000340)=r6}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
r7 = socket$packet(0x11, 0x3, 0x300)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r8, 0x6, 0xa, &(0x7f0000000000)=0x1, 0x4)
sendto$inet6(r8, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c)
setsockopt$packet_rx_ring(r7, 0x107, 0x5, &(0x7f0000003180)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x801, 0xf84, 0x3}, 0x1c)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x2b, [0x8000, 0xc95a, 0xffffdff3, 0x1, 0x80, 0x6, 0x3, 0x7f, 0x6, 0x4d, 0x39cc191a, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x800, 0x5, 0x4, 0x7, 0x4, 0x3c5b, 0x1, 0x24, 0x9, 0x1, 0x1f461e2c, 0x2, 0xe661, 0x4, 0x7, 0x3, 0x7fff, 0x4c74, 0x80000000, 0x242, 0xc, 0xe, 0x0, 0x71, 0x7, 0x7, 0x3, 0x2, 0x8005, 0x3f, 0x8f, 0x6, 0x6, 0x0, 0x5, 0x4, 0x3, 0x0, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0xffff, 0x12f, 0x8000, 0x10, 0xfffffff3, 0x129432e6, 0xcb, 0xf9, 0xd, 0x2bf, 0x6c9, 0x9, 0xfffffffc, 0x3, 0x0, 0x7, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x9, 0x3, 0x3, 0x8000, 0x9, 0x400, 0x401, 0x6, 0x1, 0x8, 0x5, 0x10005, 0x5f31, 0x4, 0x0, 0x2, 0x2, 0x9, 0x4, 0x9, 0x8, 0x9, 0x6, 0x7, 0x28, 0x1, 0xfe000000, 0xffff, 0x2, 0x7, 0x9, 0x3ff, 0x3, 0x9, 0x1, 0x7, 0x3, 0x9, 0x48c93690, 0x12000000, 0x2], [0x100007, 0x4, 0x7, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0x2, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x8, 0x8, 0x86, 0x10000003, 0x1000, 0x3e7, 0x9, 0x5, 0x2, 0x2, 0x5, 0x8, 0x4, 0x6d01, 0x5, 0x38, 0x800003, 0x200, 0x80, 0x83, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0x53cf697b, 0x5, 0x6, 0x2ac8, 0xbf, 0x2, 0x3, 0x7ff, 0xfffffff9, 0x0, 0x1, 0xffff, 0x0, 0x4, 0x1c, 0x120000, 0x3, 0x6, 0xaaed, 0x4, 0x25], [0x9, 0x6, 0x3, 0xb, 0x5, 0x934, 0x6, 0x6, 0x0, 0xbdfe, 0xce7, 0x1ff, 0xfffffffe, 0x7, 0x5, 0x3, 0x101, 0x10000, 0x6, 0x8003, 0xffff, 0x81, 0xff, 0x5, 0x1, 0xfffffffe, 0x14c, 0x60a7, 0xa71d, 0x6, 0xffffffff, 0x80000000, 0x5, 0x8, 0xc8, 0xee1, 0xfffff000, 0xffff, 0x3, 0x7f, 0x3ff, 0x9602, 0x7, 0x2, 0x7, 0x6, 0x1, 0x10080, 0x5, 0x8, 0x30b1d693, 0xa23, 0xc, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0x2, 0x1, 0x200, 0xffff3441, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)

11.17950159s ago: executing program 0 (id=3090):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x3b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0a00000004000000040000000a"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x0, 0x200000000000038a, &(0x7f0000000480)=ANY=[], 0x0}, 0x94)
madvise(&(0x7f0000927000/0x3000)=nil, 0x3000, 0x15)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
socket$inet6(0xa, 0x2, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
mkdir(0x0, 0x0)
r7 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r7, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x70, 0x4)
bind$inet(r7, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r7, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000640)=[{0x6, 0x0, 0x0, 0xea}]}, 0x10)
sendto$inet(r7, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @empty}, 0x10)
sendto$inet(r7, &(0x7f0000000700)="09268a60fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88ff4f90b1a7511bf746bec66ba1fe92e8615fc3f7af9c3310b39cc2dc3616dcdfaebc65ca325fd99357ed9d11b266a7c88722db6e38df1089394f438cb9fbc08e62754c233cced4a4d4d05a3e5029a01298d3ee87d8a0803a2d26906f42f5b5aaf47d2752a8b23954f309cae13ef250cf76775ddfd153eef2b1a8458a3cb6dc764f19b41c8c61c7305a51a4bfa0c897c7c1f438a851222a5560c0e77b0b5934296bc6f28af87d651f7348a2ba2ca67f930cc655afe0220cbeb79a2a87bba6be2de3e756e674c405bcc51843b4cc75ff7ec38a34d1a2a61f0a1223e69484b5d922b5590758c33317df18c401ff910f9b3f0eaef8b9d928392097a025b0459", 0xfe6a, 0x40040, 0x0, 0xfffffffffffffe93)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)

10.297500983s ago: executing program 0 (id=3093):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7020000140000e5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000400)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
open(&(0x7f0000000100)='./file0\x00', 0x60840, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70200001400000bb7030000000000008500000083000000bf090000000000005509010000"], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000700)='kfree\x00', r2}, 0x18)
r3 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
read(r3, &(0x7f0000000b40)=""/4096, 0x1000)
write$UHID_CREATE(r3, &(0x7f0000000a00)={0x0, {'syz0\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000940)=""/1, 0x1, 0x3, 0x0, 0x0, 0x0, 0xc08}}, 0x120)
process_vm_writev(0x0, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80), 0x0, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.stat\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000040), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r4, 0x0)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r5, 0x400455c8, 0x0)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r6, 0x800448f0, &(0x7f0000000080))
fdatasync(r4)
ftruncate(r4, 0x81ff)

3.844198481s ago: executing program 1 (id=3107):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000140)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0x5}, 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000000010000081100000900000001"], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000000), &(0x7f00000001c0), 0xb, r3}, 0x38)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000300)={0x0, &(0x7f0000001f00)=""/4096, &(0x7f0000000780), &(0x7f0000000b40), 0x4, r3}, 0x38)

3.481328297s ago: executing program 5 (id=3108):
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80)
r1 = bpf$ITER_CREATE(0xb, &(0x7f00000004c0)={r0}, 0x8)
close(r1)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_rx_ring(r3, 0x107, 0x5, &(0x7f00000000c0)=@req={0x8000, 0xb4f, 0x300, 0x1daf6}, 0x10)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffd59}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d)
close(0x3)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r2}, 0x10)
bpf$LINK_DETACH(0x22, 0x0, 0x0)
syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={r1, 0x0, 0x0}, 0x10)

3.217248861s ago: executing program 4 (id=3111):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0, 0xffffffffffffffff, 0x0, 0x1ffffffffffffffd}, 0x18)
socket$xdp(0x2c, 0x3, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000540)=ANY=[], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
sendmsg$ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f00000007c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16, @ANYBLOB="0100030010651fbe347b2c2b00000c00018008000100", @ANYRES16], 0x20}}, 0x0)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1800403, &(0x7f0000000940), 0x2, 0x5ad, &(0x7f0000000180)="$eJzs3c1vVFUbAPDnzkwLpe9rKzEqLkyjIZAoLS1g8GMBe0LwY+fGSgtBho/QGi2aWBLcmBg3LkhcuRD/CyW6dWXiwoUbV4akGsNGY3TMnbkzDO1MOy0dbu39/ZLbOeeeOz3nQp85Z+49ZyaAwhpLf5Qi9kTE5SRipK2sElnhWOO4O7+/fzrdkqjVXv0tiSTb1zw+yR6Hsyf/PRLx/TdJ7C6vrHdu4er56Wp19kqWn5i/cHlibuHqgXMXps/Onp29OPXc1NEjh48cnTx4X+dXakufuP7WOyMfnXz9i8/+Sia//OlkEsfi1zONsvbz2CxjMRZ/1GofLN+f/rse3ezKclJu/Z3clSzfwZZVyWJkMCIei5Eot/1vjsSHL+faOKCvaklEDSioRPxDQTXHAc339r29Dy71eVQCPAhLx9OfAx3iv9K4NhijMRARe5c9r8MlvQ1J6/ju25PX0y36dB0O6Gzx2o4stTz+k3psjsbOem7XndI913nTEcCp7DHd/8oG6x9blhf/8OAsXouIxzuN/9eO/zfa4v/NDdYv/gEAAAAAAGDz3DoeEc92uv9Xyu7N7Yyn6vf/ksb9vx/urhA8tgn1r33/r3R7E6oBOlg6HvFSx/m/rTm+o+Us9//GbMDkzLnq7MGIeCgi9sfAjjQ/uUodBz7efaNbWfv8v3RL62/OBczacbuy497nzEzPT9/POQMNS9cinqh0n/+T9v9Je/+fSV8PLvdYx+69N091K1s7/oF+qX0esa9j/5+0jklW/3yOifp4YKI5Kljpyfc++apb/eIf8pP2/7tWj//RpP3zeubW9/sHI+LQQqXWrXyj4//B5LVy8/en3p2en78yGTGYnFi5f2p9bYbtqhkPzXhJ43//06tf/2uN/9vicCgiFnus89F/hn/uVqb/h/yk8T+zrv5//Ympm6Nfd6u/t/7/cL1P35/tcf0PVtdrgObdTgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4LypFxP8iKY230qXS+HjEcEQ8ErtK1Utz88+cufT2xZm0rP79/6XmN/2ONPJJ8/v/R9vyU8vyhyLi4Yj4tDxUz4+fvlSdyfvkAQAAAAAAAAAAAAAAAAAAYIsY7rL+P/VLOe/WAX1XyR7FOxRPJe8GALkR/1Bc4h+KS/xDcYl/KK4Nxr/bBbAN6P+hqAZ6O2xnv9sB5EH/DwAAAAAA28qtF5+/kUTE4gtD9S01mJW1bgwO5dU6oJ9KeTcAyI05vFBcpv5AcfU4+RfYxpJW6s9ap/Lus/+T/jQIAAAAAAAAAAAAAFhh355bP665/h/Ylqz/h+Ky/h+Ky/p/KC7v8YG1VvFb/w8AAAAAAAAAAAAA+ZtbuHp+ulqdvSIhsdUSAxGxBZqRQ2Iw//DM+YUJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo+TcAAP//Swsk/Q==")

3.185175931s ago: executing program 4 (id=3112):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_opts(r0, 0x0, 0x4, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
creat(0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$binfmt_aout(r1, &(0x7f0000000340)=ANY=[], 0xff2e)
r2 = gettid()
timer_create(0x1, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$TCXONC(r1, 0x540a, 0x3)

3.072388493s ago: executing program 5 (id=3113):
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0600000004000000ff0f"], 0x50)
userfaultfd(0x1)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = syz_io_uring_setup(0x4f0e, &(0x7f0000000480)={0x0, 0x0, 0x1}, &(0x7f0000000080)=<r3=>0x0, &(0x7f0000000040))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400", @ANYRES32=r4, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="05000000040000000800000008"], 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000000)='scmi_rx_done\x00', r6, 0x0, 0xffffffffffffffff}, 0x18)
rt_tgsigqueueinfo(0x0, 0x0, 0x1a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00'}, 0x18)
io_uring_enter(r2, 0x62dd, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r1}, 0x10)
pselect6(0x40, &(0x7f00000001c0)={0x2, 0x0, 0x3, 0xfffffffffffffffd, 0x3, 0x0, 0x0, 0xe}, 0x0, &(0x7f0000000300)={0x3ff, 0x7e7, 0x0, 0x9, 0x4, 0x0, 0x7fffffff, 0x3f8}, 0x0, 0x0)

2.964463245s ago: executing program 1 (id=3114):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x3b, 0xffffffffffffffff, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0a00000004000000040000000a"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x0, 0x200000000000038a, &(0x7f0000000480)=ANY=[], 0x0}, 0x94)
madvise(&(0x7f0000927000/0x3000)=nil, 0x3000, 0x15)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r7, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x70, 0x4)
bind$inet(r7, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r7, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000640)=[{0x6, 0x0, 0x0, 0xea}]}, 0x10)
sendto$inet(r7, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @empty}, 0x10)
sendto$inet(r7, &(0x7f0000000700)="09268a60fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88ff4f90b1a7511bf746bec66ba1fe92e8615fc3f7af9c3310b39cc2dc3616dcdfaebc65ca325fd99357ed9d11b266a7c88722db6e38df1089394f438cb9fbc08e62754c233cced4a4d4d05a3e5029a01298d3ee87d8a0803a2d26906f42f5b5aaf47d2752a8b23954f309cae13ef250cf76775ddfd153eef2b1a8458a3cb6dc764f19b41c8c61c7305a51a4bfa0c897c7c1f438a851222a5560c0e77b0b5934296bc6f28af87d651f7348a2ba2ca67f930cc655afe0220cbeb79a2a87bba6be2de3e756e674c405bcc51843b4cc75ff7ec38a34d1a2a61f0a1223e69484b5d922b5590758c33317df18c401ff910f9b3f0eaef8b9d928392097a025b0459", 0xfe6a, 0x40040, 0x0, 0xfffffffffffffe93)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)

2.877387066s ago: executing program 5 (id=3115):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000400000000dfffff1918120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r5}, 0x10)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x4, &(0x7f0000000340)={[{@max_batch_time={'max_batch_time', 0x3d, 0x6}}, {@i_version}, {@max_batch_time}]}, 0x6, 0x5fd, &(0x7f0000000c00)="$eJzs3c9rHFUcAPDvzCYxaaNpRcQWxYCHFqRpUotVL7b1YA8FC/Yg4qGhSWro9gdNCrYWTMGDgoKIV5Fe/Ae8S+/eRFBvnoUqUlFQ6crszrabZDfdttmdNPP5wGTnvZnd9747eZn3dvJ2Aiit8exHGrEj4taJJGKsZdtoNDaO5/vd/OPKyWxJolZ78/ckkjyvuX+SP27NE8MR8f3hiMcrq8tduHT59HS11vBBxN7FM+f3Lly6vGf+zPSp2VOzZ6f2vbT/wOTLU/un1iXOrfnjkaNvPP3ph+++OPdDdU8SB+P44PszsSKO9TIe43ErD7E1fyAiDmQrbd6Xh80mCKHUKvnv42BEPBljUamnGsZi/pNCKwf0VK0SUQNKKtH+oaSa/YDm2L67cfDxHvdK+ufGocYAaHX8A43PRmK4PjbacjNpGRk1PtvYtg7lZ2X8d2Xnl9kSyz6H+Pv20RlYh3I6WboaEU+1iz+p121bPdIs/nTZWD+JiMmIGMrr99oD1CFpWe/F5zBruZf4W49DGhEH88cs//B9lj++It3v+AEop+uH8hP5Upa6c/7L+h7N/k+06f+Mtjl33Y+iz3+d+3/N8/1wvd+TruiHZX2WY+1fcnBlxi8fH/m8U/mt/b9sycpv9gX74cbViJ0r4v8oCzbv/2TxJ22Of7bLiYPdlfH6j78d6bSt6Phr1yJ2tR3/3OmVZmtrXJ/cOzdfnZ1s/GxbxrffvfN1p/KLjj87/ls6xN9y/NOVz8vek/NdlvHNsWtnOm0bvWv86a9DSWO8OZTnvDe9uHhhKmIoOZrv0pK/b+26NPdpvkYW/+7n2rf/Zb//V5e/zkjzT2YXzr91+manbfdz/FsuJt+qdVmHTrL4Z+5+/Fe1/yzvsy7L+Ovti8902rZW/CMPEhgAAAAAAACUUFq/BpukE7fX03RiojFf9onYklbPLSw+P3fu4tmZiN31/4ccTJtXusca6SRLT+X/D9tM71uRfiEitkfEF5WRenri5LnqTNHBAwAAAAAAAAAAAAAAAAAAwAaxNZ//37xP9Z+Vxvx/oCR6eYM5YGPT/qG86u1/1S2egDJw/ofy0v6hvLR/KC/tH8pL+4fy0v6hvLR/KC/tHwAAAAA2pe3PXv85iYilV0bqS2Yo32ZGEGxug0VXAChMpegKAIW5felfZx9Kp6v+/z/5lwP2vjpAAZJ2mfXOQW3txn+97TMBAAAAAAAAAAAAgB7YtaPz/H9zg2FzM+0PyusB5v/76gB4yPnqfygvY3zgbrP4hzttMP8fAAAAAAAAAAAAAPpmtL4k6UQ+F3g00nRiIuLRiNgWg8ncfHV2MiIei4ifKoOPZOmpoisNAAAAAAAAAAAAAAAAAAAAm8zCpcunp6vV2QutK/+uytncK827oPahrFfjHp8VSf/flpGIKPyg9GxloCUniVjKjvyGqNiFhdgY1aivFPyHCQAAAAAAAAAAAAAAAAAASqhl7nF7O7/qc40AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoP/u3P+/dytFxwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPJz+DwAA///LLUAr")
syz_open_procfs$userns(0xffffffffffffffff, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000180)={'lo\x00', {0x2, 0x4e21, @empty=0x7f000000}})

2.025177369s ago: executing program 1 (id=3116):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000780)={0x3, {{0xa, 0x4e23, 0x3, @empty, 0x7f}}}, 0x88)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000540)=ANY=[], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
sendmsg$ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f00000007c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16, @ANYBLOB="0100030010651fbe347b2c2b00000c00018008000100", @ANYRES16], 0x20}}, 0x0)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1800403, &(0x7f0000000940), 0x2, 0x5ad, &(0x7f0000000180)="$eJzs3c1vVFUbAPDnzkwLpe9rKzEqLkyjIZAoLS1g8GMBe0LwY+fGSgtBho/QGi2aWBLcmBg3LkhcuRD/CyW6dWXiwoUbV4akGsNGY3TMnbkzDO1MOy0dbu39/ZLbOeeeOz3nQp85Z+49ZyaAwhpLf5Qi9kTE5SRipK2sElnhWOO4O7+/fzrdkqjVXv0tiSTb1zw+yR6Hsyf/PRLx/TdJ7C6vrHdu4er56Wp19kqWn5i/cHlibuHqgXMXps/Onp29OPXc1NEjh48cnTx4X+dXakufuP7WOyMfnXz9i8/+Sia//OlkEsfi1zONsvbz2CxjMRZ/1GofLN+f/rse3ezKclJu/Z3clSzfwZZVyWJkMCIei5Eot/1vjsSHL+faOKCvaklEDSioRPxDQTXHAc339r29Dy71eVQCPAhLx9OfAx3iv9K4NhijMRARe5c9r8MlvQ1J6/ju25PX0y36dB0O6Gzx2o4stTz+k3psjsbOem7XndI913nTEcCp7DHd/8oG6x9blhf/8OAsXouIxzuN/9eO/zfa4v/NDdYv/gEAAAAAAGDz3DoeEc92uv9Xyu7N7Yyn6vf/ksb9vx/urhA8tgn1r33/r3R7E6oBOlg6HvFSx/m/rTm+o+Us9//GbMDkzLnq7MGIeCgi9sfAjjQ/uUodBz7efaNbWfv8v3RL62/OBczacbuy497nzEzPT9/POQMNS9cinqh0n/+T9v9Je/+fSV8PLvdYx+69N091K1s7/oF+qX0esa9j/5+0jklW/3yOifp4YKI5Kljpyfc++apb/eIf8pP2/7tWj//RpP3zeubW9/sHI+LQQqXWrXyj4//B5LVy8/en3p2en78yGTGYnFi5f2p9bYbtqhkPzXhJ43//06tf/2uN/9vicCgiFnus89F/hn/uVqb/h/yk8T+zrv5//Ympm6Nfd6u/t/7/cL1P35/tcf0PVtdrgObdTgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4LypFxP8iKY230qXS+HjEcEQ8ErtK1Utz88+cufT2xZm0rP79/6XmN/2ONPJJ8/v/R9vyU8vyhyLi4Yj4tDxUz4+fvlSdyfvkAQAAAAAAAAAAAAAAAAAAYIsY7rL+P/VLOe/WAX1XyR7FOxRPJe8GALkR/1Bc4h+KS/xDcYl/KK4Nxr/bBbAN6P+hqAZ6O2xnv9sB5EH/DwAAAAAA28qtF5+/kUTE4gtD9S01mJW1bgwO5dU6oJ9KeTcAyI05vFBcpv5AcfU4+RfYxpJW6s9ap/Lus/+T/jQIAAAAAAAAAAAAAFhh355bP665/h/Ylqz/h+Ky/h+Ky/p/KC7v8YG1VvFb/w8AAAAAAAAAAAAA+ZtbuHp+ulqdvSIhsdUSAxGxBZqRQ2Iw//DM+YUJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo+TcAAP//Swsk/Q==")

1.92306514s ago: executing program 4 (id=3117):
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80)
r1 = bpf$ITER_CREATE(0xb, &(0x7f00000004c0)={r0}, 0x8)
close(r1)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_rx_ring(r4, 0x107, 0x5, &(0x7f00000000c0)=@req={0x8000, 0xb4f, 0x300, 0x1daf6}, 0x10)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffd59}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x2d)
close(0x3)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r3}, 0x10)
bpf$LINK_DETACH(0x22, 0x0, 0x0)
syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={r1, 0x0, 0x0}, 0x10)

1.726747534s ago: executing program 1 (id=3118):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, 0x0, 0x0)
mkdir(&(0x7f0000000180)='./file0/../file0/file0\x00', 0x0)
quotactl_fd$Q_QUOTAON(0xffffffffffffffff, 0xffffffff80000201, 0xffffffffffffffff, 0x0)
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='mnt\x00', 0x4, &(0x7f0000000000), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000640)='mnt/encrypted_dir\x00', 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000680)='mnt/encrypted_dir\x00', 0x800, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r2}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r1, 0x800c6613, &(0x7f00000006c0)=@v2={0x2, @aes256, 0x0, '\x00', @a})
chdir(&(0x7f00000002c0)='mnt/encrypted_dir\x00')
symlink(&(0x7f0000000700)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000780)='./file0\x00')

1.576947776s ago: executing program 2 (id=3120):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
write$UHID_CREATE(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000940)=ANY=[@ANYBLOB="b4050000200080066110000000000000c6000000000000009500d800000000009f33ef60916e55893f1eeb0b2ae13d922e6235592ce847e2566c43d72918a897323fd0723043c47c896ce0bce66a245ad9d6817fd98cd824498949714ffaac8a6f77ef0000ca5d82054d54d53cd2b6db714e75d9bdae214fa68a0557eb2c5ca683a4b6fcfcff0bffffffffffd47042eaebfa6fa26fa7a347c7faa8e700458c60897d4a6148a1c11428427c40de60beacf871ab5c2ff88a02084e5b5271e45f00003826fb8579c1fb01d2c5553d2ccb5fc5b51fe6b174ebd9907dcff414ed55b0c20cdbe7009a6fe7cc78762f1d4dcdbca64920db9a50f86c21632f7a4bd344e0bd74ff05d37ef68e3b9db863c758ffffffffabe90ac5d08dd9d4e0359c41cf3626e1230bc1cd4c02c460ceb44276e9bd94d1c2e6d17dc5c2edf332a62f5fe68fbbbbfcfd00000000000fbf940e6652d357474ed5f816f66ac3027460ae66317f83cdd7a7eb2a7003d1a6cf5478533584961c329fcf5a43e05c92bfef0dcd28000000003f2915a3039c9a78f63b8ec7e60a0000fed7d67c440e23d130e51eea1e085bebabe7059de9cbfc5117c024185a062acb6b8eec31c21b3af8b9eedb4660ed2deb7acf2a33a376a5cb7d4266d5b0be14488d14b473502486ad8dd600000000000000000000c7766ea7c581782c0d90f42a85303835fc291c25d29e6bead5d7360f2e1929d7736ebc8558c4506407d3046022bdf25485bd5442169e9b4c1278343581b7a06f65e8ea6b042c4fd08381e5000000000000006398d6480000001a723b91030000006480304c66b217aea0156ce9eef911fe5b7370f79987303ecb3aabc53c60014a0101ab766754f596b41da9534d12b8306a1b36cf3b03f0d790879f523eabfbee83d8bd472ef69660cf6ec897106c51e54a17497f384c4956b41f3843e7c878b1e11316d8ddae1c6c3b85aaf7a9fcaf8f5d6186c42542d68ba72682c938d3c0a2e6e10eed71b1d31c9f300b41745329bf34495c63e43fb896e4903fb0fae54a8f0fe3b48a5b29d279070647e65097c8ecf32a15080000000000000001007ba4a70a084bd994ac5e00000000000000000000000000351a30cd97f83d72631d0fe92efa974a53f4dc1eb9a86df632a6d463688123f64d42a919bcfc44a90ffd680200000091f842a91c977f6075d07e39e669b0713af0498a99bf5261cb3269d499a5202d7a08b33ade7b38829b9bd39619688d5e"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0x12, 0x4, 0x4, 0x12}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r1, r0, 0x5}, 0x10)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000000c0)=ANY=[@ANYRES32=r1, @ANYRES32=r0, @ANYBLOB="090000000afe96c600000000", @ANYRES32, @ANYBLOB, @ANYRES64=0x0], 0x10)
syz_mount_image$ext4(&(0x7f0000000540)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x88, &(0x7f00000005c0)={[{@nogrpid}, {@min_batch_time={'min_batch_time', 0x3d, 0x1}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@nobarrier}, {@nodiscard}, {@quota}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.idle_time\x00', 0x275a, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r2, 0x8004587d, &(0x7f0000000080))
fremovexattr(r2, &(0x7f0000000000)=@known='trusted.overlay.impure\x00')
r3 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r3, 0x0)

1.549459086s ago: executing program 2 (id=3121):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$inet(0x2, 0x1, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETPRL(r0, 0x89f4, 0x0)
creat(0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$binfmt_aout(r1, &(0x7f0000000340)=ANY=[], 0xff2e)
r2 = gettid()
timer_create(0x1, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$TCXONC(r1, 0x540a, 0x3)

1.411157969s ago: executing program 5 (id=3122):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$inet(0x2, 0x1, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETPRL(r0, 0x89f4, 0x0)
creat(0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$binfmt_aout(r1, &(0x7f0000000340)=ANY=[], 0xff2e)
r2 = gettid()
timer_create(0x1, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$TCXONC(r1, 0x540a, 0x3)

1.342365739s ago: executing program 4 (id=3123):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r0}, &(0x7f0000000800), &(0x7f0000000840)=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mkdir(&(0x7f0000000340)='./file0\x00', 0x0)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r6, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])

868.328286ms ago: executing program 1 (id=3124):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000140)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0x5}, 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000000010000081100000900000001"], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000000), &(0x7f00000001c0), 0xb, r3}, 0x38)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000300)={0x0, &(0x7f0000001f00)=""/4096, &(0x7f0000000780), &(0x7f0000000b40), 0x4, r3}, 0x38)

633.40354ms ago: executing program 2 (id=3125):
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0600000004000000ff0f0000"], 0x50)
userfaultfd(0x1)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = syz_io_uring_setup(0x4f0e, &(0x7f0000000480)={0x0, 0x0, 0x1}, &(0x7f0000000080)=<r3=>0x0, &(0x7f0000000040))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400", @ANYRES32=r4, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="05000000040000000800000008"], 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000000)='scmi_rx_done\x00', r6, 0x0, 0xffffffffffffffff}, 0x18)
rt_tgsigqueueinfo(0x0, 0x0, 0x1a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00'}, 0x18)
io_uring_enter(r2, 0x62dd, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r1}, 0x10)
pselect6(0x40, &(0x7f00000001c0)={0x2, 0x0, 0x3, 0xfffffffffffffffd, 0x3, 0x0, 0x0, 0xe}, 0x0, &(0x7f0000000300)={0x3ff, 0x7e7, 0x0, 0x9, 0x4, 0x0, 0x7fffffff, 0x3f8}, 0x0, 0x0)

531.394771ms ago: executing program 5 (id=3126):
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4)
socket$packet(0x11, 0x3, 0x300)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f0000000380)='./bus\x00', 0x0)
fallocate(r0, 0x0, 0x8, 0x7fffffffffffffff)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$USBDEVFS_CLEAR_HALT(0xffffffffffffffff, 0x80045515, &(0x7f00000000c0)={0x6})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000e000000c500000001f0ffff95"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10)
syz_emit_ethernet(0x0, 0x0, 0x0)
sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000bc0)={0x14, 0x0, 0x10, 0x70bd2b, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0xc56b256101459e91)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xa, &(0x7f0000000040)=0x5997, 0x4)
open(&(0x7f0000000740)='./bus\x00', 0x143c62, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000003000000400001802c0004001400010002000000ac14140f00000000000000001400020002000000ffffff53a2513743897e44000d0001007564703aa3"], 0x54}}, 0x0)

473.902693ms ago: executing program 2 (id=3127):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r0}, 0x0, &(0x7f0000000840)=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r2}, 0x10)
move_mount(0xffffffffffffffff, &(0x7f0000000400)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)

473.112513ms ago: executing program 4 (id=3128):
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80)
r1 = bpf$ITER_CREATE(0xb, &(0x7f00000004c0)={r0}, 0x8)
close(r1)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_rx_ring(r3, 0x107, 0x5, &(0x7f00000000c0)=@req={0x8000, 0xb4f, 0x300, 0x1daf6}, 0x10)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffd59}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d)
close(0x3)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r2}, 0x10)
bpf$LINK_DETACH(0x22, 0x0, 0x0)
syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={r1, 0x0, 0x0}, 0x10)

421.215704ms ago: executing program 2 (id=3129):
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80)
r1 = bpf$ITER_CREATE(0xb, &(0x7f00000004c0)={r0}, 0x8)
close(r1)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_rx_ring(r4, 0x107, 0x5, &(0x7f00000000c0)=@req={0x8000, 0xb4f, 0x300, 0x1daf6}, 0x10)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffd59}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x2d)
close(0x3)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r3}, 0x10)
bpf$LINK_DETACH(0x22, 0x0, 0x0)
syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={r1, 0x0, 0x0}, 0x10)

346.481424ms ago: executing program 5 (id=3130):
socket$tipc(0x1e, 0x5, 0x0)
prctl$PR_SET_MM_MAP_SIZE(0x23, 0xf, 0x0)
r0 = socket$tipc(0x1e, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r1 = getpid()
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_msfilter(r2, 0x0, 0x29, &(0x7f00000003c0)=ANY=[@ANYBLOB="e0000002e00000010100"], 0x5000)
sched_setscheduler(r1, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
socket$inet6(0xa, 0x800, 0x8)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r4, 0xf502, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b0000000500000008040000cd00000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r6}, 0x10)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000001c0)={[{@grpquota}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x800}}, {@quota}]}, 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=")
open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8916, &(0x7f0000000200)={'macvtap0\x00', {0x2, 0x4e22, @multicast1}})
r7 = socket$inet(0x2, 0x2, 0x1)
sendmsg$inet(r7, &(0x7f0000000600)={&(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f0000000480)='\x00\x00\x00\x00\x001', 0x6}], 0x2, &(0x7f0000000300)=ANY=[@ANYBLOB="1c000000"], 0x20}, 0x8004)
capset(&(0x7f0000000100)={0x20080522}, &(0x7f0000000000))
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000080)={0x42, 0x80000009, 0x2}, 0x10)

284.379345ms ago: executing program 4 (id=3131):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0xfffc}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x9c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000200)='kmem_cache_free\x00'}, 0x10)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f0000000280)={0xa, 0x2, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
listen(r2, 0x2)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r3, &(0x7f0000000040)={0x2, 0x2, @local}, 0x10)
close_range(r2, 0xffffffffffffffff, 0x0)

279.518416ms ago: executing program 2 (id=3132):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_opts(r0, 0x0, 0x4, 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETPRL(0xffffffffffffffff, 0x89f4, 0x0)
creat(0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$binfmt_aout(r1, &(0x7f0000000340)=ANY=[], 0xff2e)
r2 = gettid()
timer_create(0x1, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$TCXONC(r1, 0x540a, 0x3)

0s ago: executing program 1 (id=3133):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000400000000dfffff1918120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r5}, 0x10)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x4, &(0x7f0000000340)={[{@max_batch_time={'max_batch_time', 0x3d, 0x6}}, {@i_version}, {@max_batch_time}]}, 0x6, 0x5fd, &(0x7f0000000c00)="$eJzs3c9rHFUcAPDvzCYxaaNpRcQWxYCHFqRpUotVL7b1YA8FC/Yg4qGhSWro9gdNCrYWTMGDgoKIV5Fe/Ae8S+/eRFBvnoUqUlFQ6crszrabZDfdttmdNPP5wGTnvZnd9747eZn3dvJ2Aiit8exHGrEj4taJJGKsZdtoNDaO5/vd/OPKyWxJolZ78/ckkjyvuX+SP27NE8MR8f3hiMcrq8tduHT59HS11vBBxN7FM+f3Lly6vGf+zPSp2VOzZ6f2vbT/wOTLU/un1iXOrfnjkaNvPP3ph+++OPdDdU8SB+P44PszsSKO9TIe43ErD7E1fyAiDmQrbd6Xh80mCKHUKvnv42BEPBljUamnGsZi/pNCKwf0VK0SUQNKKtH+oaSa/YDm2L67cfDxHvdK+ufGocYAaHX8A43PRmK4PjbacjNpGRk1PtvYtg7lZ2X8d2Xnl9kSyz6H+Pv20RlYh3I6WboaEU+1iz+p121bPdIs/nTZWD+JiMmIGMrr99oD1CFpWe/F5zBruZf4W49DGhEH88cs//B9lj++It3v+AEop+uH8hP5Upa6c/7L+h7N/k+06f+Mtjl33Y+iz3+d+3/N8/1wvd+TruiHZX2WY+1fcnBlxi8fH/m8U/mt/b9sycpv9gX74cbViJ0r4v8oCzbv/2TxJ22Of7bLiYPdlfH6j78d6bSt6Phr1yJ2tR3/3OmVZmtrXJ/cOzdfnZ1s/GxbxrffvfN1p/KLjj87/ls6xN9y/NOVz8vek/NdlvHNsWtnOm0bvWv86a9DSWO8OZTnvDe9uHhhKmIoOZrv0pK/b+26NPdpvkYW/+7n2rf/Zb//V5e/zkjzT2YXzr91+manbfdz/FsuJt+qdVmHTrL4Z+5+/Fe1/yzvsy7L+Ovti8902rZW/CMPEhgAAAAAAACUUFq/BpukE7fX03RiojFf9onYklbPLSw+P3fu4tmZiN31/4ccTJtXusca6SRLT+X/D9tM71uRfiEitkfEF5WRenri5LnqTNHBAwAAAAAAAAAAAAAAAAAAwAaxNZ//37xP9Z+Vxvx/oCR6eYM5YGPT/qG86u1/1S2egDJw/ofy0v6hvLR/KC/tH8pL+4fy0v6hvLR/KC/tHwAAAAA2pe3PXv85iYilV0bqS2Yo32ZGEGxug0VXAChMpegKAIW5felfZx9Kp6v+/z/5lwP2vjpAAZJ2mfXOQW3txn+97TMBAAAAAAAAAAAAgB7YtaPz/H9zg2FzM+0PyusB5v/76gB4yPnqfygvY3zgbrP4hzttMP8fAAAAAAAAAAAAAPpmtL4k6UQ+F3g00nRiIuLRiNgWg8ncfHV2MiIei4ifKoOPZOmpoisNAAAAAAAAAAAAAAAAAAAAm8zCpcunp6vV2QutK/+uytncK827oPahrFfjHp8VSf/flpGIKPyg9GxloCUniVjKjvyGqNiFhdgY1aivFPyHCQAAAAAAAAAAAAAAAAAASqhl7nF7O7/qc40AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoP/u3P+/dytFxwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPJz+DwAA///LLUAr")
syz_open_procfs$userns(0xffffffffffffffff, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000180)={'lo\x00', {0x2, 0x4e21, @empty=0x7f000000}})

kernel console output (not intermixed with test programs):

7295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5935 comm="syz.5.2170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fea8c5fe3df code=0x7ffc0000
[  152.723119][   T30] audit: type=1326 audit(1751488409.098:3166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5935 comm="syz.5.2170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fea8c5ff9b7 code=0x7ffc0000
[  152.869611][   T20] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  153.434566][    T6] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  153.682937][   T20] usb 6-1: Using ep0 maxpacket: 8
[  153.800096][   T20] usb 6-1: config 179 has an invalid interface number: 65 but max is 0
[  153.808445][   T20] usb 6-1: config 179 has an invalid descriptor of length 150, skipping remainder of the config
[  153.819116][   T20] usb 6-1: config 179 has no interface number 0
[  153.825546][   T20] usb 6-1: too many endpoints for config 179 interface 65 altsetting 120: 111, using maximum allowed: 30
[  153.836988][   T20] usb 6-1: config 179 interface 65 altsetting 120 has 0 endpoint descriptors, different from the interface descriptor's value: 111
[  153.852021][   T20] usb 6-1: config 179 interface 65 has no altsetting 0
[  153.858884][   T20] usb 6-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  153.868132][   T20] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  153.879590][    T6] usb 3-1: Using ep0 maxpacket: 8
[  154.244763][    T6] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[  154.253054][    T6] usb 3-1: config 179 has an invalid descriptor of length 150, skipping remainder of the config
[  154.263945][    T6] usb 3-1: config 179 has no interface number 0
[  154.283977][    T6] usb 3-1: too many endpoints for config 179 interface 65 altsetting 120: 111, using maximum allowed: 30
[  154.306005][    T6] usb 3-1: config 179 interface 65 altsetting 120 has 0 endpoint descriptors, different from the interface descriptor's value: 111
[  154.339558][    T6] usb 3-1: config 179 interface 65 has no altsetting 0
[  154.349722][    T6] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  154.369003][    T6] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  154.386358][ T5938] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=5938 comm=syz.5.2170
[  154.439595][   T20] usb 6-1: string descriptor 0 read error: -71
[  154.452698][   T20] usb 6-1: USB disconnect, device number 3
[  154.801583][ T5979] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2183'.
[  154.927124][ T5953] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=5953 comm=syz.2.2176
[  155.173661][    T6] usb 3-1: string descriptor 0 read error: -71
[  155.184685][    T6] usb 3-1: USB disconnect, device number 3
[  155.953504][ T6008] xt_CT: No such helper "netbios-ns"
[  155.959197][ T6008] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2193'.
[  156.015052][ T6016] fuse: Bad value for 'fd'
[  156.605448][ T6036] loop5: detected capacity change from 0 to 16
[  156.626350][ T6036] erofs: (device loop5): mounted with root inode @ nid 36.
[  157.654499][   T30] kauditd_printk_skb: 205 callbacks suppressed
[  157.654513][   T30] audit: type=1326 audit(1751488414.458:3372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6061 comm="syz.2.2214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  157.747291][ T6063] xt_CT: No such helper "netbios-ns"
[  157.756291][ T6063] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2213'.
[  157.897316][   T30] audit: type=1326 audit(1751488414.508:3373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6061 comm="syz.2.2214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  157.934261][   T30] audit: type=1326 audit(1751488414.718:3374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6061 comm="syz.2.2214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=285 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  158.016099][   T30] audit: type=1326 audit(1751488414.718:3375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6061 comm="syz.2.2214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  158.043277][   T30] audit: type=1326 audit(1751488414.718:3376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6061 comm="syz.2.2214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  158.074971][   T30] audit: type=1326 audit(1751488414.728:3377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6061 comm="syz.2.2214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  158.107853][   T30] audit: type=1326 audit(1751488414.728:3378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6061 comm="syz.2.2214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  158.131497][   T30] audit: type=1326 audit(1751488414.728:3379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6061 comm="syz.2.2214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  158.155132][   T30] audit: type=1326 audit(1751488414.728:3380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6061 comm="syz.2.2214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  158.206885][   T30] audit: type=1326 audit(1751488414.728:3381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6061 comm="syz.2.2214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  158.271084][ T6068] loop5: detected capacity change from 0 to 40427
[  158.287219][ T6068] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  158.298917][ T6068] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  158.308795][ T6068] F2FS-fs (loop5): invalid crc value
[  158.322918][ T6068] F2FS-fs (loop5): Found nat_bits in checkpoint
[  158.357257][ T6068] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  158.364459][ T6068] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  158.596082][   T20] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  158.839552][   T20] usb 3-1: Using ep0 maxpacket: 8
[  158.959791][   T20] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[  158.974606][   T20] usb 3-1: config 179 has an invalid descriptor of length 150, skipping remainder of the config
[  158.989551][   T20] usb 3-1: config 179 has no interface number 0
[  158.995899][   T20] usb 3-1: too many endpoints for config 179 interface 65 altsetting 120: 111, using maximum allowed: 30
[  159.007689][   T20] usb 3-1: config 179 interface 65 altsetting 120 has 0 endpoint descriptors, different from the interface descriptor's value: 111
[  159.021409][   T20] usb 3-1: config 179 interface 65 has no altsetting 0
[  159.038814][   T20] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  159.051007][   T20] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  159.660264][   T20] usb 3-1: string descriptor 0 read error: -71
[  159.673964][   T20] usb 3-1: USB disconnect, device number 4
[  159.743407][ T6112] xt_CT: No such helper "netbios-ns"
[  159.752788][ T6112] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2227'.
[  160.183479][ T6118] loop5: detected capacity change from 0 to 256
[  161.182251][ T6118] exFAT-fs (loop5): failed to load upcase table (idx : 0x00011a39, chksum : 0xd7c18d7b, utbl_chksum : 0xe619d30d)
[  162.343755][ T6165] xt_CT: No such helper "netbios-ns"
[  162.388570][   T26] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  162.789631][   T26] usb 5-1: Using ep0 maxpacket: 8
[  162.850019][ T6178] fuse: Bad value for 'fd'
[  162.919982][   T26] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[  162.937069][   T26] usb 5-1: config 179 has an invalid descriptor of length 150, skipping remainder of the config
[  162.968322][   T26] usb 5-1: config 179 has no interface number 0
[  162.974860][   T26] usb 5-1: too many endpoints for config 179 interface 65 altsetting 120: 111, using maximum allowed: 30
[  162.986319][   T26] usb 5-1: config 179 interface 65 altsetting 120 has 0 endpoint descriptors, different from the interface descriptor's value: 111
[  163.000039][   T26] usb 5-1: config 179 interface 65 has no altsetting 0
[  163.006949][   T26] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  163.016273][   T26] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  163.369563][   T26] usb 5-1: string descriptor 0 read error: -71
[  163.381226][   T26] usb 5-1: USB disconnect, device number 3
[  163.512397][ T6192] loop5: detected capacity change from 0 to 128
[  163.571688][ T6192] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  163.582534][ T6192] ext4 filesystem being mounted at /452/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  163.598729][   T30] kauditd_printk_skb: 55 callbacks suppressed
[  163.598742][   T30] audit: type=1400 audit(1751488420.398:3437): avc:  denied  { write } for  pid=6187 comm="syz.5.2253" name="encrypted_dir" dev="loop5" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[  163.630944][   T30] audit: type=1400 audit(1751488420.398:3438): avc:  denied  { add_name } for  pid=6187 comm="syz.5.2253" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[  163.884575][ T6206] loop5: detected capacity change from 0 to 256
[  164.342980][ T6210] xt_CT: No such helper "netbios-ns"
[  165.692305][   T30] audit: type=1326 audit(1751488422.498:3439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6242 comm="syz.0.2271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d2aac1929 code=0x7ffc0000
[  165.717285][   T30] audit: type=1326 audit(1751488422.498:3440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6242 comm="syz.0.2271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d2aac1929 code=0x7ffc0000
[  165.741757][   T30] audit: type=1326 audit(1751488422.518:3441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6242 comm="syz.0.2271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9d2aac1929 code=0x7ffc0000
[  165.765360][   T30] audit: type=1326 audit(1751488422.518:3442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6242 comm="syz.0.2271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d2aac1929 code=0x7ffc0000
[  165.788947][   T30] audit: type=1326 audit(1751488422.518:3443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6242 comm="syz.0.2271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d2aac1929 code=0x7ffc0000
[  165.812961][   T30] audit: type=1326 audit(1751488422.548:3444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6242 comm="syz.0.2271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9d2aac1929 code=0x7ffc0000
[  165.836805][   T30] audit: type=1326 audit(1751488422.548:3445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6242 comm="syz.0.2271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d2aac1929 code=0x7ffc0000
[  165.870813][   T30] audit: type=1326 audit(1751488422.548:3446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6242 comm="syz.0.2271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d2aac1929 code=0x7ffc0000
[  166.126058][ T6255] xt_CT: No such helper "netbios-ns"
[  166.326774][ T6247] loop5: detected capacity change from 0 to 40427
[  166.430874][ T6247] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  166.473365][ T6247] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  166.625250][ T6247] F2FS-fs (loop5): invalid crc value
[  166.715364][ T6247] F2FS-fs (loop5): Found nat_bits in checkpoint
[  166.760174][ T6247] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  166.830667][ T6247] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  168.395903][ T6312] loop5: detected capacity change from 0 to 512
[  168.926083][ T6309] xt_CT: No such helper "netbios-ns"
[  168.932152][ T6309] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2287'.
[  168.951816][ T6312] EXT4-fs (loop5): couldn't mount as ext2 due to feature incompatibilities
[  169.327789][ T6327] loop5: detected capacity change from 0 to 128
[  169.660208][ T6327] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  169.685207][ T6327] ext4 filesystem being mounted at /459/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  170.830889][ T6359] fuse: Bad value for 'fd'
[  171.267509][ T6369] xt_CT: No such helper "netbios-ns"
[  171.279871][ T6369] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2304'.
[  171.824784][ T6373] fuse: Bad value for 'fd'
[  171.832445][   T30] kauditd_printk_skb: 25 callbacks suppressed
[  171.832458][   T30] audit: type=1326 audit(1751488428.638:3472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6374 comm="syz.4.2307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcab23ec929 code=0x7ffc0000
[  171.880433][   T30] audit: type=1326 audit(1751488428.668:3473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6374 comm="syz.4.2307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcab23ec929 code=0x7ffc0000
[  171.908663][   T30] audit: type=1326 audit(1751488428.668:3474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6374 comm="syz.4.2307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcab23ec929 code=0x7ffc0000
[  171.933034][   T30] audit: type=1326 audit(1751488428.668:3475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6374 comm="syz.4.2307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcab23ec929 code=0x7ffc0000
[  171.957170][   T30] audit: type=1326 audit(1751488428.668:3476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6374 comm="syz.4.2307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcab23ec929 code=0x7ffc0000
[  171.981248][   T30] audit: type=1326 audit(1751488428.678:3477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6374 comm="syz.4.2307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcab23ec929 code=0x7ffc0000
[  172.005812][   T30] audit: type=1326 audit(1751488428.678:3478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6374 comm="syz.4.2307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcab23ec929 code=0x7ffc0000
[  172.093233][   T30] audit: type=1326 audit(1751488428.678:3479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6374 comm="syz.4.2307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcab23ec929 code=0x7ffc0000
[  172.129649][   T30] audit: type=1326 audit(1751488428.678:3480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6374 comm="syz.4.2307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=125 compat=0 ip=0x7fcab23ec929 code=0x7ffc0000
[  172.742905][   T30] audit: type=1326 audit(1751488428.678:3481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6374 comm="syz.4.2307" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcab23ec929 code=0x7ffc0000
[  174.702183][ T6423] xt_CT: No such helper "netbios-ns"
[  174.708189][ T6423] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2319'.
[  174.877424][ T6427] loop5: detected capacity change from 0 to 512
[  174.945976][ T6427] EXT4-fs (loop5): couldn't mount as ext2 due to feature incompatibilities
[  175.551538][ T6427] loop5: detected capacity change from 0 to 128
[  175.600805][ T6427] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  175.611767][ T6427] ext4 filesystem being mounted at /467/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  176.521685][ T6481] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2337'.
[  178.058646][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  178.058713][   T30] audit: type=1326 audit(1751488434.858:3483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6516 comm="syz.4.2349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcab23ec929 code=0x7ffc0000
[  178.222693][   T30] audit: type=1326 audit(1751488434.918:3484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6516 comm="syz.4.2349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcab23ec929 code=0x7ffc0000
[  178.797816][ T6523] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2350'.
[  179.051816][  T311] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  179.359595][  T311] usb 5-1: Using ep0 maxpacket: 8
[  179.479894][  T311] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[  179.493336][  T311] usb 5-1: config 179 has an invalid descriptor of length 150, skipping remainder of the config
[  179.516884][  T311] usb 5-1: config 179 has no interface number 0
[  179.524788][  T311] usb 5-1: too many endpoints for config 179 interface 65 altsetting 120: 111, using maximum allowed: 30
[  179.537019][  T311] usb 5-1: config 179 interface 65 altsetting 120 has 0 endpoint descriptors, different from the interface descriptor's value: 111
[  179.551005][  T311] usb 5-1: config 179 interface 65 has no altsetting 0
[  179.558082][  T311] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  179.567803][  T311] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  179.879601][  T311] usb 5-1: string descriptor 0 read error: -71
[  179.888753][  T311] usb 5-1: USB disconnect, device number 4
[  180.296145][ T6563] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2365'.
[  181.625782][   T30] audit: type=1326 audit(1751488438.428:3485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6594 comm="syz.2.2377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  181.672002][   T30] audit: type=1326 audit(1751488438.428:3486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6594 comm="syz.2.2377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  181.703323][   T30] audit: type=1326 audit(1751488438.428:3487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6594 comm="syz.2.2377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  181.730288][   T30] audit: type=1326 audit(1751488438.428:3488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6594 comm="syz.2.2377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  181.754757][   T30] audit: type=1326 audit(1751488438.428:3489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6594 comm="syz.2.2377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f15843e2963 code=0x7ffc0000
[  181.778299][   T30] audit: type=1326 audit(1751488438.428:3490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6594 comm="syz.2.2377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f15843e13df code=0x7ffc0000
[  181.803811][   T30] audit: type=1326 audit(1751488438.468:3491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6594 comm="syz.2.2377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f15843e29b7 code=0x7ffc0000
[  181.827320][   T30] audit: type=1326 audit(1751488438.468:3492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6594 comm="syz.2.2377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f15843e1290 code=0x7ffc0000
[  181.949547][  T457] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  182.189554][  T457] usb 3-1: Using ep0 maxpacket: 8
[  182.309971][  T457] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[  182.321455][  T457] usb 3-1: config 179 has an invalid descriptor of length 150, skipping remainder of the config
[  182.343412][  T457] usb 3-1: config 179 has no interface number 0
[  182.359119][  T457] usb 3-1: too many endpoints for config 179 interface 65 altsetting 120: 111, using maximum allowed: 30
[  182.375018][  T457] usb 3-1: config 179 interface 65 altsetting 120 has 0 endpoint descriptors, different from the interface descriptor's value: 111
[  182.389306][  T457] usb 3-1: config 179 interface 65 has no altsetting 0
[  182.396453][  T457] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  182.405862][  T457] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  183.057149][ T6621] tipc: New replicast peer: 255.255.255.83
[  183.064813][   T30] kauditd_printk_skb: 33 callbacks suppressed
[  183.064840][   T30] audit: type=1326 audit(1751488439.858:3526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6594 comm="syz.2.2377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  183.169673][  T457] usb 3-1: string descriptor 0 read error: -71
[  183.206125][ T6621] tipc: Enabled bearer <udp:�>, priority 10
[  183.232901][  T457] usb 3-1: USB disconnect, device number 5
[  184.135391][   T30] audit: type=1326 audit(1751488439.908:3527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6594 comm="syz.2.2377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  185.095918][ T6652] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2396'.
[  185.411162][ T6662] loop5: detected capacity change from 0 to 512
[  185.543408][ T6662] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,quota,,errors=continue. Quota mode: writeback.
[  185.559519][ T6662] ext4 filesystem being mounted at /478/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  187.376789][ T6671] tipc: Enabling of bearer <udp:�> rejected, already enabled
[  187.496799][ T6686] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2407'.
[  187.591056][ T6689] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2405'.
[  189.397326][ T6728] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2420'.
[  190.261683][ T6744] loop5: detected capacity change from 0 to 256
[  190.319569][ T6744] exFAT-fs (loop5): failed to load upcase table (idx : 0x00011a39, chksum : 0xd7c18d7b, utbl_chksum : 0xe619d30d)
[  191.255593][ T6762] tipc: Enabling of bearer <udp:�> rejected, already enabled
[  191.670318][ T6777] loop5: detected capacity change from 0 to 512
[  191.726948][ T6777] EXT4-fs (loop5): Quota format mount options ignored when QUOTA feature is enabled
[  191.760144][ T6777] EXT4-fs (loop5): fragment/cluster size (4096) != block size (2048)
[  196.886950][ T6850] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2458'.
[  197.082780][ T6858] fuse: Bad value for 'group_id'
[  197.114136][   T30] audit: type=1326 audit(1751488453.908:3528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6859 comm="syz.1.2462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec77b74929 code=0x7ffc0000
[  197.128421][ T6862] loop5: detected capacity change from 0 to 512
[  197.149525][   T30] audit: type=1326 audit(1751488453.908:3529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6859 comm="syz.1.2462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fec77b74929 code=0x7ffc0000
[  197.175739][   T30] audit: type=1326 audit(1751488453.908:3530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6859 comm="syz.1.2462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec77b74929 code=0x7ffc0000
[  197.200793][   T30] audit: type=1326 audit(1751488453.908:3531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6859 comm="syz.1.2462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fec77b74929 code=0x7ffc0000
[  197.232930][ T6862] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  197.280165][ T6862] EXT4-fs (loop5): 1 truncate cleaned up
[  197.289531][ T6862] EXT4-fs (loop5): mounted filesystem without journal. Opts: noblock_validity,journal_dev=0x000000000000cd20,,errors=continue. Quota mode: none.
[  197.306988][   T30] audit: type=1326 audit(1751488453.908:3532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6859 comm="syz.1.2462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec77b74929 code=0x7ffc0000
[  197.387081][   T30] audit: type=1326 audit(1751488453.908:3533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6859 comm="syz.1.2462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=125 compat=0 ip=0x7fec77b74929 code=0x7ffc0000
[  197.483407][   T30] audit: type=1326 audit(1751488453.908:3534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6859 comm="syz.1.2462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec77b74929 code=0x7ffc0000
[  197.600857][ T6884] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2471'.
[  197.760426][   T30] audit: type=1326 audit(1751488454.568:3535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6863 comm="syz.4.2464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcab23ec929 code=0x7ffc0000
[  197.846507][ T6891] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2472'.
[  197.964402][   T30] audit: type=1326 audit(1751488454.748:3536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6863 comm="syz.4.2464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcab23ec929 code=0x7ffc0000
[  198.012623][   T30] audit: type=1326 audit(1751488454.748:3537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6863 comm="syz.4.2464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=325 compat=0 ip=0x7fcab23ec929 code=0x7ffc0000
[  198.151726][ T6898] fuse: Bad value for 'group_id'
[  199.449369][ T6931] fuse: Bad value for 'group_id'
[  200.299560][ T6944] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2489'.
[  201.701726][ T6970] loop5: detected capacity change from 0 to 128
[  201.778754][ T6970] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  201.789648][ T6970] ext4 filesystem being mounted at /496/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  202.250245][ T6990] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2501'.
[  202.587040][   T30] kauditd_printk_skb: 40 callbacks suppressed
[  202.587057][   T30] audit: type=1326 audit(1751488459.378:3578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6994 comm="syz.5.2503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8c5ff929 code=0x7ffc0000
[  202.617464][   T30] audit: type=1326 audit(1751488459.378:3579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6994 comm="syz.5.2503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8c5ff929 code=0x7ffc0000
[  202.655998][   T30] audit: type=1326 audit(1751488459.378:3580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6994 comm="syz.5.2503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=325 compat=0 ip=0x7fea8c5ff929 code=0x7ffc0000
[  202.733741][   T30] audit: type=1326 audit(1751488459.378:3581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6994 comm="syz.5.2503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8c5ff929 code=0x7ffc0000
[  202.778421][   T30] audit: type=1326 audit(1751488459.378:3582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6994 comm="syz.5.2503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8c5ff929 code=0x7ffc0000
[  202.802501][   T30] audit: type=1326 audit(1751488459.378:3583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6994 comm="syz.5.2503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7fea8c5ff929 code=0x7ffc0000
[  203.368690][   T30] audit: type=1326 audit(1751488459.568:3584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6994 comm="syz.5.2503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8c5ff929 code=0x7ffc0000
[  203.417513][   T30] audit: type=1326 audit(1751488459.588:3585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6994 comm="syz.5.2503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8c5ff929 code=0x7ffc0000
[  203.566395][   T30] audit: type=1326 audit(1751488459.658:3586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7008 comm="syz.0.2509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d2aac1929 code=0x7ffc0000
[  203.719540][   T30] audit: type=1326 audit(1751488459.658:3587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7008 comm="syz.0.2509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d2aac1929 code=0x7ffc0000
[  203.949022][ T7025] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2513'.
[  204.143354][ T7028] fuse: Bad value for 'fd'
[  204.308469][ T7033] tipc: Enabling of bearer <udp:�> rejected, already enabled
[  206.009793][  T311] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  206.279578][  T311] usb 2-1: Using ep0 maxpacket: 8
[  206.409688][  T311] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[  206.428612][  T311] usb 2-1: config 179 has an invalid descriptor of length 150, skipping remainder of the config
[  206.442887][ T7081] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=83 sclass=netlink_audit_socket pid=7081 comm=syz.4.2530
[  206.509524][  T311] usb 2-1: config 179 has no interface number 0
[  206.515808][  T311] usb 2-1: too many endpoints for config 179 interface 65 altsetting 120: 111, using maximum allowed: 30
[  206.539523][  T311] usb 2-1: config 179 interface 65 altsetting 120 has 0 endpoint descriptors, different from the interface descriptor's value: 111
[  206.569523][  T311] usb 2-1: config 179 interface 65 has no altsetting 0
[  206.580971][  T311] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  206.590251][  T311] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  206.613736][ T7085] tipc: Enabling of bearer <udp:�> rejected, already enabled
[  206.989556][  T311] usb 2-1: string descriptor 0 read error: -71
[  206.998374][  T311] usb 2-1: USB disconnect, device number 3
[  207.063175][ T7110] loop5: detected capacity change from 0 to 16
[  207.090502][ T7110] erofs: (device loop5): mounted with root inode @ nid 36.
[  207.659553][ T7118] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=83 sclass=netlink_audit_socket pid=7118 comm=syz.0.2541
[  207.800586][ T7123] tipc: Enabling of bearer <udp:�> rejected, already enabled
[  208.081989][   T30] kauditd_printk_skb: 129 callbacks suppressed
[  208.082005][   T30] audit: type=1326 audit(1751488464.878:3717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7138 comm="syz.5.2548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8c5ff929 code=0x7ffc0000
[  208.117275][   T30] audit: type=1326 audit(1751488464.878:3718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7138 comm="syz.5.2548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8c5ff929 code=0x7ffc0000
[  208.141239][   T30] audit: type=1326 audit(1751488464.888:3719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7138 comm="syz.5.2548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fea8c5ff929 code=0x7ffc0000
[  208.166654][   T30] audit: type=1326 audit(1751488464.888:3720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7138 comm="syz.5.2548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8c5ff929 code=0x7ffc0000
[  208.190913][   T30] audit: type=1326 audit(1751488464.888:3721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7138 comm="syz.5.2548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8c5ff929 code=0x7ffc0000
[  208.214755][   T30] audit: type=1326 audit(1751488464.888:3722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7138 comm="syz.5.2548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fea8c5ff929 code=0x7ffc0000
[  208.239625][   T30] audit: type=1326 audit(1751488464.888:3723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7138 comm="syz.5.2548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8c5ff929 code=0x7ffc0000
[  208.296869][   T30] audit: type=1326 audit(1751488464.888:3724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7138 comm="syz.5.2548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8c5ff929 code=0x7ffc0000
[  208.334020][   T30] audit: type=1326 audit(1751488464.888:3725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7138 comm="syz.5.2548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=150 compat=0 ip=0x7fea8c5ff929 code=0x7ffc0000
[  208.372030][   T30] audit: type=1326 audit(1751488464.888:3726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7138 comm="syz.5.2548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8c5ff929 code=0x7ffc0000
[  208.457321][ T7150] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=83 sclass=netlink_audit_socket pid=7150 comm=syz.1.2553
[  208.523994][ T7153] loop5: detected capacity change from 0 to 256
[  209.308419][ T7162] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2556'.
[  211.236233][ T7199] loop5: detected capacity change from 0 to 512
[  211.275553][ T7199] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  211.419726][ T7199] EXT4-fs (loop5): 1 truncate cleaned up
[  211.425390][ T7199] EXT4-fs (loop5): mounted filesystem without journal. Opts: noblock_validity,journal_dev=0x000000000000cd20,,errors=continue. Quota mode: none.
[  211.512663][ T7210] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2568'.
[  213.379553][ T7239] loop5: detected capacity change from 0 to 256
[  213.994818][ T7244] fuse: Unknown parameter 'grou00000000000000000000'
[  215.052528][ T7262] loop5: detected capacity change from 0 to 256
[  215.381216][ T7250] tipc: Enabling of bearer <udp:�> rejected, already enabled
[  215.400456][ T7267] fuse: Bad value for 'fd'
[  216.179464][   T30] kauditd_printk_skb: 6 callbacks suppressed
[  216.185547][   T30] audit: type=1326 audit(1751488472.978:3733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7280 comm="syz.0.2593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d2aac1929 code=0x7ffc0000
[  216.209103][   T30] audit: type=1326 audit(1751488472.978:3734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7280 comm="syz.0.2593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d2aac1929 code=0x7ffc0000
[  216.233799][   T30] audit: type=1326 audit(1751488472.988:3735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7280 comm="syz.0.2593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=325 compat=0 ip=0x7f9d2aac1929 code=0x7ffc0000
[  216.258115][   T30] audit: type=1326 audit(1751488472.988:3736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7280 comm="syz.0.2593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d2aac1929 code=0x7ffc0000
[  216.284574][   T30] audit: type=1326 audit(1751488472.988:3737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7280 comm="syz.0.2593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d2aac1929 code=0x7ffc0000
[  216.308099][   T30] audit: type=1326 audit(1751488472.988:3738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7280 comm="syz.0.2593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7f9d2aac1929 code=0x7ffc0000
[  216.331518][   T30] audit: type=1326 audit(1751488473.078:3739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7280 comm="syz.0.2593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d2aac1929 code=0x7ffc0000
[  216.354909][   T30] audit: type=1326 audit(1751488473.078:3740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7280 comm="syz.0.2593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d2aac1929 code=0x7ffc0000
[  216.419822][ T7292] fuse: Unknown parameter 'grou00000000000000000000'
[  217.515168][   T30] audit: type=1326 audit(1751488474.318:3741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7308 comm="syz.2.2601" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  217.613829][   T30] audit: type=1326 audit(1751488474.318:3742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7308 comm="syz.2.2601" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  217.890366][ T7325] fuse: Unknown parameter 'grou00000000000000000000'
[  217.926603][ T7314] tipc: Enabling of bearer <udp:�> rejected, already enabled
[  218.996943][ T7349] loop5: detected capacity change from 0 to 512
[  219.062724][ T7349] EXT4-fs (loop5): couldn't mount as ext2 due to feature incompatibilities
[  221.125708][ T1441] tipc: Disabling bearer <udp:syz2>
[  221.132077][ T1441] tipc: Disabling bearer <udp:�>
[  221.142980][ T1441] tipc: Left network mode
[  221.254296][   T30] kauditd_printk_skb: 23 callbacks suppressed
[  221.254310][   T30] audit: type=1400 audit(1751488478.058:3766): avc:  denied  { mounton } for  pid=7395 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  221.534862][ T7395] bridge0: port 1(bridge_slave_0) entered blocking state
[  221.542456][ T7395] bridge0: port 1(bridge_slave_0) entered disabled state
[  221.550074][ T7395] device bridge_slave_0 entered promiscuous mode
[  221.559290][ T7395] bridge0: port 2(bridge_slave_1) entered blocking state
[  221.566572][ T7395] bridge0: port 2(bridge_slave_1) entered disabled state
[  221.574100][ T7395] device bridge_slave_1 entered promiscuous mode
[  221.627203][ T7395] bridge0: port 2(bridge_slave_1) entered blocking state
[  221.634254][ T7395] bridge0: port 2(bridge_slave_1) entered forwarding state
[  221.641533][ T7395] bridge0: port 1(bridge_slave_0) entered blocking state
[  221.648542][ T7395] bridge0: port 1(bridge_slave_0) entered forwarding state
[  221.659405][  T460] hid-generic 0003:0000:0000.0007: unknown main item tag 0x0
[  221.674810][ T1590] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  221.675865][  T460] hid-generic 0003:0000:0000.0007: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  221.691490][ T1590] bridge0: port 1(bridge_slave_0) entered disabled state
[  221.704447][ T1590] bridge0: port 2(bridge_slave_1) entered disabled state
[  221.719926][ T1590] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  221.728153][ T1590] bridge0: port 1(bridge_slave_0) entered blocking state
[  221.735203][ T1590] bridge0: port 1(bridge_slave_0) entered forwarding state
[  221.759848][ T1590] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  221.768048][ T1590] bridge0: port 2(bridge_slave_1) entered blocking state
[  221.775095][ T1590] bridge0: port 2(bridge_slave_1) entered forwarding state
[  221.796349][ T1555] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  221.808099][   T30] audit: type=1326 audit(1751488478.608:3767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7406 comm="syz.2.2633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  221.833794][ T1555] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  221.852166][   T30] audit: type=1326 audit(1751488478.608:3768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7406 comm="syz.2.2633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  221.858356][ T1555] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  221.889700][ T7395] device veth0_vlan entered promiscuous mode
[  221.896144][ T1555] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  221.904794][ T1555] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  221.912600][ T1555] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  221.915104][   T30] audit: type=1326 audit(1751488478.608:3769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7406 comm="syz.2.2633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  221.927146][ T7395] device veth1_macvtap entered promiscuous mode
[  221.950980][ T1555] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  221.963984][ T1555] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  221.984502][ T1555] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  221.995777][   T30] audit: type=1326 audit(1751488478.608:3770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7406 comm="syz.2.2633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  222.038901][   T30] audit: type=1326 audit(1751488478.608:3771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7406 comm="syz.2.2633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  222.071506][   T30] audit: type=1326 audit(1751488478.608:3772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7406 comm="syz.2.2633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=125 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  222.095021][   T30] audit: type=1326 audit(1751488478.608:3773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7406 comm="syz.2.2633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  222.119047][   T30] audit: type=1400 audit(1751488478.788:3774): avc:  denied  { mounton } for  pid=7395 comm="syz-executor" path="/root/syzkaller.zY2Nie/syz-tmp" dev="sda1" ino=2051 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[  222.146891][   T30] audit: type=1400 audit(1751488478.788:3775): avc:  denied  { mount } for  pid=7395 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  222.210980][ T1441] device bridge_slave_1 left promiscuous mode
[  222.217191][ T1441] bridge0: port 2(bridge_slave_1) entered disabled state
[  222.225163][ T1441] device bridge_slave_0 left promiscuous mode
[  222.403306][ T1441] bridge0: port 1(bridge_slave_0) entered disabled state
[  222.974850][ T1441] device veth1_macvtap left promiscuous mode
[  222.980948][ T1441] device veth0_vlan left promiscuous mode
[  223.133612][   T20] hid-generic 0003:0000:0000.0008: unknown main item tag 0x0
[  224.843697][   T20] hid-generic 0003:0000:0000.0008: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  226.421022][   T20] hid-generic 0003:0000:0000.0009: unknown main item tag 0x0
[  226.439324][ T7499] loop5: detected capacity change from 0 to 256
[  226.511033][   T20] hid-generic 0003:0000:0000.0009: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  226.678807][ T7502] fido_id[7502]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  226.794791][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  226.809663][   T30] audit: type=1326 audit(1751488483.598:3780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7503 comm="syz.2.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  226.846104][   T30] audit: type=1326 audit(1751488483.598:3781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7503 comm="syz.2.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  226.929517][   T30] audit: type=1326 audit(1751488483.598:3782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7503 comm="syz.2.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  226.986730][   T30] audit: type=1326 audit(1751488483.598:3783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7503 comm="syz.2.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  227.017817][   T30] audit: type=1326 audit(1751488483.598:3784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7503 comm="syz.2.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  227.056959][   T30] audit: type=1326 audit(1751488483.598:3785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7503 comm="syz.2.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  227.094452][   T30] audit: type=1326 audit(1751488483.598:3786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7503 comm="syz.2.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  227.136628][   T30] audit: type=1326 audit(1751488483.598:3787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7503 comm="syz.2.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  227.194482][   T30] audit: type=1326 audit(1751488483.598:3788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7503 comm="syz.2.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  227.228199][   T30] audit: type=1326 audit(1751488483.598:3789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7503 comm="syz.2.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  227.367736][ T7525] loop5: detected capacity change from 0 to 256
[  228.189260][  T311] hid-generic 0003:0000:0000.000A: unknown main item tag 0x0
[  228.205962][  T311] hid-generic 0003:0000:0000.000A: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  228.403100][ T7550] fido_id[7550]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  230.192829][ T7581] loop5: detected capacity change from 0 to 512
[  230.231948][ T7581] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  230.329595][  T460] hid-generic 0003:0000:0000.000B: unknown main item tag 0x0
[  230.352515][ T7581] EXT4-fs (loop5): 1 truncate cleaned up
[  230.353834][ T7590] fuse: Unknown parameter 'group_id00000000000000000000'
[  230.358259][ T7581] EXT4-fs (loop5): mounted filesystem without journal. Opts: noblock_validity,journal_dev=0x000000000000cd20,,errors=continue. Quota mode: none.
[  230.382904][  T460] hid-generic 0003:0000:0000.000B: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  230.429731][ T1555] Bluetooth: hci0: Frame reassembly failed (-84)
[  230.438893][ T1555] Bluetooth: hci0: Frame reassembly failed (-84)
[  232.459528][  T460] Bluetooth: hci0: command 0x1003 tx timeout
[  232.465971][ T1889] Bluetooth: hci0: sending frame failed (-49)
[  233.123338][ T7629] loop5: detected capacity change from 0 to 256
[  235.178962][  T311] Bluetooth: hci0: command 0x1001 tx timeout
[  235.185236][ T1889] Bluetooth: hci0: sending frame failed (-49)
[  237.369671][  T460] Bluetooth: hci0: command 0x1009 tx timeout
[  237.812116][ T7681] tipc: Enabling of bearer <udp:�> rejected, already enabled
[  238.260596][ T7700] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2728'.
[  238.882176][ T7719] loop5: detected capacity change from 0 to 256
[  239.477624][ T7723] fuse: Bad value for 'fd'
[  239.826438][ T7726] tipc: Enabling of bearer <udp:�> rejected, already enabled
[  240.010130][ T7735] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2740'.
[  241.755091][ T7765] fuse: Bad value for 'fd'
[  243.428195][ T7787] loop5: detected capacity change from 0 to 256
[  245.205608][ T7800] loop5: detected capacity change from 0 to 512
[  245.291959][ T7800] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  245.328352][ T7802] fuse: Bad value for 'fd'
[  245.341740][ T7800] EXT4-fs (loop5): 1 truncate cleaned up
[  245.347478][ T7800] EXT4-fs (loop5): mounted filesystem without journal. Opts: noblock_validity,journal_dev=0x000000000000cd20,,errors=continue. Quota mode: none.
[  247.748139][ T7839] loop5: detected capacity change from 0 to 256
[  248.633038][ T7849] loop5: detected capacity change from 0 to 512
[  248.704851][ T7849] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,quota,,errors=continue. Quota mode: writeback.
[  248.720704][ T7849] ext4 filesystem being mounted at /564/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  249.669864][   T30] kauditd_printk_skb: 33 callbacks suppressed
[  249.669877][   T30] audit: type=1326 audit(1751488506.468:3823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7861 comm="syz.0.2777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f660c806929 code=0x7ffc0000
[  249.713948][   T30] audit: type=1326 audit(1751488506.468:3824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7861 comm="syz.0.2777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f660c806929 code=0x7ffc0000
[  250.445660][ T7878] loop5: detected capacity change from 0 to 1024
[  250.555250][   T30] audit: type=1326 audit(1751488506.478:3825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7861 comm="syz.0.2777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=325 compat=0 ip=0x7f660c806929 code=0x7ffc0000
[  250.753726][   T30] audit: type=1326 audit(1751488506.478:3826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7861 comm="syz.0.2777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f660c806929 code=0x7ffc0000
[  250.788758][ T7878] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:476: comm syz.5.2780: Invalid block bitmap block 0 in block_group 0
[  250.803617][ T7878] Quota error (device loop5): write_blk: dquota write failed
[  250.811060][ T7878] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota
[  250.820997][ T7878] EXT4-fs error (device loop5): ext4_acquire_dquot:6195: comm syz.5.2780: Failed to acquire dquot type 0
[  250.832700][ T7878] EXT4-fs error (device loop5): ext4_free_blocks:6223: comm syz.5.2780: Freeing blocks not in datazone - block = 0, count = 4096
[  250.846591][ T7878] EXT4-fs error (device loop5): ext4_read_inode_bitmap:140: comm syz.5.2780: Invalid inode bitmap blk 0 in block_group 0
[  250.859432][ T7878] EXT4-fs error (device loop5) in ext4_free_inode:362: Corrupt filesystem
[  250.868165][ T7878] EXT4-fs (loop5): 1 orphan inode deleted
[  250.873933][ T7878] EXT4-fs (loop5): mounted filesystem without journal. Opts: ��; max_batch_time=0x0000000000000006,i_version,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: writeback.
[  250.900179][ T1594] Quota error (device loop5): remove_tree: Getting block too big (0 >= 9)
[  250.923122][ T1594] EXT4-fs error (device loop5): ext4_release_dquot:6231: comm kworker/u4:127: Failed to release dquot type 0
[  250.970705][   T30] audit: type=1326 audit(1751488506.478:3827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7861 comm="syz.0.2777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f660c806929 code=0x7ffc0000
[  251.024529][   T30] audit: type=1326 audit(1751488506.508:3828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7861 comm="syz.0.2777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7f660c806929 code=0x7ffc0000
[  251.077227][   T30] audit: type=1326 audit(1751488507.768:3829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7886 comm="syz.4.2785" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcab23ec929 code=0x7ffc0000
[  252.205938][ T7895] loop5: detected capacity change from 0 to 2048
[  252.317717][ T7895]  loop5: p4 < >
[  252.332803][ T7903] tipc: Enabling of bearer <udp:�> rejected, already enabled
[  252.680573][  T458] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  252.952486][  T458] usb 6-1: Using ep0 maxpacket: 8
[  253.074297][  T458] usb 6-1: config 179 has an invalid interface number: 65 but max is 0
[  253.083622][  T458] usb 6-1: config 179 has an invalid descriptor of length 150, skipping remainder of the config
[  253.127150][  T458] usb 6-1: config 179 has no interface number 0
[  253.351892][  T458] usb 6-1: too many endpoints for config 179 interface 65 altsetting 120: 111, using maximum allowed: 30
[  253.363468][  T458] usb 6-1: config 179 interface 65 altsetting 120 has 0 endpoint descriptors, different from the interface descriptor's value: 111
[  253.378193][  T458] usb 6-1: config 179 interface 65 has no altsetting 0
[  253.502247][  T458] usb 6-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  253.512010][  T458] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  253.935227][ T7935] xt_CT: No such helper "netbios-ns"
[  254.000945][ T7932] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2800'.
[  254.319559][  T458] usb 6-1: string descriptor 0 read error: -71
[  254.335231][ T7939] fuse: Invalid rootmode
[  254.349583][  T458] usb 6-1: USB disconnect, device number 4
[  254.399242][ T7941] loop5: detected capacity change from 0 to 512
[  254.439673][ T7941] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  254.520548][ T7941] EXT4-fs (loop5): 1 truncate cleaned up
[  254.526281][ T7941] EXT4-fs (loop5): mounted filesystem without journal. Opts: noblock_validity,journal_dev=0x000000000000cd20,,errors=continue. Quota mode: none.
[  255.399513][   T30] kauditd_printk_skb: 19 callbacks suppressed
[  255.399530][   T30] audit: type=1326 audit(1751488512.178:3849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7927 comm="syz.2.2799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  255.452737][   T30] audit: type=1326 audit(1751488512.178:3850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7927 comm="syz.2.2799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  255.482186][   T30] audit: type=1326 audit(1751488512.178:3851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7927 comm="syz.2.2799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=325 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  255.505923][   T30] audit: type=1326 audit(1751488512.178:3852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7927 comm="syz.2.2799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  255.529662][   T30] audit: type=1326 audit(1751488512.178:3853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7927 comm="syz.2.2799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  255.559901][   T30] audit: type=1326 audit(1751488512.178:3854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7927 comm="syz.2.2799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  255.613920][   T30] audit: type=1326 audit(1751488512.258:3855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7927 comm="syz.2.2799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  255.657941][   T30] audit: type=1326 audit(1751488512.258:3856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7927 comm="syz.2.2799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  255.916121][ T7967] fuse: Bad value for 'fd'
[  256.661853][ T7981] xt_CT: No such helper "netbios-ns"
[  256.668224][ T7981] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2813'.
[  256.931060][ T7985] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2814'.
[  257.007419][   T30] audit: type=1326 audit(1751488513.808:3857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7988 comm="syz.2.2816" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  257.052970][   T30] audit: type=1326 audit(1751488513.808:3858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7988 comm="syz.2.2816" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  257.309833][ T8010] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2823'.
[  257.320470][   T20] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  257.569571][   T20] usb 3-1: Using ep0 maxpacket: 8
[  257.689660][   T20] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[  257.698325][   T20] usb 3-1: config 179 has an invalid descriptor of length 150, skipping remainder of the config
[  257.710363][   T20] usb 3-1: config 179 has no interface number 0
[  257.716787][   T20] usb 3-1: too many endpoints for config 179 interface 65 altsetting 120: 111, using maximum allowed: 30
[  257.728533][   T20] usb 3-1: config 179 interface 65 altsetting 120 has 0 endpoint descriptors, different from the interface descriptor's value: 111
[  257.742461][   T20] usb 3-1: config 179 interface 65 has no altsetting 0
[  257.749566][   T20] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  257.759052][   T20] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  258.220891][ T8025] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2829'.
[  258.436675][   T20] usb 3-1: string descriptor 0 read error: -71
[  258.444143][   T20] usb 3-1: USB disconnect, device number 6
[  260.132854][ T8066] loop5: detected capacity change from 0 to 2048
[  260.210270][ T8066]  loop5: p4 < >
[  260.214862][  T341] usb 5-1: new full-speed USB device number 5 using dummy_hcd
[  260.240925][  T101]  loop5: p4 < >
[  260.389498][  T457] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  260.940624][   T30] kauditd_printk_skb: 33 callbacks suppressed
[  260.940649][   T30] audit: type=1326 audit(1751488517.748:3892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8065 comm="syz.5.2843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fea8c5ff52b code=0x7ffc0000
[  260.991339][   T30] audit: type=1326 audit(1751488517.798:3893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8065 comm="syz.5.2843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fea8c5ff52b code=0x7ffc0000
[  261.339621][  T341] usb 5-1: unable to get BOS descriptor or descriptor too short
[  262.247590][  T457] usb 6-1: Using ep0 maxpacket: 8
[  262.309999][   T30] audit: type=1326 audit(1751488519.118:3894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8065 comm="syz.5.2843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fea8c5ff52b code=0x7ffc0000
[  262.418735][   T30] audit: type=1326 audit(1751488519.138:3895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8065 comm="syz.5.2843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fea8c5ff52b code=0x7ffc0000
[  262.442352][  T341] usb 5-1: unable to read config index 0 descriptor/start: -71
[  262.696576][  T341] usb 5-1: can't read configurations, error -71
[  262.706583][   T30] audit: type=1326 audit(1751488519.258:3896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8065 comm="syz.5.2843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fea8c5ff52b code=0x7ffc0000
[  262.737221][   T30] audit: type=1326 audit(1751488519.498:3897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8065 comm="syz.5.2843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fea8c5ff52b code=0x7ffc0000
[  262.841908][   T30] audit: type=1326 audit(1751488519.508:3898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8065 comm="syz.5.2843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fea8c5ff52b code=0x7ffc0000
[  262.918939][   T30] audit: type=1326 audit(1751488519.568:3899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8091 comm="syz.4.2850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcab23ec929 code=0x7ffc0000
[  262.999085][   T30] audit: type=1326 audit(1751488519.568:3900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8091 comm="syz.4.2850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcab23ec929 code=0x7ffc0000
[  263.017778][  T457] usb 6-1: config 179 has an invalid interface number: 65 but max is 0
[  263.030765][  T457] usb 6-1: config 179 has an invalid descriptor of length 150, skipping remainder of the config
[  263.041258][  T457] usb 6-1: config 179 has no interface number 0
[  263.047679][  T457] usb 6-1: too many endpoints for config 179 interface 65 altsetting 120: 111, using maximum allowed: 30
[  263.058966][  T457] usb 6-1: config 179 interface 65 altsetting 120 has 0 endpoint descriptors, different from the interface descriptor's value: 111
[  263.076086][  T457] usb 6-1: config 179 interface 65 has no altsetting 0
[  263.083164][  T457] usb 6-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  263.092392][  T457] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  263.115525][   T30] audit: type=1326 audit(1751488519.568:3901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8091 comm="syz.4.2850" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcab23ec929 code=0x7ffc0000
[  263.139285][  T457] usb 6-1: can't set config #179, error -71
[  263.184054][  T341] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  263.222463][  T457] usb 6-1: USB disconnect, device number 5
[  263.429574][  T341] usb 5-1: Using ep0 maxpacket: 8
[  263.549551][  T341] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[  263.564029][  T341] usb 5-1: config 179 has an invalid descriptor of length 150, skipping remainder of the config
[  263.589533][  T341] usb 5-1: config 179 has no interface number 0
[  263.608405][  T341] usb 5-1: too many endpoints for config 179 interface 65 altsetting 120: 111, using maximum allowed: 30
[  263.633661][  T341] usb 5-1: config 179 interface 65 altsetting 120 has 0 endpoint descriptors, different from the interface descriptor's value: 111
[  263.647244][  T341] usb 5-1: config 179 interface 65 has no altsetting 0
[  263.673553][  T341] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  263.691368][  T341] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  264.039661][  T341] usb 5-1: string descriptor 0 read error: -71
[  264.056108][  T341] usb 5-1: USB disconnect, device number 6
[  264.269575][   T39] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  264.519542][   T39] usb 2-1: Using ep0 maxpacket: 8
[  264.894425][   T39] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[  264.930721][   T39] usb 2-1: config 179 has an invalid descriptor of length 150, skipping remainder of the config
[  265.037892][   T39] usb 2-1: config 179 has no interface number 0
[  265.058712][   T39] usb 2-1: too many endpoints for config 179 interface 65 altsetting 120: 111, using maximum allowed: 30
[  265.185880][   T39] usb 2-1: config 179 interface 65 altsetting 120 has 0 endpoint descriptors, different from the interface descriptor's value: 111
[  265.471043][   T39] usb 2-1: config 179 interface 65 has no altsetting 0
[  265.477989][   T39] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  265.502665][   T39] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  266.369566][   T39] usb 2-1: string descriptor 0 read error: -71
[  266.380697][   T39] usb 2-1: USB disconnect, device number 4
[  267.570489][ T8207] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2885'.
[  271.279310][ T8253] loop5: detected capacity change from 0 to 1024
[  271.344245][   T26] hid-generic 0003:0000:0000.000C: unknown main item tag 0x0
[  271.374979][ T8253] EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  271.430373][ T8253] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  271.446580][   T26] hid-generic 0003:0000:0000.000C: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  271.450918][ T8253] JBD2: no valid journal superblock found
[  271.479071][ T8253] EXT4-fs (loop5): error loading journal
[  271.554313][ T8260] fido_id[8260]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  272.073552][ T8271] tipc: Started in network mode
[  272.078436][ T8271] tipc: Node identity ac14140f, cluster identity 4711
[  272.085630][ T8271] tipc: New replicast peer: 255.255.255.83
[  272.092460][ T8271] tipc: Enabled bearer <udp:�>, priority 10
[  273.299662][  T341] tipc: Node number set to 2886997007
[  273.347457][ T8290] loop5: detected capacity change from 0 to 1024
[  273.384269][  T341] hid-generic 0003:0000:0000.000D: unknown main item tag 0x0
[  273.403077][  T341] hid-generic 0003:0000:0000.000D: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  273.456354][ T8290] EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  273.479502][ T8290] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  273.497059][ T8301] fido_id[8301]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  273.510612][ T8290] JBD2: no valid journal superblock found
[  273.516329][ T8290] EXT4-fs (loop5): error loading journal
[  273.947755][ T8310] tipc: Enabling of bearer <udp:�> rejected, already enabled
[  274.044041][ T8319] device syzkaller0 entered promiscuous mode
[  274.105598][   T30] kauditd_printk_skb: 31 callbacks suppressed
[  274.105630][   T30] audit: type=1400 audit(1751488530.908:3933): avc:  denied  { ioctl } for  pid=8318 comm="syz.1.2920" path="mnt:[4026532818]" dev="nsfs" ino=4026532818 ioctlcmd=0xb705 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  274.499116][ T8328] device syzkaller0 entered promiscuous mode
[  277.473928][   T30] audit: type=1326 audit(1751488534.278:3934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8362 comm="syz.0.2933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f660c806929 code=0x7ffc0000
[  277.522931][   T30] audit: type=1326 audit(1751488534.308:3935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8362 comm="syz.0.2933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f660c806929 code=0x7ffc0000
[  277.546783][   T30] audit: type=1326 audit(1751488534.308:3936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8362 comm="syz.0.2933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f660c806929 code=0x7ffc0000
[  277.570374][   T30] audit: type=1326 audit(1751488534.308:3937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8362 comm="syz.0.2933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f660c806929 code=0x7ffc0000
[  277.594859][   T30] audit: type=1326 audit(1751488534.308:3938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8362 comm="syz.0.2933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f660c806963 code=0x7ffc0000
[  277.648195][   T30] audit: type=1326 audit(1751488534.318:3939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8362 comm="syz.0.2933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f660c8053df code=0x7ffc0000
[  277.685515][   T30] audit: type=1326 audit(1751488534.318:3940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8362 comm="syz.0.2933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f660c8069b7 code=0x7ffc0000
[  277.829481][  T341] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  277.887044][   T30] audit: type=1326 audit(1751488534.318:3941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8362 comm="syz.0.2933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f660c805290 code=0x7ffc0000
[  277.994718][   T30] audit: type=1326 audit(1751488534.318:3942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8362 comm="syz.0.2933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f660c80558a code=0x7ffc0000
[  278.069518][  T341] usb 1-1: Using ep0 maxpacket: 8
[  278.189692][  T341] usb 1-1: config 179 has an invalid interface number: 65 but max is 0
[  278.203596][  T341] usb 1-1: config 179 has an invalid descriptor of length 150, skipping remainder of the config
[  278.228447][  T341] usb 1-1: config 179 has no interface number 0
[  278.248268][ T8380] bridge0: port 1(bridge_slave_0) entered blocking state
[  278.254907][  T341] usb 1-1: too many endpoints for config 179 interface 65 altsetting 120: 111, using maximum allowed: 30
[  278.267711][ T8380] bridge0: port 1(bridge_slave_0) entered disabled state
[  278.286700][ T8380] device bridge_slave_0 entered promiscuous mode
[  278.293849][ T8380] bridge0: port 2(bridge_slave_1) entered blocking state
[  278.297449][  T341] usb 1-1: config 179 interface 65 altsetting 120 has 0 endpoint descriptors, different from the interface descriptor's value: 111
[  278.301016][ T8380] bridge0: port 2(bridge_slave_1) entered disabled state
[  278.322434][ T8380] device bridge_slave_1 entered promiscuous mode
[  278.334135][  T341] usb 1-1: config 179 interface 65 has no altsetting 0
[  278.341623][  T341] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  278.356312][  T341] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  278.386175][ T1594] tipc: Disabling bearer <udp:syz2>
[  278.396651][ T1594] tipc: Disabling bearer <udp:�>
[  278.403065][ T1594] tipc: Left network mode
[  278.502110][ T8380] bridge0: port 2(bridge_slave_1) entered blocking state
[  278.509174][ T8380] bridge0: port 2(bridge_slave_1) entered forwarding state
[  278.516511][ T8380] bridge0: port 1(bridge_slave_0) entered blocking state
[  278.523564][ T8380] bridge0: port 1(bridge_slave_0) entered forwarding state
[  278.823067][ T1555] bridge0: port 1(bridge_slave_0) entered disabled state
[  278.830650][  T341] usb 1-1: string descriptor 0 read error: -71
[  278.830731][ T1555] bridge0: port 2(bridge_slave_1) entered disabled state
[  278.844163][  T341] usb 1-1: USB disconnect, device number 2
[  278.850314][ T1555] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  278.857764][ T1555] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  278.869197][ T1555] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  278.877545][ T1555] bridge0: port 1(bridge_slave_0) entered blocking state
[  278.884597][ T1555] bridge0: port 1(bridge_slave_0) entered forwarding state
[  278.896365][ T1555] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  278.904554][ T1555] bridge0: port 2(bridge_slave_1) entered blocking state
[  278.911593][ T1555] bridge0: port 2(bridge_slave_1) entered forwarding state
[  278.924006][ T1555] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  278.933260][ T1555] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  278.949393][ T1555] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  278.960643][ T1555] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  278.968640][ T1555] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  278.976435][ T1555] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  278.986616][ T8380] device veth0_vlan entered promiscuous mode
[  278.997078][ T1555] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  279.007480][ T8380] device veth1_macvtap entered promiscuous mode
[  279.016632][ T1555] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  279.026562][ T1555] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  279.795329][ T1594] device bridge_slave_1 left promiscuous mode
[  279.831948][ T1594] bridge0: port 2(bridge_slave_1) entered disabled state
[  279.847638][ T1594] device bridge_slave_0 left promiscuous mode
[  279.866312][ T1594] bridge0: port 1(bridge_slave_0) entered disabled state
[  279.878823][ T1594] device veth1_macvtap left promiscuous mode
[  279.884946][ T1594] device veth0_vlan left promiscuous mode
[  280.046548][ T8433] loop5: detected capacity change from 0 to 1024
[  280.107124][ T8433] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:476: comm syz.5.2953: Invalid block bitmap block 0 in block_group 0
[  280.128765][ T8433] __quota_error: 49 callbacks suppressed
[  280.128780][ T8433] Quota error (device loop5): write_blk: dquota write failed
[  280.142541][ T8433] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota
[  280.152499][ T8433] EXT4-fs error (device loop5): ext4_acquire_dquot:6195: comm syz.5.2953: Failed to acquire dquot type 0
[  280.164428][ T8433] EXT4-fs error (device loop5): ext4_free_blocks:6223: comm syz.5.2953: Freeing blocks not in datazone - block = 0, count = 4096
[  280.178039][ T8433] EXT4-fs error (device loop5): ext4_read_inode_bitmap:140: comm syz.5.2953: Invalid inode bitmap blk 0 in block_group 0
[  280.190917][ T1590] Quota error (device loop5): remove_tree: Getting block too big (0 >= 9)
[  280.199559][ T8433] EXT4-fs error (device loop5) in ext4_free_inode:362: Corrupt filesystem
[  280.208229][ T8433] EXT4-fs (loop5): 1 orphan inode deleted
[  280.214004][ T8433] EXT4-fs (loop5): mounted filesystem without journal. Opts: ��; max_batch_time=0x0000000000000006,i_version,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: writeback.
[  280.229934][ T1590] EXT4-fs error (device loop5): ext4_release_dquot:6231: comm kworker/u4:125: Failed to release dquot type 0
[  280.296739][ T8428] tipc: Enabling of bearer <udp:�> rejected, already enabled
[  280.480857][   T30] audit: type=1400 audit(1751488537.288:3992): avc:  denied  { append } for  pid=8448 comm="syz.0.2957" name="loop5" dev="devtmpfs" ino=121 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  280.623342][   T30] audit: type=1326 audit(1751488537.428:3993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8451 comm="syz.0.2958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f660c806929 code=0x7ffc0000
[  280.659391][   T30] audit: type=1326 audit(1751488537.428:3994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8451 comm="syz.0.2958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f660c806929 code=0x7ffc0000
[  280.689616][   T30] audit: type=1326 audit(1751488537.428:3995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8451 comm="syz.0.2958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f660c806929 code=0x7ffc0000
[  280.743181][   T30] audit: type=1326 audit(1751488537.428:3996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8451 comm="syz.0.2958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f660c806929 code=0x7ffc0000
[  280.788247][   T30] audit: type=1326 audit(1751488537.428:3997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8451 comm="syz.0.2958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f660c806963 code=0x7ffc0000
[  280.823303][   T30] audit: type=1326 audit(1751488537.428:3998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8451 comm="syz.0.2958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f660c8053df code=0x7ffc0000
[  280.919513][   T39] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  281.199780][   T39] usb 1-1: Using ep0 maxpacket: 8
[  281.359517][   T39] usb 1-1: config 179 has an invalid interface number: 65 but max is 0
[  281.367937][   T39] usb 1-1: config 179 has an invalid descriptor of length 150, skipping remainder of the config
[  281.381505][   T39] usb 1-1: config 179 has no interface number 0
[  281.388358][   T39] usb 1-1: too many endpoints for config 179 interface 65 altsetting 120: 111, using maximum allowed: 30
[  281.402523][   T39] usb 1-1: config 179 interface 65 altsetting 120 has 0 endpoint descriptors, different from the interface descriptor's value: 111
[  281.418060][   T39] usb 1-1: config 179 interface 65 has no altsetting 0
[  281.602442][   T39] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  281.625105][   T39] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  282.062617][   T39] usb 1-1: string descriptor 0 read error: -71
[  282.655580][   T39] usb 1-1: USB disconnect, device number 3
[  283.986931][ T8511] tipc: Enabling of bearer <udp:�> rejected, already enabled
[  284.703841][ T8528] loop5: detected capacity change from 0 to 2048
[  284.812627][ T8528]  loop5: p4 < >
[  285.205462][   T30] kauditd_printk_skb: 25 callbacks suppressed
[  285.205480][   T30] audit: type=1326 audit(1751488541.938:4024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8526 comm="syz.5.2984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fd082cc558a code=0x7ffc0000
[  285.240985][   T30] audit: type=1326 audit(1751488542.048:4025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8526 comm="syz.5.2984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd082cc6929 code=0x7ffc0000
[  285.303986][  T101]  loop5: p4 < >
[  285.486824][   T30] audit: type=1326 audit(1751488542.048:4026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8526 comm="syz.5.2984" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd082cc6929 code=0x7ffc0000
[  285.570061][  T356] udevd[356]: inotify_add_watch(7, /dev/loop5p4, 10) failed: No such file or directory
[  285.744615][ T8549] tipc: Enabling of bearer <udp:�> rejected, already enabled
[  288.723585][ T8589] tipc: Enabling of bearer <udp:�> rejected, already enabled
[  288.854182][ T8603] fuse: Bad value for 'fd'
[  289.265251][   T30] audit: type=1326 audit(1751488546.068:4027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8605 comm="syz.2.3010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  289.311231][   T30] audit: type=1326 audit(1751488546.088:4028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8605 comm="syz.2.3010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  289.365078][   T30] audit: type=1326 audit(1751488546.088:4029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8605 comm="syz.2.3010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=325 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  289.390013][   T30] audit: type=1326 audit(1751488546.088:4030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8605 comm="syz.2.3010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  289.413441][   T30] audit: type=1326 audit(1751488546.088:4031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8605 comm="syz.2.3010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  289.437412][   T30] audit: type=1326 audit(1751488546.088:4032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8605 comm="syz.2.3010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  289.461134][   T30] audit: type=1326 audit(1751488546.198:4033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8605 comm="syz.2.3010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15843e2929 code=0x7ffc0000
[  290.483535][ T8633] tipc: Enabling of bearer <udp:�> rejected, already enabled
[  290.710627][ T8639] fuse: Bad value for 'fd'
[  290.782370][ T8641] device syzkaller0 entered promiscuous mode
[  291.767024][ T8663] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3028'.
[  291.841281][ T8669] fuse: Bad value for 'fd'
[  291.865534][ T8666] tipc: Enabling of bearer <udp:�> rejected, already enabled
[  291.868594][ T8672] loop5: detected capacity change from 0 to 1024
[  291.930555][ T8672] EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  291.948686][ T8672] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  291.958997][ T8672] JBD2: no valid journal superblock found
[  291.965100][ T8672] EXT4-fs (loop5): error loading journal
[  292.406538][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  292.406551][   T30] audit: type=1326 audit(1751488549.208:4035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8683 comm="syz.4.3037" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcab23ec929 code=0x7ffc0000
[  292.440395][   T30] audit: type=1326 audit(1751488549.208:4036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8683 comm="syz.4.3037" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcab23ec929 code=0x7ffc0000
[  292.441310][ T8691] loop5: detected capacity change from 0 to 1024
[  292.464539][   T30] audit: type=1326 audit(1751488549.218:4037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8683 comm="syz.4.3037" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcab23ec929 code=0x7ffc0000
[  292.495644][   T30] audit: type=1326 audit(1751488549.218:4038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8683 comm="syz.4.3037" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcab23ec929 code=0x7ffc0000
[  292.524578][   T30] audit: type=1326 audit(1751488549.218:4039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8683 comm="syz.4.3037" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcab23ec929 code=0x7ffc0000
[  292.544373][ T8691] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:476: comm syz.5.3038: Invalid block bitmap block 0 in block_group 0
[  292.551470][   T30] audit: type=1326 audit(1751488549.218:4040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8683 comm="syz.4.3037" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fcab23ec929 code=0x7ffc0000
[  292.561863][ T8691] Quota error (device loop5): write_blk: dquota write failed
[  292.592040][ T8691] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota
[  292.601974][ T8691] EXT4-fs error (device loop5): ext4_acquire_dquot:6195: comm syz.5.3038: Failed to acquire dquot type 0
[  292.613359][ T8691] EXT4-fs error (device loop5): ext4_free_blocks:6223: comm syz.5.3038: Freeing blocks not in datazone - block = 0, count = 4096
[  292.627046][   T30] audit: type=1326 audit(1751488549.218:4041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8683 comm="syz.4.3037" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fcab23ec963 code=0x7ffc0000
[  292.627154][ T8691] EXT4-fs error (device loop5): ext4_read_inode_bitmap:140: comm syz.5.3038: Invalid inode bitmap blk 0 in block_group 0
[  292.663087][ T8691] EXT4-fs error (device loop5) in ext4_free_inode:362: Corrupt filesystem
[  292.665758][   T30] audit: type=1326 audit(1751488549.218:4042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8683 comm="syz.4.3037" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fcab23eb3df code=0x7ffc0000
[  292.671746][ T8691] EXT4-fs (loop5): 1 orphan inode deleted
[  292.700759][ T8691] EXT4-fs (loop5): mounted filesystem without journal. Opts: ��; max_batch_time=0x0000000000000006,i_version,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: writeback.
[  292.719968][ T8696] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3040'.
[  292.729472][ T1594] EXT4-fs error (device loop5): ext4_release_dquot:6231: comm kworker/u4:127: Failed to release dquot type 0
[  296.356245][ T8766] loop5: detected capacity change from 0 to 512
[  296.389985][ T8766] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  296.405923][ T8766] EXT4-fs (loop5): 1 truncate cleaned up
[  296.411698][ T8766] EXT4-fs (loop5): mounted filesystem without journal. Opts: nogrpid,min_batch_time=0x0000000000000001,debug_want_extra_isize=0x0000000000000068,nobarrier,nodiscard,quota,,errors=continue. Quota mode: writeback.
[  297.514109][ T8792] loop5: detected capacity change from 0 to 512
[  297.561908][ T8792] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  297.810585][ T8792] EXT4-fs (loop5): 1 truncate cleaned up
[  297.816291][ T8792] EXT4-fs (loop5): mounted filesystem without journal. Opts: nogrpid,min_batch_time=0x0000000000000001,debug_want_extra_isize=0x0000000000000068,nobarrier,nodiscard,quota,,errors=continue. Quota mode: writeback.
[  297.896558][ T8800] fuse: Bad value for 'fd'
[  297.901720][ T8792] EXT4-fs (loop5): shut down requested (0)
[  298.168375][ T8807] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3075'.
[  300.921193][ T8852] loop5: detected capacity change from 0 to 256
[  301.091849][ T8852] exFAT-fs (loop5): failed to load upcase table (idx : 0x00011a39, chksum : 0xd7c18d7b, utbl_chksum : 0xe619d30d)
[  301.299400][ T8847] device syzkaller0 entered promiscuous mode
[  302.230228][    T6] hid-generic 0003:0000:0000.000E: unknown main item tag 0x0
[  302.254221][    T6] hid-generic 0003:0000:0000.000E: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  302.346716][ T1594] Bluetooth: hci0: Frame reassembly failed (-84)
[  303.611516][ T8885] bridge0: port 1(bridge_slave_0) entered blocking state
[  303.618771][ T8885] bridge0: port 1(bridge_slave_0) entered disabled state
[  303.628107][ T8885] device bridge_slave_0 entered promiscuous mode
[  303.807352][ T8885] bridge0: port 2(bridge_slave_1) entered blocking state
[  303.818186][ T8885] bridge0: port 2(bridge_slave_1) entered disabled state
[  303.826000][ T8885] device bridge_slave_1 entered promiscuous mode
[  304.955309][   T20] Bluetooth: hci0: command 0x1003 tx timeout
[  304.971541][ T1889] Bluetooth: hci0: sending frame failed (-49)
[  305.016678][ T1590] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  305.024403][ T1590] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  305.055959][ T1590] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  305.065783][ T1590] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  305.146797][ T1590] bridge0: port 1(bridge_slave_0) entered blocking state
[  305.153859][ T1590] bridge0: port 1(bridge_slave_0) entered forwarding state
[  305.196471][   T30] kauditd_printk_skb: 16 callbacks suppressed
[  305.196497][   T30] audit: type=1326 audit(1751488561.998:4058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8908 comm="syz.5.3104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd082cc6929 code=0x7ffc0000
[  305.264007][ T1590] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  305.304390][ T1590] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  305.315536][ T8909] loop5: detected capacity change from 0 to 2048
[  305.326950][   T30] audit: type=1326 audit(1751488562.038:4059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8908 comm="syz.5.3104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fd082cc6929 code=0x7ffc0000
[  305.352122][ T1590] bridge0: port 2(bridge_slave_1) entered blocking state
[  305.359156][ T1590] bridge0: port 2(bridge_slave_1) entered forwarding state
[  305.384146][ T8909]  loop5: p4 < >
[  305.444188][ T1590] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  305.537659][ T1590] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  305.553089][   T30] audit: type=1326 audit(1751488562.038:4060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8908 comm="syz.5.3104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fd082cc6963 code=0x7ffc0000
[  305.650836][ T1590] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  305.712770][ T1590] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  305.745880][   T30] audit: type=1326 audit(1751488562.078:4061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8908 comm="syz.5.3104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fd082cc53df code=0x7ffc0000
[  305.776838][ T1590] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  305.840929][   T30] audit: type=1326 audit(1751488562.108:4062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8908 comm="syz.5.3104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fd082cc69b7 code=0x7ffc0000
[  306.013713][   T30] audit: type=1326 audit(1751488562.108:4063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8908 comm="syz.5.3104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd082cc5290 code=0x7ffc0000
[  306.039890][   T30] audit: type=1326 audit(1751488562.108:4064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8908 comm="syz.5.3104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd082cc652b code=0x7ffc0000
[  306.063805][   T30] audit: type=1326 audit(1751488562.128:4065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8908 comm="syz.5.3104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fd082cc558a code=0x7ffc0000
[  306.069515][    C0] ------------[ cut here ]------------
[  306.092466][    C0] refcount_t: addition on 0; use-after-free.
[  306.098516][    C0] WARNING: CPU: 0 PID: 8917 at lib/refcount.c:25 refcount_warn_saturate+0x104/0x1a0
[  306.107930][    C0] Modules linked in:
[  306.111837][    C0] CPU: 0 PID: 8917 Comm: syz.4.3105 Tainted: G        W         5.15.185-syzkaller-00032-g0d918fa8e88d #0
[  306.123141][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  306.123326][   T30] audit: type=1326 audit(1751488562.128:4066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8908 comm="syz.5.3104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd082cc652b code=0x7ffc0000
[  306.133203][    C0] RIP: 0010:refcount_warn_saturate+0x104/0x1a0
[  306.162603][    C0] Code: 04 01 48 c7 c7 a0 f2 62 85 e8 58 ae 50 02 0f 0b eb df e8 ff c8 1c ff c6 05 0a f0 99 04 01 48 c7 c7 e0 f1 62 85 e8 3c ae 50 02 <0f> 0b eb c3 e8 e3 c8 1c ff c6 05 ef ef 99 04 01 48 c7 c7 40 f2 62
[  306.182241][    C0] RSP: 0018:ffffc90000007820 EFLAGS: 00010246
[  306.188309][    C0] RAX: bea1121417231b00 RBX: 0000000000000002 RCX: ffff8881156d2780
[  306.196297][    C0] RDX: 0000000000000100 RSI: 0000000080000100 RDI: 0000000000000000
[  306.204311][    C0] RBP: ffffc90000007830 R08: dffffc0000000000 R09: ffffed103ee04e93
[  306.212301][    C0] R10: ffffed103ee04e93 R11: 1ffff1103ee04e92 R12: ffff88811a898808
[  306.220279][    C0] R13: dffffc0000000000 R14: 0000000000000002 R15: ffffc900000079b8
[  306.228278][    C0] FS:  00007fcab0a136c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[  306.237223][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  306.243831][    C0] CR2: 00002000003a5030 CR3: 0000000116045000 CR4: 00000000003526b0
[  306.247518][   T30] audit: type=1326 audit(1751488562.128:4067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8908 comm="syz.5.3104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd082cc652b code=0x7ffc0000
[  306.251812][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  306.283043][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  306.291060][    C0] Call Trace:
[  306.294331][    C0]  <IRQ>
[  306.297206][    C0]  tipc_crypto_xmit+0x1938/0x2400
[  306.297268][ T8885] device veth0_vlan entered promiscuous mode
[  306.302257][    C0]  ? tipc_crypto_do_cmd+0xcf0/0xcf0
[  306.313401][    C0]  ? skb_clone+0x202/0x360
[  306.317802][    C0]  tipc_crypto_clone_msg+0x9b/0x150
[  306.322995][    C0]  tipc_crypto_xmit+0x1ab9/0x2400
[  306.328011][    C0]  ? __irq_exit_rcu+0x52/0xf0
[  306.332683][    C0]  ? get_nohz_timer_target+0x74/0x550
[  306.338050][    C0]  ? __put_user_nocheck_4+0x3/0x11
[  306.343182][    C0]  ? ___sys_recvmsg+0x1af/0x4f0
[  306.348047][    C0]  ? tipc_crypto_do_cmd+0xcf0/0xcf0
[  306.353244][    C0]  ? memcpy+0x56/0x70
[  306.357222][    C0]  ? __copy_skb_header+0x437/0x600
[  306.362356][    C0]  tipc_bearer_xmit_skb+0x226/0x360
[  306.367544][    C0]  ? __skb_clone+0x47a/0x790
[  306.372131][    C0]  ? tipc_bearer_mtu+0x160/0x160
[  306.377060][    C0]  ? skb_clone+0x202/0x360
[  306.381488][    C0]  tipc_disc_timeout+0x6a2/0x830
[  306.386415][    C0]  ? tipc_disc_init_msg+0x600/0x600
[  306.391611][    C0]  ? __kasan_check_write+0x14/0x20
[  306.396735][    C0]  ? _raw_spin_lock+0x8e/0xe0
[  306.401435][    C0]  ? _raw_spin_trylock_bh+0x130/0x130
[  306.406819][    C0]  ? tipc_disc_init_msg+0x600/0x600
[  306.412013][    C0]  call_timer_fn+0x38/0x290
[  306.416520][    C0]  ? tipc_disc_init_msg+0x600/0x600
[  306.421734][    C0]  __run_timers+0x639/0x9a0
[  306.426231][    C0]  ? calc_index+0x200/0x200
[  306.430739][    C0]  ? sched_clock_cpu+0x18/0x3c0
[  306.435585][    C0]  run_timer_softirq+0x6a/0xf0
[  306.440340][    C0]  handle_softirqs+0x250/0x560
[  306.445099][    C0]  __irq_exit_rcu+0x52/0xf0
[  306.449616][    C0]  irq_exit_rcu+0x9/0x10
[  306.453847][    C0]  sysvec_apic_timer_interrupt+0xa9/0xc0
[  306.459475][    C0]  </IRQ>
[  306.462405][    C0]  <TASK>
[  306.465310][    C0]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[  306.471297][    C0] RIP: 0010:page_ext_get+0x77/0x150
[  306.476491][    C0] Code: 85 ea 00 00 00 48 c7 c0 20 4d 0f 87 48 c1 e8 03 42 80 3c 38 00 74 0c 48 c7 c7 20 4d 0f 87 e8 d0 df fa ff 48 8b 05 99 0e 63 05 <48> 85 c0 74 42 48 89 d9 48 c1 e9 16 4c 8d 34 c8 4c 89 f0 48 c1 e8
[  306.496090][    C0] RSP: 0018:ffffc90000c66bd8 EFLAGS: 00000246
[  306.502176][    C0] RAX: ffff88823fff6000 RBX: 0000000000130054 RCX: ffff8881156d2780
[  306.510297][    C0] RDX: 0000000000000002 RSI: 0000000000130054 RDI: 00000003ffffffff
[  306.518259][    C0] RBP: ffffc90000c66bf8 R08: 0000000000000001 R09: 0000000000000012
[  306.526244][    C0] R10: 000000005ebf4694 R11: 1ffff9200018cd31 R12: 0000000000000001
[  306.534222][    C0] R13: 0000000000000000 R14: ffffea0004c01500 R15: dffffc0000000000
[  306.542203][    C0]  ? page_ext_get+0x45/0x150
[  306.546787][    C0]  __set_page_owner+0x36/0x2e0
[  306.551546][    C0]  post_alloc_hook+0x192/0x1b0
[  306.556307][    C0]  prep_new_page+0x1c/0x110
[  306.560818][    C0]  get_page_from_freelist+0x2cc5/0x2d50
[  306.566364][    C0]  ? __mem_cgroup_uncharge_list+0x39/0xc0
[  306.572083][    C0]  ? try_charge_memcg+0x17e/0x1450
[  306.577187][    C0]  ? __alloc_pages+0x440/0x440
[  306.581961][    C0]  ? __alloc_pages_bulk+0xab0/0xab0
[  306.587151][    C0]  ? flush_tlb_one_user+0x50/0x50
[  306.592167][    C0]  ? cgroup_rstat_updated+0xf5/0x370
[  306.597442][    C0]  __alloc_pages+0x18f/0x440
[  306.602040][    C0]  ? prep_new_page+0x110/0x110
[  306.606804][    C0]  wp_page_copy+0x1c9/0x18f0
[  306.611390][    C0]  ? insert_page_into_pte_locked+0x310/0x310
[  306.617367][    C0]  ? _raw_spin_lock+0x8e/0xe0
[  306.622059][    C0]  ? _raw_spin_trylock_bh+0x130/0x130
[  306.627423][    C0]  ? vm_normal_page+0x1dd/0x1f0
[  306.632267][    C0]  do_wp_page+0x731/0xc90
[  306.636589][    C0]  ? __mod_lruvec_page_state+0x15d/0x1c0
[  306.642259][    C0]  handle_pte_fault+0x73c/0x2680
[  306.647191][    C0]  ? __kasan_check_write+0x14/0x20
[  306.652294][    C0]  ? _raw_spin_lock+0x8e/0xe0
[  306.656968][    C0]  ? fault_around_bytes_set+0xc0/0xc0
[  306.662349][    C0]  do_handle_mm_fault+0x1a6d/0x1d50
[  306.667538][    C0]  ? fault_around_bytes_set+0xc0/0xc0
[  306.672902][    C0]  ? numa_migrate_prep+0xd0/0xd0
[  306.677923][    C0]  ? __find_vma+0x30/0x150
[  306.682363][    C0]  do_user_addr_fault+0x841/0x1180
[  306.687470][    C0]  ? do_kern_addr_fault+0x80/0x80
[  306.692491][    C0]  ? mutex_unlock+0x89/0x220
[  306.697090][    C0]  ? unix_unhash+0x10/0x10
[  306.701519][    C0]  exc_page_fault+0x51/0xb0
[  306.706013][    C0]  asm_exc_page_fault+0x27/0x30
[  306.710857][    C0] RIP: 0010:__put_user_nocheck_4+0x3/0x11
[  306.716572][    C0] Code: 00 00 48 39 d9 73 54 0f 01 cb 66 89 01 31 c9 0f 01 ca c3 90 90 90 90 90 48 bb fd ef ff ff ff 7f 00 00 48 39 d9 73 34 0f 01 cb <89> 01 31 c9 0f 01 ca c3 90 90 90 90 90 90 48 bb f9 ef ff ff ff 7f
[  306.736194][    C0] RSP: 0018:ffffc90000c678d8 EFLAGS: 00050246
[  306.742276][    C0] RAX: 0000000000000000 RBX: 0000000000000002 RCX: 00002000003a5030
[  306.750240][    C0] RDX: ffffc90000c67d70 RSI: 0000000000000002 RDI: 00000000ffffffff
[  306.758202][    C0] RBP: ffffc90000c67a70 R08: dffffc0000000000 R09: fffff5200018ced1
[  306.766179][    C0] R10: fffff5200018ced1 R11: 1ffff9200018ced0 R12: dffffc0000000000
[  306.774153][    C0] R13: 00002000003a5000 R14: 0000000000000000 R15: 0000000000000000
[  306.782131][    C0]  ? ____sys_recvmsg+0x35d/0x580
[  306.787064][    C0]  ? __sys_recvmsg_sock+0x50/0x50
[  306.792079][    C0]  ? memset+0x35/0x40
[  306.796053][    C0]  ? import_iovec+0x7c/0xb0
[  306.800656][    C0]  ___sys_recvmsg+0x1af/0x4f0
[  306.805324][    C0]  ? memcpy+0x56/0x70
[  306.809283][    C0]  ? __sys_recvmsg+0x250/0x250
[  306.814052][    C0]  ? asm_sysvec_call_function_single+0x1b/0x20
[  306.820233][    C0]  do_recvmmsg+0x344/0x780
[  306.824645][    C0]  ? do_user_addr_fault+0xa64/0x1180
[  306.829940][    C0]  ? __sys_recvmmsg+0x280/0x280
[  306.834781][    C0]  __x64_sys_recvmmsg+0x18d/0x240
[  306.839797][    C0]  ? do_recvmmsg+0x780/0x780
[  306.844383][    C0]  ? fpregs_assert_state_consistent+0xb1/0xe0
[  306.850458][    C0]  x64_sys_call+0x297/0x9a0
[  306.855038][    C0]  do_syscall_64+0x4c/0xa0
[  306.859450][    C0]  ? clear_bhb_loop+0x50/0xa0
[  306.864127][    C0]  ? clear_bhb_loop+0x50/0xa0
[  306.868778][    C0]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  306.874656][    C0] RIP: 0033:0x7fcab23ec929
[  306.879061][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  306.898664][    C0] RSP: 002b:00007fcab0a13038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  306.907099][    C0] RAX: ffffffffffffffda RBX: 00007fcab2614160 RCX: 00007fcab23ec929
[  306.915071][    C0] RDX: 03fffffffffffcb5 RSI: 00002000000000c0 RDI: 0000000000000005
[  306.923055][    C0] RBP: 00007fcab246eb39 R08: 0000000000000000 R09: 0000000000000000
[  306.931019][    C0] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
[  306.938975][    C0] R13: 0000000000000001 R14: 00007fcab2614160 R15: 00007ffcd8607fa8
[  306.946954][    C0]  </TASK>
[  306.949974][    C0] ---[ end trace f321711109fbb0df ]---
[  306.955412][    C0] ------------[ cut here ]------------
[  306.960862][    C0] refcount_t: underflow; use-after-free.
[  306.966524][    C0] WARNING: CPU: 0 PID: 8917 at lib/refcount.c:28 refcount_warn_saturate+0x120/0x1a0
[  306.975891][    C0] Modules linked in:
[  306.979794][    C0] CPU: 0 PID: 8917 Comm: syz.4.3105 Tainted: G        W         5.15.185-syzkaller-00032-g0d918fa8e88d #0
[  306.991060][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  307.001129][    C0] RIP: 0010:refcount_warn_saturate+0x120/0x1a0
[  307.007269][    C0] Code: 04 01 48 c7 c7 e0 f1 62 85 e8 3c ae 50 02 0f 0b eb c3 e8 e3 c8 1c ff c6 05 ef ef 99 04 01 48 c7 c7 40 f2 62 85 e8 20 ae 50 02 <0f> 0b eb a7 e8 c7 c8 1c ff c6 05 d0 ef 99 04 01 48 c7 c7 80 f1 62
[  307.026875][    C0] RSP: 0018:ffffc90000007820 EFLAGS: 00010246
[  307.032980][    C0] RAX: bea1121417231b00 RBX: 0000000000000003 RCX: ffff8881156d2780
[  307.040955][    C0] RDX: 0000000000000100 RSI: 0000000000000100 RDI: 0000000000000000
[  307.048902][    C0] RBP: ffffc90000007830 R08: dffffc0000000000 R09: ffffed103ee065e8
[  307.056882][    C0] R10: ffffed103ee065e8 R11: 1ffff1103ee065e7 R12: ffff88811a898808
[  307.064862][    C0] R13: dffffc0000000000 R14: 0000000000000003 R15: 00000000c0000000
[  307.072848][    C0] FS:  00007fcab0a136c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[  307.081781][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  307.088338][    C0] CR2: 00002000003a5030 CR3: 0000000116045000 CR4: 00000000003506b0
[  307.096315][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  307.104298][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  307.112282][    C0] Call Trace:
[  307.115548][    C0]  <IRQ>
[  307.118371][    C0]  tipc_crypto_xmit+0x1a82/0x2400
[  307.123403][    C0]  ? tipc_crypto_do_cmd+0xcf0/0xcf0
[  307.128593][    C0]  ? skb_clone+0x202/0x360
[  307.133018][    C0]  tipc_crypto_clone_msg+0x9b/0x150
[  307.138211][    C0]  tipc_crypto_xmit+0x1ab9/0x2400
[  307.143228][    C0]  ? __irq_exit_rcu+0x52/0xf0
[  307.147897][    C0]  ? get_nohz_timer_target+0x74/0x550
[  307.153273][    C0]  ? __put_user_nocheck_4+0x3/0x11
[  307.158375][    C0]  ? ___sys_recvmsg+0x1af/0x4f0
[  307.163222][    C0]  ? tipc_crypto_do_cmd+0xcf0/0xcf0
[  307.168413][    C0]  ? memcpy+0x56/0x70
[  307.172399][    C0]  ? __copy_skb_header+0x437/0x600
[  307.177503][    C0]  tipc_bearer_xmit_skb+0x226/0x360
[  307.182695][    C0]  ? __skb_clone+0x47a/0x790
[  307.187280][    C0]  ? tipc_bearer_mtu+0x160/0x160
[  307.192228][    C0]  ? skb_clone+0x202/0x360
[  307.196636][    C0]  tipc_disc_timeout+0x6a2/0x830
[  307.201579][    C0]  ? tipc_disc_init_msg+0x600/0x600
[  307.207222][    C0]  ? __kasan_check_write+0x14/0x20
[  307.212346][    C0]  ? _raw_spin_lock+0x8e/0xe0
[  307.217015][    C0]  ? _raw_spin_trylock_bh+0x130/0x130
[  307.222469][    C0]  ? tipc_disc_init_msg+0x600/0x600
[  307.227664][    C0]  call_timer_fn+0x38/0x290
[  307.232183][    C0]  ? tipc_disc_init_msg+0x600/0x600
[  307.237373][    C0]  __run_timers+0x639/0x9a0
[  307.241873][    C0]  ? calc_index+0x200/0x200
[  307.246366][    C0]  ? sched_clock_cpu+0x18/0x3c0
[  307.251225][    C0]  run_timer_softirq+0x6a/0xf0
[  307.255980][    C0]  handle_softirqs+0x250/0x560
[  307.260742][    C0]  __irq_exit_rcu+0x52/0xf0
[  307.265236][    C0]  irq_exit_rcu+0x9/0x10
[  307.269479][    C0]  sysvec_apic_timer_interrupt+0xa9/0xc0
[  307.275126][    C0]  </IRQ>
[  307.278036][    C0]  <TASK>
[  307.280958][    C0]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[  307.286931][    C0] RIP: 0010:page_ext_get+0x77/0x150
[  307.292124][    C0] Code: 85 ea 00 00 00 48 c7 c0 20 4d 0f 87 48 c1 e8 03 42 80 3c 38 00 74 0c 48 c7 c7 20 4d 0f 87 e8 d0 df fa ff 48 8b 05 99 0e 63 05 <48> 85 c0 74 42 48 89 d9 48 c1 e9 16 4c 8d 34 c8 4c 89 f0 48 c1 e8
[  307.311751][    C0] RSP: 0018:ffffc90000c66bd8 EFLAGS: 00000246
[  307.317796][    C0] RAX: ffff88823fff6000 RBX: 0000000000130054 RCX: ffff8881156d2780
[  307.325769][    C0] RDX: 0000000000000002 RSI: 0000000000130054 RDI: 00000003ffffffff
[  307.333744][    C0] RBP: ffffc90000c66bf8 R08: 0000000000000001 R09: 0000000000000012
[  307.341740][    C0] R10: 000000005ebf4694 R11: 1ffff9200018cd31 R12: 0000000000000001
[  307.349716][    C0] R13: 0000000000000000 R14: ffffea0004c01500 R15: dffffc0000000000
[  307.357686][    C0]  ? page_ext_get+0x45/0x150
[  307.362295][    C0]  __set_page_owner+0x36/0x2e0
[  307.367050][    C0]  post_alloc_hook+0x192/0x1b0
[  307.371806][    C0]  prep_new_page+0x1c/0x110
[  307.376302][    C0]  get_page_from_freelist+0x2cc5/0x2d50
[  307.381847][    C0]  ? __mem_cgroup_uncharge_list+0x39/0xc0
[  307.387568][    C0]  ? try_charge_memcg+0x17e/0x1450
[  307.392680][    C0]  ? __alloc_pages+0x440/0x440
[  307.397436][    C0]  ? __alloc_pages_bulk+0xab0/0xab0
[  307.402660][    C0]  ? flush_tlb_one_user+0x50/0x50
[  307.407674][    C0]  ? cgroup_rstat_updated+0xf5/0x370
[  307.412951][    C0]  __alloc_pages+0x18f/0x440
[  307.417535][    C0]  ? prep_new_page+0x110/0x110
[  307.422310][    C0]  wp_page_copy+0x1c9/0x18f0
[  307.426902][    C0]  ? insert_page_into_pte_locked+0x310/0x310
[  307.432880][    C0]  ? _raw_spin_lock+0x8e/0xe0
[  307.437553][    C0]  ? _raw_spin_trylock_bh+0x130/0x130
[  307.442926][    C0]  ? vm_normal_page+0x1dd/0x1f0
[  307.447769][    C0]  do_wp_page+0x731/0xc90
[  307.452092][    C0]  ? __mod_lruvec_page_state+0x15d/0x1c0
[  307.457723][    C0]  handle_pte_fault+0x73c/0x2680
[  307.462673][    C0]  ? __kasan_check_write+0x14/0x20
[  307.467774][    C0]  ? _raw_spin_lock+0x8e/0xe0
[  307.472448][    C0]  ? fault_around_bytes_set+0xc0/0xc0
[  307.477811][    C0]  do_handle_mm_fault+0x1a6d/0x1d50
[  307.483014][    C0]  ? fault_around_bytes_set+0xc0/0xc0
[  307.488376][    C0]  ? numa_migrate_prep+0xd0/0xd0
[  307.493308][    C0]  ? __find_vma+0x30/0x150
[  307.497712][    C0]  do_user_addr_fault+0x841/0x1180
[  307.502833][    C0]  ? do_kern_addr_fault+0x80/0x80
[  307.507848][    C0]  ? mutex_unlock+0x89/0x220
[  307.512435][    C0]  ? unix_unhash+0x10/0x10
[  307.516844][    C0]  exc_page_fault+0x51/0xb0
[  307.521354][    C0]  asm_exc_page_fault+0x27/0x30
[  307.526196][    C0] RIP: 0010:__put_user_nocheck_4+0x3/0x11
[  307.531910][    C0] Code: 00 00 48 39 d9 73 54 0f 01 cb 66 89 01 31 c9 0f 01 ca c3 90 90 90 90 90 48 bb fd ef ff ff ff 7f 00 00 48 39 d9 73 34 0f 01 cb <89> 01 31 c9 0f 01 ca c3 90 90 90 90 90 90 48 bb f9 ef ff ff ff 7f
[  307.551533][    C0] RSP: 0018:ffffc90000c678d8 EFLAGS: 00050246
[  307.557582][    C0] RAX: 0000000000000000 RBX: 0000000000000002 RCX: 00002000003a5030
[  307.565559][    C0] RDX: ffffc90000c67d70 RSI: 0000000000000002 RDI: 00000000ffffffff
[  307.573534][    C0] RBP: ffffc90000c67a70 R08: dffffc0000000000 R09: fffff5200018ced1
[  307.581514][    C0] R10: fffff5200018ced1 R11: 1ffff9200018ced0 R12: dffffc0000000000
[  307.589501][    C0] R13: 00002000003a5000 R14: 0000000000000000 R15: 0000000000000000
[  307.597470][    C0]  ? ____sys_recvmsg+0x35d/0x580
[  307.602420][    C0]  ? __sys_recvmsg_sock+0x50/0x50
[  307.607435][    C0]  ? memset+0x35/0x40
[  307.611411][    C0]  ? import_iovec+0x7c/0xb0
[  307.615907][    C0]  ___sys_recvmsg+0x1af/0x4f0
[  307.620591][    C0]  ? memcpy+0x56/0x70
[  307.624565][    C0]  ? __sys_recvmsg+0x250/0x250
[  307.629305][    C0]  ? asm_sysvec_call_function_single+0x1b/0x20
[  307.635454][    C0]  do_recvmmsg+0x344/0x780
[  307.639884][    C0]  ? do_user_addr_fault+0xa64/0x1180
[  307.645153][    C0]  ? __sys_recvmmsg+0x280/0x280
[  307.650001][    C0]  __x64_sys_recvmmsg+0x18d/0x240
[  307.655016][    C0]  ? do_recvmmsg+0x780/0x780
[  307.659613][    C0]  ? fpregs_assert_state_consistent+0xb1/0xe0
[  307.665675][    C0]  x64_sys_call+0x297/0x9a0
[  307.670169][    C0]  do_syscall_64+0x4c/0xa0
[  307.674575][    C0]  ? clear_bhb_loop+0x50/0xa0
[  307.679227][    C0]  ? clear_bhb_loop+0x50/0xa0
[  307.683907][    C0]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  307.689813][    C0] RIP: 0033:0x7fcab23ec929
[  307.694213][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  307.713826][    C0] RSP: 002b:00007fcab0a13038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  307.722255][    C0] RAX: ffffffffffffffda RBX: 00007fcab2614160 RCX: 00007fcab23ec929
[  307.730219][    C0] RDX: 03fffffffffffcb5 RSI: 00002000000000c0 RDI: 0000000000000005
[  307.738180][    C0] RBP: 00007fcab246eb39 R08: 0000000000000000 R09: 0000000000000000
[  307.746152][    C0] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
[  307.754124][    C0] R13: 0000000000000001 R14: 00007fcab2614160 R15: 00007ffcd8607fa8
[  307.762103][    C0]  </TASK>
[  307.765109][    C0] ---[ end trace f321711109fbb0e0 ]---
[  307.770635][    C0] ------------[ cut here ]------------
[  307.776071][    C0] refcount_t: saturated; leaking memory.
[  307.781783][    C0] WARNING: CPU: 0 PID: 8917 at lib/refcount.c:22 refcount_warn_saturate+0x158/0x1a0
[  307.791168][    C0] Modules linked in:
[  307.795040][    C0] CPU: 0 PID: 8917 Comm: syz.4.3105 Tainted: G        W         5.15.185-syzkaller-00032-g0d918fa8e88d #0
[  307.806316][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  307.816371][    C0] RIP: 0010:refcount_warn_saturate+0x158/0x1a0
[  307.822539][    C0] Code: 04 01 48 c7 c7 80 f1 62 85 e8 04 ae 50 02 0f 0b eb 8b e8 ab c8 1c ff c6 05 b5 ef 99 04 01 48 c7 c7 80 f1 62 85 e8 e8 ad 50 02 <0f> 0b e9 6c ff ff ff e8 8c c8 1c ff c6 05 9a ef 99 04 01 48 c7 c7
[  307.842177][    C0] RSP: 0018:ffffc900000079e0 EFLAGS: 00010246
[  307.848239][    C0] RAX: bea1121417231b00 RBX: 0000000000000001 RCX: ffff8881156d2780
[  307.856225][    C0] RDX: 0000000000000100 RSI: 0000000000000100 RDI: 0000000000000000
[  307.864208][    C0] RBP: ffffc900000079f0 R08: dffffc0000000000 R09: fffff52000000e89
[  307.872220][    C0] R10: fffff52000000e89 R11: 1ffff92000000e88 R12: ffff888128017408
[  307.880193][    C0] R13: dffffc0000000000 R14: 0000000000000001 R15: ffffc90000007ba0
[  307.888160][    C0] FS:  00007fcab0a136c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[  307.897104][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  307.903695][    C0] CR2: 00002000003a5030 CR3: 0000000116045000 CR4: 00000000003506b0
[  307.911689][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  307.919664][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  307.927607][    C0] Call Trace:
[  307.930891][    C0]  <IRQ>
[  307.933725][    C0]  tipc_crypto_xmit+0x1938/0x2400
[  307.938724][    C0]  ? __irq_exit_rcu+0x52/0xf0
[  307.943393][    C0]  ? tipc_crypto_do_cmd+0xcf0/0xcf0
[  307.948583][    C0]  ? __copy_skb_header+0x437/0x600
[  307.953699][    C0]  tipc_bearer_xmit_skb+0x226/0x360
[  307.958889][    C0]  ? __skb_clone+0x47a/0x790
[  307.963470][    C0]  ? tipc_bearer_mtu+0x160/0x160
[  307.968403][    C0]  ? skb_clone+0x202/0x360
[  307.972828][    C0]  tipc_disc_timeout+0x6a2/0x830
[  307.977764][    C0]  ? tipc_disc_init_msg+0x600/0x600
[  307.983068][    C0]  ? __kasan_check_write+0x14/0x20
[  307.988171][    C0]  ? _raw_spin_lock+0x8e/0xe0
[  307.992855][    C0]  ? _raw_spin_trylock_bh+0x130/0x130
[  307.998223][    C0]  ? tipc_disc_init_msg+0x600/0x600
[  308.003425][    C0]  call_timer_fn+0x38/0x290
[  308.007926][    C0]  ? tipc_disc_init_msg+0x600/0x600
[  308.013131][    C0]  __run_timers+0x639/0x9a0
[  308.017646][    C0]  ? calc_index+0x200/0x200
[  308.022161][    C0]  ? sched_clock_cpu+0x18/0x3c0
[  308.027007][    C0]  run_timer_softirq+0x6a/0xf0
[  308.031775][    C0]  handle_softirqs+0x250/0x560
[  308.036536][    C0]  __irq_exit_rcu+0x52/0xf0
[  308.041056][    C0]  irq_exit_rcu+0x9/0x10
[  308.045297][    C0]  sysvec_apic_timer_interrupt+0xa9/0xc0
[  308.050931][    C0]  </IRQ>
[  308.053850][    C0]  <TASK>
[  308.056760][    C0]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[  308.062745][    C0] RIP: 0010:page_ext_get+0x77/0x150
[  308.067945][    C0] Code: 85 ea 00 00 00 48 c7 c0 20 4d 0f 87 48 c1 e8 03 42 80 3c 38 00 74 0c 48 c7 c7 20 4d 0f 87 e8 d0 df fa ff 48 8b 05 99 0e 63 05 <48> 85 c0 74 42 48 89 d9 48 c1 e9 16 4c 8d 34 c8 4c 89 f0 48 c1 e8
[  308.087547][    C0] RSP: 0018:ffffc90000c66bd8 EFLAGS: 00000246
[  308.093637][    C0] RAX: ffff88823fff6000 RBX: 0000000000130054 RCX: ffff8881156d2780
[  308.101613][    C0] RDX: 0000000000000002 RSI: 0000000000130054 RDI: 00000003ffffffff
[  308.109599][    C0] RBP: ffffc90000c66bf8 R08: 0000000000000001 R09: 0000000000000012
[  308.117545][    C0] R10: 000000005ebf4694 R11: 1ffff9200018cd31 R12: 0000000000000001
[  308.125513][    C0] R13: 0000000000000000 R14: ffffea0004c01500 R15: dffffc0000000000
[  308.133513][    C0]  ? page_ext_get+0x45/0x150
[  308.138082][    C0]  __set_page_owner+0x36/0x2e0
[  308.142848][    C0]  post_alloc_hook+0x192/0x1b0
[  308.147605][    C0]  prep_new_page+0x1c/0x110
[  308.152119][    C0]  get_page_from_freelist+0x2cc5/0x2d50
[  308.157660][    C0]  ? __mem_cgroup_uncharge_list+0x39/0xc0
[  308.163381][    C0]  ? try_charge_memcg+0x17e/0x1450
[  308.168483][    C0]  ? __alloc_pages+0x440/0x440
[  308.173256][    C0]  ? __alloc_pages_bulk+0xab0/0xab0
[  308.178621][    C0]  ? flush_tlb_one_user+0x50/0x50
[  308.183640][    C0]  ? cgroup_rstat_updated+0xf5/0x370
[  308.188916][    C0]  __alloc_pages+0x18f/0x440
[  308.193528][    C0]  ? prep_new_page+0x110/0x110
[  308.198291][    C0]  wp_page_copy+0x1c9/0x18f0
[  308.202879][    C0]  ? insert_page_into_pte_locked+0x310/0x310
[  308.208851][    C0]  ? _raw_spin_lock+0x8e/0xe0
[  308.213534][    C0]  ? _raw_spin_trylock_bh+0x130/0x130
[  308.218898][    C0]  ? vm_normal_page+0x1dd/0x1f0
[  308.223745][    C0]  do_wp_page+0x731/0xc90
[  308.228068][    C0]  ? __mod_lruvec_page_state+0x15d/0x1c0
[  308.233713][    C0]  handle_pte_fault+0x73c/0x2680
[  308.238650][    C0]  ? __kasan_check_write+0x14/0x20
[  308.243758][    C0]  ? _raw_spin_lock+0x8e/0xe0
[  308.248431][    C0]  ? fault_around_bytes_set+0xc0/0xc0
[  308.253813][    C0]  do_handle_mm_fault+0x1a6d/0x1d50
[  308.259004][    C0]  ? fault_around_bytes_set+0xc0/0xc0
[  308.264376][    C0]  ? numa_migrate_prep+0xd0/0xd0
[  308.269306][    C0]  ? __find_vma+0x30/0x150
[  308.273730][    C0]  do_user_addr_fault+0x841/0x1180
[  308.278841][    C0]  ? do_kern_addr_fault+0x80/0x80
[  308.283861][    C0]  ? mutex_unlock+0x89/0x220
[  308.288453][    C0]  ? unix_unhash+0x10/0x10
[  308.292891][    C0]  exc_page_fault+0x51/0xb0
[  308.297387][    C0]  asm_exc_page_fault+0x27/0x30
[  308.302234][    C0] RIP: 0010:__put_user_nocheck_4+0x3/0x11
[  308.307952][    C0] Code: 00 00 48 39 d9 73 54 0f 01 cb 66 89 01 31 c9 0f 01 ca c3 90 90 90 90 90 48 bb fd ef ff ff ff 7f 00 00 48 39 d9 73 34 0f 01 cb <89> 01 31 c9 0f 01 ca c3 90 90 90 90 90 90 48 bb f9 ef ff ff ff 7f
[  308.327567][    C0] RSP: 0018:ffffc90000c678d8 EFLAGS: 00050246
[  308.333651][    C0] RAX: 0000000000000000 RBX: 0000000000000002 RCX: 00002000003a5030
[  308.341626][    C0] RDX: ffffc90000c67d70 RSI: 0000000000000002 RDI: 00000000ffffffff
[  308.349617][    C0] RBP: ffffc90000c67a70 R08: dffffc0000000000 R09: fffff5200018ced1
[  308.357576][    C0] R10: fffff5200018ced1 R11: 1ffff9200018ced0 R12: dffffc0000000000
[  308.365542][    C0] R13: 00002000003a5000 R14: 0000000000000000 R15: 0000000000000000
[  308.373538][    C0]  ? ____sys_recvmsg+0x35d/0x580
[  308.378455][    C0]  ? __sys_recvmsg_sock+0x50/0x50
[  308.383476][    C0]  ? memset+0x35/0x40
[  308.387452][    C0]  ? import_iovec+0x7c/0xb0
[  308.391979][    C0]  ___sys_recvmsg+0x1af/0x4f0
[  308.396654][    C0]  ? memcpy+0x56/0x70
[  308.400664][    C0]  ? __sys_recvmsg+0x250/0x250
[  308.405426][    C0]  ? asm_sysvec_call_function_single+0x1b/0x20
[  308.411737][    C0]  do_recvmmsg+0x344/0x780
[  308.416147][    C0]  ? do_user_addr_fault+0xa64/0x1180
[  308.421433][    C0]  ? __sys_recvmmsg+0x280/0x280
[  308.426284][    C0]  __x64_sys_recvmmsg+0x18d/0x240
[  308.431322][    C0]  ? do_recvmmsg+0x780/0x780
[  308.435904][    C0]  ? fpregs_assert_state_consistent+0xb1/0xe0
[  308.441969][    C0]  x64_sys_call+0x297/0x9a0
[  308.446462][    C0]  do_syscall_64+0x4c/0xa0
[  308.450888][    C0]  ? clear_bhb_loop+0x50/0xa0
[  308.455557][    C0]  ? clear_bhb_loop+0x50/0xa0
[  308.460232][    C0]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  308.466202][    C0] RIP: 0033:0x7fcab23ec929
[  308.470624][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  308.490243][    C0] RSP: 002b:00007fcab0a13038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  308.498641][    C0] RAX: ffffffffffffffda RBX: 00007fcab2614160 RCX: 00007fcab23ec929
[  308.506624][    C0] RDX: 03fffffffffffcb5 RSI: 00002000000000c0 RDI: 0000000000000005
[  308.514603][    C0] RBP: 00007fcab246eb39 R08: 0000000000000000 R09: 0000000000000000
[  308.522578][    C0] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
[  308.530551][    C0] R13: 0000000000000001 R14: 00007fcab2614160 R15: 00007ffcd8607fa8
[  308.538500][    C0]  </TASK>
[  308.541523][    C0] ---[ end trace f321711109fbb0e1 ]---
[  308.548580][    T6] Bluetooth: hci0: command 0x1001 tx timeout
[  308.556052][ T1889] Bluetooth: hci0: sending frame failed (-49)
[  308.634139][ T1590] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  308.643041][ T1590] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  308.651658][ T1590] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  308.659848][ T1590] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  308.675257][ T8885] device veth1_macvtap entered promiscuous mode
[  308.939625][ T1590] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  308.947291][ T1590] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  308.955256][ T1590] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  308.963767][ T1590] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  308.972527][ T1590] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  309.005084][ T1590] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  309.014956][ T1590] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  309.024400][ T1590] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  309.032952][ T1590] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  309.240938][ T1555] tipc: Disabling bearer <udp:syz2>
[  309.248051][ T1555] tipc: Disabling bearer <udp:�>
[  309.269891][ T1555] tipc: Left network mode
[  309.380529][ T1555] ------------[ cut here ]------------
[  309.391170][ T1555] refcount_t: saturated; leaking memory.
[  309.403043][ T1555] WARNING: CPU: 0 PID: 1555 at lib/refcount.c:19 refcount_warn_saturate+0x13c/0x1a0
[  309.427390][ T1555] Modules linked in:
[  309.435679][ T1555] CPU: 0 PID: 1555 Comm: kworker/u4:102 Tainted: G        W         5.15.185-syzkaller-00032-g0d918fa8e88d #0
[  309.459051][ T1555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  309.475977][ T1555] Workqueue: netns cleanup_net
[  309.493705][ T1555] RIP: 0010:refcount_warn_saturate+0x13c/0x1a0
[  309.512789][ T1555] Code: 04 01 48 c7 c7 40 f2 62 85 e8 20 ae 50 02 0f 0b eb a7 e8 c7 c8 1c ff c6 05 d0 ef 99 04 01 48 c7 c7 80 f1 62 85 e8 04 ae 50 02 <0f> 0b eb 8b e8 ab c8 1c ff c6 05 b5 ef 99 04 01 48 c7 c7 80 f1 62
[  309.533325][ T1555] RSP: 0018:ffffc900089177c0 EFLAGS: 00010246
[  309.539717][ T1555] RAX: 1e4d510226797400 RBX: 0000000000000000 RCX: ffff88812b052780
[  309.548613][ T1555] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[  309.556840][ T1555] RBP: ffffc900089177d0 R08: dffffc0000000000 R09: ffffed103ee065e8
[  309.564947][ T1555] R10: ffffed103ee065e8 R11: 1ffff1103ee065e7 R12: 1ffff92001122f04
[  309.573185][ T1555] R13: ffff88811eb6a08c R14: 0000000000000000 R15: 0000000000000cc0
[  309.584414][ T1555] FS:  0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[  309.595632][ T1555] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  309.615083][ T1555] CR2: 00007fd08130ed58 CR3: 0000000126e0c000 CR4: 00000000003506b0
[  309.891948][ T8954] loop5: detected capacity change from 0 to 1024
[  310.098929][ T1555] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  310.167053][ T1555] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  310.191935][ T8954] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:476: comm syz.5.3115: Invalid block bitmap block 0 in block_group 0
[  310.209697][ T8954] __quota_error: 30 callbacks suppressed
[  310.209729][ T8954] Quota error (device loop5): write_blk: dquota write failed
[  310.222913][ T8954] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota
[  310.233097][ T8954] EXT4-fs error (device loop5): ext4_acquire_dquot:6195: comm syz.5.3115: Failed to acquire dquot type 0
[  310.253697][ T8954] EXT4-fs error (device loop5): ext4_free_blocks:6223: comm syz.5.3115: Freeing blocks not in datazone - block = 0, count = 4096
[  310.271325][ T8954] EXT4-fs error (device loop5): ext4_read_inode_bitmap:140: comm syz.5.3115: Invalid inode bitmap blk 0 in block_group 0
[  310.284909][ T1591] Quota error (device loop5): remove_tree: Getting block too big (0 >= 9)
[  310.330234][ T8954] EXT4-fs error (device loop5) in ext4_free_inode:362: Corrupt filesystem
[  310.339504][ T8954] EXT4-fs (loop5): 1 orphan inode deleted
[  310.345260][ T8954] EXT4-fs (loop5): mounted filesystem without journal. Opts: ��; max_batch_time=0x0000000000000006,i_version,max_batch_time=0x0000000000000000,,errors=continue. Quota mode: writeback.
[  310.452861][ T1591] EXT4-fs error (device loop5): ext4_release_dquot:6231: comm kworker/u4:126: Failed to release dquot type 0
[  310.508142][ T1555] Call Trace:
[  310.628555][  T460] Bluetooth: hci0: command 0x1009 tx timeout
[  310.656924][ T1555]  <TASK>
[  310.666810][ T1555]  nf_nat_masq_schedule+0x439/0x4c0
[  310.679590][ T1555]  ? __kasan_check_write+0x14/0x20
[  310.691027][ T1555]  ? nf_nat_masq_schedule+0x4c0/0x4c0
[  310.709463][ T1555]  ? masq_device_event+0xd0/0xd0
[  310.736820][ T1555]  ? nfqnl_rcv_dev_event+0x441/0x470
[  310.750883][ T1555]  ? __kasan_check_read+0x11/0x20
[  310.767082][ T1555]  masq_device_event+0x9b/0xd0
[  310.783166][ T1555]  raw_notifier_call_chain+0x90/0x100
[  310.798689][ T1555]  dev_close_many+0x32d/0x4d0
[  310.814251][ T1555]  ? __dev_open+0x4c0/0x4c0
[  310.828650][ T1555]  ? _raw_spin_lock_irq+0x8f/0xe0
[  310.839150][ T1555]  ? _raw_spin_lock_irqsave+0x110/0x110
[  310.856560][ T1555]  ? generic_exec_single+0x226/0x390
[  310.862304][ T1555]  ? __kasan_check_read+0x11/0x20
[  310.868530][ T1555]  unregister_netdevice_many+0x44c/0x1990
[  310.874401][ T1555]  ? _raw_spin_unlock_irq+0x4e/0x70
[  310.879643][ T1555]  ? wait_for_common+0x35d/0x420
[  310.884579][ T1555]  ? alloc_netdev_mqs+0xc90/0xc90
[  310.889638][ T1555]  ? unregister_netdevice_queue+0x1aa/0x360
[  310.895525][ T1555]  ? list_netdevice+0x4c0/0x4c0
[  310.900504][ T1555]  ip6gre_exit_batch_net+0x5a5/0x5f0
[  310.905793][ T1555]  ? ip6gre_init_net+0x340/0x340
[  310.910755][ T1555]  ? ip6gre_init_net+0x340/0x340
[  310.915685][ T1555]  cleanup_net+0x602/0xad0
[  310.920115][ T1555]  ? ops_init+0x4a0/0x4a0
[  310.924568][ T1555]  ? flush_to_ldisc+0x500/0x530
[  310.929465][ T1555]  ? pwq_dec_nr_in_flight+0x18c/0x3c0
[  310.934835][ T1555]  process_one_work+0x6be/0xba0
[  310.939711][ T1555]  worker_thread+0xa59/0x1200
[  310.944384][ T1555]  kthread+0x411/0x500
[  310.948442][ T1555]  ? worker_clr_flags+0x190/0x190
[  310.953489][ T1555]  ? kthread_blkcg+0xd0/0xd0
[  310.958071][ T1555]  ret_from_fork+0x1f/0x30
[  310.962508][ T1555]  </TASK>
[  310.965517][ T1555] ---[ end trace f321711109fbb0e2 ]---
[  311.380950][ T1555] bridge0: port 3(gretap0) entered disabled state
[  311.388819][ T1555] device gretap0 left promiscuous mode
[  311.394398][ T1555] bridge0: port 3(gretap0) entered disabled state
[  311.520795][ T1555] device bridge_slave_1 left promiscuous mode
[  311.526978][ T1555] bridge0: port 2(bridge_slave_1) entered disabled state
[  311.534498][ T1555] device bridge_slave_0 left promiscuous mode
[  311.540691][ T1555] bridge0: port 1(bridge_slave_0) entered disabled state
[  311.552418][ T1555] device veth1_macvtap left promiscuous mode
[  311.558449][ T1555] device veth0_vlan left promiscuous mode
[  311.991625][ T8989] tipc: Started in network mode
[  311.998627][ T8989] tipc: Node identity ac14140f, cluster identity 4711
[  312.009571][ T8989] tipc: New replicast peer: 255.255.255.83
[  312.015459][ T8989] tipc: Enabled bearer <udp:�>, priority 10
[  312.212062][ T9009] loop5: detected capacity change from 0 to 512
[  312.340049][ T9009] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,quota,,errors=continue. Quota mode: writeback.
[  312.355885][ T9009] ext4 filesystem being mounted at /37/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  312.498934][ T1555] ==================================================================
[  312.507022][ T1555] BUG: KASAN: use-after-free in inet_twsk_purge+0x223/0x670
[  312.514305][ T1555] Read of size 4 at addr ffff88811eb6a08c by task kworker/u4:102/1555
[  312.522544][ T1555] 
[  312.524870][ T1555] CPU: 0 PID: 1555 Comm: kworker/u4:102 Tainted: G        W         5.15.185-syzkaller-00032-g0d918fa8e88d #0
[  312.536488][ T1555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  312.546536][ T1555] Workqueue: netns cleanup_net
[  312.551305][ T1555] Call Trace:
[  312.554577][ T1555]  <TASK>
[  312.557498][ T1555]  __dump_stack+0x21/0x30
[  312.561826][ T1555]  dump_stack_lvl+0xee/0x150
[  312.566411][ T1555]  ? show_regs_print_info+0x20/0x20
[  312.571605][ T1555]  ? load_image+0x3a0/0x3a0
[  312.576114][ T1555]  print_address_description+0x7f/0x2c0
[  312.581661][ T1555]  ? inet_twsk_purge+0x223/0x670
[  312.586590][ T1555]  kasan_report+0xf1/0x140
[  312.591002][ T1555]  ? inet_twsk_purge+0x223/0x670
[  312.595930][ T1555]  kasan_check_range+0x280/0x290
[  312.600863][ T1555]  __kasan_check_read+0x11/0x20
[  312.605713][ T1555]  inet_twsk_purge+0x223/0x670
[  312.610465][ T1555]  ? irqentry_exit+0x37/0x40
[  312.615053][ T1555]  ? __inet_twsk_schedule+0x130/0x130
[  312.620420][ T1555]  ? sock_release+0x111/0x140
[  312.625086][ T1555]  ? tcpv6_net_exit+0x80/0x80
[  312.629752][ T1555]  tcpv6_net_exit_batch+0x1a/0x20
[  312.634771][ T1555]  cleanup_net+0x602/0xad0
[  312.639177][ T1555]  ? ops_init+0x4a0/0x4a0
[  312.643497][ T1555]  ? pwq_dec_nr_in_flight+0x18c/0x3c0
[  312.648865][ T1555]  process_one_work+0x6be/0xba0
[  312.653709][ T1555]  worker_thread+0xa59/0x1200
[  312.658391][ T1555]  kthread+0x411/0x500
[  312.662448][ T1555]  ? worker_clr_flags+0x190/0x190
[  312.667464][ T1555]  ? kthread_blkcg+0xd0/0xd0
[  312.672047][ T1555]  ret_from_fork+0x1f/0x30
[  312.676455][ T1555]  </TASK>
[  312.679459][ T1555] 
[  312.681769][ T1555] Allocated by task 284:
[  312.685988][ T1555]  __kasan_slab_alloc+0xbd/0xf0
[  312.690829][ T1555]  slab_post_alloc_hook+0x4f/0x2b0
[  312.695929][ T1555]  kmem_cache_alloc+0xf7/0x260
[  312.700684][ T1555]  copy_net_ns+0x145/0x5c0
[  312.705091][ T1555]  create_new_namespaces+0x3a2/0x660
[  312.710363][ T1555]  unshare_nsproxy_namespaces+0x120/0x170
[  312.716072][ T1555]  ksys_unshare+0x4ac/0x7b0
[  312.720563][ T1555]  __x64_sys_unshare+0x38/0x40
[  312.725316][ T1555]  x64_sys_call+0x442/0x9a0
[  312.729810][ T1555]  do_syscall_64+0x4c/0xa0
[  312.734212][ T1555]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  312.740092][ T1555] 
[  312.742403][ T1555] Freed by task 1555:
[  312.746362][ T1555]  kasan_set_track+0x4a/0x70
[  312.750943][ T1555]  kasan_set_free_info+0x23/0x40
[  312.755870][ T1555]  ____kasan_slab_free+0x125/0x160
[  312.761054][ T1555]  __kasan_slab_free+0x11/0x20
[  312.765804][ T1555]  slab_free_freelist_hook+0xc2/0x190
[  312.771173][ T1555]  kmem_cache_free+0x100/0x320
[  312.775926][ T1555]  cleanup_net+0xa2d/0xad0
[  312.780326][ T1555]  process_one_work+0x6be/0xba0
[  312.785169][ T1555]  worker_thread+0xa59/0x1200
[  312.789832][ T1555]  kthread+0x411/0x500
[  312.793896][ T1555]  ret_from_fork+0x1f/0x30
[  312.798300][ T1555] 
[  312.800610][ T1555] The buggy address belongs to the object at ffff88811eb6a000
[  312.800610][ T1555]  which belongs to the cache net_namespace of size 3968
[  312.814910][ T1555] The buggy address is located 140 bytes inside of
[  312.814910][ T1555]  3968-byte region [ffff88811eb6a000, ffff88811eb6af80)
[  312.828260][ T1555] The buggy address belongs to the page:
[  312.833880][ T1555] page:ffffea00047ada00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88811eb69000 pfn:0x11eb68
[  312.845413][ T1555] head:ffffea00047ada00 order:3 compound_mapcount:0 compound_pincount:0
[  312.853725][ T1555] flags: 0x4000000000010200(slab|head|zone=1)
[  312.859796][ T1555] raw: 4000000000010200 ffffea00044fbc08 ffff88810014aa90 ffff8881001c5380
[  312.868378][ T1555] raw: ffff88811eb69000 0000000000080003 00000001ffffffff 0000000000000000
[  312.876945][ T1555] page dumped because: kasan: bad access detected
[  312.883338][ T1555] page_owner tracks the page as allocated
[  312.889041][ T1555] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 281, ts 25624595083, free_ts 25546171258
[  312.908047][ T1555]  post_alloc_hook+0x192/0x1b0
[  312.912895][ T1555]  prep_new_page+0x1c/0x110
[  312.917389][ T1555]  get_page_from_freelist+0x2cc5/0x2d50
[  312.922924][ T1555]  __alloc_pages+0x18f/0x440
[  312.927502][ T1555]  new_slab+0xa1/0x4d0
[  312.931564][ T1555]  ___slab_alloc+0x381/0x810
[  312.936156][ T1555]  __slab_alloc+0x49/0x90
[  312.940478][ T1555]  kmem_cache_alloc+0x138/0x260
[  312.945325][ T1555]  copy_net_ns+0x145/0x5c0
[  312.949734][ T1555]  create_new_namespaces+0x3a2/0x660
[  312.955011][ T1555]  unshare_nsproxy_namespaces+0x120/0x170
[  312.960720][ T1555]  ksys_unshare+0x4ac/0x7b0
[  312.965216][ T1555]  __x64_sys_unshare+0x38/0x40
[  312.969970][ T1555]  x64_sys_call+0x442/0x9a0
[  312.974467][ T1555]  do_syscall_64+0x4c/0xa0
[  312.978873][ T1555]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  312.984763][ T1555] page last free stack trace:
[  312.989416][ T1555]  free_unref_page_prepare+0x542/0x550
[  312.994860][ T1555]  free_unref_page+0xa2/0x550
[  312.999518][ T1555]  free_compound_page+0x78/0xa0
[  313.004345][ T1555]  __put_compound_page+0x77/0xb0
[  313.009432][ T1555]  __put_page+0xbc/0xe0
[  313.013562][ T1555]  skb_release_data+0x3d3/0xa10
[  313.018388][ T1555]  __kfree_skb+0x50/0x70
[  313.022602][ T1555]  tcp_recvmsg_locked+0x14ac/0x2640
[  313.027782][ T1555]  tcp_recvmsg+0x21b/0x720
[  313.032185][ T1555]  inet_recvmsg+0x134/0x470
[  313.036665][ T1555]  sock_read_iter+0x2a2/0x340
[  313.041318][ T1555]  vfs_read+0x68b/0xbe0
[  313.045448][ T1555]  ksys_read+0x140/0x240
[  313.049671][ T1555]  __x64_sys_read+0x7b/0x90
[  313.054149][ T1555]  x64_sys_call+0x96d/0x9a0
[  313.058630][ T1555]  do_syscall_64+0x4c/0xa0
[  313.063029][ T1555] 
[  313.065337][ T1555] Memory state around the buggy address:
[  313.070958][ T1555]  ffff88811eb69f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  313.079001][ T1555]  ffff88811eb6a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  313.087040][ T1555] >ffff88811eb6a080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  313.095076][ T1555]                       ^
[  313.099379][ T1555]  ffff88811eb6a100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  313.107416][ T1555]  ffff88811eb6a180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  313.115455][ T1555] ==================================================================
[  313.123489][ T1555] Disabling lock debugging due to kernel taint
[  313.140318][  T458] tipc: Node number set to 2886997007