last executing test programs:

17.822974711s ago: executing program 3 (id=176):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000006c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x4004000)
recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmsg$inet(r8, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r7, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
pselect6(0x81, &(0x7f0000000000)={0xa, 0x7ff, 0x14b, 0xffffffff, 0x8, 0xba4, 0xffffffffffffffff, 0xfffffffffffffff8}, 0x0, &(0x7f00000000c0)={0x6b40, 0x3, 0x0, 0x8, 0x1, 0x4000006, 0x8, 0x8080}, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="05004c13d0a6ef6b3d9b060000000c009900090000002b000000"], 0x20}, 0x1, 0x0, 0x0, 0x400c000}, 0x0)
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000100)='./file1\x00', 0x800000, &(0x7f00000012c0)=ANY=[@ANYBLOB="73686f72746e616d653d6d697865642c696f636861727365743d63703737352c696f636861727365743d63703836352c73686f72746e616d653d7781e2c3ab15f348696e39352c636f6465706167653d3934392c73686f72746e616d653d77696e6e742c616c6c6f775f7574696d653d30303030303030303030303030303030303137373737372c756e695f786c6174653d302c756e695f786c6174653d312c696f636861727365743d63703433372c757466383d302c75"], 0x25, 0x34b, &(0x7f0000001740)="$eJzs3T9oJGUUAPA3mU02CZxJIRxarXaCHJeIhTYmHCccptCTxX+NC5fzT3YVsrgQi+ylUSwVG0Eruyu0vFosROwsbD1BTsXG6w7ucGR3JrubzOT+iMmp9/sV4eV935vvm8mQnYTk7asrsXFuOs5fvXolZmeTqK2cWolrSSzGVKSRuxAAwP/JtSyLP7LcMPHUzWZ/NB/TeTRzJLsDAA7D8PX/tWPjRP1u7gYAOAqln/+rPVuZffvQtgUAHKLS6//De4b3/Zq/NvqbAADgv+v5l15+ZnUt4myjMRvReb/X7DXjyfH46vl4I9qxHidjIW5E5A8K+dPC4OPTZ9ZOn2wM/LIYzUFFrxnR6fea+ZPCajqsr8dSLMRiUZ+N6tNB/dKwvhERF/rD9aOT9JrTMV+s/+N8rMdyLMT9pfqIM2unlxvFAZqd3fp+xE7M7p7EYP8nYiG+nxp+ci4GtfmxBpntpUbjVLa2p753sT6cBwAAAAAAAAAAAAAAAAAAAAAAh+HEXBTdcxqLo/43Waffe+9sMaFRHh/298mHi/5AO3l/oKy+253ng3R/f6C9/Xl6zVpM3dUzBwAAAAAAAAAAAAAAAAAAgH+P7tZMtNrt9c3u1rsb42Cm3Z/IvPXtF1/Pxf45b6bjTNTyw+2ZU+RioiqNUXk2Ks/SPXOKII0oJifRunhptOPJOfXRWZTKB0G9NJQUe2q128ce+vnTqqo/x5k0RkO1yiWSYv2Joc59eapqPzcPku7W8i3mXM6y7KDy7U/KVTEbUSt94f6J4Jsrrz/wWPf4492kttH6qmj68MijCy9c/vjz3zZa7SguTbs9s9m9kf3ttdKJ+ycprnNScSdUBzvjzM5md6uV/vD7iw9++N2+yWn1/ZNNZt45eK0v92dm8mCwzds50+mKm786eOX66O6984t5/LOV1qXtn37dvZi3qpr4JqFRBwAAAAAAAAAAAAAAAAAAHImJ/xW/A088d3g7AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICjN37//4lgp5S5neB6P8pD9fXN7oGLzx3pqQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcA/7KwAA///phXOJ")
r9 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r9, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x28}, 0x1c)
r10 = socket$inet6_tcp(0xa, 0x1, 0x0)
shutdown(r10, 0x0)
syz_open_procfs(0x0, &(0x7f0000000240)='projid_map\x00')

16.691830201s ago: executing program 3 (id=184):
r0 = open(0x0, 0x60840, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRESHEX=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffbf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
pipe2$9p(0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x21af6000)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000580)=ANY=[@ANYRES64=r0, @ANYRESHEX, @ANYBLOB="2c7766446e6fbd", @ANYRESHEX])
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000400)={r2, 0xffffffffffffffff, 0x0, 0x4, &(0x7f00000003c0)='GPL\x00'}, 0x30)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r4, 0x8933, &(0x7f0000000180)={'wg0\x00', <r5=>0x0})
setsockopt$MRT6_DEL_MIF(r0, 0x29, 0xcb, &(0x7f0000000280)={0x1, 0x1, 0x55, r5, 0x4}, 0xc)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18)
sched_setaffinity(0x0, 0x0, 0x0)
r6 = socket$pppl2tp(0x18, 0x1, 0x1)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r6, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r7, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
r8 = socket$pppl2tp(0x18, 0x1, 0x1)
bind$tipc(r0, &(0x7f0000000040)=@id={0x1e, 0x3, 0x0, {0x4e22, 0x4}}, 0x10)
connect$pppl2tp(r8, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @loopback}, 0x2, 0x9}}, 0x2e)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
getsockopt(r8, 0x111, 0x5, 0x0, &(0x7f0000000080))

15.811878308s ago: executing program 3 (id=189):
r0 = syz_usb_connect$cdc_ncm(0x2, 0x7a, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902680002010040000904000001020e0000052406000105240000000d370f0100000000000000000006241a0000000c241b4800f3ff000500800509058103000200000009040100"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000000), 0x2000001, &(0x7f00000000c0)={[{@nr_blocks={'nr_blocks', 0x3d, [0x78]}}]})
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000000)={0x44, 0x0, 0x0, 0x0, &(0x7f00000009c0)={0x20, 0x80, 0x1c, {0x8, 0x28, 0xe4d, 0x80, 0x7ff, 0xfffd, 0x5, 0x2, 0x800, 0x3, 0x2, 0x6}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)

13.790273555s ago: executing program 3 (id=196):
r0 = syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0xc0ed0040, &(0x7f0000002a00)={[{@noblock_validity}, {@resgid={'resgid', 0x3d, 0xee00}}, {@acl}, {@noload}, {@journal_dev={'journal_dev', 0x3d, 0x3}}, {@nodiscard}]}, 0xfe, 0x472, &(0x7f0000000940)="$eJzs3MtvG8UfAPDvOk6a9PFLf6U8WloIFETFI2nSBz1wAYHEAQQSHIo4BSetSt0GNUGiVQSBQxDigCpxRxyR+As4wQUBJySucEeVEMqlhZPRenfTxLVDHk6c4s9H2nZmd92Z786OPTtjN4CuNZT+kUTsjohfI2Iwyy4/YSj76+bCbOWvhdlKErXaa38m9fNuLMxW8n9i8XW7sh21Wp7f0aTc+TcjxqvVyct5fmTm4jsj01euPnX+4vi5yXOTl8ZOnz5x/HDfqbGTbYkzjevGwfenDh148Y1rL1fOXHvrx6/T+u7OjxdxtNNQdnWberTdhXXYniXppNzBirAmabulzdVb7/+D0RMDi8cG44WPOlo5YFPVarVas8/n3FwN+A9LotM1ADqj+KBPn3+LbYuGHtvCH89mD0Bp3DfzLTtSjlJ+Tm/D82079UfEmbm/v0i32KR5CACApb5Nxz9PNhv/leKeJef9L19D2RsR/4+IfRFxV0Tsj4i7I+rn3hsR962x/MYVktvHP6Xr6wpsldLx3zP52tby8V8x+ou9PXluTz3+3uTs+erksfyaHI3eHWl+dNlLlvvu+V8+a9z3aT7NPrRk/JduafnFWDCvx/VywwTdxPjMeFuCT+P/MOJguVn8SRTLOElEHIiIg+ss4/zjXx1qdezf419BG9aZal9GPJa1/1w0xF9IWq5Pjj59auzkSH9UJ4+NFHfF7X76ef7VVuVvKP42SNt/Z9P7P4s/fUZM+iOmr1y9UF+vnV57GfO/fVxJWhzbv877vy95vZ7uy/e9Nz4zc3k0oi95Kc0OLNs/duu1Rb44P43/6JHm/X9f9nhWvxL3R0R6Ex+OiAci4sG87R6KiIcj4sgK8f/w3CNvtzrWuv1XmJVvozT+iRXaP33LS1O32n/tiZ4L33/Tqvzaqtr/RD11NN+zmve/1VZwI9cOAAAA7hSl+nfgk9LwYrpUGh7OvsO/P3aWqlPTM0+cnXr30kT2Xfm90VsqZroGl8yHjuZzw0V+rCF/PJ83/rxnoJ4frkxVJzodPHS5XS36f+r3nk7XDth0fq8F3Uv/h+6l/0P30v+he+n/0KX6mu/+YKvrAXTE2j//+zelHsDWM/6H7qX/Q/fS/6ErtfxtfGlDP/m/UxPl7VGNpomB7VGNIhGlbVGN9iVe+STrEtulPkWivOr/zGKdiR1ND3X6nQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA9/gkAAP//Uo/mdg==")
statx(r0, 0x0, 0x6000, 0x400, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x200000008, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x50, r0, 0x65974000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket(0x2a, 0x3, 0x8)
keyctl$update(0x2, 0x0, 0x0, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f00000002c0)={@ipv4={'\x00', '\xff\xff', @local}, 0x800, 0x0, 0x0, 0x0, 0x3, 0x7ff}, 0x20)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000f4817052830a74a4e845d0ff000000000000000000008510", @ANYRES32, @ANYBLOB="00000000000000106608000014000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0xde, &(0x7f0000000340)=""/222, 0x40f00, 0x8}, 0x94)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(r5, 0x1, 0x15, 0x0, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xe, 0xc, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095", @ANYRES16=r6], 0x0, 0x4, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x1, 0x0, 0x7fff0000}]})
nanosleep(&(0x7f0000000180), 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
r8 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='scsi_dispatch_cmd_start\x00', r7}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x31, 0xc, &(0x7f0000000040)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x4000000, 0x0, 0x0, 0x0, 0x38, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r4, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)

13.410615528s ago: executing program 3 (id=198):
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x4)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r1=>0x0})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x6, &(0x7f0000000080)=@raw=[@cb_func={0x18, 0x2, 0x4, 0x0, 0x3}, @map_val={0x18, 0x6, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x2}, @btf_id={0x18, 0x0, 0x3, 0x0, 0x1}], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r1, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

12.516343685s ago: executing program 3 (id=204):
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) (async)
r0 = getpid() (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x8844)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write$P9_RREADLINK(0xffffffffffffffff, 0x0, 0x0) (async)
connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e) (async)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000070000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400001f00000085000000820000009500000000da2ee8"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
add_key(&(0x7f0000000040)='asymmetric\x00', 0x0, &(0x7f0000000300)="303e3002a0001f14000000d190c937dc6914243b0402d6dcb70ad80851956fe6727ae888746b02cee670a5882a0ad79716584e6b04b7f62edac751478af9c62f", 0xfffff, 0xfffffffffffffffc) (async)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) (async)
sched_setaffinity(r0, 0x8, &(0x7f0000000340)=0x2) (async)
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) (async)
read$FUSE(0xffffffffffffffff, 0x0, 0x0) (async)
getgroups(0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00'}, 0x24) (async)
socket$inet6_udp(0xa, 0x2, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sys_enter\x00'}, 0x10) (async)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) (async)
r5 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1800}, 0x800)
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) (async)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0)

12.322907097s ago: executing program 32 (id=204):
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) (async)
r0 = getpid() (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x8844)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write$P9_RREADLINK(0xffffffffffffffff, 0x0, 0x0) (async)
connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e) (async)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000070000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400001f00000085000000820000009500000000da2ee8"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
add_key(&(0x7f0000000040)='asymmetric\x00', 0x0, &(0x7f0000000300)="303e3002a0001f14000000d190c937dc6914243b0402d6dcb70ad80851956fe6727ae888746b02cee670a5882a0ad79716584e6b04b7f62edac751478af9c62f", 0xfffff, 0xfffffffffffffffc) (async)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) (async)
sched_setaffinity(r0, 0x8, &(0x7f0000000340)=0x2) (async)
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) (async)
read$FUSE(0xffffffffffffffff, 0x0, 0x0) (async)
getgroups(0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00'}, 0x24) (async)
socket$inet6_udp(0xa, 0x2, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sys_enter\x00'}, 0x10) (async)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) (async)
r5 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1800}, 0x800)
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) (async)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0)

9.423436261s ago: executing program 5 (id=225):
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) (async)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid() (async)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) (async)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
r5 = socket$inet_icmp(0x2, 0x2, 0x1)
accept$inet(r5, &(0x7f0000000000)={0x2, 0x0, @private}, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x17, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x2, 0x0, 0x0, 0xffffffff}, [@printk={@ld}, @call={0x85, 0x0, 0x0, 0x7d}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000002000000e27f000001"], 0x48) (async)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000002000000e27f000001"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r7}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r7}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000780)={{r6}, &(0x7f0000000700), &(0x7f0000000740)}, 0x20)
r8 = socket(0x10, 0x3, 0x9)
connect$netlink(r8, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x25dfdbfc}, 0xc) (async)
connect$netlink(r8, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x25dfdbfc}, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000c80)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x28}}, 0x0)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={r9, 0x2000000, 0xe, 0x0, &(0x7f0000000240)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={r9, 0x2000000, 0xe, 0x0, &(0x7f0000000240)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r10 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r10}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r11}, 0x2d) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r11}, 0x2d)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x20, r1, 0x9c3fa077fa966179, 0x70bd28, 0x0, {{0x7e}, {@void, @val={0xc, 0x99, {0x7ff, 0x69}}}}}, 0x20}}, 0x4000054)

9.058662704s ago: executing program 5 (id=226):
getpid()
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000006c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x4004000)
recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmsg$inet(r8, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r7, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
pselect6(0x81, &(0x7f0000000000)={0xa, 0x7ff, 0x14b, 0xffffffff, 0x8, 0xba4, 0xffffffffffffffff, 0xfffffffffffffff8}, 0x0, &(0x7f00000000c0)={0x6b40, 0x3, 0x0, 0x8, 0x1, 0x4000006, 0x8, 0x8080}, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="05004c13d0a6ef6b3d9b060000000c009900090000002b000000"], 0x20}, 0x1, 0x0, 0x0, 0x400c000}, 0x0)
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000100)='./file1\x00', 0x800000, &(0x7f00000012c0)=ANY=[@ANYBLOB="73686f72746e616d653d6d697865642c696f636861727365743d63703737352c696f636861727365743d63703836352c73686f72746e616d653d7781e2c3ab15f348696e39352c636f6465706167653d3934392c73686f72746e616d653d77696e6e742c616c6c6f775f7574696d653d30303030303030303030303030303030303137373737372c756e695f786c6174653d302c756e695f786c6174653d312c696f636861727365743d63703433372c757466383d302c75"], 0x25, 0x34b, &(0x7f0000001740)="$eJzs3T9oJGUUAPA3mU02CZxJIRxarXaCHJeIhTYmHCccptCTxX+NC5fzT3YVsrgQi+ylUSwVG0Eruyu0vFosROwsbD1BTsXG6w7ucGR3JrubzOT+iMmp9/sV4eV935vvm8mQnYTk7asrsXFuOs5fvXolZmeTqK2cWolrSSzGVKSRuxAAwP/JtSyLP7LcMPHUzWZ/NB/TeTRzJLsDAA7D8PX/tWPjRP1u7gYAOAqln/+rPVuZffvQtgUAHKLS6//De4b3/Zq/NvqbAADgv+v5l15+ZnUt4myjMRvReb/X7DXjyfH46vl4I9qxHidjIW5E5A8K+dPC4OPTZ9ZOn2wM/LIYzUFFrxnR6fea+ZPCajqsr8dSLMRiUZ+N6tNB/dKwvhERF/rD9aOT9JrTMV+s/+N8rMdyLMT9pfqIM2unlxvFAZqd3fp+xE7M7p7EYP8nYiG+nxp+ci4GtfmxBpntpUbjVLa2p753sT6cBwAAAAAAAAAAAAAAAAAAAAAAh+HEXBTdcxqLo/43Waffe+9sMaFRHh/298mHi/5AO3l/oKy+253ng3R/f6C9/Xl6zVpM3dUzBwAAAAAAAAAAAAAAAAAAgH+P7tZMtNrt9c3u1rsb42Cm3Z/IvPXtF1/Pxf45b6bjTNTyw+2ZU+RioiqNUXk2Ks/SPXOKII0oJifRunhptOPJOfXRWZTKB0G9NJQUe2q128ce+vnTqqo/x5k0RkO1yiWSYv2Joc59eapqPzcPku7W8i3mXM6y7KDy7U/KVTEbUSt94f6J4Jsrrz/wWPf4492kttH6qmj68MijCy9c/vjz3zZa7SguTbs9s9m9kf3ttdKJ+ycprnNScSdUBzvjzM5md6uV/vD7iw9++N2+yWn1/ZNNZt45eK0v92dm8mCwzds50+mKm786eOX66O6984t5/LOV1qXtn37dvZi3qpr4JqFRBwAAAAAAAAAAAAAAAAAAHImJ/xW/A088d3g7AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICjN37//4lgp5S5neB6P8pD9fXN7oGLzx3pqQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcA/7KwAA///phXOJ")
r9 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r9, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x28}, 0x1c)
r10 = socket$inet6_tcp(0xa, 0x1, 0x0)
shutdown(r10, 0x0)
syz_open_procfs(0x0, &(0x7f0000000240)='projid_map\x00')

7.566561177s ago: executing program 5 (id=237):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000040000000400000005"], 0x50) (async)
close(0x3) (async)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b00000008000000080000000600000001"], 0x50) (async, rerun: 32)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x7b}]}, 0x0}, 0x94) (async, rerun: 32)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000073"], 0x0, 0x0, 0x0, 0x0, 0x40e00, 0x10, '\x00', 0x0, @sock_ops=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x39, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='cachefiles_read\x00', r1}, 0x18)

7.19642947s ago: executing program 5 (id=239):
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
r1 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r2 = socket$unix(0x1, 0x2, 0x0)
connect$unix(r2, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
sched_setaffinity(0x0, 0xffffffffffffffa8, &(0x7f0000000000)=0x1002)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
read$FUSE(r5, &(0x7f0000002bc0)={0x2020, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}, 0x2020)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000680)={'wlan1\x00', <r7=>0x0})
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000700)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(0xffffffffffffffff, &(0x7f0000000900)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000840)={0x6c, 0x0, 0xa00, 0x70bd2c, 0x7, {{}, {@void, @val={0x8}, @void}}, [@NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_PID={0x8, 0x52, r0}, @NL80211_ATTR_PID={0x8, 0x52, r6}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x4, 0x34}}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r7}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r8}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x2, 0x13}}, @NL80211_ATTR_PID={0x8, 0x52, r0}, @NL80211_ATTR_PID={0x8, 0x52, r0}]}, 0x6c}, 0x1, 0x0, 0x0, 0xc000801}, 0x4000c00)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r9}, 0x10)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000004c0)='./file1\x00', 0x3000046, &(0x7f00000005c0)={[{@dioread_nolock}, {@data_err_abort}, {@jqfmt_vfsold}, {@delalloc}, {@data_err_ignore}, {@discard}, {@data_err_ignore}, {@grpquota}, {@noblock_validity}, {@user_xattr}, {@block_validity}, {@errors_remount}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
setxattr$system_posix_acl(&(0x7f0000000140)='./file0\x00', &(0x7f0000002b80)='system.posix_acl_access\x00', &(0x7f00000000c0)={{}, {0x1, 0x6}, [], {}, [{0x8, 0x6}], {0x10, 0x6}, {0x20, 0x4}}, 0x2c, 0x3)
r10 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/power/pm_test', 0x64001, 0x1d6)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
r12 = socket$nl_generic(0x10, 0x3, 0x10)
r13 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_REG(r12, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000780)=ANY=[@ANYBLOB="47665cf4699a6b68e0a32e7a258ec40af260755ee9635558db2de86d9216e32d63b4a9653ce67cda9318767c340bcfb200ffc1366d4231635bda54e84851ad91666744d159c3e120fb3f2224ec69d487ab2b0a2e9b5e5571bc8f9678d5d98d89a60189e94b8fd3d1fe88de878537785afba215c46b4222dd8fc9ef82e2f39ef06b506600cb364e8e8cfd7c28778b1292538798c263c52706f7dc8e9cb0b52cdc0000000000", @ANYRES16=r13, @ANYBLOB="090f26bd7000fedbdf251f000000"], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x8084)
sendmsg$NL80211_CMD_SET_BSS(r11, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)=ANY=[@ANYBLOB="10200300", @ANYRES16=r13, @ANYBLOB="200026bd7000fedbdf25190000000c0099000200000005000000"], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x4890)
sendmsg$NL80211_CMD_SET_WIPHY(r10, &(0x7f0000000440)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000280)={&(0x7f00000003c0)={0x5c, r13, 0x400, 0x70bd28, 0x25dfdbfe, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0x9}, @NL80211_ATTR_WIPHY_ANTENNA_RX={0x8, 0x6a, 0x5}, @NL80211_ATTR_TXQ_QUANTUM={0x8, 0x10c, 0x5}, @NL80211_ATTR_WIPHY_TX_POWER_LEVEL={0x8, 0x62, 0x8}, @NL80211_ATTR_TXQ_LIMIT={0x8, 0x10a, 0xfcf}, @NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0x8}, @NL80211_ATTR_WIPHY_ANTENNA_TX={0x8, 0x69, 0x8}, @NL80211_ATTR_WIPHY_RETRY_SHORT={0x5, 0x3d, 0xb6}, @NL80211_ATTR_WIPHY_COVERAGE_CLASS={0x5, 0x59, 0x91}]}, 0x5c}, 0x1, 0x0, 0x0, 0x8081}, 0x20040801)

4.240289855s ago: executing program 5 (id=245):
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x2400, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_usb_connect(0x0, 0x46, &(0x7f0000000300)={{0x12, 0x1, 0x0, 0x7e, 0x47, 0xde, 0x8, 0x7c4, 0xa003, 0x8d15, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x34, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x3c, 0x0, 0x3, 0xa5, 0x99, 0x61, 0x0, [], [{{0x9, 0x5, 0x80, 0x3, 0x20, 0xd, 0x8c, 0xaa}}, {{0x9, 0x5, 0x2, 0x0, 0x10, 0x9, 0x7, 0x3, [@generic={0x7, 0x5, "a3560a8cba"}]}}, {{0x9, 0x5, 0xc, 0x2, 0x20, 0x51, 0xfe, 0x3}}]}}]}}]}}, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000080), 0xf, 0x8041)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x8108551b, &(0x7f00000001c0)={0x0, 0x2, "4cf90fba85c830e42a3ca4b10f01bbcb15f3806c4853e7c44a6974759d9f643905a56baa4195fb396d9bfa306999f1586e5d1ca49add100a36b751a7d9fe0b182ebf2c8a0e66f72c1c08260030752f07cd4089473e52885a3c85bacf3ccfac5bb9435fe036dcfccd7254bbd8bce90e2284d29e1f17d6652270fd0abcb8729f16ff602b438bd122a9e09984e2799d0dbfef7533d1a930ea4f4b57605ace45f5815450693650ae122d34aa0c5ca5e793516d156e5a5b34d6c17c40d753426a3d8e15e726d0f2622e873e0cbe63751bb62c68594d4cb0a21b92ad2e80f24a9b290a87ee6779022a0b7f5223e4e8c9f53f501ec8c439724078fdc076a51d50760566"})
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
fcntl$setown(0xffffffffffffffff, 0x8, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x9031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000ed074479000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000380)='syzkaller\x00', 0x40000001, 0x0, 0x0, 0x41100, 0x2, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd29, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000400000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x18)
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x8008000000010, &(0x7f00000003c0)="17000000020001000003d68c5ee17688a2003208030300ecff3f0000000300000a0000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dff060115003901000000000000ea000000000000000002ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e0", 0xb8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="183a00c7780000ff0000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000006c0)={0x94, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x94}}, 0x0)
sendmsg$IPCTNL_MSG_CT_DELETE(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)={0x14, 0x2, 0x1, 0x5, 0x0, 0x0, {0x2, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040)
r6 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000", @ANYRES32=r6], 0x0}, 0x94)

2.988429535s ago: executing program 0 (id=252):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000000140))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9)
r1 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x1ff, 0x8a002)
ioctl$USBDEVFS_REAPURB(r1, 0x4004550c, 0x0)

2.988278675s ago: executing program 0 (id=253):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f0000000100)='hugetlb.2MB.rsvd.max_usage_in_bytes\x00', 0x2, 0x0)
sendfile(r1, r1, 0x0, 0x5)

2.901873746s ago: executing program 0 (id=254):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f00006ac000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x4, 0x0, 0x0)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x3000001, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2.756419517s ago: executing program 0 (id=256):
r0 = fsopen(&(0x7f00000000c0)='configfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0xa)
fchdir(r1)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
getdents64(r2, &(0x7f0000000f80)=""/4096, 0x1000)
getdents64(r2, 0x0, 0x0)

2.43643541s ago: executing program 0 (id=259):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'ip6_vti0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000240)=@newqdisc={0x28, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xfff1, 0xffff}}, [@TCA_STAB={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000091}, 0x40010)

2.088054623s ago: executing program 0 (id=260):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r1, 0x4068aea3, &(0x7f0000000000)={0xa8, 0x0, 0x3})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_CLEAR_DIRTY_LOG(r1, 0xc018aec0, &(0x7f0000000140)={0x0, 0x240, 0x380, &(0x7f0000000180)=[0x4, 0xec66, 0x5, 0x8, 0x98bd, 0x80000000000000c, 0x0, 0x4, 0x10000, 0x7, 0x9004, 0x9, 0x8, 0x9, 0x5, 0x49, 0x3ff, 0x9, 0x2, 0x1, 0x8, 0x7, 0xc1, 0x1, 0x2, 0x2, 0x6, 0x9, 0x96, 0xffffffff, 0xffffffff00000000, 0x0, 0x5, 0x7, 0x4, 0x3, 0x9, 0x888f, 0x1, 0x6, 0x46, 0x1, 0x3, 0xa3de, 0x20000000006, 0x8, 0x7, 0x400, 0x3, 0xffffffffffffffb7, 0xfffffffffffffffa, 0x800000000002, 0x12, 0x6, 0x4, 0xe6, 0x200000000000101, 0x5, 0x9, 0x66, 0x6, 0x7, 0x40000005, 0xfffffffeffffffff, 0x9, 0x8, 0x10001, 0xbbd9, 0x80000000, 0xfffffffffffffc00, 0x2, 0x7, 0x2, 0xcdc, 0x4000000007, 0x40000002, 0x3, 0x2, 0x2, 0xffc, 0x6, 0x4, 0x1, 0xab6, 0x0, 0x4, 0x0, 0xffffffffffffff81, 0x4, 0xff, 0x6, 0x4, 0x5, 0x8061d, 0x3, 0x7, 0xf6, 0x4, 0x6, 0x204, 0x7, 0xe53e, 0x4, 0x8, 0x2293332f, 0x6, 0x5, 0x1e, 0xd, 0x2, 0x4, 0xfffffffffffffffb, 0x80000001, 0x7, 0xdfd4, 0xfff9, 0x10, 0x5, 0x8, 0x1, 0x53e0f0fe, 0xeb4, 0x3, 0xfffffffffffffffe, 0xb692, 0xcc, 0x8, 0x1000003]})

1.292053869s ago: executing program 1 (id=273):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x110a})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x54, 0x0, &(0x7f0000000480)=[@acquire, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000400)={@flat=@weak_handle, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x1, 0x22}, @fd={0x66642a85, 0x0, r1}}, &(0x7f0000000bc0)={0x0, 0x18, 0x40}}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x1, 0x1000000000000, &(0x7f0000000340)="cb"})

1.267338749s ago: executing program 1 (id=274):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x2, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000280)={@ptr={0x70742a85, 0xf0ffffff, 0x0, 0x0, 0x0, 0x2e}, @flat=@binder={0x73622a85, 0x101, 0x1}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x1, 0x36}}, &(0x7f0000000200)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0})

1.212286179s ago: executing program 1 (id=276):
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x40300, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x9, 0x0, 0x4002004c8, 0x1004, 0x45c5, 0xc595, 0x7, 0x2, 0xffffffffffffffff, 0x0, 0x80000004000000, 0x200000000c], 0x80a0000, 0x2010d3})
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478ef8ed"])
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1.20443345s ago: executing program 2 (id=278):
r0 = syz_open_dev$usbfs(&(0x7f0000000000), 0x76, 0x101301)
ioctl$USBDEVFS_CLEAR_HALT(r0, 0xc0105502, &(0x7f0000000300)={0x1, 0x1})

1.2010377s ago: executing program 1 (id=279):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x800, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000040)=0x3, 0x4)
connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg$inet(r0, &(0x7f0000004d00)=[{{0x0, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x400000000000284, 0xf00)

1.1124398s ago: executing program 2 (id=281):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0xa0380, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
close(r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500))
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000a80)={'syzkaller0\x00', @broadcast})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
close(r2)

1.063140211s ago: executing program 1 (id=282):
socket(0x22, 0x2, 0x3)
r0 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r0, &(0x7f0000000040), 0x10)
listen(r0, 0x0)
r1 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r1, &(0x7f0000000080), 0x10)
setsockopt$sock_linger(r1, 0x1, 0x3c, &(0x7f0000000180)={0x1, 0x5}, 0x8)
sendmmsg(r1, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x1, 0x24008094)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r2, 0xffffffffffffffff, 0x0)

969.778962ms ago: executing program 1 (id=283):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
ioctl$TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x4000000000000)
ioctl$FS_IOC_GETVERSION(r1, 0x40015b0b, &(0x7f0000000040))

924.291592ms ago: executing program 2 (id=285):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = memfd_create(&(0x7f00000025c0)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1cs1F59\xcdR\xc1\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9b\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa\xe7\xd6\xa3', 0x6)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r1, 0x0)
r2 = socket$xdp(0x2c, 0x3, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20)

808.464283ms ago: executing program 2 (id=288):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r0)
sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73"], 0x38}}, 0x0)

808.296823ms ago: executing program 2 (id=291):
r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp\x00')
pread64(r0, &(0x7f00000011c0)=""/159, 0x9f, 0x1c0000000)

786.561393ms ago: executing program 2 (id=292):
mkdir(&(0x7f00000020c0)='./file0\x00', 0x82)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f00000041c0)={0x2020, 0x0, <r1=>0x0, <r2=>0x0}, 0x2020)
syz_fuse_handle_req(r0, &(0x7f0000006280)="897c6500ff3035465c7acb4e06980b05687c1480c7aafe631c0543db2bf0d6f539506e8782da06c1ca018774d72e9e5a3418ab66ee78dad68457b17ec9d47bf7d8272d607c1c0a4bd906f0cee7f8451828d2458596bdd6a459ba18ebaf61b38f5d66c27fa8a024ad7832a85e58689a4c254c94cbcf7208fce6e61d9566459789d15a6f91dd7db7c54cc3a94da956fb290a8a15f849270bc459d9d9f47801be86dd5c9d18382081a993b7bfde5c28adca4c71329afd6be743b076033b5859891703eb65fa256d6f47450b6edacbd05a9bd8b372e90cfc30f32826566dac6c48e6ef001881cbc30482f9ec469e476a101da496b8c0785eaf875d3608b0c49e9d39baaa1041f903a805f0f24aa63722fa2d87b98595fa5cfaf8b79c458de43ee39904e7cac7540a934b4108957785d58807abff186949f1b94cd21b724aff34ac45c7066dcdbd68ea7b766af9d045cd7fafeafc5c5a0c3400ef4e0c71a6fdd5b8d68a6f317644cda9d2fd2c839a82b97b3d909b54c672227bef573c9de1991d65a63017f724d1f7f1575e69db53318a7fd7065b303e751518c8eef04f642dbd4dfa349040a7b5401050ffc2b4ef62803a7c8eaba99e011dfac24d81b2b61e0b0581e53bf520f623eca17f0545c5e59ff15b527475f970f589894ae589145fa4283f7225088ccfeba1d72e9128f8c223ae1840f2edae3dbcdf7e560d5cdf4f71c9ada1931c0f8312c000101b264aaddb9fab166ba8d8903d6098eca20935ca607ea79e936798b3dfb22a7e159abb234cf21f3733dbf263a8ff116092f251659108892b2e21e1b428fd225096a5040270b2d70347013eaa1fd8e452942200283aab092c4ffc5b8b427b5d691a5a773e09da20539ff0f8214331c5d84107ae8a59aeb58efe22d7a079e446f1dfb07510377799bfdc7ee59cabcd76af0fe8a427ac8258ff33bbad5a8061f1cfdfbf375d73d676cc7916d6658ce46a0b17ad6350150f98e3512b513e25ca73f5f5df0a1fb9582ace7906c493fe1fd2889d9aac0b7c29c2b6c205537627bad64df433336a5ace32ca871e51b4dab0fbb00886a1fa81a98b74de0a26cebf65723515ebb807fc3c161ed42d1a7b6b55717613577ea437f3a2967c66ce45ff85a6a35b7cd40625fc575b107d7394e3d2db51d58347276c33e21f50b5a6b5672bf9fda63139bb75aead1fe4ee9a4064af5a5958466aa39faa6d821489fa415224c8d69d3b5922236832c2b1e4f6b8863b32f9aea83fb522a2de081d674502b48f73ce6db98d84136059b4a6676bc85ac6b7626329afa9bc7d3f9f2caa3c4d872744e0a8e02d72a75c6c545b8ec8e15b6fb0fe4185bd0d154960e6fef05ba40e5fe2968eb1301dcc52a03337179e74ba1522af93d77827845f8941c69ed8bb84567e3c63f1cc378a542f1de7007b688ff0a9c69d5861f0b85402c30a2fd391c52bafbe65f8e82135fd38361d7c0b43c982b2f3e7cb09c40c7e215114f4243d670cd576bcd93c1e959345170c75d6c3cf89cf8c2c70dc792e646e7c649d4c5f36bb016c7acd466ad58473d40dfef36394e581065a8581ab852250403cf372ac0065bf757fa3f445424ac0d82aec1938a2ea116bdfd306baa1cb06c62a4a97d66ab1b9489469cb8ba842da12e310caed02c5ef05c0be1e1e8c9c8b87d6871c94c57d164d08672b205c948086a06a545b266b7ad902a908681eb188bc51b6190b5cb9d8ca59b8c4c6e7369c00d6f6119fd5d437239e3d3c89cb81e09e560fb817590106015f08e7b09f1e1e65bfab3b8489fa058e24081978b9e25463d9945bfbca81c08885d4b6d4c62e217bd9e19460762f36c66bc948fe31cde089626fbb310e3c78a8d3f2eac21d374d9b58d887235d3a95721168e4b9475849071d60ecfe7ea5d6c4bf60da3747612ef59bb651270f326c0af31bc8c71361f851de34ccb3c8071b96f1128d7ee79b41246e566edd0272dbd3ccfe472b38e5e03d3ef83218bd498e6de8b4d92cb6f82716449ede7ba845028eccdb9137be8a622ac88ac53118fbc39637fa7a93cd3abc6f7671c7804420d66e94720acbcac916950f9baca77fef4217155ccc2cd0507339a0486f9f468eb28772986ee768c63eba671bf8c52e48a2a5dc2cc24fe925368706c2d712dd1064692b0fb2a32ddfbd4a0ffcf9c2abcedaae6e527bc1d42637aff2a275b76a7a7f010e42e1cc1d27141f6c3585a2bf58c6c5789ce61551d10118a000e3764631ec0b7f4b1a6f22a678133a30940b79dc76f863dd9f6e0d7776300898c97cef286c731c2050928c492439256e481652bff0d202db3cfdc54c9816ceea7895357bfa0362fad79afd09ed55189294d6ead7e898ac091cddbe7efcedb314bc02a18dd5bbddc42e089124758bb491fd1536aab27c5c124567bc325e7028bced5a179a011d1cb9a5ffb61d7af863e91ec8e60495561188b74d158ba1418228d44e92915a22eb1c166ef7d6179e84381ed950ffd747f13e24172942d922ca3109fb8b1e4e6264fa4a4eec75ad0d0e22579d90f45d6cd157300e38ae665eb56457202e25a8dd5877ba99725de288660badd2704345d9bad208c903ba27ea167dd45a77f77b6502b525b2973270582858183c784c324c1366fbba8d410c38bf75b41e067f6a9a017c56595161db4fc5639393fdafb1f148d3f416c1adc5fe1ab9cebe4689855c9b4bda6dcba5d5fa858a1b87d2ad23cdf54dbdf4d14aa4462da0b6f1107f4afa0091c2643508861a4d9f133ba77751941bb8fb756abf1a104205b80d47a3b4a59724d959c8b5833da4f56fb6613231f230a9378c9af741e94fd2c7213ac1d7625559b3f032f6c8df3ab441929720fe43d7c548cc661eed5b3c62b3c61f538ea3228376e2a18c6da2ad906322f64fb4865cde8e1889a8e5237fd6a39bbd6662f1dedc22fbd74e4376fa610cd710703dbd3924a38beae69783d1d5abf36122cbb87129ba719042748f060f4303a3199c5891c5040fd8cdb9761b006bf64cdcb65e5cc50a29994b8c1c34b83760ece12ed9ed7c3d2a7f8911cdf23a1afe0d7db1bf342aa0123dd5cd31339f5c8e160c4efef882602b3eccbe76fb690162b8bfb8a31910bcdf9a4a5dde76c2ac2fcd8678add7a000cfdcab398eb2171c026313eb6eb56b4b87bf8ef93f7f8a1c0bcc3775b681d4229ea561cb52281d8ba4315c3694ed08433596884d5a7ce3a8b1f82359846b7136726e2fe37bf4f7b7e2206cdcdb0705ced9f0dcaaa2ed3a78ea70d2cfeab668eb321400fc955e9aeb7bbcf86cd03f02dd443503a1480d9d9f899f53bd747a95293786798fc59fceb09e686a9328da4f929b6201841bbbefaffcf3386abdf69540e3b46a643ec10f0acf21f27c0053dc13f18485dbc898729dfbeaaa4887b58cd442d7ffa941808cd9658595be8650a815b088621278d89f0d8a4252566b923df3a3cd65c0e4af08fad385927251b31d35f75eaf25e6cf13a579aeeb0bcc0a14ca4a20a6831d532be0b2af3821792a2df95131b7fafef245aa19b214053342aa820c35858d13f84e496294529411015c41ed447b5b51dc44a45d52552a2be1abfc157f3ace7bfa32d5b931421d5a152dd66b7bf549311b08325e5a7201f793037b38990bedeca8a647c08d2478670f8fc2b4e8983ea18bcd514daeeeeb9d7a778f783c76edf01bd4beda4b77b612cd2e865c2e4f58ca7ae06147bf66ae6aee221cf9b9505dc07e6fb6cf4f82dc8c406c78e270210c11cf2531011ed678d9dfe1f49c9a69a95a9f3b0e5b624d9c2664d787ab911b75a4a38d63e9d6c353f8aaf433ff961fe5e34d84936ead0d0bc7954caf84e541f5c6f3f20c9eed21eb0316b82c0dc5182540e63a0af25565496792153d6395adc2b8d68b8bcd93dd110ff5685879db4384ec390d44b89663d43a5de3bdc0e103b7c1b355dc5f6fe3518c93628780ba03f156badea65d1d0af8433c9e8a975fdd19453da662a33fa9f0f5fa15fdb216b483fb48370a967246e0b763df8b3bc7924a6c76c4b114f803dbfa3b312e6815b4eb67be167283a9e482d9a5beac250089d069d4c386b7fda5fc228404a0f58b12ca4dc131c381b49b42b570bcfc0dd663f24afaf65a26a21f6d92f52c9f8de36cb76bacbaa0eef98ba6b7dbbc2629a03bb2b6f83fc5adaf20c217bc8d0f0d2421e01472532bcb546aeb2d483c8f95011a3ba1d2fd8086a717cb015dd53064ef4a80b6d6fdc12d9069223fdf2aa9b192a0e0bdb38436f49d9eedfef3665815633fee4344aff11162526362b70b18e1dbedbb5d8c4698860beccf667851878a25a1e766caae2861f2e23404aac859e62fdfeac06a6057554828d7035806e8ab3ee2fa6d711e5811db61231a22f4672f6a11b27641f350bcab78792362e6ebc1c054a643bbbf2746678c14dc567d1f73e37005c8ab6374c4d8d3106384a2d32c5fcf05cb9ba97cb7fa1aff11505a701bead543e555f3901ef3b693d5b9ebf49518c3509af042b7e84b1b867c22b7e08725220e4338fd074edce428212e6a3563a08e2ccd8ab71910256532904542e93d5c7deb5bf5d49beb3202d4da4f643649e55edbb91188cdcf0883a40c6ed6b8a086fb5c50dc08fee00308420121d4c7431b3cfb80f9c1e099423ac451d67b12e930d9e391d0a799c7d4b54a0d56ea0aae00c1d009e21fb5459416b464b227d66ccc1a68da59d64c1583dee54bbcd7d61ffe541fd0fb7452adba91906918966a7d58019ad1f8fdebeceeed7018837b6e4272eefeec8385abe7207fb2d7061fa6cdc478165a98971f9729b818a73edefed976d5c7c0a651c091cfd1174c020e39330a79144271fe4cbc61ea0ffa274d0d87d06dd08c1d5f8a0364d46ef7b54426bc286330c75fa257afeb2715c2ae511ff53b1189cc59ab80b1325fbdcedfdb8f36ed71f70091116e16b52188b794e637755027caac8db8554f8674b844964c710cacd7a9d6b06baf6fef76159a380e639b0d3e66080a7cf7f86baac01dbe47fe687fcef2f3bfbf6f8fba045181dee688360a11ee56e5fc73ed31c0e2924ae57f0cc93c63a30662a65c5d5f17123ae28cc5b74dd13ed81b03dc7fa61dc575668868c0df12d3553269f04ba79084d070abcdbd4745de80e90e4e3e524f27249b5c4a2f2d4c8b331b0cb6d4efe62a298daacc6eacdfe008c1f912795dbdc37098c42db860953120fda709baa6d46f52eaba781505e68561ca0f281e850532ef8e7c779883e312806e1c357bdef8d0dda005e710cfa6eb8686e8bf3bff036b3fcdc4036541d93530ce6f598442c24170b307ef05f23c93aa0ec96831b532d8120402214a940d1fa01ed649061a4a71308be189cffd729a196754fb8a75f23851189589be1b819f0612cad3dc94ccee88f4ab9ef6ac9c7daad8cf94f5ed9496c4c824e5b4f66ce32a80e7a6ef069a32f6812e656aa5f5742bd432afdf026c86e8f28212c1139dad47d7fc07e5c1a83e993daaa4a4bb5f0c9435ccab2a10f867ffe259dba7a1d9168619b1e3048860a5122e4a5d0b00372eaae861a0cc88549852fffa76e6d78739b654d67df15ea97a9a46b7c382d83191a673aa619b4a10ec05bc681379b0d6df824cb6fe158e9d89ae5dd1ef66976f67972b553db52eb6feef836dca6026293f83a61e117754a7424a3da63bd82d017f87f0603e2a9b8fc550aae611681935ae91f7ca2b5341b05a25208bd28f1a202a7f2a213b1d7411ffb557470aec00c4d13c70163f22a038a189710dd19a47e8db4a87c3fd329a63abca172a9810edad2d8e19ef85b57ea4287cfb3d740d7ea3fa9c80d06e1aa84b317f678ddb3c147ba5e0db432125f59ca4944c8e9050281ca82a3ecf67b2a5df678697a52a7297af1ecb03c586af7b91d74e881964ed95f7be12fa07e2a4e71aab8b913a13996fa33e915144bf00e49b8e7adec5b2c4b8165f54ba3155230e241ee023af77a295ab87c40f63f6092ccee05cb08a265abe8f57c9919bf45064b6c2240ba8011db223a283a4e2292d9b59df8c9a4fdc763f0631007db9976f351717db0e6b5f9c6e5f227c2efa1ae5fe0be1af0b22fc164f9f9678a01fe8b059749fe8a2972455732da1989c609d191544ef9fbb3e58da93ec4a582430523f260b776e4d747312747d18a9bae14740f5dcd35fd1072f8a4d81573b5882203be856b62d7e1d87081a9e431872c9d68864197bbc61f15dd8aeae950d34d6ce97182deebd2ad64cabd1c723baf512acfc7e94675b31369bd60e155af79b97bb734312569f736dcd5b5a78223ffaa0f7e93e1a112cb9f6a5b88fe3cf12c30024c16c6b8380fdf086c662665d3751c11617cc4dbd5b8bc7543301a23fbc90ba8d060193cdc2b68c31c734d516707b759f7db009c8f06e69b40154e1cd8ae444afb28134acdf871136b4fd78bd86d7faaaf618afb25e92d1ee37cdff0595278f9565f5eb109e181e9cacec2f22e32e9f34774ee223fdb992febcc5dbc5cceeda16cbcf1434730d859e7e03d36ff17636a7a7e66956b515894da114f3040909f90ce3cfbb2d7d46e37049c0fb124e0683d662eb427cd7b851ada229451e6e3aaee64b9964ced3036bde5d9d80eb062474f96ecfb9b65fcafc719494ac12ab7df245475f2a5e7f85ca4789833ca373e6214d39176c8f51dde87a4cfe5414a20f68bb9f34709979b99533ba3435c4aa56e525195e10ffd00f8e41aee30a909c07b973bbf733d45500b539ebe2206d438216690998d9e256db1b7ac6bef3e810785e1986985c945a2b820323a592721fcfa444934d0faf8aa439d5efca5dcd77b72d1eb91b3790d50d0a7483e354c415f81d99c133d648c1293e795b3c43f9b47e23ef982e10072ea5baafb0df675e69af1807b225afa0cec3eafbde8535d3ecaa0ea6ddbffe4465207425bb003670320324df0aeeb16b38a043f9c0e85673b36def332fd68b2b1e6edda621d0cadebbced8c7fc8f890489115b457249e8d8103676b3207a472804d33e0fe511ac56cd8dc5333b2333892f87b455940ada78fcf5075c358fce990e6f65f095eb416d876ce6f120b8b02cfa6b176ee269c942f881247c3e464cce2aa65c39137607c585aeb4b5f24f5f8e058c9c8b48003c1809da3e8aad1bee7955c3a976d43fe132e2b16f4758a0a9884e51d13b930675a4361ff366b0fed190ad7b2a00385528951e39cd44ea06d8921b9d613d7626221154cf86249a550198fe4e5b05ad3052b474291da0a0a2f701759859bc0392adf243ad5eca89e6d18e28dff99ef95743bcabe75504be8c715cd6360facf3bb06cb97c29989d4f6ff5083573cefe6ef0b39a252a2678112fa88e5b06c9a6bfc9597cc96e5a49710c4fc120fb0da4945b9d94e46de1e9989d0fc3d8d20df23d815b660c799a903f651b0d013f7fe158f1d297f7fcb6a48780ca5525f1d081ada0aafa83552318b848783306549750b6254cf676c7b934cf7fdab992717f0cdc089b34278f3fb151cadde14d0d3250e85a4b0ff2a2778a219aa40563d3ef575285484424b6d0e7cc8392342e4848c6fc8cb20fa1b450cc4c1fea19f3bbdd9e342e6c49cd7ac893b1eda2e93d1d74d20969465946b398fbc733757741ac822c4a118632cd242a439fc37512cf79b7c629504ccc1e7f2f11798955c3262b5e9695625ba74d8050e20f51d4769e1ab938f487f1bc4b55b5abcaa3ec079c2d0972b2ae9bfb7c5423b959119292ea05f1d79d35afe47e49d97c946b193bffc0a8f607f18a6845cecbbdd98cd351db2b2dce05a4848ba84a6a497b4618950130cb7e76c03d0976eb2fb41d3a42a1430063ed8e5b8c67e80fd4fc1148911958babbcbff33a6505de209b0d9320017fd736fd027a16564008ab2e1f48a6dd66c9256730e9fda0a606875d0871b2b9b0bc2ed4e1b696dbf0283c8dc72cf4338e595266f5390bc3a21f988353118f2948fc75d050ea076b73508d9ed89bade0ba305c1f4e5daf9d40d2f5e7ababed8d1b1d919c61a6d3fb149c1a9b44e38585a2fe322f83d73a3aecb44da3f0e82942d75d62ed3f91eb44f3411df014f88839e4cb1e21b9b259d4eb4adaf6b0be433d0ed4c87ec77dde5ee9d566e3dd8d928fc1875c63af26c59daba5ae267d9bd5da72b99a03e6a33cc48ed961ab484ff4a46c2d5fa597e626e00b530d7b9a9705e4e08d03f3a7f2a5a5233ad6340e3b5c89db81ca713b6d7d855c6324955f85109b204566f50178cd88abe3fcba25de905e8ea0b75ad51831761ed9b1af2470f976f05ec73bf74d137c207270cfd614170518cdc449aeeb663e114359c8124eaf2499d8cf5dc84a0872301db2e57b50bd285060ec4390d99d4ae3674ca3bb8679c1b08e566ba4f30daec8684a980055eb43cb5a1306c4b52a154682aa96637e06c869278aa2f74ef7345632c11265ef8ac97e953745302556881ba0cb590fef271c0abb193fb84d18ee3f24d9976ae816b857d6f68d1fdfe10b312c799fe014debf875d04bff8b4f387859e97c6bf13f7083c28a2045a0b5eb09c94e781a165965e8617c0efed1701ea9667aeca26d9577ea7b1242e1d91b25d6a66756cc627648a293b9f4345966bc469fafaeddc1118d0972bd5c7751a1f51e5989fd952f314ae10417c97b41e60ebfbc47e496486fa4a89fd16aea7fa1eabebd26eb2a37a3e2b351e0c9d2f67b2e5be0f921adc9b6045b045948e5103af0e5050b9c0799b513c00865deebda730de538f956ceb6164e08bd6f58655a294b4b44fc65309b30f9c00f92ef5bd5b911a3d830f72c258b19521bb8e80db02129954efb61423f518d2c5f36587303890cad9a93fa4f4bcd0e24c67db679c67ea59c1350b8442577632d5e8735833f3daf5a74bc7bd82659a81beba8c889632efe03cd24187aee856cf659e16e195464f52f2b984fc7a299e7b2aa53979a147ebed35705d5e89691666536f2febacfcef9b32d14952f958b72512869e4f6a0a34176918217888b1eb8b89322ebb6bb1dead2b4744e728479880db70e6147edaff6c3f083f18e0696bdbd78cf0bda14d9f42e5c1077ced00041aadff90470aacec0e48e2a5f2a0ed37818a173b96061e8c5bf24c0bde9e09f9e0ddb8e13306ef1d4eb8043ebadde5d7553e5212ecd4691eb426251f9d6720b8276ac543dde02399a35d974b22c1727d4b6df01957cae47443b706d43165e01d6932b136f561ce837431254cfb2a6e7d8070a2d3805aaa15b3c10ccd0cda2e9b418ce9ef380e5d08217752e12b3b892d03a9495c83d78d674612fde5a67738b2d4649ce44606ecce6bf3bd1293eca246a83643e4f1c7ba362b110e07c8479f216e3d4afc4fcb8d0820c8ab702a66d8183e83174597035e92b9b500dee08c80b927b42c3689c7c9617b4112c9e54cbfa51e989b5fd42b80c595d3edd265f138e8128cfbbb0e4f53aa0aa95a2ecda451852e564c42d5de7671560843d08103b9bdceac5fdeb0b1266f72f491265dd2b2b80a225a50955167da1812364ea340d82f61535401bae6f3140a8795d7c318a64cee4676627244930957b2f0b227be21b72d90027e6a5a7af3c59470c74dcdb71d1ef090a0f49c91acd604c792385c8f4e085765292822ee5eca03885fd6bfeaca9b3bbbdeac939f7846a487c5a483ed1e4fbf37c93886ea27bb35c812089b900b77c7c924147e97b6a71533610750bc84921012aa8158b213f7601d934a20bdd1f757b0a33042a683af6b9069f3900059d7f80f9fdcc9f33ece8cf7888dc9e24f1fc6ca0ecccf161c5334c60f440feb3acfc3d115011c176dfa05314c5bcf089e3c82bbe7680a3eefdcdbf3ac27265b779db4f49bade0128eda6e29bc5933ef454601db1b49628fd39ab938794fa46a33937a086ece7050d31a21524e2f0cacb307ed4412a2078636f9cc8e11c5c31cc0f9edd7be6d1e31a1513a58e25215f5a24245cb988589e6d5e5119f4f6557c697fad7d1c3a7e3bae064db4382701e33e48c5b6a52fe9141a385ef2325c6f7781134607e98bfd02c43d6deefaa861700388b40d98e941cfb2ddec209f977e8b9f93d29fdbf85e3010ce7cd622e8c75ce3df535e392052b6d65d5042d2a6e78bbfe5ee146e8b18d4bc7fb024dbba57cbe0402205593766a313950cb719d00c67bb6b3bcaa1015b89e820f11475afce655947113a7c3dcbb52427f090df994fbf076db867e0ab3f6125fb8884c1d13ff3e99fab5fa8b9f0b72cb44db4d0a48d9ec17f9733764e213c40a15ad821ec60e4a88cb2fd9dd9a4f35e6a708f4b74067f4be3f03a95261f6b191df53fa5bb5164e4a164630ad9ce39087aa950ad9e60cd2c44fa2237c49abf858c97737fd21180fd0b9542767150fbed3f39a29e6c3484d9437e15d2439f2a54b2a1ac7e63e6c436658abc3f1dd52d984f6c6901768a8cf2ec98ebf44e90e0fc0c24f8957c62e05d8eacecaf25b178fd710af609a8a1bc4d7955b5f0cb4f48a37685e6304ea5843573a1abff37b5106916c83c8f23f939a0dc43aea8d196191ed6e18dd793990d1f37d7de0bf8fac6f469843724eaab86be8a483be281b8ecf4aa29d9c571951cde8cd8c2aaf4d597ac2cb48f23fad145916920a55d655924940573b64dbd42a280cddc4810434f930183fdbbdc72db1491a4c9d44daf9b1bc2fecd855508648063040faeb125da0e68e6cd2002181118eecff0be1dd8eae726af5d451630cd65119c52abd6dded97f931202f186a18c4ba34bc2c3f6d765e2d8f445e959f26ffb55827cf3ff2cc0289f17b82c8caa5a2d3d54306a300f0ef42bbe4ea9e32c5d4b1173942745cdcfe4f5d1619eefaf8dc600afbc9171d516f7f4b35331d0b9be005132ffad5e9df59710278b842afb626a78b8b8b37fc3a894dc705b2d4e0940cb264e9dc87eaa148e6faf78125462f28a0f1d7b3c65a291b85713fa71ffc478f6601e8716c35489f4a54ed0c70bcfd5502cc91374dc3c982075c5180398bc6b195b36e79dcc4087cb990cc9d964a150e0dcc887d496bdd27c3f298736b9ad8345ba2df46021964cf43c38f9d2e94b77bee2b7bf059e0870ff9f17b9ef1320c0aa88a2fa9781e9017ab64643de9a3df9ed4b8cfd8fa080a2e494409520b795eb1517d224a05e450c4c8ae0e9fd29c0e72d3a592cce55f6dd5107f21214e1a3f9a5448384de06149f959ec0c92790f0ff229ab4971171f1c528ae6d095ec007bf5e7f55d623a68194e9ea8edc3af418075338328f24e7504341c22bef72c2963fc9c3237ba990d29c2c8aa3007395f6d96e95b40ee1b18dbad550bf39d0d98268cb74dde76d987c3169c9067495fb1b88508bbb7e94cbb7dfc15c03b1d5b163132c8a468906f02d422a8cf98d0b432b5779dd962074b72dd27439b2e94312f573435e5aa84664432c1914839cd6e172186ce93eeb1d7cb0659696d9d550eb3b185f8c6ee16e53f78233cbe709f99d2879d63d93f7d0ed133241d2f1ab1eb2c56605ca0f0e01c39ab0ba2370fe5c4e68de0561b517ff9a10023c386236398372c7176e35443e2cf5dd6cbed9f23395f231e6a54f65626cb5860a8b72122c34664119e7c47204ef4a70583a", 0x2000, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={0x90, 0x0, 0x2, {0x3, 0xffffffffffffffff, 0x0, 0x5, 0xfffffffd, 0x1040, {0x0, 0x0, 0x20, 0xfffffffffffffffd, 0xf5, 0x0, 0x0, 0x0, 0x7, 0x8000, 0x2, r2, 0x0, 0x4, 0x200}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
write$FUSE_INIT(r0, &(0x7f0000000380)={0x50, 0x0, r1, {0x7, 0x27, 0x1, 0x801001a, 0x66d, 0x0, 0x0, 0x400, 0x0, 0x0, 0x40, 0x9}}, 0x50)
rename(&(0x7f0000000280)='./file0/../file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00')
lstat(&(0x7f00000001c0)='./file0/../file0/file0\x00', &(0x7f0000000200))

357.728497ms ago: executing program 5 (id=300):
r0 = syz_usb_connect(0x0, 0x371, &(0x7f0000000280)=ANY=[@ANYBLOB="1201000057ec0020c215dcff30bd0102030109025f03019b000000090400000b403b4e000905e2379c"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x80000000)
pwrite64(r1, 0x0, 0x0, 0x7fffffff)

92.325959ms ago: executing program 4 (id=305):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x801, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x2, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0xac, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1068, 0x18, &(0x7f0000000280)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x2e}, @flat=@binder={0x77682a85, 0x101, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/33, 0x21, 0x1, 0x36}}, &(0x7f0000000200)={0x0, 0x28, 0x40}}, 0x1000}], 0x0, 0x0, 0x0})

76.093379ms ago: executing program 4 (id=306):
syz_emit_ethernet(0x2a, &(0x7f0000000200)={@link_local, @random="0000fc00", @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x8, 0x1c, 0x64, 0x0, 0x1, 0x2, 0x0, @rand_addr=0x64010102, @dev={0xac, 0x14, 0x14, 0x33}}, {0x17, 0x3, 0x0, @remote}}}}}, 0x0)

65.900909ms ago: executing program 4 (id=307):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e21, @broadcast}, 0x10)
ioctl$int_in(r0, 0x5452, &(0x7f0000000000)=0x475f)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)

395.22µs ago: executing program 4 (id=308):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@ipv4_newrule={0x24, 0x20, 0x301, 0x0, 0x0, {0x2, 0x0, 0x20, 0x4, 0x44, 0x0, 0x0, 0x1}, [@FRA_SRC={0x8, 0x2, @private=0xa010101}]}, 0x24}, 0x1, 0x0, 0x0, 0x40001}, 0x0)

247.27µs ago: executing program 4 (id=309):
prctl$PR_SET_SECUREBITS(0x1c, 0x2c)
setuid(0xee00)
r0 = syz_clone(0x0, 0x0, 0xfffffffffffffde7, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r1)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r2 = syz_open_procfs(r0, &(0x7f0000000040)='stat\x00')
pread64(r2, &(0x7f00000000c0)=""/22, 0x16, 0x6)

0s ago: executing program 4 (id=310):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000480)=@newtfilter={0x84, 0x2c, 0xd27, 0x70bd26, 0x25dfdc00, {0x0, 0x0, 0x0, r3, {0x2, 0x4}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x4, 0x1000, 0x6, 0xfffffffc, 0x7ff}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000000)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.84' (ED25519) to the list of known hosts.
[   19.613831][   T24] audit: type=1400 audit(1762597931.390:64): avc:  denied  { mounton } for  pid=267 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   19.614715][  T267] cgroup: Unknown subsys name 'net'
[   19.636482][   T24] audit: type=1400 audit(1762597931.390:65): avc:  denied  { mount } for  pid=267 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   19.663742][   T24] audit: type=1400 audit(1762597931.410:66): avc:  denied  { unmount } for  pid=267 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   19.663969][  T267] cgroup: Unknown subsys name 'devices'
[   19.893530][  T267] cgroup: Unknown subsys name 'hugetlb'
[   19.899129][  T267] cgroup: Unknown subsys name 'rlimit'
[   20.035492][   T24] audit: type=1400 audit(1762597931.810:67): avc:  denied  { setattr } for  pid=267 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   20.058642][   T24] audit: type=1400 audit(1762597931.810:68): avc:  denied  { mounton } for  pid=267 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   20.083366][   T24] audit: type=1400 audit(1762597931.810:69): avc:  denied  { mount } for  pid=267 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   20.088841][  T269] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
Setting up swapspace version 1, size = 127995904 bytes
[   20.115380][   T24] audit: type=1400 audit(1762597931.890:70): avc:  denied  { relabelto } for  pid=269 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   20.140848][   T24] audit: type=1400 audit(1762597931.890:71): avc:  denied  { write } for  pid=269 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   20.169298][   T24] audit: type=1400 audit(1762597931.940:72): avc:  denied  { read } for  pid=267 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   20.194852][  T267] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   20.194862][   T24] audit: type=1400 audit(1762597931.940:73): avc:  denied  { open } for  pid=267 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   21.460771][  T275] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.467941][  T275] bridge0: port 1(bridge_slave_0) entered disabled state
[   21.475510][  T275] device bridge_slave_0 entered promiscuous mode
[   21.482691][  T275] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.489722][  T275] bridge0: port 2(bridge_slave_1) entered disabled state
[   21.497089][  T275] device bridge_slave_1 entered promiscuous mode
[   21.563682][  T276] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.570726][  T276] bridge0: port 1(bridge_slave_0) entered disabled state
[   21.578147][  T276] device bridge_slave_0 entered promiscuous mode
[   21.586239][  T276] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.593346][  T276] bridge0: port 2(bridge_slave_1) entered disabled state
[   21.600685][  T276] device bridge_slave_1 entered promiscuous mode
[   21.650151][  T277] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.657271][  T277] bridge0: port 1(bridge_slave_0) entered disabled state
[   21.664657][  T277] device bridge_slave_0 entered promiscuous mode
[   21.671536][  T277] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.678661][  T277] bridge0: port 2(bridge_slave_1) entered disabled state
[   21.686062][  T277] device bridge_slave_1 entered promiscuous mode
[   21.706119][  T279] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.713197][  T279] bridge0: port 1(bridge_slave_0) entered disabled state
[   21.720416][  T279] device bridge_slave_0 entered promiscuous mode
[   21.729109][  T279] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.736175][  T279] bridge0: port 2(bridge_slave_1) entered disabled state
[   21.743512][  T279] device bridge_slave_1 entered promiscuous mode
[   21.821303][  T275] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.828365][  T275] bridge0: port 2(bridge_slave_1) entered forwarding state
[   21.835630][  T275] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.842657][  T275] bridge0: port 1(bridge_slave_0) entered forwarding state
[   21.850551][  T280] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.857765][  T280] bridge0: port 1(bridge_slave_0) entered disabled state
[   21.865122][  T280] device bridge_slave_0 entered promiscuous mode
[   21.871865][  T280] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.879224][  T280] bridge0: port 2(bridge_slave_1) entered disabled state
[   21.886557][  T280] device bridge_slave_1 entered promiscuous mode
[   21.923448][  T277] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.930498][  T277] bridge0: port 2(bridge_slave_1) entered forwarding state
[   21.937769][  T277] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.944798][  T277] bridge0: port 1(bridge_slave_0) entered forwarding state
[   21.976232][  T279] bridge0: port 2(bridge_slave_1) entered blocking state
[   21.983296][  T279] bridge0: port 2(bridge_slave_1) entered forwarding state
[   21.990540][  T279] bridge0: port 1(bridge_slave_0) entered blocking state
[   21.997578][  T279] bridge0: port 1(bridge_slave_0) entered forwarding state
[   22.006264][  T276] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.014123][  T276] bridge0: port 2(bridge_slave_1) entered forwarding state
[   22.021377][  T276] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.028418][  T276] bridge0: port 1(bridge_slave_0) entered forwarding state
[   22.059151][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   22.067653][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   22.075921][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.083693][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.090892][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.098175][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.105339][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.112590][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.120167][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   22.127600][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   22.141045][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   22.154423][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   22.162912][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.169962][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   22.177468][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   22.186127][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.193164][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   22.213919][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   22.221593][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   22.229820][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.236838][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   22.255049][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   22.263588][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   22.271430][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   22.279770][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   22.298645][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   22.306646][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   22.314882][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.321926][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   22.329580][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   22.337834][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.344869][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   22.352215][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   22.360285][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.367313][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   22.374599][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   22.382507][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   22.402774][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   22.423125][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   22.431066][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   22.444599][  T275] device veth0_vlan entered promiscuous mode
[   22.456433][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   22.464239][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   22.473061][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   22.480924][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   22.489775][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   22.497223][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   22.510173][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   22.518532][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   22.527019][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.534073][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   22.541789][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   22.550108][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   22.558214][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.565243][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   22.572786][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   22.580545][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   22.588486][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   22.596174][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   22.603623][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   22.614999][  T277] device veth0_vlan entered promiscuous mode
[   22.623947][  T279] device veth0_vlan entered promiscuous mode
[   22.630350][  T276] device veth0_vlan entered promiscuous mode
[   22.637863][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   22.646285][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   22.654763][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   22.663157][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   22.670989][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   22.679159][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   22.687571][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   22.695467][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   22.703400][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   22.710776][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   22.718310][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   22.725733][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   22.734779][  T275] device veth1_macvtap entered promiscuous mode
[   22.751301][  T276] device veth1_macvtap entered promiscuous mode
[   22.762243][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   22.769851][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   22.777900][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   22.786014][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   22.794009][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   22.801842][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   22.809995][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   22.818100][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   22.825796][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   22.833918][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   22.842526][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   22.850726][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   22.864589][  T279] device veth1_macvtap entered promiscuous mode
[   22.872364][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   22.880606][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   22.889114][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   22.898249][  T277] device veth1_macvtap entered promiscuous mode
[   22.914513][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   22.922300][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   22.930485][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   22.938998][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   22.947532][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   22.955796][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   22.964086][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   22.972571][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   22.980687][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   22.989069][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   22.997195][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   23.005521][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   23.013781][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   23.031023][  T280] device veth0_vlan entered promiscuous mode
[   23.046838][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   23.047057][  T279] request_module fs-gadgetfs succeeded, but still no fs?
[   23.063777][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   23.072298][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   23.080399][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   23.088901][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   23.096963][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   23.104945][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   23.112401][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   23.126091][  T275] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation
[   23.129084][  T280] device veth1_macvtap entered promiscuous mode
[   23.148262][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   23.156768][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   23.167524][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   23.195786][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   23.204445][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   23.214306][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   23.223486][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   23.314020][  T307] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x205ab87c, utbl_chksum : 0xe619d30d)
[   23.767656][  T328] syz.2.6 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[   23.771229][  T319] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[   24.394929][  T347] EXT4-fs (loop0): couldn't mount as ext3 due to feature incompatibilities
[   24.403808][  T350] erofs: (device loop1): mounted with root inode @ nid 36.
[   24.411404][  T325] F2FS-fs (loop4): Invalid Fs Meta Ino: node(1537) meta(2) root(3)
[   24.419695][  T325] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[   24.435367][  T325] F2FS-fs (loop4): fault_injection options not supported
[   24.444339][  T325] F2FS-fs (loop4): invalid crc value
[   24.451214][  T325] F2FS-fs (loop4): Found nat_bits in checkpoint
[   24.511981][    T5] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   24.650527][  T357] attempt to access beyond end of device
[   24.650527][  T357] loop1: rw=0, want=24, limit=16
[   24.827033][   T24] kauditd_printk_skb: 51 callbacks suppressed
[   24.827045][   T24] audit: type=1400 audit(1762597936.360:125): avc:  denied  { create } for  pid=348 comm="syz.1.13" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   24.872544][  T325] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[   24.879994][  T325] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   24.910324][   T24] audit: type=1400 audit(1762597936.680:126): avc:  denied  { setattr } for  pid=323 comm="syz.4.7" name="/" dev="loop4" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   24.940389][  T276] attempt to access beyond end of device
[   24.940389][  T276] loop4: rw=2049, want=45112, limit=40427
[   24.947719][   T24] audit: type=1400 audit(1762597936.710:127): avc:  denied  { create } for  pid=323 comm="syz.4.7" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[   24.988028][   T24] audit: type=1400 audit(1762597936.710:128): avc:  denied  { write open } for  pid=323 comm="syz.4.7" path="/1/file1/file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   25.052132][    T5] usb 4-1: Using ep0 maxpacket: 16
[   25.147282][   T24] audit: type=1400 audit(1762597936.920:129): avc:  denied  { create } for  pid=370 comm="syz.4.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[   25.182210][    T5] usb 4-1: config 0 has an invalid interface number: 238 but max is 0
[   25.190613][   T24] audit: type=1400 audit(1762597936.960:130): avc:  denied  { create } for  pid=373 comm="syz.0.19" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   25.210073][   T24] audit: type=1400 audit(1762597936.960:131): avc:  denied  { bind } for  pid=373 comm="syz.0.19" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   25.210444][    T5] usb 4-1: config 0 has no interface number 0
[   25.235849][   T24] audit: type=1400 audit(1762597936.960:132): avc:  denied  { name_bind } for  pid=373 comm="syz.0.19" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[   25.267238][   T24] audit: type=1400 audit(1762597936.960:133): avc:  denied  { node_bind } for  pid=373 comm="syz.0.19" saddr=ff02::1 src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1
[   25.289921][   T24] audit: type=1400 audit(1762597937.010:134): avc:  denied  { create } for  pid=370 comm="syz.4.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   25.554283][  T374] FAT-fs (loop0): bogus number of FAT sectors
[   25.663291][  T374] FAT-fs (loop0): Can't find a valid FAT filesystem
[   26.182008][    T5] usb 4-1: Dual-Role OTG device on HNP port
[   26.201992][    T5] usb 4-1: New USB device found, idVendor=0421, idProduct=06aa, bcdDevice=11.10
[   26.211021][    T5] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   26.219179][    T5] usb 4-1: Product: syz
[   26.227105][    T5] usb 4-1: Manufacturer: syz
[   26.231929][    T5] usb 4-1: SerialNumber: syz
[   26.237253][    T5] usb 4-1: config 0 descriptor??
[   26.264431][    T9] Bluetooth: hci0: Frame reassembly failed (-90)
[   26.283093][    T5] usb-storage 4-1:0.238: USB Mass Storage device detected
[   26.299384][    T5] usb-storage 4-1:0.238: Quirks match for vid 0421 pid 06aa: 400
[   29.807805][  T283] Bluetooth: hci0: command 0x1003 tx timeout
[   29.834312][  T283] usb 4-1: USB disconnect, device number 2
[   29.886323][  T409] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   29.901416][   T24] kauditd_printk_skb: 13 callbacks suppressed
[   29.901425][   T24] audit: type=1400 audit(1762597941.660:148): avc:  denied  { write } for  pid=413 comm="syz.2.26" name="vlan0" dev="proc" ino=4026532867 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[   29.934280][  T409] EXT4-fs (loop0): 1 orphan inode deleted
[   29.940029][  T409] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   29.949368][  T409] ext4 filesystem being mounted at /5/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   29.991997][   T24] audit: type=1400 audit(1762597941.740:149): avc:  denied  { write } for  pid=373 comm="syz.0.19" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   30.033119][   T24] audit: type=1400 audit(1762597941.800:150): avc:  denied  { read } for  pid=420 comm="syz.1.27" dev="nsfs" ino=4026532470 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   30.053984][   T24] audit: type=1400 audit(1762597941.800:151): avc:  denied  { open } for  pid=420 comm="syz.1.27" path="net:[4026532470]" dev="nsfs" ino=4026532470 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   30.077031][   T24] audit: type=1400 audit(1762597941.800:152): avc:  denied  { create } for  pid=412 comm="syz.3.25" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   30.096290][   T24] audit: type=1400 audit(1762597941.800:153): avc:  denied  { write } for  pid=412 comm="syz.3.25" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   30.115605][   T24] audit: type=1400 audit(1762597941.810:154): avc:  denied  { create } for  pid=420 comm="syz.1.27" dev="anon_inodefs" ino=14311 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[   30.140182][  T418]  loop2: p1 p2
[   30.143910][  T418] loop2: p1 start 16777216 is beyond EOD, truncated
[   30.154687][  T418] loop2: p2 size 515840 extends beyond EOD, truncated
[   30.268627][   T24] audit: type=1400 audit(1762597942.040:155): avc:  denied  { read } for  pid=423 comm="syz.0.28" name="kvm" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[   30.272957][  T424] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   30.291120][   T24] audit: type=1400 audit(1762597942.050:156): avc:  denied  { open } for  pid=423 comm="syz.0.28" path="/dev/kvm" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[   30.594738][  T415] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_lock,noquota,errors=remount-ro,grpquota,
[   30.609601][   T24] audit: type=1400 audit(1762597942.050:157): avc:  denied  { ioctl } for  pid=423 comm="syz.0.28" path="/dev/kvm" dev="devtmpfs" ino=82 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[   30.750908][  T438] device bridge_slave_1 left promiscuous mode
[   30.757326][  T438] bridge0: port 2(bridge_slave_1) entered disabled state
[   30.765602][  T438] device bridge_slave_0 left promiscuous mode
[   30.772149][  T438] bridge0: port 1(bridge_slave_0) entered disabled state
[   30.812186][    T7] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters
[   30.827277][    T7] EXT4-fs (loop3): Remounting filesystem read-only
[   31.102574][  T445] F2FS-fs (loop3): fault_injection options not supported
[   31.109717][  T445] F2FS-fs (loop3): fault_type options not supported
[   31.116551][  T445] F2FS-fs (loop3): Project quota feature not enabled. Cannot enable project quota enforcement.
[   31.296748][  T448] ======================================================
[   31.296748][  T448] WARNING: the mand mount option is being deprecated and
[   31.296748][  T448]          will be removed in v5.15!
[   31.296748][  T448] ======================================================
[   31.324319][  T448] incfs: Can't find or create .index dir in ./file0
[   31.340971][  T448] incfs: mount failed -14
[   31.342343][  T450] capability: warning: `syz.2.34' uses deprecated v2 capabilities in a way that may be insecure
[   32.483097][    T5] Bluetooth: hci0: command 0x1001 tx timeout
[   32.497633][  T395] Bluetooth: hci0: sending frame failed (-49)
[   33.946534][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[   33.998479][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   34.006982][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[   34.015210][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   34.023534][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   34.031599][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   34.041923][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   34.049981][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   34.059505][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth3: link becomes ready
[   34.067216][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth2: link becomes ready
[   34.080121][  T474] netlink: 'syz.0.41': attribute type 4 has an invalid length.
[   34.091363][  T474] netlink: 'syz.0.41': attribute type 4 has an invalid length.
[   34.211226][  T485] netlink: 72 bytes leftover after parsing attributes in process `syz.1.43'.
[   34.244286][  T484] binfmt_misc: register: failed to install interpreter file ./file0
[   34.312546][  T485] EXT4-fs (loop1): orphan cleanup on readonly fs
[   34.319413][  T485] EXT4-fs error (device loop1): ext4_acquire_dquot:6226: comm syz.1.43: Failed to acquire dquot type 1
[   34.331405][  T485] EXT4-fs (loop1): 1 truncate cleaned up
[   34.337308][  T485] EXT4-fs (loop1): mounted filesystem without journal. Opts: noinit_itable,,errors=continue
[   34.496892][  T489] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
[   34.509012][  T489] ext4 filesystem being mounted at /8/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   34.572231][  T283] Bluetooth: hci0: command 0x1009 tx timeout
[   34.713006][  T496] F2FS-fs (loop2): fault_injection options not supported
[   34.730170][  T496] F2FS-fs (loop2): fault_type options not supported
[   34.738715][  T496] F2FS-fs (loop2): invalid crc value
[   34.745585][  T496] F2FS-fs (loop2): Found nat_bits in checkpoint
[   34.765824][  T496] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   34.789462][  T501] netlink: 104 bytes leftover after parsing attributes in process `syz.1.47'.
[   34.803481][  T502] attempt to access beyond end of device
[   34.803481][  T502] loop2: rw=2049, want=45104, limit=40427
[   34.928981][   T24] kauditd_printk_skb: 31 callbacks suppressed
[   34.928992][   T24] audit: type=1326 audit(1762597946.700:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=523 comm="syz.1.52" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a2d26f6c9 code=0x7ffc0000
[   34.958842][   T24] audit: type=1326 audit(1762597946.710:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=523 comm="syz.1.52" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f2a2d26df10 code=0x7ffc0000
[   34.982897][   T24] audit: type=1326 audit(1762597946.710:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=523 comm="syz.1.52" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f2a2d26df10 code=0x7ffc0000
[   35.001712][  T524] netlink: 16 bytes leftover after parsing attributes in process `syz.0.50'.
[   35.006004][   T24] audit: type=1326 audit(1762597946.710:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=523 comm="syz.1.52" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a2d26f6c9 code=0x7ffc0000
[   35.037800][   T24] audit: type=1326 audit(1762597946.710:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=523 comm="syz.1.52" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a2d26f6c9 code=0x7ffc0000
[   35.060865][   T24] audit: type=1326 audit(1762597946.710:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=523 comm="syz.1.52" exe="/root/syz-executor" sig=0 arch=c000003e syscall=264 compat=0 ip=0x7f2a2d26f6c9 code=0x7ffc0000
[   35.093588][   T24] audit: type=1326 audit(1762597946.710:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=523 comm="syz.1.52" exe="/root/syz-executor" sig=0 arch=c000003e syscall=264 compat=0 ip=0x7f2a2d26f6c9 code=0x7ffc0000
[   35.131472][   T24] audit: type=1326 audit(1762597946.710:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=523 comm="syz.1.52" exe="/root/syz-executor" sig=0 arch=c000003e syscall=264 compat=0 ip=0x7f2a2d26f6c9 code=0x7ffc0000
[   35.160470][  T532] fuse: Bad value for 'user_id'
[   35.178860][   T24] audit: type=1326 audit(1762597946.710:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=523 comm="syz.1.52" exe="/root/syz-executor" sig=0 arch=c000003e syscall=264 compat=0 ip=0x7f2a2d26f6c9 code=0x7ffc0000
[   35.202248][   T24] audit: type=1326 audit(1762597946.710:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=523 comm="syz.1.52" exe="/root/syz-executor" sig=0 arch=c000003e syscall=264 compat=0 ip=0x7f2a2d26f6c9 code=0x7ffc0000
[   35.452712][  T550] netlink: 28 bytes leftover after parsing attributes in process `syz.1.59'.
[   35.493611][  T542] EXT4-fs (loop2): mounted filesystem without journal. Opts: bsdgroups,jqfmt=vfsv1,,errors=continue
[   35.522220][  T547] incfs: Can't find or create .incomplete dir in ./file0
[   35.529696][  T547] incfs: mount failed -28
[   35.586289][  T541] F2FS-fs (loop3): Wrong segment_count / block_count (31 > 0)
[   35.603954][  T541] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[   35.654438][  T541] F2FS-fs (loop3): Unrecognized mount option "18446744073709551615" or missing value
[   35.916639][  T569] netlink: 16 bytes leftover after parsing attributes in process `syz.0.63'.
[   35.992392][  T542] EXT4-fs error (device loop2): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   36.007484][  T542] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28
[   36.013612][  T560] EXT4-fs (loop3): Unrecognized mount option "mb_optimize_scan=0x0000000000000001" or missing value
[   36.031069][  T542] EXT4-fs (loop2): This should not happen!! Data will be lost
[   36.031069][  T542] 
[   36.041050][  T542] EXT4-fs (loop2): Total free blocks count 0
[   36.047453][  T542] EXT4-fs (loop2): Free/Dirty block details
[   36.053380][  T542] EXT4-fs (loop2): free_blocks=2415919104
[   36.059120][  T542] EXT4-fs (loop2): dirty_blocks=8192
[   36.064479][  T542] EXT4-fs (loop2): Block reservation details
[   36.070462][  T542] EXT4-fs (loop2): i_reserved_data_blocks=512
[   36.147250][    T7] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28
[   36.160268][    T7] EXT4-fs (loop2): This should not happen!! Data will be lost
[   36.160268][    T7] 
[   36.452002][  T298] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[   36.476062][  T593] FAT-fs (loop2): Unrecognized mount option "shortname=w��ë�Hin95" or missing value
[   36.678398][  T600] capability: warning: `syz.4.72' uses 32-bit capabilities (legacy support in use)
[   36.842085][  T298] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 8
[   36.862384][  T603] EXT4-fs (loop4): Quota format mount options ignored when QUOTA feature is enabled
[   36.871955][  T603] EXT4-fs (loop4): Ignoring removed bh option
[   36.874453][  T298] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 64
[   36.878131][  T603] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945)
[   36.922245][  T603] EXT4-fs (loop4): revision level too high, forcing read-only mode
[   36.966678][  T603] EXT4-fs (loop4): orphan cleanup on readonly fs
[   37.098968][  T603] EXT4-fs error (device loop4): ext4_ext_check_inode:500: inode #3: comm syz.4.73: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 2(4), depth 0(0)
[   37.125997][  T606] EXT4-fs (loop1): Ignoring removed mblk_io_submit option
[   37.162071][  T298] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   37.182098][  T603] EXT4-fs (loop4): Remounting filesystem read-only
[   37.188675][  T603] EXT4-fs error (device loop4): ext4_quota_enable:6450: comm syz.4.73: Bad quota inode: 3, type: 0
[   37.190450][  T298] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   37.208176][  T298] usb 4-1: Product: syz
[   37.213051][  T606] EXT4-fs (loop1): Test dummy encryption mode enabled
[   37.220323][  T298] usb 4-1: Manufacturer: syz
[   37.225111][  T606] EXT4-fs (loop1): Quota format mount options ignored when QUOTA feature is enabled
[   37.229797][  T603] EXT4-fs warning (device loop4): ext4_enable_quotas:6491: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix.
[   37.234766][  T298] usb 4-1: SerialNumber: syz
[   37.269079][  T606] EXT4-fs (loop1): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000008000000,mblk_io_submit,data_err=abort,test_dummy_encryption,jqfmt=vfsv0,nodelalloc,noquota,debug_want_extra_isize=0x0000000000000040,,errors=continue
[   37.281948][  T603] EXT4-fs (loop4): Cannot turn on quotas: error -117
[   37.311941][  T603] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsv0,errors=remount-ro,bh,dioread_lock,
[   37.382022][  T606] fscrypt: AES-256-CTS-CBC using implementation "cts(cbc-aes-aesni)"
[   37.512133][  T586] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[   37.534888][    T5] kernel write not supported for file bpf-prog (pid: 5 comm: kworker/0:0)
[   37.551986][  T298] cdc_ncm 4-1:1.0: bind() failure
[   37.563871][  T298] cdc_ncm 4-1:1.1: bind() failure
[   37.574541][  T298] usb 4-1: USB disconnect, device number 3
[   37.635115][  T638] EXT4-fs (loop4): Ignoring removed mblk_io_submit option
[   37.656416][  T647] netlink: 96 bytes leftover after parsing attributes in process `syz.1.83'.
[   37.684034][  T649] EXT4-fs error (device loop2): ext4_orphan_get:1395: inode #15: comm syz.2.84: casefold flag without casefold feature
[   37.686096][  T638] EXT4-fs (loop4): mounted filesystem without journal. Opts: debug_want_extra_isize=0x0000000000000004,usrjquota=,errors=remount-ro,sysvgroups,max_batch_time=0x0000000000000006,mblk_io_submit,nobarrier,barrier=0x0000000000000000,nombcache,nodioread_nolock,
[   37.697023][  T649] EXT4-fs error (device loop2): ext4_orphan_get:1400: comm syz.2.84: couldn't read orphan inode 15 (err -117)
[   37.733229][  T649] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[   37.752019][   T15] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   37.860771][  T664] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[   37.935023][  T666] netlink: 72 bytes leftover after parsing attributes in process `syz.4.81'.
[   37.943894][  T666] netlink: 40 bytes leftover after parsing attributes in process `syz.4.81'.
[   37.952702][  T666] netlink: 40 bytes leftover after parsing attributes in process `syz.4.81'.
[   38.358268][  T664] EXT4-fs (loop2): orphan cleanup on readonly fs
[   38.402103][  T298] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[   38.411971][    C0] tpacket_rcv: packet too big, clamped from 70 to 4294967286. macoff=82
[   38.413382][  T664] EXT4-fs error (device loop2): ext4_orphan_get:1421: comm syz.2.86: bad orphan inode 13
[   38.431587][  T664] ext4_test_bit(bit=12, block=18) = 1
[   38.437147][  T664] is_bad_inode(inode)=0
[   38.441721][  T664] NEXT_ORPHAN(inode)=2130706432
[   38.447121][  T664] max_ino=32
[   38.450419][  T664] i_nlink=1
[   38.454206][  T664] EXT4-fs (loop2): mounted filesystem without journal. Opts: min_batch_time=0x0000000000000006,,errors=continue
[   38.604202][  T664] EXT4-fs error (device loop2): ext4_lookup:1834: inode #2: comm syz.2.86: deleted inode referenced: 12
[   38.671980][  T298] usb 4-1: Using ep0 maxpacket: 16
[   38.719500][  T660]  loop1: p1 p2 < > p3 < p5 >
[   38.724272][  T660] loop1: partition table partially beyond EOD, truncated
[   38.731379][  T660] loop1: p1 start 4043309312 is beyond EOD, truncated
[   38.738266][  T660] loop1: p2 start 4278190080 is beyond EOD, truncated
[   38.745462][  T660] loop1: p5 start 4043309312 is beyond EOD, truncated
[   38.802012][  T298] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   38.812892][  T298] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   38.822789][  T298] usb 4-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[   38.831821][  T298] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   38.836633][  T671] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[   38.841236][  T298] usb 4-1: config 0 descriptor??
[   38.849415][  T671] EXT4-fs (loop2): invalid journal inode
[   38.853258][   T95]  loop1: p1 p2 < > p3 < p5 >
[   38.858841][  T671] EXT4-fs (loop2): can't get journal size
[   38.863467][   T95] loop1: partition table partially beyond EOD, truncated
[   38.870390][  T671] EXT4-fs (loop2): 1 truncate cleaned up
[   38.882316][   T95] loop1: p1 start 4043309312 is beyond EOD, truncated
[   38.884360][   T15] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   38.900189][   T95] loop1: p2 start 4278190080 is beyond EOD, truncated
[   38.903398][  T671] EXT4-fs (loop2): mounted filesystem without journal. Opts: noload,,errors=continue
[   38.908345][   T95] loop1: p5 start 4043309312 is beyond EOD, truncated
[   38.916634][   T15] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   38.933501][   T15] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[   38.946423][   T15] usb 1-1: New USB device found, idVendor=0810, idProduct=0002, bcdDevice= 0.00
[   38.955509][   T15] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   38.964016][   T15] usb 1-1: config 0 descriptor??
[   39.239178][  T314] udevd[314]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory
[   39.268234][  T314] udevd[314]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory
[   39.452965][   T15] pantherlord 0003:0810:0002.0001: item fetching failed at offset 6/7
[   39.463425][   T15] pantherlord 0003:0810:0002.0001: parse failed
[   39.464464][  T298] hid-multitouch 0003:1FD2:6007.0002: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.3-1/input0
[   39.470538][   T15] pantherlord: probe of 0003:0810:0002.0001 failed with error -22
[   39.582469][  T684] FAT-fs (loop1): Unrecognized mount option "shortname=w��ë�Hin95" or missing value
[   39.662659][  T635] netlink: 4 bytes leftover after parsing attributes in process `syz.3.80'.
[   39.672033][   T25] usb 1-1: USB disconnect, device number 2
[   40.155609][   T24] kauditd_printk_skb: 298 callbacks suppressed
[   40.155621][   T24] audit: type=1326 audit(1762597951.930:495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=688 comm="syz.4.91" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b5ed406c9 code=0x7ffc0000
[   40.185280][   T24] audit: type=1326 audit(1762597951.960:496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=688 comm="syz.4.91" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b5ed406c9 code=0x7ffc0000
[   40.215461][   T24] audit: type=1326 audit(1762597951.980:497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=692 comm="syz.4.91" exe="/root/syz-executor" sig=0 arch=c000003e syscall=219 compat=0 ip=0x7f1b5ed72f85 code=0x7ffc0000
[   40.238713][   T24] audit: type=1326 audit(1762597951.980:498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=692 comm="syz.4.91" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7f1b5ed406c9 code=0x7ffc0000
[   40.297139][  T704] netlink: 12 bytes leftover after parsing attributes in process `syz.0.93'.
[   40.318988][   T24] audit: type=1400 audit(1762597952.040:499): avc:  denied  { create } for  pid=697 comm="syz.0.92" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[   40.462596][    T5] usb 4-1: USB disconnect, device number 4
[   40.651965][   T15] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   40.683248][   T24] audit: type=1400 audit(1762597952.460:500): avc:  denied  { map } for  pid=708 comm="syz.4.95" path="/dev/ashmem" dev="devtmpfs" ino=263 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   40.760148][   T24] audit: type=1400 audit(1762597952.530:501): avc:  denied  { name_bind } for  pid=711 comm="syz.1.96" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[   40.794793][   T24] audit: type=1400 audit(1762597952.560:502): avc:  denied  { node_bind } for  pid=711 comm="syz.1.96" saddr=::ffff:127.0.0.1 src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   40.857426][  T712] EXT4-fs (loop1): Project quota feature not enabled. Cannot enable project quota enforcement.
[   40.893253][   T24] audit: type=1326 audit(1762597952.670:503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=723 comm="syz.1.100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a2d26f6c9 code=0x7ffc0000
[   40.916836][   T24] audit: type=1326 audit(1762597952.670:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=723 comm="syz.1.100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a2d26f6c9 code=0x7ffc0000
[   41.031991][  T733] x_tables: duplicate underflow at hook 1
[   41.040101][  T728] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[   41.049344][  T742] incfs: Options parsing error. -22
[   41.053337][  T728] ext4 filesystem being mounted at /27/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   41.054729][   T15] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   41.076300][  T742] incfs: mount failed -22
[   41.092378][   T15] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1023
[   41.272013][   T15] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   41.281205][   T15] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   41.289554][   T15] usb 1-1: Product: syz
[   41.293827][   T15] usb 1-1: Manufacturer: syz
[   41.298452][   T15] usb 1-1: SerialNumber: syz
[   41.304810][  T747] EXT4-fs error (device loop3): ext4_orphan_get:1395: inode #15: comm syz.3.107: casefold flag without casefold feature
[   41.318606][  T747] EXT4-fs error (device loop3): ext4_orphan_get:1400: comm syz.3.107: couldn't read orphan inode 15 (err -117)
[   41.330697][  T747] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
[   41.432325][  T773] FAT-fs (loop1): Unrecognized mount option "shortname=w��ë�Hin95" or missing value
[   41.552988][  T707] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[   41.882187][  T707] udc-core: couldn't find an available UDC or it's busy
[   41.889888][  T707] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[   42.202653][  T787] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
[   42.213718][  T787] ext4 filesystem being mounted at /16/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   42.220683][  T800] fuse: Unknown parameter 'fowner'
[   42.308384][  T803] EXT4-fs (loop2): Test dummy encryption mode enabled
[   42.330200][  T803] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[   42.338630][  T707] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[   42.345964][  T803] System zones: 0-5
[   42.350829][  T803] EXT4-fs (loop2): mounted filesystem without journal. Opts: debug,delalloc,journal_ioprio=0x0000000000000000,test_dummy_encryption,nodiscard,min_batch_time=0x0000000000000004,acl,debug_want_extra_isize=0x0000000000000040,,errors=continue
[   42.531645][  T812] binder: 809:812 ioctl c0306201 200000000580 returned -14
[   42.733587][   T15] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[   42.740089][   T15] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[   42.747628][   T15] cdc_ncm 1-1:1.0: setting rx_max = 2048
[   42.831986][   T15] cdc_ncm 1-1:1.0: setting tx_max = 88
[   42.840342][   T15] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM, 42:42:42:42:42:42
[   42.878365][   T15] usb 1-1: USB disconnect, device number 3
[   42.890733][   T15] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM
[   43.142514][  T834] FAT-fs (loop2): Unrecognized mount option "shortname=w��ë�Hin95" or missing value
[   43.827018][  T855] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[   43.861459][  T870] process 'syz.2.128' launched '/dev/fd/6' with NULL argv: empty string added
[   43.868371][  T855] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[   43.879698][  T855] F2FS-fs (loop4): invalid crc value
[   43.886895][  T855] F2FS-fs (loop4): Found nat_bits in checkpoint
[   43.902342][  T815] F2FS-fs (loop3): Segment count (31) mismatch with total segments from devices (0)
[   43.915701][  T815] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[   43.933154][  T815] F2FS-fs (loop3): invalid crc value
[   43.952155][  T855] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[   43.959208][  T855] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   43.971669][  T815] F2FS-fs (loop3): Found nat_bits in checkpoint
[   44.081426][  T815] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[   44.088613][  T815] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[   46.545052][   T24] kauditd_printk_skb: 441 callbacks suppressed
[   46.545072][   T24] audit: type=1400 audit(1762597958.320:946): avc:  denied  { connect } for  pid=893 comm="syz.2.132" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   46.635779][   T24] audit: type=1400 audit(1762597958.350:947): avc:  denied  { listen } for  pid=893 comm="syz.2.132" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   46.655877][   T24] audit: type=1400 audit(1762597958.350:948): avc:  denied  { wake_alarm } for  pid=893 comm="syz.2.132" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   47.021957][   T24] audit: type=1400 audit(1762597958.620:949): avc:  denied  { mounton } for  pid=896 comm="syz.4.130" path="/18/file0" dev="tmpfs" ino=116 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[   47.112455][  T902] mmap: syz.1.133 (902) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst.
[   47.134373][  T908] syz.2.136[908] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   47.134433][  T908] syz.2.136[908] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   47.155921][  T902] Zero length message leads to an empty skb
[   47.173532][   T24] audit: type=1400 audit(1762597958.790:950): avc:  denied  { ioctl } for  pid=905 comm="syz.0.134" path="socket:[16193]" dev="sockfs" ino=16193 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   47.310948][   T24] audit: type=1400 audit(1762597958.820:951): avc:  denied  { unmount } for  pid=276 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[   47.713155][   T24] audit: type=1326 audit(1762597959.490:952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=922 comm="syz.3.131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e66f696c9 code=0x7ffc0000
[   48.027997][   T24] audit: type=1326 audit(1762597959.510:953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=922 comm="syz.3.131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e66f696c9 code=0x7ffc0000
[   48.051256][   T24] audit: type=1326 audit(1762597959.510:954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=922 comm="syz.3.131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e66f696c9 code=0x7ffc0000
[   48.074458][   T24] audit: type=1326 audit(1762597959.510:955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=922 comm="syz.3.131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f1e66f696c9 code=0x7ffc0000
[   48.098251][  T918] FAT-fs (loop0): Unrecognized mount option "shortname=w��ë�Hin95" or missing value
[   48.110527][  T908] EXT4-fs (loop2): mounted filesystem without journal. Opts: usrquota,nojournal_checksum,,errors=continue
[   48.129423][  T908] ext4 filesystem being mounted at /38/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   48.202481][  T908] EXT4-fs error (device loop2): ext4_xattr_block_get:546: inode #12: comm syz.2.136: corrupted xattr block 6
[   48.254176][  T908] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=12
[   48.265164][  T931] netlink: 20 bytes leftover after parsing attributes in process `syz.2.136'.
[   48.274493][  T908] EXT4-fs error (device loop2): ext4_xattr_block_get:546: inode #12: comm syz.2.136: corrupted xattr block 6
[   48.287861][  T908] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop2 ino=12
[   48.303360][  T908] EXT4-fs error (device loop2): ext4_xattr_block_get:546: inode #12: comm syz.2.136: corrupted xattr block 6
[   48.364347][  T930] EXT4-fs (loop4): mounted filesystem without journal. Opts: bsddf,data_err=ignore,,errors=continue
[   49.558860][  T944] FAT-fs (loop1): Unrecognized mount option "check=relaxdd" or missing value
[   51.186545][    T7] Bluetooth: hci0: Frame reassembly failed (-84)
[   51.601994][   T15] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   51.621484][  T970] bridge: RTM_NEWNEIGH with invalid ether address
[   51.802631][  T992] EXT4-fs (loop0): Test dummy encryption mode enabled
[   51.809602][  T992] EXT4-fs (loop0): Ignoring removed nobh option
[   51.817306][  T992] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a843c01c, mo2=0003]
[   51.825558][  T992] System zones: 0-5
[   51.830016][  T992] __quota_error: 102 callbacks suppressed
[   51.830027][  T992] Quota error (device loop0): v2_read_file_info: Free block number too big (1048320 >= 6).
[   51.846237][  T992] EXT4-fs warning (device loop0): ext4_enable_quotas:6491: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix.
[   51.846336][   T15] usb 5-1: Using ep0 maxpacket: 8
[   51.862935][  T992] EXT4-fs (loop0): mount failed
[   52.012025][   T15] usb 5-1: config 0 has an invalid interface number: 255 but max is 0
[   52.030378][   T15] usb 5-1: config 0 has no interface number 0
[   52.041998][   T15] usb 5-1: New USB device found, idVendor=0403, idProduct=da73, bcdDevice= 8.d0
[   52.061839][   T15] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   52.084992][   T15] usb 5-1: config 0 descriptor??
[   52.122843][   T15] usb 5-1: NDI device with a latency value of 1
[   52.174168][  T999] F2FS-fs (loop2): fault_injection options not supported
[   52.187119][  T999] F2FS-fs (loop2): invalid crc value
[   52.212734][  T999] F2FS-fs (loop2): Found nat_bits in checkpoint
[   52.250264][  T999] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   52.326110][ T1008] EXT4-fs (loop0): bad geometry: block count 33554432 exceeds size of device (512 blocks)
[   52.341964][   T15] ftdi_sio 5-1:0.255: FTDI USB Serial Device converter detected
[   52.349926][   T15] usb 5-1: Detected FT232RL
[   52.371973][   T15] ftdi_sio ttyUSB0: Unable to read latency timer: -71
[   52.391956][   T15] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[   52.411949][   T15] ftdi_sio 5-1:0.255: GPIO initialisation failed: -71
[   52.419183][   T15] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0
[   52.430147][   T15] usb 5-1: USB disconnect, device number 2
[   52.436976][   T15] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[   52.446625][   T15] ftdi_sio 5-1:0.255: device disconnected
[   52.511006][ T1015] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability
[   53.093862][ T1020] FAT-fs (loop0): Unrecognized mount option "shortname=w��ë�Hin95" or missing value
[   53.258991][   T24] audit: type=1400 audit(1762597965.030:1058): avc:  denied  { setopt } for  pid=1023 comm="syz.3.162" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   53.567090][  T279] attempt to access beyond end of device
[   53.567090][  T279] loop2: rw=2049, want=45104, limit=40427
[   53.773613][   T15] Bluetooth: hci0: command 0x1003 tx timeout
[   53.779730][  T395] Bluetooth: hci0: sending frame failed (-49)
[   53.848587][   T24] audit: type=1400 audit(1762597965.610:1059): avc:  denied  { connect } for  pid=1031 comm="syz.3.164" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   54.046904][   T24] audit: type=1400 audit(1762597965.610:1060): avc:  denied  { write } for  pid=1031 comm="syz.3.164" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   54.081930][   T24] audit: type=1400 audit(1762597965.620:1061): avc:  denied  { remount } for  pid=1031 comm="syz.3.164" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[   54.157675][   T24] audit: type=1400 audit(1762597965.930:1062): avc:  denied  { bind } for  pid=1044 comm="syz.2.163" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   54.177905][   T24] audit: type=1400 audit(1762597965.950:1063): avc:  denied  { listen } for  pid=1044 comm="syz.2.163" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   54.197861][   T24] audit: type=1400 audit(1762597965.950:1064): avc:  denied  { accept } for  pid=1044 comm="syz.2.163" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   54.230208][ T1050] bridge: RTM_NEWNEIGH with invalid ether address
[   54.413885][ T1052] F2FS-fs (loop4): invalid crc value
[   54.420566][ T1052] F2FS-fs (loop4): Found nat_bits in checkpoint
[   54.446031][ T1052] F2FS-fs (loop4): Start checkpoint disabled!
[   54.462809][ T1052] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[   54.521234][    T7] attempt to access beyond end of device
[   54.521234][    T7] loop4: rw=2049, want=40968, limit=40427
[   54.532627][    T7] attempt to access beyond end of device
[   54.532627][    T7] loop4: rw=2049, want=40984, limit=40427
[   54.650838][ T1064] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d)
[   54.663527][ T1064] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186)
[   54.999547][ T1073] EXT4-fs (loop3): Journaled quota options ignored when QUOTA feature is enabled
[   55.010361][ T1073] EXT4-fs (loop3): Test dummy encryption mode enabled
[   55.021411][ T1073] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[   55.029680][ T1073] System zones: 0-5
[   55.036923][ T1073] EXT4-fs (loop3): mounted filesystem without journal. Opts: debug,grpjquota=./file0,resuid=0x0000000000000000,test_dummy_encryption,errors=continue,data_err=ignore,delalloc,barrier,min_batch_time=0x0000000000000009,,errors=continue
[   55.084363][   T24] audit: type=1400 audit(1762597966.860:1065): avc:  denied  { append } for  pid=1072 comm="syz.3.172" name="file0" dev="loop3" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   55.107617][ T1073] fs-verity: sha512 using implementation "sha512-avx2"
[   55.128497][ T1078] kvm: pic: non byte write
[   55.383642][ T1091] FAT-fs (loop3): Unrecognized mount option "shortname=w��ë�Hin95" or missing value
[   55.711655][   T24] audit: type=1400 audit(1762597967.480:1066): avc:  denied  { append } for  pid=1093 comm="syz.4.178" name="kvm" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[   55.861965][  T380] Bluetooth: hci0: command 0x1001 tx timeout
[   55.880934][  T395] Bluetooth: hci0: sending frame failed (-49)
[   56.110127][ T1105] device veth1_macvtap left promiscuous mode
[   56.177330][ T1108] kvm: MWAIT instruction emulated as NOP!
[   56.183823][ T1108] kvm: emulating exchange as write
[   56.301864][    C0] sched: RT throttling activated
[   56.590915][  T297] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   56.831952][  T297] usb 1-1: Using ep0 maxpacket: 16
[   57.289818][   T24] kauditd_printk_skb: 4 callbacks suppressed
[   57.289850][   T24] audit: type=1400 audit(1762597969.000:1071): avc:  denied  { sys_admin } for  pid=1120 comm="syz.4.185" capability=21  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[   57.423159][  T297] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00
[   57.432282][  T297] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   57.440272][  T297] usb 1-1: Product: syz
[   57.444471][  T297] usb 1-1: Manufacturer: syz
[   57.449064][  T297] usb 1-1: SerialNumber: syz
[   57.477530][  T297] usb 1-1: config 0 descriptor??
[   57.504824][ T1137] EXT4-fs (loop2): Ignoring removed nobh option
[   57.511215][ T1137] EXT4-fs (loop2): Ignoring removed bh option
[   57.517418][ T1137] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   57.532607][  T297] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected
[   57.535901][ T1137] EXT4-fs (loop2): mounted filesystem without journal. Opts: delalloc,nombcache,barrier,dioread_lock,stripe=0x0000000000000008,resgid=0x0000000000000000,data_err=ignore,jqfmt=vfsv0,nobh,user_xattr,bh,dioread_nolock,,errors=continue
[   57.540448][  T297] usb 1-1: Detected FT232H
[   57.800879][   T24] audit: type=1400 audit(1762597969.570:1072): avc:  denied  { load_policy } for  pid=1081 comm="syz.0.175" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[   57.929029][ T1083] SELinux: ebitmap: map size 83886144 does not match my size 64 (high bit was -989855680)
[   57.941158][ T1083] SELinux: failed to load policy
[   57.946392][  T380] Bluetooth: hci0: command 0x1009 tx timeout
[   57.992000][  T403] usb 4-1: new full-speed USB device number 5 using dummy_hcd
[   58.164549][   T24] audit: type=1400 audit(1762597969.940:1073): avc:  denied  { ioctl } for  pid=1081 comm="syz.0.175" path="socket:[18576]" dev="sockfs" ino=18576 ioctlcmd=0x7437 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   58.182001][  T297] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[   58.362227][  T403] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   58.372805][  T403] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[   58.384152][  T403] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[   58.398239][   T24] audit: type=1404 audit(1762597970.170:1074): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295 enabled=1 old-enabled=1 lsm=selinux res=1
[   58.414272][   T24] audit: type=1400 audit(1762597970.190:1075): avc:  denied  { ioctl } for  pid=1128 comm="syz.3.189" path="/dev/raw-gadget" dev="devtmpfs" ino=253 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=0
[   58.441451][   T24] audit: type=1400 audit(1762597970.190:1076): avc:  denied  { mounton } for  pid=1128 comm="syz.3.189" path="/29" dev="tmpfs" ino=187 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=0
[   58.463545][  T403] usb 4-1: string descriptor 0 read error: -71
[   58.469855][  T403] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   58.479169][  T403] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   58.483391][   T24] audit: type=1404 audit(1762597970.190:1077): enforcing=0 old_enforcing=1 auid=4294967295 ses=4294967295 enabled=1 old-enabled=1 lsm=selinux res=1
[   58.502200][   T24] audit: type=1400 audit(1762597970.200:1078): avc:  denied  { create } for  pid=1151 comm="syz.2.193" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   58.512032][  T403] usb 4-1: can't set config #1, error -71
[   58.522592][   T24] audit: type=1400 audit(1762597970.200:1079): avc:  denied  { prog_load } for  pid=1151 comm="syz.2.193" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   58.547510][   T24] audit: type=1400 audit(1762597970.200:1080): avc:  denied  { bpf } for  pid=1151 comm="syz.2.193" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   58.550509][  T403] usb 4-1: USB disconnect, device number 5
[   58.793598][ T1156] FAT-fs (loop2): Unrecognized mount option "shortname=w��ë�Hin95" or missing value
[   59.096084][ T1159] tipc: Started in network mode
[   59.177495][ T1159] tipc: Own node identity 525caec3ac3a, cluster identity 4711
[   59.232675][ T1159] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   59.286468][ T1164] EXT4-fs error (device loop3): ext4_orphan_get:1395: inode #15: comm syz.3.196: iget: bad extended attribute block 1
[   59.338353][ T1164] EXT4-fs error (device loop3): ext4_orphan_get:1400: comm syz.3.196: couldn't read orphan inode 15 (err -117)
[   59.363155][ T1159] tipc: Disabling bearer <eth:syzkaller0>
[   59.379595][ T1164] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,resgid=0x000000000000ee00,acl,noload,journal_dev=0x0000000000000003,nodiscard,,errors=continue
[   59.505547][ T1169] netlink: 8 bytes leftover after parsing attributes in process `syz.4.197'.
[   59.530243][  T277] EXT4-fs error (device loop3): ext4_readdir:263: inode #11: block 20: comm syz-executor: path /30/file0/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=393216, rec_len=0, size=1024 fake=0
[   59.553900][  T277] EXT4-fs error (device loop3): ext4_empty_dir:3115: inode #11: block 20: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=6144, inode=393216, rec_len=0, size=1024 fake=0
[   59.594221][  T277] EXT4-fs error (device loop3): ext4_readdir:263: inode #11: block 20: comm syz-executor: path /30/file0/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=393216, rec_len=0, size=1024 fake=0
[   59.627328][  T277] EXT4-fs error (device loop3): ext4_empty_dir:3115: inode #11: block 20: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=6144, inode=393216, rec_len=0, size=1024 fake=0
[   59.647830][  T277] EXT4-fs error (device loop3): ext4_readdir:263: inode #11: block 20: comm syz-executor: path /30/file0/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=393216, rec_len=0, size=1024 fake=0
[   59.670916][  T277] EXT4-fs error (device loop3): ext4_empty_dir:3115: inode #11: block 20: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=6144, inode=393216, rec_len=0, size=1024 fake=0
[   59.691262][  T277] EXT4-fs error (device loop3): ext4_readdir:263: inode #11: block 20: comm syz-executor: path /30/file0/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=393216, rec_len=0, size=1024 fake=0
[   59.720700][  T277] EXT4-fs error (device loop3): ext4_empty_dir:3115: inode #11: block 20: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=6144, inode=393216, rec_len=0, size=1024 fake=0
[   59.741742][  T277] EXT4-fs error (device loop3): ext4_readdir:263: inode #11: block 20: comm syz-executor: path /30/file0/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=393216, rec_len=0, size=1024 fake=0
[   59.764340][  T277] EXT4-fs error (device loop3): ext4_empty_dir:3115: inode #11: block 20: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=6144, inode=393216, rec_len=0, size=1024 fake=0
[   59.792122][  T297] ftdi_sio 1-1:0.0: GPIO initialisation failed: -71
[   60.118837][  T297] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0
[   60.265398][ T1184] EXT4-fs (loop2): mounted filesystem without journal. Opts: sb=0x0000000000000001,nodioread_nolock,,errors=continue
[   60.277967][ T1184] ext4 filesystem being mounted at /55/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   60.537571][  T297] usb 1-1: USB disconnect, device number 4
[   60.572945][  T297] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[   60.588947][  T297] ftdi_sio 1-1:0.0: device disconnected
[   60.770614][ T1196] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.777903][ T1196] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.788632][ T1196] device bridge_slave_0 entered promiscuous mode
[   60.795791][ T1196] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.803025][ T1196] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.810456][ T1196] device bridge_slave_1 entered promiscuous mode
[   60.848712][ T1196] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.855768][ T1196] bridge0: port 2(bridge_slave_1) entered forwarding state
[   60.863030][ T1196] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.870056][ T1196] bridge0: port 1(bridge_slave_0) entered forwarding state
[   60.890121][ T1100] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   60.897791][ T1100] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.905490][ T1100] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.914349][ T1100] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   60.922570][ T1100] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.929599][ T1100] bridge0: port 1(bridge_slave_0) entered forwarding state
[   60.944814][ T1100] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   60.953096][ T1100] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.960141][ T1100] bridge0: port 2(bridge_slave_1) entered forwarding state
[   60.984305][ T1100] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   60.992942][ T1100] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   61.007871][ T1196] device veth0_vlan entered promiscuous mode
[   61.022469][ T1100] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   61.031116][ T1100] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   61.039284][ T1100] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   61.046884][ T1100] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   61.059405][ T1100] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   61.068259][ T1196] device veth1_macvtap entered promiscuous mode
[   61.077197][ T1100] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   61.086879][  T512] device bridge_slave_1 left promiscuous mode
[   61.093288][  T512] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.100720][  T512] device bridge_slave_0 left promiscuous mode
[   61.106988][  T512] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.115468][  T512] device veth1_macvtap left promiscuous mode
[   61.121500][  T512] device veth0_vlan left promiscuous mode
[   61.158326][ T1209] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[   61.161925][  T297] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[   61.167975][ T1209] ext4 filesystem being mounted at /38/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   61.253128][ T1100] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   61.422032][  T297] usb 1-1: Using ep0 maxpacket: 16
[   61.492252][ T1224] FAT-fs (loop5): Unrecognized mount option "shortname=w��ë�Hin95" or missing value
[   61.702030][  T297] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00
[   61.713496][  T297] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   61.725630][  T297] usb 1-1: Product: syz
[   61.732026][  T297] usb 1-1: Manufacturer: syz
[   61.739743][  T297] usb 1-1: SerialNumber: syz
[   61.748255][  T297] usb 1-1: config 0 descriptor??
[   61.792532][  T297] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected
[   61.802174][  T297] usb 1-1: Detected FT232H
[   61.849488][  T947] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   62.125385][  T297] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[   62.141937][  T947] usb 2-1: Using ep0 maxpacket: 16
[   62.315447][ T1241] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue
[   62.324491][ T1241] ext4 filesystem being mounted at /3/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   62.358657][   T24] kauditd_printk_skb: 61 callbacks suppressed
[   62.358671][   T24] audit: type=1400 audit(1762597974.130:1142): avc:  denied  { create } for  pid=1240 comm="syz.5.216" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   62.406917][   T24] audit: type=1400 audit(1762597974.180:1143): avc:  denied  { write open } for  pid=1240 comm="syz.5.216" path="/3/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop5" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   62.473879][   T24] audit: type=1400 audit(1762597974.250:1144): avc:  denied  { read } for  pid=1240 comm="syz.5.216" path="/3/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop5" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   62.576512][ T1241] EXT4-fs error (device loop5): dx_make_map:1303: inode #2: block 63: comm syz.5.216: bad entry in directory: inode out of bounds - offset=988, inode=128, rec_len=36, size=1024 fake=1
[   62.595139][ T1241] EXT4-fs error (device loop5) in do_split:2059: Corrupt filesystem
[   62.601947][  T297] ftdi_sio 1-1:0.0: GPIO initialisation failed: -71
[   62.610530][  T297] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0
[   62.620363][  T297] usb 1-1: USB disconnect, device number 5
[   62.627198][  T297] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[   62.636536][  T947] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00
[   62.636559][  T947] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   62.645890][  T297] ftdi_sio 1-1:0.0: device disconnected
[   62.694994][   T24] audit: type=1400 audit(1762597974.470:1145): avc:  denied  { create } for  pid=1247 comm="syz.2.217" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   62.778221][  T947] usb 2-1: Product: syz
[   63.039699][  T947] usb 2-1: Manufacturer: syz
[   63.044540][  T947] usb 2-1: SerialNumber: syz
[   63.050065][  T947] usb 2-1: config 0 descriptor??
[   63.092625][  T947] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected
[   63.100461][  T947] usb 2-1: Detected FT232H
[   63.112038][  T403] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   63.137454][   T24] audit: type=1400 audit(1762597974.910:1146): avc:  denied  { mount } for  pid=1266 comm="syz.2.222" name="/" dev="loop2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[   63.189782][ T1270] EXT4-fs (loop0): Ignoring removed orlov option
[   63.200392][   T24] audit: type=1326 audit(1762597974.970:1147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1266 comm="syz.2.222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0df1a5f6c9 code=0x7ffc0000
[   63.225536][   T24] audit: type=1326 audit(1762597974.970:1148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1266 comm="syz.2.222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0df1a5f6c9 code=0x7ffc0000
[   63.226472][ T1270] EXT4-fs (loop0): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue
[   63.249174][   T24] audit: type=1326 audit(1762597974.970:1149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1266 comm="syz.2.222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0df1a5f6c9 code=0x7ffc0000
[   63.289065][   T24] audit: type=1326 audit(1762597975.000:1150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1266 comm="syz.2.222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0df1a5f6c9 code=0x7ffc0000
[   63.316166][   T24] audit: type=1326 audit(1762597975.040:1151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1266 comm="syz.2.222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f0df1a5f6c9 code=0x7ffc0000
[   63.361972][  T947] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[   63.465311][ T1275] netlink: 4 bytes leftover after parsing attributes in process `syz.5.224'.
[   63.532050][  T403] usb 5-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xE8, skipping
[   63.542817][  T403] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[   63.853907][  T403] usb 5-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49
[   63.885951][  T403] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   63.898848][  T403] usb 5-1: Product: syz
[   63.903282][  T403] usb 5-1: Manufacturer: syz
[   63.907900][  T403] usb 5-1: SerialNumber: syz
[   63.913925][  T403] usb 5-1: config 0 descriptor??
[   63.981938][  T947] ftdi_sio 2-1:0.0: GPIO initialisation failed: -71
[   63.989243][  T947] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0
[   64.032599][  T947] usb 2-1: USB disconnect, device number 2
[   64.033242][ T1287] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[   64.070328][  T947] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[   64.081186][  T947] ftdi_sio 2-1:0.0: device disconnected
[   64.157717][  T892] usb 5-1: USB disconnect, device number 3
[   64.223206][ T1296] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,usrjquota=,quota,norecovery,auto_da_alloc,noquota,sb=0x000000000000007f,barrier=0x0000000000000000,grpjquota=,jqfmt=vfsold,,errors=continue
[   64.232238][ T1297] FAT-fs (loop5): Unrecognized mount option "shortname=w��ë�Hin95" or missing value
[   64.885691][ T1317] EXT4-fs (loop2): Invalid commit interval 536870912, must be smaller than 21474836
[   65.726032][ T1339] xt_hashlimit: size too large, truncated to 1048576
[   68.382915][ T1349] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   68.423027][ T1349] EXT4-fs (loop5): mounted filesystem without journal. Opts: dioread_nolock,data_err=abort,jqfmt=vfsold,delalloc,data_err=ignore,discard,data_err=ignore,grpquota,noblock_validity,user_xattr,block_validity,errors=remount-ro,
[   68.453701][   T24] kauditd_printk_skb: 81 callbacks suppressed
[   68.453750][   T24] audit: type=1400 audit(1762597980.230:1233): avc:  denied  { setattr } for  pid=1342 comm="syz.5.239" name="file0" dev="loop5" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   68.802589][   T24] audit: type=1400 audit(1762597980.580:1234): avc:  denied  { read } for  pid=1374 comm="syz.1.246" name="binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[   68.840261][   T24] audit: type=1400 audit(1762597980.610:1235): avc:  denied  { open } for  pid=1374 comm="syz.1.246" path="/dev/binderfs/binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[   68.868091][   T24] audit: type=1400 audit(1762597980.610:1236): avc:  denied  { ioctl } for  pid=1374 comm="syz.1.246" path="/dev/binderfs/binder0" dev="binder" ino=16 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[   68.893710][   T24] audit: type=1400 audit(1762597980.610:1237): avc:  denied  { set_context_mgr } for  pid=1374 comm="syz.1.246" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[   68.913919][   T24] audit: type=1400 audit(1762597980.610:1238): avc:  denied  { map } for  pid=1374 comm="syz.1.246" path="/dev/binderfs/binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[   68.942119][   T24] audit: type=1400 audit(1762597980.610:1239): avc:  denied  { call } for  pid=1374 comm="syz.1.246" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[   69.002149][ T1375] FAT-fs (loop1): Directory bread(block 64) failed
[   69.023719][ T1375] FAT-fs (loop1): Directory bread(block 65) failed
[   69.035148][ T1375] FAT-fs (loop1): Directory bread(block 66) failed
[   69.051949][ T1375] FAT-fs (loop1): Directory bread(block 67) failed
[   69.058552][   T24] audit: type=1400 audit(1762597980.640:1240): avc:  denied  { sys_module } for  pid=1362 comm="syz.2.243" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[   69.079960][  T283] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[   69.102093][ T1375] FAT-fs (loop1): Directory bread(block 68) failed
[   69.108791][ T1375] FAT-fs (loop1): Directory bread(block 69) failed
[   69.142367][ T1381] FAT-fs (loop4): Unrecognized mount option "shortname=w��ë�Hin95" or missing value
[   69.152039][ T1375] FAT-fs (loop1): Directory bread(block 70) failed
[   69.152056][ T1375] FAT-fs (loop1): Directory bread(block 71) failed
[   69.152081][ T1375] FAT-fs (loop1): Directory bread(block 72) failed
[   69.232007][ T1375] FAT-fs (loop1): Directory bread(block 73) failed
[   69.341888][  T283] usb 6-1: Using ep0 maxpacket: 8
[   69.462047][  T283] usb 6-1: config 0 has an invalid interface number: 60 but max is 0
[   69.471905][  T283] usb 6-1: config 0 has no interface number 0
[   69.482508][  T283] usb 6-1: config 0 interface 60 altsetting 0 has an invalid endpoint with address 0x80, skipping
[   69.501363][  T283] usb 6-1: config 0 interface 60 altsetting 0 has an invalid endpoint with address 0xA3, skipping
[   69.512284][  T283] usb 6-1: config 0 interface 60 altsetting 0 bulk endpoint 0xC has invalid maxpacket 32
[   69.534569][  T283] usb 6-1: config 0 interface 60 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[   69.592287][   T24] audit: type=1400 audit(1762597981.370:1241): avc:  denied  { mounton } for  pid=1387 comm="syz.1.249" path="/40/file0" dev="loop1" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=dir permissive=1
[   69.639724][   T24] audit: type=1400 audit(1762597981.410:1242): avc:  denied  { unmount } for  pid=280 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[   69.711966][  T283] usb 6-1: New USB device found, idVendor=07c4, idProduct=a003, bcdDevice=8d.15
[   69.725174][  T283] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   69.741403][  T283] usb 6-1: Product: syz
[   69.749725][  T283] usb 6-1: Manufacturer: syz
[   69.759475][  T283] usb 6-1: SerialNumber: syz
[   69.770694][  T283] usb 6-1: config 0 descriptor??
[   69.791971][ T1373] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[   69.798975][ T1373] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[   69.832424][  T283] ums-datafab 6-1:0.60: USB Mass Storage device detected
[   69.974908][ T1401] cgroup: syz.0.253 (1401) created nested cgroup for controller "memory" which has incomplete hierarchy support. Nested cgroups may change behavior in the future.
[   70.009732][ T1401] cgroup: "memory" requires setting use_hierarchy to 1 on the root
[   71.550347][ T1438] 9pnet_virtio: no channels available for device syz
[   71.665570][ T1452] binder: 1451:1452 ioctl c0306201 200000000680 returned -14
[   71.723525][ T1462] SELinux: (dev overlay, type overlay) has no security xattr handler
[   71.748225][ T1464] usb usb8: usbfs: process 1464 (syz.2.278) did not claim interface 0 before use
[   71.783715][    C0] blk_update_request: I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   71.794620][    C0] Buffer I/O error on dev loop5, logical block 0, async page read
[   71.811906][    C0] blk_update_request: I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   71.822818][    C0] Buffer I/O error on dev loop5, logical block 0, async page read
[   71.831058][ T1468]  loop5: unable to read partition table
[   71.838369][    C0] blk_update_request: I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   71.849254][    C0] Buffer I/O error on dev loop5, logical block 0, async page read
[   71.857339][ T1468] loop_reread_partitions: partition scan of loop5 (�������g�C�j̖�P=��!MX���	���%��`�搘ȵ4FLQk݊5) failed (rc=-5)
[   71.868630][ T1471] device syzkaller0 entered promiscuous mode
[   71.870067][    C0] blk_update_request: I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   71.886899][    C0] Buffer I/O error on dev loop5, logical block 0, async page read
[   71.895140][    C0] blk_update_request: I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   71.906021][    C0] Buffer I/O error on dev loop5, logical block 0, async page read
[   71.914013][    C0] blk_update_request: I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   71.924891][    C0] Buffer I/O error on dev loop5, logical block 0, async page read
[   71.932912][    C0] blk_update_request: I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   71.943793][    C0] Buffer I/O error on dev loop5, logical block 0, async page read
[   72.107830][ T1490] tipc: Enabling of bearer <eth:s> rejected, failed to enable media
[   72.248416][ T1500] binder: 1499:1500 ioctl c0306201 200000000540 returned -14
[   72.311958][  T403] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   72.398743][ T1509] netlink: 64 bytes leftover after parsing attributes in process `syz.4.296'.
[   72.540129][ T1517] kvm [1516]: vcpu0, guest rIP: 0x9114 disabled perfctr wrmsr: 0xc2 data 0x9d00
[   72.549771][ T1517] kvm [1516]: vcpu0, guest rIP: 0x9114 disabled perfctr wrmsr: 0xc1 data 0x9d00
[   72.561898][  T403] usb 2-1: Using ep0 maxpacket: 8
[   72.569913][ T1517] APIC base relocation is unsupported by KVM
[   72.583139][  T380] usb 6-1: USB disconnect, device number 2
[   72.681999][  T403] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   72.695143][ T1526] overlayfs: missing 'lowerdir'
[   72.700105][  T403] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   72.710470][  T403] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   72.720663][  T403] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   72.733982][  T403] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   72.743197][  T403] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   72.820287][ T1532] binder: 1531:1532 unknown command 0
[   72.825779][ T1532] binder: 1531:1532 ioctl c0306201 2000000001c0 returned -22
[   72.950055][ T1543] ==================================================================
[   72.958202][ T1543] BUG: KASAN: slab-out-of-bounds in tc_setup_flow_action+0x842/0x3280
[   72.966366][ T1543] Read of size 8 at addr ffff8881277e45c0 by task syz.4.310/1543
[   72.974120][ T1543] 
[   72.976462][ T1543] CPU: 1 PID: 1543 Comm: syz.4.310 Not tainted syzkaller #0
[   72.983745][ T1543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   72.993803][ T1543] Call Trace:
[   72.997103][ T1543]  __dump_stack+0x21/0x24
[   73.001439][ T1543]  dump_stack_lvl+0x169/0x1d8
[   73.006125][ T1543]  ? show_regs_print_info+0x18/0x18
[   73.011334][ T1543]  ? thaw_kernel_threads+0x220/0x220
[   73.016638][ T1543]  print_address_description+0x7f/0x2c0
[   73.022189][ T1543]  ? tc_setup_flow_action+0x842/0x3280
[   73.027653][ T1543]  kasan_report+0xe2/0x130
[   73.032075][ T1543]  ? flow_action_cookie_create+0x28/0x90
[   73.037710][ T1543]  ? tc_setup_flow_action+0x842/0x3280
[   73.043178][ T1543]  __asan_report_load8_noabort+0x14/0x20
[   73.048818][ T1543]  tc_setup_flow_action+0x842/0x3280
[   73.054107][ T1543]  ? __kmalloc+0x1a7/0x330
[   73.058528][ T1543]  ? flow_rule_alloc+0x32/0x2c0
[   73.063390][ T1543]  mall_replace_hw_filter+0x293/0x810
[   73.068764][ T1543]  ? pcpu_block_update_hint_alloc+0x8bc/0xc50
[   73.074842][ T1543]  ? mall_set_parms+0x410/0x410
[   73.079696][ T1543]  ? tcf_exts_destroy+0xb0/0xb0
[   73.084556][ T1543]  ? pcpu_alloc+0xf8a/0x16b0
[   73.089154][ T1543]  ? mall_set_parms+0x19d/0x410
[   73.094010][ T1543]  mall_change+0x528/0x750
[   73.098436][ T1543]  ? __kasan_check_write+0x14/0x20
[   73.103756][ T1543]  ? mall_get+0xa0/0xa0
[   73.107928][ T1543]  ? tcf_chain_tp_insert_unique+0xac1/0xc10
[   73.113999][ T1543]  ? nla_strcmp+0xf4/0x140
[   73.118429][ T1543]  tc_new_tfilter+0x13f6/0x1a10
[   73.123290][ T1543]  ? mall_get+0xa0/0xa0
[   73.127452][ T1543]  ? tcf_gate_entry_destructor+0x20/0x20
[   73.133094][ T1543]  ? security_capable+0x87/0xb0
[   73.137950][ T1543]  ? ns_capable+0x8c/0xf0
[   73.142289][ T1543]  ? netlink_net_capable+0x125/0x160
[   73.147578][ T1543]  ? tcf_gate_entry_destructor+0x20/0x20
[   73.153219][ T1543]  rtnetlink_rcv_msg+0x800/0xb90
[   73.158162][ T1543]  ? rtnetlink_bind+0x80/0x80
[   73.162847][ T1543]  ? arch_stack_walk+0xee/0x140
[   73.167710][ T1543]  ? stack_trace_save+0x98/0xe0
[   73.172568][ T1543]  ? stack_trace_snprint+0xf0/0xf0
[   73.177760][ T1543]  ? memcpy+0x56/0x70
[   73.181749][ T1543]  ? avc_has_perm+0x234/0x360
[   73.186434][ T1543]  ? __kasan_slab_alloc+0xbd/0xf0
[   73.191464][ T1543]  ? slab_post_alloc_hook+0x5d/0x2f0
[   73.196758][ T1543]  ? ___sys_sendmsg+0x1f0/0x260
[   73.201614][ T1543]  ? avc_has_perm_noaudit+0x240/0x240
[   73.207092][ T1543]  ? selinux_nlmsg_lookup+0x3fb/0x4a0
[   73.212475][ T1543]  netlink_rcv_skb+0x1e0/0x430
[   73.217248][ T1543]  ? rtnetlink_bind+0x80/0x80
[   73.221942][ T1543]  ? netlink_ack+0xb80/0xb80
[   73.226543][ T1543]  ? __netlink_lookup+0x387/0x3b0
[   73.231570][ T1543]  rtnetlink_rcv+0x1c/0x20
[   73.235995][ T1543]  netlink_unicast+0x876/0xa40
[   73.240767][ T1543]  netlink_sendmsg+0x88d/0xb30
[   73.245542][ T1543]  ? netlink_getsockopt+0x530/0x530
[   73.250747][ T1543]  ? security_socket_sendmsg+0x82/0xa0
[   73.256211][ T1543]  ? netlink_getsockopt+0x530/0x530
[   73.261415][ T1543]  ____sys_sendmsg+0x5a2/0x8c0
[   73.266184][ T1543]  ? __sys_sendmsg_sock+0x40/0x40
[   73.271216][ T1543]  ? import_iovec+0x7c/0xb0
[   73.275741][ T1543]  ___sys_sendmsg+0x1f0/0x260
[   73.280422][ T1543]  ? __sys_sendmsg+0x250/0x250
[   73.285207][ T1543]  ? __fdget+0x1a1/0x230
[   73.289453][ T1543]  __x64_sys_sendmsg+0x1e2/0x2a0
[   73.294399][ T1543]  ? __kasan_check_write+0x14/0x20
[   73.299517][ T1543]  ? ___sys_sendmsg+0x260/0x260
[   73.304374][ T1543]  ? __kasan_check_read+0x11/0x20
[   73.309401][ T1543]  ? exit_to_user_mode_prepare+0x9a/0xa0
[   73.315042][ T1543]  do_syscall_64+0x31/0x40
[   73.320593][ T1543]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   73.326484][ T1543] RIP: 0033:0x7f1b5ed406c9
[   73.330894][ T1543] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   73.350497][ T1543] RSP: 002b:00007f1b5d7a8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   73.358913][ T1543] RAX: ffffffffffffffda RBX: 00007f1b5ef96fa0 RCX: 00007f1b5ed406c9
[   73.366874][ T1543] RDX: 0000000020000000 RSI: 0000200000000580 RDI: 0000000000000004
[   73.374837][ T1543] RBP: 00007f1b5edc2f91 R08: 0000000000000000 R09: 0000000000000000
[   73.382796][ T1543] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   73.390755][ T1543] R13: 00007f1b5ef97038 R14: 00007f1b5ef96fa0 R15: 00007ffe328beec8
[   73.398715][ T1543] 
[   73.401031][ T1543] Allocated by task 1543:
[   73.405350][ T1543]  __kasan_kmalloc+0xda/0x110
[   73.410017][ T1543]  __kmalloc+0x1a7/0x330
[   73.414247][ T1543]  tcf_idr_create+0x5f/0x790
[   73.418829][ T1543]  tcf_idr_create_from_flags+0x61/0x70
[   73.424274][ T1543]  tcf_gact_init+0x2b4/0x520
[   73.428852][ T1543]  tcf_action_init_1+0x3e1/0x670
[   73.433779][ T1543]  tcf_action_init+0x1e6/0x700
[   73.438619][ T1543]  tcf_exts_validate+0x215/0x510
[   73.443548][ T1543]  mall_set_parms+0x4b/0x410
[   73.448123][ T1543]  mall_change+0x45c/0x750
[   73.452529][ T1543]  tc_new_tfilter+0x13f6/0x1a10
[   73.457365][ T1543]  rtnetlink_rcv_msg+0x800/0xb90
[   73.462289][ T1543]  netlink_rcv_skb+0x1e0/0x430
[   73.467038][ T1543]  rtnetlink_rcv+0x1c/0x20
[   73.471440][ T1543]  netlink_unicast+0x876/0xa40
[   73.476189][ T1543]  netlink_sendmsg+0x88d/0xb30
[   73.480938][ T1543]  ____sys_sendmsg+0x5a2/0x8c0
[   73.485688][ T1543]  ___sys_sendmsg+0x1f0/0x260
[   73.490353][ T1543]  __x64_sys_sendmsg+0x1e2/0x2a0
[   73.495278][ T1543]  do_syscall_64+0x31/0x40
[   73.499684][ T1543]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   73.505557][ T1543] 
[   73.507877][ T1543] The buggy address belongs to the object at ffff8881277e4500
[   73.507877][ T1543]  which belongs to the cache kmalloc-192 of size 192
[   73.521928][ T1543] The buggy address is located 0 bytes to the right of
[   73.521928][ T1543]  192-byte region [ffff8881277e4500, ffff8881277e45c0)
[   73.535527][ T1543] The buggy address belongs to the page:
[   73.541153][ T1543] page:ffffea00049df900 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1277e4
[   73.551372][ T1543] flags: 0x4000000000000200(slab)
[   73.556390][ T1543] raw: 4000000000000200 0000000000000000 0000000500000001 ffff888100043380
[   73.564961][ T1543] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   73.573528][ T1543] page dumped because: kasan: bad access detected
[   73.579924][ T1543] page_owner tracks the page as allocated
[   73.585634][ T1543] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY), pid 275, ts 21900027660, free_ts 0
[   73.600717][ T1543]  prep_new_page+0x179/0x180
[   73.605297][ T1543]  get_page_from_freelist+0x2235/0x23d0
[   73.610831][ T1543]  __alloc_pages_nodemask+0x268/0x5f0
[   73.616186][ T1543]  new_slab+0x84/0x3f0
[   73.620243][ T1543]  ___slab_alloc+0x2a6/0x450
[   73.624815][ T1543]  __slab_alloc+0x63/0xa0
[   73.629135][ T1543]  kmem_cache_alloc_trace+0x1b3/0x2e0
[   73.634491][ T1543]  __ipv6_dev_mc_inc+0x39e/0x9b0
[   73.639418][ T1543]  ipv6_dev_mc_inc+0x1f/0x30
[   73.643997][ T1543]  ipv6_add_dev+0xc84/0x10a0
[   73.648575][ T1543]  inet6_rtm_newaddr+0x446/0x930
[   73.653505][ T1543]  rtnetlink_rcv_msg+0x9db/0xb90
[   73.658430][ T1543]  netlink_rcv_skb+0x1e0/0x430
[   73.663180][ T1543]  rtnetlink_rcv+0x1c/0x20
[   73.667588][ T1543]  netlink_unicast+0x876/0xa40
[   73.672340][ T1543]  netlink_sendmsg+0x88d/0xb30
[   73.677084][ T1543] page_owner free stack trace missing
[   73.682435][ T1543] 
[   73.684753][ T1543] Memory state around the buggy address:
[   73.690369][ T1543]  ffff8881277e4480: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc
[   73.698415][ T1543]  ffff8881277e4500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   73.706468][ T1543] >ffff8881277e4580: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   73.714520][ T1543]                                            ^
[   73.720662][ T1543]  ffff8881277e4600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   73.728710][ T1543]  ffff8881277e4680: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   73.736755][ T1543] ==================================================================
[   73.744798][ T1543] Disabling lock debugging due to kernel taint
[   73.753373][  T380] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[   73.781443][   T24] kauditd_printk_skb: 47 callbacks suppressed
[   73.781456][   T24] audit: type=1400 audit(1762597985.550:1290): avc:  denied  { read } for  pid=77 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[   73.812459][   T24] audit: type=1400 audit(1762597985.550:1291): avc:  denied  { search } for  pid=77 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   73.834751][   T24] audit: type=1400 audit(1762597985.550:1292): avc:  denied  { write } for  pid=77 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   73.861955][   T24] audit: type=1400 audit(1762597985.550:1293): avc:  denied  { add_name } for  pid=77 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   73.891173][   T24] audit: type=1400 audit(1762597985.550:1294): avc:  denied  { create } for  pid=77 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   73.911915][   T24] audit: type=1400 audit(1762597985.550:1295): avc:  denied  { append open } for  pid=77 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   73.935365][   T24] audit: type=1400 audit(1762597985.550:1296): avc:  denied  { getattr } for  pid=77 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   73.958049][   T24] audit: type=1400 audit(1762597985.610:1297): avc:  denied  { mounton } for  pid=1544 comm="syz.2.311" path="/syzcgroup/unified/syz2" dev="cgroup2" ino=44 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[   73.981739][   T24] audit: type=1400 audit(1762597985.610:1298): avc:  denied  { mount } for  pid=1544 comm="syz.2.311" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[   74.041940][  T380] usb 6-1: Using ep0 maxpacket: 32
[   74.161991][  T380] usb 6-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[   74.172303][  T380] usb 6-1: config 155 interface 0 altsetting 0 has an invalid endpoint with address 0xE2, skipping
[   74.182993][  T380] usb 6-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[   74.351989][  T380] usb 6-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[   74.361076][  T380] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   74.369072][  T380] usb 6-1: Product: syz
[   74.373285][  T380] usb 6-1: Manufacturer: syz
[   74.377860][  T380] usb 6-1: SerialNumber: syz
[   75.113651][  T380] usb 2-1: USB disconnect, device number 3
[   76.335402][  T403] usb 6-1: USB disconnect, device number 3