last executing test programs:

2m22.262158182s ago: executing program 1 (id=135):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000010400000000000000000041ffff", @ANYRES32=0x0, @ANYBLOB="00000000000000001c001280090001007866726d000000000c00028008000200ea00"], 0x50}}, 0x0)

2m22.156121858s ago: executing program 1 (id=136):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
madvise(&(0x7f00002e5000/0x400000)=nil, 0x400000, 0xf)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x13, &(0x7f0000000100)=0x2, 0x4)
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
process_vm_readv(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r4=>0x0})
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000780)=@newtfilter={0x40, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0xb, 0xfff3}, {}, {0x7, 0xffff}}, [@filter_kind_options=@f_flow={{0x9}, {0x10, 0x2, [@TCA_FLOW_POLICE={0x4}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x20041090}, 0xd0)
get_robust_list(r0, 0x0, 0x0)

2m21.211363573s ago: executing program 1 (id=147):
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/packet\x00')
r1 = accept$packet(r0, 0x0, &(0x7f00000000c0))
getsockopt$packet_buf(r1, 0x107, 0xd, &(0x7f0000000100)=""/62, &(0x7f0000000140)=0x3e)
socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x2, 0x300)
preadv(r0, &(0x7f0000002480)=[{&(0x7f0000000040)=""/67, 0x43}], 0x1, 0x10001, 0x2)

2m21.183809605s ago: executing program 1 (id=148):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=@newqdisc={0x64, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}, {0x10, 0xf}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x38, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x44, 0x0, 0x6, 0x6, 0x3, 0x2}, {0x3, 0x2, 0x7, 0x4, 0x0, 0x6}, 0x90000000, 0x82b8ca41, 0x1d24}}, @TCA_TBF_PRATE64={0xc, 0x5, 0x9b4e7c312ffd1ff5}]}}]}, 0x64}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
pipe(&(0x7f0000000240))
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r4=>0x0})
sendmsg$nl_route(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="340000001c00010429bd7000fddbdf2507000000", @ANYRES32=r4, @ANYBLOB="0200ee050a0002"], 0x34}, 0x1, 0x0, 0x0, 0x40000}, 0x20040040)
sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@getqdisc={0x24, 0x26, 0x1, 0x70bd2a, 0x25dfdbff, {0x0, 0x0, 0x0, r4, {0xfff1, 0xe}, {0xfff1, 0xb}, {0xa, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000)
r5 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r5, 0x10e, 0x8, &(0x7f0000000280)=0xfffffffa, 0x4)
sendmsg$NL80211_CMD_GET_MPP(r5, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000ca28764e38af4c30d08eb0ee3ff819", @ANYRES16=0x0, @ANYBLOB="000829bd7000fedbdf256b0000000c0099007b00000070000000"], 0x20}, 0x1, 0x0, 0x0, 0x40881}, 0x40000)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r5, 0x10e, 0x1, &(0x7f00000002c0)=0x1, 0x4)
syz_mount_image$ext4(&(0x7f0000002180)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x1008802, &(0x7f0000000180)={[{@resgid={'resgid', 0x3d, 0xee01}}, {@abort}, {@discard}, {@max_batch_time={'max_batch_time', 0x3d, 0xac9}}, {@data_ordered}, {@mblk_io_submit}, {@usrquota}, {@init_itable}, {@errors_remount}, {}, {@auto_da_alloc}]}, 0x9, 0x606, &(0x7f0000000600)="$eJzs3c1vVFUbAPDnTD9oKe/bQt68igtpYgwkSksLGGJcwNaQBj/ixo2VFoIUaGiNFk0oCW5MjBtjTFy5EP8LJbJlpW5cuHFlSIgaliaOudM7pdPeaenH9Fbm90uGnnvu3J5zpzxzzj1zzp0A2tZg9k8lYn9ETKeI/jS/uK8z8p2DC8978OeHZ7NHimr1td9TpDyv/vyU/+zLD+6JiB++T7GvY2W5M3PXLo5PTU1ezbeHZy9ND8/MXTt84dL4+cnzk5dHXxg9cfzY8RMjRzZ0XtcL8k7ffOe9/o/H3vz6y7/SyDe/jKU4GS/nT1x6HltlMAZrr0lauavvxFYXVqLOZdtpeQY7Vkf+9+uKiCeiPzqW/DX746NXSq0c0FLVFFEF2lRaR/xnvYVW1gXYTvV+QP3afvl1cKWUXgmwHe6fWhgAWBn/nQtjg9FTGxvY/SA1jPOkiNjYyFyjPRFx987YzXN3xm5Gi8bhgGLzNyLiyaL4T7X4H4ieGKjFf6Uh/rN+wZn8Z5b/6gZ7CsuHisU/bJ+F+O9ZNf6jSfy/tST+395EHfJLkeu9DfHf6+oDAAAAAAAA1un2qYh4vujz/8ri/J8omP/TFxEnt6D8wWXbKz//r9zbgmKAAvdPRbxUOP+3Uv/8faAjT/2nNh+gK527MDV5JCL+GxGHomtXtj2yShmHP9n3RbN9g/n8v/ojK/9uPhcwr8e9zl2Nx0yMD45v9ryBiPs3Ip4qnP+bFtv/VND+Z+8H049Yxr5nb51ptm/t+AdapfpVxMHC9v/hXSvS6vfnGK71B4brvYKVnv7g02+blb/R+HeLCdi8rP3fvXr8D6Sl9+uZWfXXzRdlHp3rrDY7YGP9/9nx7vR67a5C3Xne++Ozs1dHIrrT6Y4styF/dK1XAR4zPxVn1+OhHi9Z/B96ZvXxv6L+f29BsKc/GtcU1/3/775fm1VT/x/Kk8X/xLra//UnRm8NfNes/Edr/4/V2vpDeU7W/rfuFYF/j8/rYdrdmF8Qjp1Fu7a7vgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwOKhExJ5IlaHFdKUyNBTRFxH/i92VqSszs8+du/Lu5YlsX+37/yv1b/rtX9hOte//r2Tph9uj0bh9NCL2RsRnHb217aGzV6Ymyj55AAAAAAAAAAAAAAAAAAAA2CH6mqz/z/zWUXbtgJbrLLsCQGkK4v/HMuoBbD/tP7SvDcV/mt/6igDbTvsP7Uv8Q/sS/9C+xD+0L/EP7WrZOH4qqx4AAAAAAMAW2Xvg9s8pIuZf7K09Mt35vq5Sawa0WqXsCgClcYsfaF+m/kH7co0PrDXrt6fpQZuZLzx9dhMHAwAAAAAAAAAAAEDbObjf+n9oV9b/Q/uy/h/aV339/4GS6wFsP9f4QKyxkr9w/f+aRwEAAAAAAAAAAAAAW2mmuitiamry6szctYvjLUt0R0SLi9h04o2dUY2iRG+LfnO1Wr2e/S8o/QQfj0R9KvxOqc+yRH2t36MdVd57EgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0OifAAAA//8sxicA")
syz_clone(0x40200400, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x80020000, &(0x7f0000000300)="fe7b76bd385550822925cb8ad8a46d3167cebff5c93580604af26e7f52da247431aba34ba6b8e4a5ca86367734f44106d8b1337bd7b25ee1ca42296ed18f8830be00825258dc47ddfbcb303096053b5f4f8055ac2203fa8d5daab92eaeeb9d20b73fe32c5c8a83d7e59ba00a90ddd0358de8091a41d7", 0x76, &(0x7f0000000080), &(0x7f0000000180), &(0x7f0000000380)="1a8fd8a89741aa2345a9b26d4d42349941b76faf6872beed9b8a854854cdd89e20b54d39689f3e3c7a6dd5bed8dea55cd3895d5824ad4ac2d9c11e382ae396fc68b083d962d6f4b3a639748b35d1a7e65293840dc84b9d55806cd885214fe1ddbc00df7a661b0f6a63b9cf2121988cacee68015e89ea241ab590e2f4969ee4f4feec94922c4b0ff8d75efaab0158ab58a41e9eb0bf2a0302fc65e347cba9071a5b36496d7ce0958d4424f6fcac229a836245e860d90db9e1514d054d44ce6048361e47c777186db33c124ac8d31b658e37ab116d15783cbe3d200329972e80bdd2551891edff1d484879a5d688278ea28934f13346b4")

2m19.831596264s ago: executing program 1 (id=156):
ioctl$XFS_IOC_ATTRMULTI_BY_HANDLE(0xffffffffffffffff, 0x4048587b, &(0x7f0000000980)={{0xffffffffffffffff, 0x0, 0x8001, 0x0, 0x4, 0x0, 0x0}, 0x1, &(0x7f00000008c0)=[{0x2, 0xaa, 0x0, &(0x7f0000000d40)="c5bc4042aacc894fb3635f6dc4b8432267813ee6da090000000000000000000000f18df207797aec84", 0x29, 0x2}]})
r0 = socket(0x10, 0x803, 0x0)
setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f0000000140)=0xf, 0x4)
sendto(r0, &(0x7f00000000c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000c40)=[{{0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000700)=""/23, 0x17, 0xb00}, 0x80009}], 0x16c, 0x10002, 0x0)

2m19.296649655s ago: executing program 1 (id=161):
syz_mount_image$ext4(&(0x7f0000000380)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000200)={[{@noload}, {@nojournal_checksum}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@nolazytime}, {@resgid}, {@jqfmt_vfsold}, {@journal_dev={'journal_dev', 0x3d, 0x800}}, {@nobh}, {@inlinecrypt}, {}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x2)
ioctl$FS_IOC_ENABLE_VERITY(r0, 0x40806685, 0x0)
ioctl$FS_IOC_READ_VERITY_METADATA(r0, 0xc0286687, &(0x7f0000000d00)={0x1, 0x0, 0x200001e6, &(0x7f0000000100)=""/230})

2m19.262159937s ago: executing program 32 (id=161):
syz_mount_image$ext4(&(0x7f0000000380)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000200)={[{@noload}, {@nojournal_checksum}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@nolazytime}, {@resgid}, {@jqfmt_vfsold}, {@journal_dev={'journal_dev', 0x3d, 0x800}}, {@nobh}, {@inlinecrypt}, {}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x2)
ioctl$FS_IOC_ENABLE_VERITY(r0, 0x40806685, 0x0)
ioctl$FS_IOC_READ_VERITY_METADATA(r0, 0xc0286687, &(0x7f0000000d00)={0x1, 0x0, 0x200001e6, &(0x7f0000000100)=""/230})

4.740275684s ago: executing program 4 (id=1150):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, 0x0, 0x200, 0x0, 0x0, {{}, {@void, @void}}}, 0x18}, 0x1, 0x0, 0x0, 0x10}, 0x0)
ioctl$sock_SIOCBRDELBR(r0, 0x89a2, &(0x7f0000000000)='bridge0\x00')
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[@ANYBLOB="50000000120001000000000000000000e0000002000000000000000000000000000004d50000320014000d0020010000007f820000000000000000000c0015"], 0x50}}, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='net/udp\x00')
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000280)={@dev={0xfe, 0x80, '\x00', 0x2f}, 0x8000000, 0x0, 0x1, 0xa}, 0x20)
read$FUSE(r2, &(0x7f00000045c0)={0x2020}, 0x2020)
syz_emit_ethernet(0x21, &(0x7f0000000100)={@broadcast, @dev, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x1, @broadcast, @empty, @multicast, @private=0x2}}}}, 0x0)

4.46309213s ago: executing program 4 (id=1155):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, 0x0, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000780)={0x1b, 0x0, 0x0, 0xaf, 0x0, r0, 0x7fffffff, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x5, 0x1}, 0x50)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000840)=@bpf_lsm={0x1d, 0xd, &(0x7f0000000540)=@raw=[@map_idx_val={0x18, 0xb, 0x6, 0x0, 0xf, 0x0, 0x0, 0x0, 0x3}, @map_idx={0x18, 0x9, 0x5, 0x0, 0x2}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}], &(0x7f0000000100)='GPL\x00', 0xfa3, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000700)={0x5, 0x3}, 0x8, 0x10, &(0x7f0000000740)={0x1, 0xc, 0x7, 0x9}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000800)=[r1, r0, r0, r0, r0, r0, r0], 0x0, 0x10, 0x18d0}, 0x94)
syz_open_dev$usbfs(&(0x7f0000000080), 0x74, 0x101301)
prlimit64(0x0, 0xe, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
clock_gettime(0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00'})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
r4 = socket$inet_udp(0x2, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}], 0x40000000000012d, 0x2, 0x0)
setsockopt$inet_int(r4, 0x0, 0xa, &(0x7f0000000180)=0x2ec, 0x4)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff8000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff6000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ff9000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0}, 0x68)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000240)={0xa, 0x4e20, 0xfffff7ff, @remote, 0x4}, 0x1c)
connect$inet6(0xffffffffffffffff, &(0x7f0000000300)={0xa, 0x4e1d, 0x9, @local, 0x2}, 0x1c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000003c0)={r0, &(0x7f0000000340)="e427238ba251091101796e23a30f9df63ea3bf947bc5d41731d68c7737aebc7c14ec4c46f4a3b3f8ada9e53879e00020d97780fabf2e5d92351ac80662536676d2273286a13f49318b28a9e2240ce73d91bc", &(0x7f0000000200)=@tcp6=r2, 0x1}, 0x20)
bind$inet6(r5, &(0x7f0000000500)={0xa, 0x4e20, 0xffffffff, @mcast2, 0x1}, 0x1c)
syz_emit_ethernet(0x7e, &(0x7f0000000400)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd6a33180000481100fe80000000000000000000000000000aff0200000000000000000000000000014e1d4e20004890ae23780300000000000000dc521c259b538a2bf2a113dc2eeec0a072edf20b6d59027fd646c088088f51e72eb2f7e7b219c2c3b85e4508546e551af9e59631718ba089389f47fe559b18cd690af0f653e043ade8f9b275e60f4525c6ee5188a5c679268a4c88324307e2703586b13c8dbe9855a3e0604a349351003047e2e144a5fc0c5531cf08"], 0x0)
setsockopt$inet_int(r4, 0x0, 0x7, &(0x7f0000000140)=0x6, 0x4)
bind$inet(r4, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_GET_DIRTY_LOG(r6, 0x4010ae42, 0x0)

3.563824483s ago: executing program 4 (id=1158):
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getrlimit(0x0, 0x0)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x1, &(0x7f0000000000)=[{0x6, 0x5, 0x0, 0x7fff8000}]})
setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0xfffc, @multicast2}}}, 0x88)
setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, &(0x7f0000000600)=ANY=[@ANYBLOB="020000000000000002000000e0000002000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000002004e21ac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000064010100"/398], 0x210)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = openat$cgroup_ro(r5, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
preadv(r6, &(0x7f0000000040)=[{&(0x7f0000000680)=""/180, 0xb4}], 0x1, 0x6, 0x7)
close_range(r4, 0xffffffffffffffff, 0x0)
r7 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r7, 0x0, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[], 0x4c}, 0x1, 0x0, 0x0, 0x10}, 0x40000)
write(0xffffffffffffffff, &(0x7f0000000480)="1c0000001a009b8a140000003b000000000000000000000000000000fda35065733173ae72a0d270d958f739b6d44c893b03599f77a332b446ea93568ae2ff534952656c6a18b6c0fdcec321127ee28705f2496eb43654255c5cc688f71db82bab173f4e19361ac01c1b0a2d2229993c8308ab7721e4c33c5fc214cd64a17d552a0fa33011d3ccceb56738a8c7e690d5843333a2a6d60f38798d000000003991f3787269de5382929be107a698db9edbc0257c0bb0205084640cc1c859d69828feab5d0ac72f62c0bf387044a185428df3ab4cc2525d41adb01c8c13c71b6a98dac98f678e2472d5a6a8a5b2f69ac595a8bea681e962033baf38e57debcb4a900797d1f406f72c22a58b8255e88e662270140fe5646e9e558f594eaf8856161f4815b9948a065b3c8d75913b04ea16c3b0fc01db5e42f8c6b19b2f14994700a509701d4066bf3e07b637c32f260a86c7d383362a41060c965f41a4c3c819342935ca7af09a6fb3bd9cba3459c25d9f8709b07523970b5fcc36ae0934ddbd5f3bc41c4aba", 0x184)
recvmmsg(0xffffffffffffffff, &(0x7f0000002ec0), 0x400000000000ec0, 0x2, &(0x7f00000001c0)={0x77359400})
write$rfkill(r0, &(0x7f00000000c0)={0xfffff87b, 0x9, 0x3, 0x0, 0x1}, 0x8)
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000040)={'bridge0\x00', <r10=>0x0})
sendmsg$nl_route(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=@ipv4_getaddr={0x50, 0x16, 0x300, 0x70bd27, 0x25dfdbfb, {0x2, 0x18, 0x8, 0x0, r10}, [@IFA_LABEL={0x14, 0x3, 'ip6gre0\x00'}, @IFA_LOCAL={0x8, 0x2, @local}, @IFA_CACHEINFO={0x14, 0x6, {0x4, 0xffffbaec, 0x80, 0x80}}, @IFA_ADDRESS={0x8, 0x1, @broadcast}]}, 0x50}, 0x1, 0x0, 0x0, 0x20000000}, 0x8804)

3.346229815s ago: executing program 2 (id=1159):
r0 = memfd_create(&(0x7f00000000c0)='-B\xd5N4\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\x8a\xd7Uw\x00\xbc\xa92\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x19\xea\xef\xe3\xe1@\x84\x13\xefZb:\x8f\t\x01B\xec\xde\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@Ip]D\xd6\r\xac\v#co\xd5\xb9\xc806\xa8\x99\xffs7\xa1b1\xb1;i)j\x0e\x1e\xedI\xa2\x80\x89\x1d\xd9p!\xc86s\xe07(\xee\xf9<\"\xf0\xc8\xae\x96J\xe2]\x01\x86\xb7.<\xf5N\xd3\x94W1\xff\x18z>\xa7q,\xf7\x96\xb8{\x8e\xbf4\xe0\x95\x1ce\xe4\x85\xcdi\xed\xd3>\xeb\xa5\xaf\x87\x90@\xd1\xbd`^\xfa\xb6\x9cj\x13/\xc5\\W\x04\br\x17X\xe3\xfb\xc8\xd4\xaeX\xc9s\xd18\xd9L\xbf\xa0\xa6\xdf2\a\x99i\xb1/\x19@\x1cq\xeb?\xc1z:\x913\xfa8\xac\xd3q\xe4vPGU', 0x1)
r1 = dup(r0)
execveat(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) (fail_nth: 1)

3.109115129s ago: executing program 3 (id=1161):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0xc0ed0040, &(0x7f0000002a00)={[{@noblock_validity}, {@resgid={'resgid', 0x3d, 0xee00}}, {@acl}, {@noload}, {@journal_dev={'journal_dev', 0x3d, 0x3}}, {@nodiscard}]}, 0xfe, 0x472, &(0x7f0000000940)="$eJzs3MtvG8UfAPDvOk6a9PFLf6U8WloIFETFI2nSBz1wAYHEAQQSHIo4BSetSt0GNUGiVQSBQxDigCpxRxyR+As4wQUBJySucEeVEMqlhZPRenfTxLVDHk6c4s9H2nZmd92Z786OPTtjN4CuNZT+kUTsjohfI2Iwyy4/YSj76+bCbOWvhdlKErXaa38m9fNuLMxW8n9i8XW7sh21Wp7f0aTc+TcjxqvVyct5fmTm4jsj01euPnX+4vi5yXOTl8ZOnz5x/HDfqbGTbYkzjevGwfenDh148Y1rL1fOXHvrx6/T+u7OjxdxtNNQdnWberTdhXXYniXppNzBirAmabulzdVb7/+D0RMDi8cG44WPOlo5YFPVarVas8/n3FwN+A9LotM1ADqj+KBPn3+LbYuGHtvCH89mD0Bp3DfzLTtSjlJ+Tm/D82079UfEmbm/v0i32KR5CACApb5Nxz9PNhv/leKeJef9L19D2RsR/4+IfRFxV0Tsj4i7I+rn3hsR962x/MYVktvHP6Xr6wpsldLx3zP52tby8V8x+ou9PXluTz3+3uTs+erksfyaHI3eHWl+dNlLlvvu+V8+a9z3aT7NPrRk/JduafnFWDCvx/VywwTdxPjMeFuCT+P/MOJguVn8SRTLOElEHIiIg+ss4/zjXx1qdezf419BG9aZal9GPJa1/1w0xF9IWq5Pjj59auzkSH9UJ4+NFHfF7X76ef7VVuVvKP42SNt/Z9P7P4s/fUZM+iOmr1y9UF+vnV57GfO/fVxJWhzbv877vy95vZ7uy/e9Nz4zc3k0oi95Kc0OLNs/duu1Rb44P43/6JHm/X9f9nhWvxL3R0R6Ex+OiAci4sG87R6KiIcj4sgK8f/w3CNvtzrWuv1XmJVvozT+iRXaP33LS1O32n/tiZ4L33/Tqvzaqtr/RD11NN+zmve/1VZwI9cOAAAA7hSl+nfgk9LwYrpUGh7OvsO/P3aWqlPTM0+cnXr30kT2Xfm90VsqZroGl8yHjuZzw0V+rCF/PJ83/rxnoJ4frkxVJzodPHS5XS36f+r3nk7XDth0fq8F3Uv/h+6l/0P30v+he+n/0KX6mu/+YKvrAXTE2j//+zelHsDWM/6H7qX/Q/fS/6ErtfxtfGlDP/m/UxPl7VGNpomB7VGNIhGlbVGN9iVe+STrEtulPkWivOr/zGKdiR1ND3X6nQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA9/gkAAP//Uo/mdg==")
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
r0 = socket(0xa, 0x2, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f0000002340))
mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x7fa962bfffff, 0x13012, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2241, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000010024bd7000fc0ddf2500000000", @ANYRES32=0x0, @ANYBLOB="1b0b04000300000008001b"], 0x28}, 0x1, 0x0, 0x0, 0x68010}, 0x0)
write$tun(r1, &(0x7f00000023c0)=ANY=[@ANYBLOB="0083080057e01900090066ff03100fb83a01fe800000000000000000000000000038ff02000000000000000000000000000101"], 0xfea)

3.044064073s ago: executing program 2 (id=1163):
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000846000/0x4000)=nil)

3.043800603s ago: executing program 3 (id=1164):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000a, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000846000/0x4000)=nil)
socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000300)={0xa, 0xfe1d, 0x9, @local, 0x2}, 0x29)
syz_usb_connect$cdc_ecm(0x6, 0x0, 0x0, 0x0)
syz_emit_ethernet(0x4e, &(0x7f00000005c0)={@local, @local, @void, {@ipv6={0x86dd, @udp={0xa, 0x6, "331800", 0x18, 0x11, 0x0, @dev={0xfe, 0x80, '\x00', 0xa}, @mcast2, {[], {0x4e1d, 0x4e20, 0x18, 0x0, @wg=@data={0x4, 0x8, 0x4}}}}}}}, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000001c0)=0xf)

3.043606083s ago: executing program 2 (id=1165):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80a, &(0x7f0000000000), 0x1, 0x79b, &(0x7f0000000a40)="$eJzs3c1rXFUbAPDnTpImTfu+zQsv2LppVloonbQ1tgqCERciWCjo2jZMpiFmkimZSWlCFhYRBBG0uBB049qPunMruvZvcCMiLVXTYsWFjNz5SKb5mHw0k2mb3w9ucs6dc+ecZ+7cc8/MPcwNYM8aTP9kIo5ExIdJxKH6+iQieqqp7oiRWrl7iwu5dEmiUnn996Ra5u7iQi6atkkdqGcOR8T370Ycz6yutzQ3PzlaKORn6vmh8tTlodLc/ImJqdHx/Hh++syp4eHTZ589e2bnYv3zx/mDtz565emvR/5+54kbH/yQxEgcrD/WHMdOGYzB+mvSk76E93l5pyvrsKTTDWBb0kOzq3aUx5E4FF3VFADwOEvP/xUAYI9JnP8BYI9pfA9wd3Eh11g6+43E7rr9UkT01eJvXN+sPdJdv2bXV70O2n83ie76FdHYwetdgxHx2bdvfpku0abrkABreftaRFwcGFzd/yer5ixs1clNlBlckdf/we75Lh3/PLfW+C+zNP6JpfHPst41jt3tGIzY15xfffxnbq654Ys7UHl9/PdCbW5bGmjT+G9p0tpAVz33nzRzNCImCvm0b/tvRByLnt5LE4X8qRZ1HLvzz531Hmse//1x/a0v0vrT/8slMje7e+/fZmy0PPogMTe7fS3iye7luX33VvX/fdWx7sr9n6473+qJjy4nX33+vU/XK5bGn8bbWFbH316VzyOeirXjb0hazk8cSnf/ydrftev45udP+terv3n/p0taf+OzwG5I939/6/gHkub5mqWdrX/j+Nd+/+9L3qimG53H1dFyeeZUxL7ktdXrTy9v28g3yqfx1yJdGX+m5fs//SR4cZMxdt/67avtx7+kLVMs0/jHtrT/t564cW+ya/vxp/t/uJo6Vl+zmf5vsw18kNcOAAAAAAAAAAAAAAAAAAAAAAAAADYrExEHI8lkl9KZTDZbu4f3/6M/UyiWyscvFWenx6J6r+yB6Mk0furyUC2fNH7/dKApf3pF/pmI+F9EfNy7v5rP5oqFsU4HDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB1B9a5/3/q195Otw4AaJu+DUvcyd+XrVQqlTa2BwBov43P/wDA46bF+X//brYDANg9Pv8DwN7j/A8Ae4/zPwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG12/ty5dKn8tbiQS/NjV+ZmJ4tXTozlS5PZqdlcNlecuZwdLxbHC/lsrji10fMVisXLwzE9e3WonC+Vh0pz8xemirPT5QsTU6Pj+Qv5nl2JCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC2pjQ3PzlaKORnHovE+xHxEDSjHYkkHopmdCTxy4mfDrcqc32Dt/HIQxHFI5bodM8EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Gj4NwAA//8PbSWm")
bpf$PROG_LOAD(0x5, 0x0, 0xfffffffffffffee7)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES8], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000000e00)=ANY=[@ANYBLOB="18000000030000000000000026d0000095002b000000000093adffa87d2255f674412d020000000000005ab527ee3697f1ec4436dd1164aa93cc5800075557165397000a63f6b9b3f427f6ba6b34f98125f30e697fffffffffffffffa30b273683626e0003254d570dca6b78ad833488cfe4109eaf009edd3e69613d3cd6aaa300006eee8501000000520a0000151d010000000100bf00000000cc587424363dc6ad7f3bbd424c6e6cafbe9309aba218a52001a3cd000041f0db74596fd72c002a60c1bc7dc8c38b7d2e13c50424b9dd1145d03ff45f70685c6bd9ff41c69b7de4758c1096a1dc52f29e470a000517ebc406e89dcbb7677e6528b0856e31ed9474ac24cf609068f645ce971fc0480737a55ebb0bd701f7ff21e88b3cfc22df01e4bac9d97328fa2a82b5e8741e02056d933bed759ff232cebc68b91af50479387467824262852c7939db5672d07cdbe8e14abf56497e5d56d06c759da324a39f7f51b870b2851c3f0a1aab71587a21c8f1b3369ebfcba105a6ccdd01b0f04edb256c604f068773f6ff000000000000006ffbfe5ca32142b0195531458b7d1e341c6f864f983d745f5865aad41d2915aae7602a2d6cd415e8351ebc4223f54d6bec664709ff03f1aa3dc7f1580ace9bf2afd28d7157e67fb98d121ad6eb372713255012e028cb2654d493a0b4b35faae176c89b745eda2967199cc936859a537e8e4871d4acf3e3dc10e13ef227f627a40000ad1fa253d33fa74f172d3407ae4e1e347c0cff28235a3cbb5d33b09bc30cf2880c586272c3f4d79bc36305745cb1cb385e6add14652003c7cdd3324f07d134d3ed07f1c10900000009dd872ec66ea6c718bbd1aa59114000f0be4c6f8df084c5e9734ae30aa9afdc719bf01ab03a9b1074407136b4506000f0916a39d3057d50183612b39e73aeeb6eaf14652dda68e98ef938e6515a94a71836469e2051d9b7eb85f3f2d5ae2c51944da8d7391d6d6b97419a3b7660df4c5124ca425d374b371867a79b31c6617fc3327191fbf514573f0e30d1d60be2168fe6c2f3dccd599a2cb77f124e22f87673675805494db821f39b50d938d5fd8c6b2a3a324c257b84000000b749ccd74089ed6b86f81ca3d247d8f71d290ed1b1a11f7a67125170c88c3b6a50696332226401b110da9c786eeca22debc99335583b54c13c3130978fa069af8223b38ced735c2d905f51ca85ffa4add5647489b3960127696cf2f16625c0c102000000000000009ef52134842e64171f3963841086e3797a4825d081f2d987f05c5341877386ec55d7dc958fd235d6071619a65d4b82d9c162f3556076b80550d961ca74f1ffdaccf0ea5f02e0fca8b27ff3983ab74fd3d560700a1fbb44e77e312b3b129e000302d613916c9bcf9f0000fac73adb6bfb27f88dba816020be760f7b45e001efada800000000000000fdaf4660402f7b3b79a433e08074ea2462974ab2cbd247eb1cfa2638f56daee57ed14bc74de0fd87a9ce638190f3570e0b4c80ef682df22237270955afb6008846557ee3bc09fda6dbb6542e597300eb82a184c96ffde5a30e5433d86666cb045bdd02c804c22ff2635c7bfbf5c0d586cda5e1e88a4d41dee7cc74f822278d124638fec58faeb48afe324369cc51204158bb440df2a694f4cdcaa4f65c22f000000000000000000000000000d503d79906958102000000000000000000001ffff0ef89b2a635edb2dd163e863315e84498dfb52b7f54da6398cbedaa42cc17c4563c859656a357770289a61faa95a82bf1cfb7f2fd7252e9322abe282c3344fc6738b4467893b9bf0d1c8130ae6b226900110635376413c29f7c6f7b7e29b9f4bddd5e328661f4046e01f7d7dc22174e5e627a6f608ad53a4168d4d8f7fbc71104512efe8e5d7d934aa289b4db2b870000000000000000000000000000000000000000009b777883a0f9cf4ad155110cd3ace2b322ac31bfa27847dc99c8a69a1ea5b98e525e6393ad7fd9795170e7b11e4fa990b9386910a6a1a66a70eaff01247603c2ff49d3979676bffb3049166ab84a0f061991bd57c2566c10c282352a5105b6164e3f2491e4793e590dcc71de10da96fdff40dd44a2c9882d3aa0f8a797b8fea6efcfb5046b7679f15559cdaa977504c40b2f777acb907ebf5fc14add71d0bca37405ded69b77ab4a3d7487fd50c5e22ade17556abb722d9c085b189b5fd1f30e8dc813f60400fde1f88d830b11002135e8e7262f299ed7923bfbe00ad88be179e56b41ff3792cee2fc37eee739c3e3af923e8738d93d583a9cf00b946960fc38cf85aae7cf708f9a9d166f2e352a06d99b8be476d1cc2a53a859ae4fdab2a987925d12422474ac044ffe9fe2bf9bf9bbdf36c4ca89c516647542ac45545337829fa7039d155ebda42d4c14f4ca7f8b5d5842658c62d0a03092b94fa1b19f190000000000000000000000000000009e75a32b9fafeffd890f2759b0fe3add33fa43a4c3995458f86a926ad56b23571c46728c039cd3b4bb7d69dfa27782b953a7b81cc161912b3e5716360686e126311a7e21bfa2efd0f57b90c203528c8f620d3c7b31c7abcffae382f53500f7cd5d00159e5f741d3e2d2cbd1a04b3f39b50a4683daa7d117b7f4a149c954d69d8ab001339e464c8eb5f0c63899010757c9a3b69f4920531b83f71d5a34ef9405819afee15b77c015ea755c95127ff2274bb9a8463ce4b8c08ad70596ad2b2b044e660ed144b9dce372450ea69d25da2b6deed67fac26e765aa7d5532ba1044f62db049486acde2294127cb767c23da7d8f9844d3be5b6aa83ee4ce1876af5130efe1b64ccb6bbd349bcc0e8deec8ab3bd1b35bbc8ab8a152771744baa576b9223d26b5603a7f091be1264cabaf661fe2dbe7990a61f710f923f2337818a3983d06c11a6bee7fccb78a53c56db5c18f920d2194374db665dcadf53b8d0014e682ec721d67a7ab6c817fe53c86f8900000000000000000000000000000060b7b827c56e973a2ab5bc5c558ada68c4ec3762f5957b20b919af5d53c87de056a397bdcb614c34761e2c815698e1f9f5521a385c2910850929040a4eba573e91ca21fc855358120ecd79a5d7007693ef3ff9d2b993d114443d53c53094e516f675b2a7074584714e7a2015e05e507811b4ca89c39281c9ada5f58ceb55893cca783ab09c9a19836a3a2c715b10436a5731549e364679ecd8461a68433ab52b1108831edb9654dc602183c1170d6881647f6dca15d57fb76357d815c5f1000000000000000000f49e327c0b6e511494466cec78650f0a6267"], &(0x7f00002bf000)='syzkaller\x00', 0x4, 0x436, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x7}, 0x48)
ioctl$HIDIOCGUSAGE(r1, 0xd01c4813, &(0x7f0000000100)={0x2, 0xffffffff, 0x0, 0x2, 0x0, 0x42})

3.035967033s ago: executing program 4 (id=1166):
syz_mount_image$msdos(&(0x7f0000000140), &(0x7f0000000040)='./file1\x00', 0x8085, &(0x7f0000000000)=ANY=[], 0x1, 0x176, &(0x7f0000000300)="$eJzs27GKE1EUBuATk53d1WZrsRiwsQpqZanICuqAoqTQSmG12ZWAaUarPIW1b+ITCWJl5RUzISGaEEKYmbD5viaH/IR7TkLmcov75saH87Ph6P3weRxFdKJ3P/L43YmTuBLdqIwDALhMfqUUP1JK6XAcx1mklNruCACo28L+/9X+DwD7YO3+f6+lxgCA2jj/A8D+efnq9dMHRXH6Is+PIr6Py0E5qF6r/NHj4vR2PnEy/9TPshx0Z/mdKs8X84O4Os3vLs2zuHWzyv9mD58V/+TX4qz+8QEAAGAv9POZpef7fn9VXlUH03f+P9/34nqvkREAgA2NPn0+f3tx8e5jA8XxZMVOs4tuVnxp4WvZ2aIbO9HGdsWTb9Uvuiv91FLUMWBrjySgIfM/fdudAAAAAAAAAAAAAAAAq2x5VSiLiCVRRLbuZsFh46MCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAzJ8AAAD//7qUQBM=")
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$wireguard(&(0x7f00000001c0), r0)
sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000e80)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002dbd7000fedbdf2501000000140002007767320000000e56744e0026899c0000480008804400008008000300020000001400040015004e2464010102000000000000000024000100d1732899f611cd8994034d7f413dc957630e5493c285aca40065cb6311be696b"], 0x70}, 0x1, 0x0, 0x0, 0xc004}, 0x4000040)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f0000000140)={0x0, 0x2c0, 0x0, &(0x7f0000000180)=[0x82, 0xec66, 0xff, 0x8, 0x98bd, 0x800000000000009, 0x0, 0x100000000000004, 0x10000, 0x100, 0x9024, 0x0, 0x7, 0x5, 0x5, 0x4a, 0x3ff, 0x5, 0x0, 0x9, 0x8, 0x7, 0x1c1, 0x1000000003, 0x2, 0x2, 0x6, 0x7, 0x96, 0xffffffff, 0xffffffff00000000, 0x0, 0x4, 0x7, 0x23b, 0x3, 0x2, 0x888f, 0x4, 0xb, 0x6, 0x6, 0x1, 0xa3de, 0x20000000006, 0x8, 0x5c3e, 0x400, 0x3, 0xfffffffffffffff7, 0xfffffffffffffffa, 0x2, 0xe, 0x7, 0x8, 0xe6, 0x200000000000101, 0x5, 0x9, 0x66, 0x6, 0x7, 0x40000005, 0xfffffffeffffffff, 0xc, 0xd, 0x9, 0xe8, 0x80000000, 0xfffffffffffffc01, 0x2, 0x4, 0x2, 0xcdc, 0x7, 0x2, 0x3, 0x2, 0x5, 0xfff, 0x6, 0x4, 0x6, 0xab6, 0x0, 0x4, 0xfff, 0xfdffffffffffff81, 0x9, 0x101, 0x2000000000000006, 0x1, 0x5, 0x400000000008061f, 0x3, 0x8, 0xf6, 0x4, 0x6, 0xffffffffffffffff, 0x7, 0xe541, 0x2c, 0x18, 0x2293332d, 0x6, 0x5, 0x0, 0xd, 0x2, 0x5, 0x2, 0x2, 0x7, 0xdfd4, 0xfffd, 0x0, 0x8, 0x8, 0x1, 0x53e0f0fe, 0xfffffffffffffff9, 0x3, 0xfffffffffffffffe, 0xb692, 0xcd, 0x8, 0x3]})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4138ae84, &(0x7f0000000c40)=@arm64={0x9, 0x40, 0x3, '\x00', 0x7})
ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4400ae8f, &(0x7f0000000140)=@x86={0x5, 0x2, 0x9c, 0x0, 0x2, 0x7f, 0x9, 0x5, 0x2, 0x5, 0x5, 0x5, 0x0, 0x9, 0x8, 0xe, 0x6, 0x8, 0x7, '\x00', 0x0, 0x3f92})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
setsockopt$inet_int(r2, 0x0, 0x17, 0x0, 0x0)
connect$inet(r2, &(0x7f0000000480)={0x2, 0x4e22, @multicast1}, 0x10)
sendto$inet(r2, &(0x7f0000000040)="0f0630e7f1c5a70f77a216fafe1bcaddadf5c9ba46be3fb3b9", 0x19, 0x40000, 0x0, 0x0)
sendmmsg(r2, &(0x7f0000007fc0), 0x0, 0x0)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
r7 = socket$can_raw(0x1d, 0x3, 0x1)
r8 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt(r8, 0x65, 0x1, &(0x7f0000000580)="f1703eed80a5cf36327f0855422e842e44acfd2d892d6626f9b6257ddb353ab51522a183374ea44caa91e12e62c8cefcbce84999792f00946e257a0a61bf34a66fcd9c37890d4cb93fbf95fb07f257b5720938973d001bb405db54150f913c0941c0db011c5f16508b4f44079636abaf409ec9ed99eb22cee9bc8f5743460c5b6b30dd8f9b40f45f4889bc8b04078782dd455833d5917a2688aed1896e", 0x9d)
bind$can_raw(r8, &(0x7f0000000000), 0x10)
r9 = dup3(r7, r8, 0x0)
getsockopt$inet_pktinfo(r9, 0x0, 0x8, &(0x7f0000000340)={0x0, @dev, @initdev}, &(0x7f0000000380)=0xc)
ioctl$VT_OPENQRY(r9, 0x5600, &(0x7f0000000000))
bind$inet(r6, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
connect$inet(r6, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r6, &(0x7f0000007fc0), 0x800001d, 0x0)

2.618583588s ago: executing program 4 (id=1169):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
syz_usb_connect$cdc_ncm(0x3, 0x86, &(0x7f0000000380)={{0x12, 0x1, 0x240, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x74, 0x2, 0x1, 0x39, 0xf0, 0x4, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0x600}, {0xd, 0x24, 0xf, 0x1, 0x2, 0x0, 0x3, 0xb9}, {0x6, 0x24, 0x1a, 0xffff, 0x20}, [@acm={0x4, 0x24, 0x2, 0x7}, @mbim={0xc, 0x24, 0x1b, 0x0, 0xffff, 0x85, 0x54, 0x3, 0x61}, @mbim_extended={0x8, 0x24, 0x1c, 0x3, 0x5, 0xec1}]}, {{0x9, 0x5, 0x81, 0x3, 0x28, 0x4, 0x8, 0x9}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x10, 0x6, 0x7b, 0xc6}}, {{0x9, 0x5, 0x3, 0x2, 0x200, 0x10, 0xb, 0x2}}}}}}}]}}, &(0x7f0000000740)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x300, 0x45, 0x72, 0x4c, 0x40, 0x4}, 0x94, &(0x7f0000000440)={0x5, 0xf, 0x94, 0x2, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x9, 0x8, 0x7, 0x5}, @generic={0x85, 0x10, 0xa, "d0fbbdcb7f42e5de73c45f0bf5734d5f95b94326af4b4bfbae2c45ef9346e116459e3cb5f389015da6ef1125930c2e1be04d0a4911a40997f64a7ac1a8d326371c921a94939bba57006eb7bb6a9a4ea5b5fb0115e3fe13078c93932e1a423b9a2322383f853c79adc0e114e22442a1f7a714287ea10a8d54a58dcc563afc4d865462"}]}, 0x4, [{0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x280a}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x444}}, {0x0, 0x0}, {0x4, &(0x7f0000000580)=@lang_id={0x4, 0x3, 0x2807}}]})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000000c0)={'batadv_slave_1\x00', <r2=>0x0})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r3, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)
setsockopt$inet_mreqsrc(r3, 0x0, 0x27, &(0x7f0000000000)={@loopback, @remote, @multicast1}, 0xc)
lsetxattr$system_posix_acl(&(0x7f0000000400)='.\x00', &(0x7f0000000440)='system.posix_acl_default\x00', &(0x7f00000014c0)=ANY=[@ANYBLOB="02000000010000000000000002000000", @ANYRES16=r0, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRESOCT=0x0, @ANYBLOB="0200000024b7044271bc8ddad90387c5c2946efe7e9649178e75674dd79b0888deb2eb7ca15ac62e0dab830e5f70a4ef3bfe7d9d6591bbde7646006fb39cb9ac85cdf1b6f435d3024e2ba5afbd600e0500000000000035da146d235f1c24180fb1bdec705a2543f784fd20b46f8b48594fa0e0a7", @ANYRES32=0x0, @ANYRESHEX=r2, @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="100000000000000008"], 0x5c, 0x0)
setsockopt$inet_MCAST_MSFILTER(r3, 0x0, 0x30, &(0x7f0000000c00)=ANY=[@ANYBLOB="020000000000000002004e1fe0000002"], 0x110)
socket$key(0xf, 0x3, 0x2)
setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f00000002c0)={r2, 0x11, 0x6, @random="08d32bfb45c9"}, 0x10)
socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00', <r4=>0x0})
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
recvmmsg(r6, &(0x7f0000001640)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000004c0)=""/4096, 0x1e67}, {&(0x7f00000000c0)=""/250, 0x4}], 0x2, 0x0, 0xd64}}], 0x300, 0x34000, 0x0)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[@ANYBLOB="18000000", @ANYRES16=r5, @ANYBLOB="a787000000ff000000000b00000404000180"], 0x18}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x10000000000)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x100, {0x0, 0x0, 0x0, r4, {0x8, 0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x4)
getpeername$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0}, &(0x7f0000000240)=0x14)
connect$packet(r1, &(0x7f0000000300)={0x11, 0x1c, r7, 0x1, 0x3, 0x6, @local}, 0x14)

2.566631061s ago: executing program 5 (id=1170):
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = getpid()
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmsg$inet6(r1, &(0x7f0000003e00)={&(0x7f0000001880)={0xa, 0x4e23, 0x1, @empty, 0x1c}, 0x1c, &(0x7f0000003c40)=[{&(0x7f0000001900)='7', 0x1}, {0x0, 0x80fe}], 0x2}, 0x24048040)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='net/dev\x00')
socket$inet(0x2, 0x4000000000000001, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
preadv2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
preadv(r2, &(0x7f00000000c0)=[{&(0x7f0000000a40)=""/4096, 0x1000}], 0x1, 0x141, 0x0)
prlimit64(r0, 0x0, &(0x7f0000000000)={0x2, 0x7}, 0x0)

2.418784379s ago: executing program 0 (id=1172):
setresuid(0xee00, 0xee00, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b40500000000000071102800000000081f150000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x6, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0x1}, 0x8, 0x10, &(0x7f0000000000), 0xfffffffffffffdb7}, 0x58)

2.378674901s ago: executing program 0 (id=1173):
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x68, 0x68, 0x3, [@func_proto={0x0, 0x0, 0x0, 0xd, 0xa}, @enum={0x0, 0x1, 0x0, 0x6, 0x4, [{0x1}]}, @enum64={0xf, 0x5, 0x0, 0x13, 0x0, 0x3, [{0x9, 0x6, 0x2}, {0x9, 0x5a65, 0xe53}, {0x3, 0xffffffff, 0xfffff69c}, {0xc, 0x0, 0x2}, {0x10, 0xf, 0x2cc}]}]}, {0x0, [0x5f]}}, &(0x7f0000000f40)=""/4089, 0x83, 0xff9, 0x1}, 0x28)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x35, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x94}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x80)

2.310214996s ago: executing program 0 (id=1174):
r0 = socket$inet6(0xa, 0x80002, 0x88)
sendmmsg$inet6(r0, &(0x7f0000000dc0)=[{{&(0x7f00000001c0)={0xa, 0x4e23, 0x2, @mcast1, 0x7}, 0x1c, 0x0}}, {{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000001300)='9', 0x1}], 0x1}, 0x97ff}], 0x2, 0xc004)

2.309269836s ago: executing program 0 (id=1175):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
madvise(&(0x7f00002e5000/0x400000)=nil, 0x400000, 0xf)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r4, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
process_vm_readv(r1, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r6, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0})
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000780)=@newtfilter={0x884, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0xb, 0xfff3}, {}, {0x7, 0xffff}}, [@filter_kind_options=@f_flow={{0x9}, {0x854, 0x2, [@TCA_FLOW_POLICE={0x848, 0xa, 0x0, 0x1, [@TCA_POLICE_TBF={0x3c, 0x1, {0x5, 0x8, 0x65, 0x2, 0x4d, {0x1, 0x2, 0x2, 0x3, 0x3, 0x4}, {0x5, 0x1, 0x3, 0xab, 0x0, 0x9}, 0x2, 0x6, 0x8000}}, @TCA_POLICE_RATE={0x404, 0x2, [0x7, 0x7fffffff, 0x8, 0x7ff, 0x3, 0x2, 0x1, 0x401, 0xb9, 0xace, 0x0, 0x1, 0x9, 0x43, 0x7, 0x2, 0x0, 0x1ce00000, 0x7, 0x6, 0x103, 0x3, 0x1c000, 0x1ff, 0x2, 0x6, 0x9b16, 0x6, 0x100, 0x15a, 0xe, 0x40, 0x5, 0x4, 0x80000001, 0x4a, 0x1, 0x8, 0x99a9, 0x340d, 0x3, 0x2, 0x7, 0xd, 0x400, 0xfffffffa, 0x6, 0x100, 0x2, 0x5, 0x5, 0xe, 0xffff0001, 0x2, 0xdd1, 0x9, 0xfb, 0x4, 0xf, 0x324, 0x6, 0x3, 0x6, 0xff, 0x8, 0x401, 0x7fffffff, 0x4, 0x5, 0x800, 0x8261, 0x3, 0x6, 0x8, 0x2, 0x9, 0x4, 0x4, 0x6, 0x5, 0xf, 0x9, 0x38c8, 0x80000001, 0x4, 0xa11, 0x6, 0x3, 0x604, 0xfff, 0xab, 0x7, 0x5, 0x8, 0x1, 0x9, 0x401, 0x0, 0x4, 0x1ff, 0x4, 0x17, 0xffffff7f, 0x7c, 0x4, 0x4, 0xa42, 0xfffffff7, 0x4, 0x5b564ea6, 0xaa32, 0x2, 0x2, 0x4000008, 0x1ff, 0x5, 0x3, 0x7, 0x6, 0xfffff000, 0x12aeb60c, 0x4, 0xbb6, 0x1, 0x3, 0x5, 0x2, 0x3, 0x85, 0x10, 0x1, 0x5, 0x1, 0x4, 0x6, 0xf65, 0x1d7, 0x9, 0x100, 0x1000000, 0x0, 0xc2, 0x1, 0x3, 0xffffffff, 0x1ff, 0x1, 0x30bb, 0x7, 0x40, 0xfffffff8, 0x5, 0x2, 0x1, 0x8, 0x8000, 0x5, 0x4, 0x31e, 0xffff8001, 0x6, 0xff, 0xa, 0x1ff, 0x9, 0x7, 0x7, 0x2, 0x412, 0x6, 0xf441, 0x6, 0x1, 0x7, 0x89, 0x3, 0x5, 0x0, 0x9, 0x7, 0x1, 0x4, 0x0, 0x4, 0x4, 0x200, 0x1, 0x720a, 0xffff, 0xfff, 0x9, 0x7fff, 0x8, 0x3ac8efcb, 0x8, 0xf2c, 0x7, 0x80000000, 0x12, 0xfffff802, 0x2e4, 0x7, 0xfffffff9, 0x400, 0x4, 0x30, 0x10000, 0xfd, 0x4, 0x1, 0x5, 0x7, 0x0, 0x7, 0x43, 0x0, 0x0, 0x1, 0x7, 0x0, 0x8, 0x3, 0x6, 0x0, 0x10001, 0x0, 0xe9, 0x5, 0x1, 0x8d, 0xaacc, 0x6f, 0x7fffffff, 0x5, 0x6, 0x2, 0x10001, 0x4, 0x10000, 0x9, 0xe, 0x45e8, 0x9, 0xfffffff8, 0x6, 0x100, 0x5, 0xe, 0x73d, 0x31, 0x3, 0x0, 0x2, 0x3, 0xb70, 0x3]}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0xfffffff7, 0x5, 0x7, 0x4, 0x2, 0x6, 0x1, 0xfb0, 0x8, 0x3, 0x5, 0x3, 0x0, 0x4, 0x9a, 0x9, 0x7, 0xfff, 0x7, 0x40, 0x5, 0x7fff, 0x6c, 0x3, 0x5, 0x7ff, 0x4, 0x2, 0x7, 0x2, 0x83b, 0x2, 0x3b, 0x4, 0x0, 0x4, 0x9, 0xc, 0x1cabbb02, 0x4, 0x4, 0x2, 0x8001, 0x7fff, 0x80000000, 0x10000, 0xffff8906, 0x7fffffff, 0x0, 0x0, 0x9, 0xc0000000, 0x2, 0x6, 0x83, 0x3, 0x10000, 0x3, 0x1, 0x6, 0x0, 0x1, 0x100, 0xcc2, 0x3800, 0x6, 0x18, 0x0, 0xfffffe00, 0x3, 0x6, 0x4, 0x3, 0x7, 0x1, 0xfffffffc, 0x8e4, 0xf5c1, 0x1, 0x5077, 0x3, 0x5, 0x7fff, 0x2, 0x4, 0x2, 0x3, 0x401, 0x6, 0x40, 0x7, 0x95, 0x5, 0x200, 0x1, 0x2, 0x7ff, 0x4, 0x8, 0xb, 0x0, 0x2, 0x0, 0xd266, 0x4, 0x0, 0x10001, 0x2, 0x101, 0x401, 0x200, 0x6, 0x1, 0x4a, 0x8, 0x2, 0xfffffffe, 0x14e, 0x4, 0x3, 0x1, 0x2, 0x94e6, 0xfffffbff, 0x5, 0x2, 0xfffd, 0xc, 0x4, 0x2, 0x40800000, 0x1f, 0x4, 0xffffffff, 0x800, 0x7, 0x3ff, 0x7ff, 0x101, 0x10, 0x5, 0x374, 0xc2f, 0x3, 0xffffff81, 0xfffffff7, 0x6, 0x8000, 0x8, 0x1, 0x1, 0x200, 0xcae, 0xc64, 0xffff, 0x7fff, 0x1, 0x8, 0x3c0, 0x9, 0x0, 0x6d5, 0xfffffff3, 0x9, 0x476b3752, 0xff, 0x0, 0x9, 0x7ff, 0x4, 0x3, 0x4, 0x7, 0x7249, 0x7, 0xffff8001, 0x95f, 0x8, 0x0, 0x1000, 0x800, 0x0, 0xfff, 0xf2, 0x0, 0x3, 0xffff, 0x103, 0x0, 0x8000, 0x9, 0x4, 0xcc6, 0xffe01000, 0x22, 0xd56, 0xfffffff0, 0x3bb8, 0x10, 0x140, 0x81, 0x9, 0x40, 0x2, 0x2, 0x4, 0x3, 0x0, 0x3, 0xf, 0x0, 0xc527, 0x9, 0x8, 0x1, 0xffff86fd, 0x7, 0x2, 0x8, 0x3, 0x9, 0x5, 0x0, 0x4, 0xc12, 0x7f, 0x0, 0x0, 0x80000000, 0x6f3, 0x7, 0x9, 0x7, 0x9, 0x4, 0x2, 0xc9, 0xaf8, 0x3, 0x80000000, 0xad8c, 0x4, 0x2, 0xea9, 0x9, 0x5, 0x1, 0x4, 0x8, 0x5, 0x10000, 0x3, 0x7fb, 0xdbbb, 0x4, 0x2]}]}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1}]}}]}, 0x884}, 0x1, 0x0, 0x0, 0x20041090}, 0xd0)
ustat(0x81, &(0x7f0000000000))
get_robust_list(r0, 0x0, 0x0)

1.705525761s ago: executing program 5 (id=1176):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0xc0ed0040, &(0x7f0000002a00)={[{@noblock_validity}, {@resgid={'resgid', 0x3d, 0xee00}}, {@acl}, {@noload}, {@journal_dev={'journal_dev', 0x3d, 0x3}}, {@nodiscard}]}, 0xfe, 0x472, &(0x7f0000000940)="$eJzs3MtvG8UfAPDvOk6a9PFLf6U8WloIFETFI2nSBz1wAYHEAQQSHIo4BSetSt0GNUGiVQSBQxDigCpxRxyR+As4wQUBJySucEeVEMqlhZPRenfTxLVDHk6c4s9H2nZmd92Z786OPTtjN4CuNZT+kUTsjohfI2Iwyy4/YSj76+bCbOWvhdlKErXaa38m9fNuLMxW8n9i8XW7sh21Wp7f0aTc+TcjxqvVyct5fmTm4jsj01euPnX+4vi5yXOTl8ZOnz5x/HDfqbGTbYkzjevGwfenDh148Y1rL1fOXHvrx6/T+u7OjxdxtNNQdnWberTdhXXYniXppNzBirAmabulzdVb7/+D0RMDi8cG44WPOlo5YFPVarVas8/n3FwN+A9LotM1ADqj+KBPn3+LbYuGHtvCH89mD0Bp3DfzLTtSjlJ+Tm/D82079UfEmbm/v0i32KR5CACApb5Nxz9PNhv/leKeJef9L19D2RsR/4+IfRFxV0Tsj4i7I+rn3hsR962x/MYVktvHP6Xr6wpsldLx3zP52tby8V8x+ou9PXluTz3+3uTs+erksfyaHI3eHWl+dNlLlvvu+V8+a9z3aT7NPrRk/JduafnFWDCvx/VywwTdxPjMeFuCT+P/MOJguVn8SRTLOElEHIiIg+ss4/zjXx1qdezf419BG9aZal9GPJa1/1w0xF9IWq5Pjj59auzkSH9UJ4+NFHfF7X76ef7VVuVvKP42SNt/Z9P7P4s/fUZM+iOmr1y9UF+vnV57GfO/fVxJWhzbv877vy95vZ7uy/e9Nz4zc3k0oi95Kc0OLNs/duu1Rb44P43/6JHm/X9f9nhWvxL3R0R6Ex+OiAci4sG87R6KiIcj4sgK8f/w3CNvtzrWuv1XmJVvozT+iRXaP33LS1O32n/tiZ4L33/Tqvzaqtr/RD11NN+zmve/1VZwI9cOAAAA7hSl+nfgk9LwYrpUGh7OvsO/P3aWqlPTM0+cnXr30kT2Xfm90VsqZroGl8yHjuZzw0V+rCF/PJ83/rxnoJ4frkxVJzodPHS5XS36f+r3nk7XDth0fq8F3Uv/h+6l/0P30v+he+n/0KX6mu/+YKvrAXTE2j//+zelHsDWM/6H7qX/Q/fS/6ErtfxtfGlDP/m/UxPl7VGNpomB7VGNIhGlbVGN9iVe+STrEtulPkWivOr/zGKdiR1ND3X6nQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA9/gkAAP//Uo/mdg==")
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000000))
r0 = socket(0xa, 0x2, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, 0x0)
mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x7fa962bfffff, 0x13012, 0xffffffffffffffff, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2241, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000010024bd7000fc0ddf2500000000", @ANYRES32=0x0, @ANYBLOB="1b0b04000300000008001b"], 0x28}, 0x1, 0x0, 0x0, 0x68010}, 0x0)
write$tun(r1, &(0x7f00000023c0)=ANY=[@ANYBLOB="0083080057e01900090066ff03100fb83a01fe800000000000000000000000000038ff02000000000000000000000000000101"], 0xfea)

1.525150531s ago: executing program 5 (id=1177):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00'})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c00"], 0x48)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
r4 = syz_open_dev$vcsu(&(0x7f0000000240), 0x0, 0x280)
ioctl$PPPIOCGL2TPSTATS(r4, 0x80487436, &(0x7f0000000380)="b3e6b9c3735e83ded182ca696a78f345")
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r5 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'lo\x00', <r6=>0x0})
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=@ipv6_newaddr={0x34, 0x14, 0x20, 0x70bd2c, 0x25dfdbff, {0xa, 0x78, 0x2, 0x0, r6}, [@IFA_LOCAL={0x14, 0x2, @loopback}, @IFA_FLAGS={0x8, 0x8, 0x1a4}]}, 0x34}, 0x1, 0x0, 0x0, 0x8080}, 0x20000000)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x81c0, 0x8103)
syz_mount_image$fuse(0x0, &(0x7f0000000000)='./bus\x00', 0x300f401, 0x0, 0x2, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
lsetxattr$security_ima(&(0x7f0000000040)='./file1\x00', &(0x7f0000000080), 0x0, 0x0, 0x1)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x101000, 0x0)
getdents64(r7, 0x0, 0x0)
lseek(r7, 0x3, 0x1)
getdents64(r7, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'lo\x00', <r8=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000840)={&(0x7f00000002c0)=@getchain={0x24, 0x66, 0xfcd66a900070b359, 0x1, 0x0, {0x0, 0x0, 0x0, r8, {0x8}, {}, {0x0, 0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x24000811}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x4e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x90)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r10 = socket$inet6_tcp(0xa, 0x1, 0x0)
r11 = dup(r10)
ioctl$SIOCSIFHWADDR(r11, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
write$tun(r9, &(0x7f0000000100)=ANY=[@ANYBLOB="00006001aaaaaaaaaaaabbbbbbbbbbbb8100000008004dae003c006400000606907800000000ac14141b0000"], 0x52)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.426356957s ago: executing program 0 (id=1178):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x48b, &(0x7f0000000140)={[{@jqfmt_vfsold}, {@usrjquota, 0x22}, {@max_dir_size_kb}, {@noload}, {@data_err_ignore}, {@usrjquota, 0x22}, {@errors_continue}, {@errors_remount}, {@journal_checksum}]}, 0x1, 0x468, &(0x7f00000004c0)="$eJzs3MtvG8UfAPCvX0mfv/hXyqOlhdCCqHgkTfqgBy5FIHEACQkORZyCk1alboOaINEqgsKhHFH/AsQRiQNnLpQLAk5InJDgjpAiFCFROBmtvRvcxE7jxIlL/PlIm8x4xpr57u7Y41mvA+hbw8mfXMSuiPg5IoYa2dsrDDf+3VqYq/y1MFfJRa326u+5er0/F+YqWdXseTsbmVpthXavvxExUa1OXU7zo7MX3x6duXL16fMXJ85NnZu6NH7q1PFjBwdOjp/oNKSBVg/uTvq6/73pA/tefP3Gy5UzN9787vOkv7vS8uY4umW4sXebDWaJx7rdWI/tbkrnij3sCB0pRERyuEr18T8Uhdi+WDYUL3zY084BG6pWy9cG2xdfqwFbWDJRB/pR9kaffP7Ntk2aetwV5k831i3+ODRXubXQ2BolxcindUrpZ6SNMBwRZ679/UmyxQatQwAANLt5OiKeajX/y8d9TfX+l14bKkfE/yNiT0TcExF7I+LeiHrd+yPigQ7bX3qFZPn8pza0psBWKZn/PZte27p9/pfN/qJcSHO76/GXcmfPV6eOpvvkSJQGk/zYCm18/fyPH7cra57/JVvSfjYXTPvxW3HJAt3kxOzEemJuNv9BxP5iq/hzi3PeZH68LyL2r7GN8098dqBd2Z3jX0EXJuW1TyMebxz/a7Ek/kyu7fXJsWdOjp8Y3RbVqaOj2Vmx3Pc/XH+lXfvrir8L5m/WYker87+8GH85ty1i5srVC/XrtTOdt3H9l4/afqZZ6/k/kHutns4u9r47MTt7eSxiIPfS8sfH/31uls/qJ+f/kcOtx/+e9DnJnngwIpKT+GBEPBQRD6d9fyQiDkXE4RXi//a5R9/qPP4VVuW7KIl/suXrX9Pxj+bj33micOGbLzuPP5Mc/+P11JH0kdW8/q22g+vZdwAAAPBfka9/Bz6XH1lM5/MjI43v8O+NHfnq9Mzsk2en37k02fiufDlK+Wyla6hpPXQsXRvO8uNL8sca68Y/FQvb6/mRynR1stfBQ5/b2Wb8J34t9Lp3wIZzvxb0L+Mf+pfxD/3L+If+ZfxD/2o1/t/vQT+AzXeH9//tm9UPYPOZ/0P/Mv6hfxn/0Jfa3hufX9ct/x0kIspfJD3ZjLa2fuKrgfX9VsPqE5G/S0LeMolStCwqrvrHLNaYGGxZ1OtXJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgO74JwAA//9QNd/y")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(0x0, r1, 0x0)
prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil)
prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x6)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00')
read$FUSE(r2, &(0x7f0000003440)={0x2020}, 0x2020)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000e00)={&(0x7f0000000c40)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x3, [@struct={0x2, 0x1, 0x0, 0x3, 0x0, 0x0, [{}]}]}, {0x0, [0x0]}}, &(0x7f0000000d00)=""/198, 0x33, 0xc6, 0x1}, 0x20)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r4, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10)
r5 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r5, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @mcast1, 0x1}, 0x1c)
r6 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000180), 0xffffffffffffffff)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$devlink(&(0x7f00000002c0), r2)
sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(r7, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000300)={0x14, r8, 0x800, 0x70bd27, 0x35dfdbeb}, 0x14}, 0x1, 0x0, 0x0, 0x2010}, 0x0)
sendmsg$SEG6_CMD_SET_TUNSRC(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="28000400", @ANYRES16=r6, @ANYBLOB="010027bd7000ffdbdf250300000014000100fe80000000000000000000000000000b"], 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x20040000)
sendmsg$SEG6_CMD_DUMPHMAC(r2, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="080025bd7000ff40df25020000000500060004b40007000000"], 0x24}, 0x1, 0x0, 0x0, 0x22008044}, 0x20008081)

1.425673857s ago: executing program 0 (id=1179):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)={0xb0, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x35}}, {0x8, 0x2, @rand_addr=0x64010100}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x97, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}]}, @CTA_FILTER={0x0, 0x19, 0x0, 0x1, [@CTA_FILTER_ORIG_FLAGS={0x0, 0x1, 0x60}]}, @CTA_NAT_DST={0x2c, 0xd, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @remote}]}]}, 0xb0}, 0x1, 0x0, 0x0, 0x200040c0}, 0x24004004)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x0, 0x0)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x0, 0x0)
ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f0000000040)=0x800000)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000040)=0x4)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
pipe2$9p(&(0x7f0000000200)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
fadvise64(r4, 0x8, 0xffffffffffffffff, 0x2)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_SET_DEF(r5, 0x4b72, &(0x7f0000000000)={0x2, 0x1, 0x8009c, 0x13, 0x43, 0x0})
sendmsg$nl_xfrm(r3, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000000)=ANY=[@ANYBLOB="48010000100001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac141400000000000000000000000000000000003200000000000000000000000000000000000000000000000000000000000000000000000000001eb900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000004c00120073657169762863636d28626c6f77666973682d61736d29290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000c0008"], 0x148}}, 0x0)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r6, 0x0, 0x2a, &(0x7f0000000600)={0x2, {{0x2, 0xfffc, @multicast1}}}, 0x88)
setsockopt$inet_group_source_req(r6, 0x0, 0x2f, &(0x7f0000000780)={0x2, {{0x2, 0x4e21, @multicast2}}, {{0x2, 0x0, @private=0xa010100}}}, 0x108)
r7 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xca03, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x40, 0xb1, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x101, 0xfd, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x3cf, 0xc}}}}}]}}]}}, 0x0)
syz_usb_control_io(r7, 0x0, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x1c, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_BLACKHOLE={0x4}]}, 0x1c}}, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="2c0000006800010002000000a01cff7f00000000000000000c00020001000000040000000800010001000000"], 0x2c}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000)
syz_usb_control_io(r7, &(0x7f0000000340)={0x2c, &(0x7f0000000040)={0x20, 0xa, 0x5, {0x5, 0xf, "00f400"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
ioctl$HIDIOCGRDESC(0xffffffffffffffff, 0x90044802, 0x0)

1.421924208s ago: executing program 5 (id=1180):
r0 = socket$inet6(0xa, 0x80003, 0x6)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
syz_emit_ethernet(0x4a, &(0x7f00000004c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6000000000140600fe80fe800000000000000000000000bbfe8000000000000000000000000000aa"], 0x0)

1.337657872s ago: executing program 5 (id=1181):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x540, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd(0xc2)
r3 = socket(0x1e, 0x4, 0x0)
r4 = socket(0x1e, 0x2, 0x0)
setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2}, 0x10)
sendmmsg(r3, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x3514}], 0x1}}], 0x400000000000181, 0x9200000000000000)
r5 = dup3(r4, r3, 0x0)
recvmmsg(r5, &(0x7f0000008840)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000040)=""/8, 0x8}], 0x1}, 0xffffffff}], 0x1, 0x40000001, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
r7 = socket(0x1e, 0x4, 0x0)
r8 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r8, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
setsockopt$packet_tx_ring(r7, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2}, 0x10)
close_range(r6, 0xffffffffffffffff, 0x0)
r9 = eventfd(0x80000000)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x80004f000, 0xffff1000, 0x8, r9})
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1f)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000000)={0x7a, 0x3000, 0x0, r2})
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000b40)={&(0x7f0000000340)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x8, [@func={0x4, 0x0, 0x0, 0xc, 0x1}]}, {0x0, [0x61, 0x0, 0x2e, 0x2e, 0x61, 0x5c]}}, &(0x7f0000000400)=""/220, 0x2c, 0xdc, 0x1}, 0x28)

1.286516155s ago: executing program 5 (id=1182):
r0 = socket$key(0xf, 0x3, 0x2)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'macvtap0\x00'})
sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="02020003110000000000000000000000050018"], 0x88}}, 0x0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da07000000000001090224000100000000090400000903000000092100000001222200090581030800"], 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0xc0010020, 0x0, 0x6}]})
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="00222200000096230600000000000000002a9000070900be0083002f00000b09007a150b5d8c3dda3922387066d01fdbefdd62d1d57c41707dcc6217c35abf15760532987522ac3c8f71101777a0218fe8990db8be6151baed156e787e52f53d5605b0c16df471af6dd96e166cd1461afada24953c805f4b20371dacb4df732a3f8081b3aa3aee6085fbb0d32dbd1196490461c6d8209e"], 0x0}, 0x0)
syz_usb_ep_write(r1, 0x81, 0x7, &(0x7f0000000000)='BBBBBBB')
syz_usb_connect(0x2, 0x3b, &(0x7f0000000000)=ANY=[@ANYBLOB="12010102a39ab910b80c0bc9ae0d01020301090229000101f8400409048afc0101033e080724010205050009050c"], &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0})

981.939993ms ago: executing program 2 (id=1183):
r0 = fsopen(&(0x7f0000000940)='ramfs\x00', 0x1)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000180)={0x0, 0x0, 0x71, 0x7fff, 0x19, "0062ba7d82000000000000000000f7ffffff00"})
syz_open_pts(r1, 0xc0000)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x0, 0x6)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x15)
socket(0x10, 0x3, 0x0)
socket$unix(0x1, 0x2, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x103081, 0x0)
syz_usb_connect$uac1(0x3, 0xdc, 0x0, 0x0)

553.946048ms ago: executing program 4 (id=1184):
socket$netlink(0x10, 0x3, 0xd8e6bc4c30ce9d36)
socket(0x25, 0x800, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r1 = syz_clone(0x1940380, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r1)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
ptrace(0x10, r1)
ptrace$getsig(0x4202, r1, 0x4, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x1000)=nil, 0x1000, &(0x7f00000000c0)='/dev/input/event#\x00')
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x3, &(0x7f0000000040)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f0000003500)=[{{&(0x7f0000000300)=@ethernet={0x0, @local}, 0x80, &(0x7f0000000280)=[{&(0x7f0000001480)=""/4096, 0x1000}], 0x1}, 0x4}, {{&(0x7f0000000400)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000940)=[{&(0x7f0000000540)=""/110, 0x6e}, {&(0x7f00000005c0)=""/120, 0x78}, {&(0x7f0000000480)=""/56, 0x38}, {&(0x7f0000000640)=""/61, 0x3d}, {&(0x7f0000002480)=""/4096, 0x1000}, {&(0x7f00000007c0)=""/189, 0xbd}, {&(0x7f0000000880)=""/138, 0x8a}], 0x7}, 0x3}, {{&(0x7f00000009c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private1}}}, 0x80, &(0x7f0000000ac0)=[{&(0x7f0000000a40)=""/95, 0x5f}], 0x1, &(0x7f0000000b00)=""/11, 0xb}, 0x91}, {{&(0x7f0000000b40)=@xdp, 0x80, &(0x7f0000000c80)=[{&(0x7f0000000bc0)=""/130, 0x82}], 0x1, &(0x7f0000000cc0)=""/47, 0x2f}, 0x4}, {{0x0, 0x0, &(0x7f0000000d80)=[{&(0x7f0000000d00)=""/74, 0x4a}], 0x1, &(0x7f0000000dc0)=""/11, 0xb}, 0x737}, {{&(0x7f0000000e00)=@vsock={0x28, 0x0, 0x0, @local}, 0x80, &(0x7f0000000f00)=[{&(0x7f0000000e80)=""/95, 0x5f}], 0x1, &(0x7f0000003480)=""/78, 0x4e}, 0xefeb}], 0x6, 0x0, 0x0)
lstat(&(0x7f0000000180)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x10, &(0x7f0000000680)={[{@nogrpid}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x1}}, {@orlov}, {@commit}, {@grpjquota_path={'grpjquota', 0x3d, './file0'}}, {@sb={'sb', 0x3d, 0x3}}, {@data_err_ignore}], [{@permit_directio}, {@dont_measure}, {@seclabel}, {@uid_lt={'uid<', r5}}, {@fscontext={'fscontext', 0x3d, 'sysadm_u'}}, {@pcr={'pcr', 0x3d, 0x22}}, {@obj_user={'obj_user', 0x3d, '{'}}, {@fscontext={'fscontext', 0x3d, 'sysadm_u'}}, {@measure}, {@smackfsdef={'smackfsdef', 0x3d, 'auto_da_alloc'}}]}, 0x4, 0x501, &(0x7f0000000f40)="$eJzs3b9vHFkdAPDvjL22z7c55+AKQMCF4yCgKOsfubNOR0GuAaEoEiKiokiMvbEs72Ytrx1ik8Ip6ZGIRAV/Ah0FUioKOjroaEKBFCACxUgUi2Z2Yi+21+sQ24u9n480nnnvbfx9bzfvvZkXOy+AgXUpIrYiYiQi7kTERJGfFEdcbx/Z6148fzi//fzhfBKt1q2/JXl5lhcdfybzZvE9xyLie9+O+GGyP25zY3N5rlarrhbpybX6ymRzY/PqUlrkzMxOz059dO3DmWNr67v1Xz371tKN7//m1194+vutr/84q1b5Jxfyss52HKd200tR7sgbjogbJxGsT4aLvz+cPVlv+1REvJf3/4kYyj9NAOA8a7UmojXRmQYAzrvs+b8cSVop1gLKkaaVofa9wDsxntYazbUrE431ewuRr2FdjFJ6d6lWnSrWCi9GKcnS0/n1bnpmT/paRLwdET8dfSNPV+YbtYW+3fUAwGB7c8/8/8/RNK1U+l0rAODEjb3i6/2IAACcfa86/wMAZ5/5HwAGzyvM/5b+AeCc8PwPAIPH/A8Ag6fn/P/odOoBAJyK7968mR2t7eL/v164v7H+jfL9qwvV5nKlvj5fmW+srlQWG43FWrUy32r1+n61RmNl+oOdZHNj83a9sX5v7fZSfW6xertaOuH2AAC9vf3ukz8mEbH18Rv5ER17OZir4XxL+10BoG+G+l0BoG/8Pg8MriM841sGgHOu2KK36zauXX9E6LHNX+GsuvxZ6/8wqKz/w+D639b/v3ns9QBOn/V/GFytVmLPfwAYMNb4gaRH+aH//g8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADqpwfSVrJ9wLfyr6mlUrEhYi4GKXk7lKtOhURb0XEH0ZLo1l6ut+VBgBeU/qXpNj/6/LE++W9pSPJv0bzc0T86Oe3fvZgbm1tdTrL//tO/trjIn9mpB8NAAA6Xd+f1Z6ni3PHg/yL5w/nXx6nWcVnn7Q3F83ibhdHu2Q4hvPzWJQiYvwfSZFuy+5Xho4h/tajiPjMbvsfdEQo52sg7Z1P98bPYl84gfi77//e+Ol/xU/zsuxcyt+LTx9DXWDQPPmkPU4WfS/rYkX/S+NSfj64/4/lI9Trezn+be8b/9Kd8W9oX/wk7/OXdtKH1+TZB7/9zr7M1kS77FHE54YPip/sxE+6jL/vH7GNf/r8F9/rVtb6RcTlODh+Wz0fZifX6iuTzY3Nq0v1ucXqYvXezMzs9OzUR9c+nJnM16jbX393UIy/fnzlrW7xs/aPd4k/1qP9Xzli+3/57zs/+NIh8b/25YM//3cOiZ/NiV89Yvy58etdt+/O4i90aX+vz//KEeM//fPmwhFfCgCcgubG5vJcrVZd7XGR3Wv2eo2Ls3kRWxH7il7efp96fUbi/+RtGfCLPg9MwInb7fT9rgkAAAAAAAAAAAAAANBNc2NzeTRO9teJ+t1GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzq//BAAA//+gpspm")
lsetxattr$security_selinux(&(0x7f00000001c0)='.\x00', 0x0, 0x0, 0x0, 0x0)
socket(0x1e, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_mems\x00', 0x275a, 0x0)

389.777487ms ago: executing program 2 (id=1185):
write$UHID_CREATE2(0xffffffffffffffff, 0x0, 0x118)
mmap(&(0x7f0000ff4000/0xc000)=nil, 0xc000, 0x1000007, 0x20031, 0xffffffffffffffff, 0xffffe000)
mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000ffa000/0x2000)=nil)
remap_file_pages(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x7, 0x80000)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="02000000040000000400000008"], 0x48)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001140)=ANY=[@ANYBLOB="400000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="210000000000000018000b80080001007674690040008f028008000400ac1414bb0800040009000098b98d98ab0aa7d9d6646bc46031c3cede1f42262a0f87f8874c794beed91ba7d7adb687991c4aebfac02d77cadce47f8fc22e9f"], 0x40}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0c00000004000000040000000900000000000000", @ANYRES32=r0], 0x48)
syz_mount_image$exfat(&(0x7f00000009c0), &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f0000001040)=ANY=[@ANYBLOB="757466382c756d61736b3d30303030300500000000000000e1ce010100003030308337d318303037373737352c", @ANYRESHEX=0xee01, @ANYBLOB=',iocharset=euc-jp,errors=remount-ro,utf8,iocharset=maccroatian,dmask=00000000000000000000003,time_offset=0x0000000000000006,errors=remount-ro,umask=00000000000000000000006,errors=remount-ro,\x00'], 0x1, 0x152b, &(0x7f0000002f80)="$eJzs3AmYjtXbAPD7Puc8Y0zS2yTLcM65H95kOSZJsiTJkiRJkmRLSJrkLwmJIVvSkIRkGZJlCMkyMWns+74kJEmTJCHZkvNdir/66r8vvuub+3ddzzXnfs9zn+c87/0+8yyzfNN5SI1GNas2ICL4l+AvX5IBIBYABgDANQAQAEDZ+LLxF/pzSkz+1zbC/r0eSrvSM2BXEtc/e+P6Z29c/+yN65+9cf2zN65/9sb1z964/oxlZ5umFbiWl+y78PP/7IzP//+PZJUa88WaUtd3AYj5e1O4/tkb1///reDvWYnrn71x/bOr2Cs9AfZ/AB//2UGOv9jD9c/euP6MZWdX+vnzf36Rf7UfItnhPfgr+88YY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjP0XnPaXKQC41L7S82KMMcYYY4wxxti/j89xpWfAGGOMMcYYY4yx/zwEARIUBBADOSAWckIcCAC4GnLDNRCBayEeroM8cD3khXyQHwpAAhSEQqDBgAWCEApDEYjCDVAUboRiUBxKQElwUAoS4SYoDTdDGbgFysKtUA5ug/JQASpCJbgdKsMdUAXuhKpwF1SD6lADasLdUAvugdpwL9SB+6Au3A/14AGoDw9CA3gIGsLD0AgegcbwKDSBptAMmkOLfyr/BegOL0IP6AnJ0At6w0vQB/pCP+gPA+BlGAivwCB4FVJgMAyB12AovA7D4A0YDiNgJLwJo+AtGA1jYCyMg1QYDxPgbZgI78AkmAxTYCqkwTSYDu/CDJgJs+A9mA3vwxyYC/NgPqTDB7AAFkIGfAiL4CPIhMWwBJbCMlgOK2AlrILVsAbWwjpYDxtgI2yCzbAFtsI22A474GPYCZ/ALtgNe/5cv38k/9Sv8j+FvdAFAQEFClSoMAZjMBZjMQ7jMBfmwtyYGyMYwXiMxzyYB/NiXsyP+TEBE7AQFkKDBgkJC2NhjGIUi2JRLIbFsASWQIcOEzERS+PNWAbLYFksi+WwHJbHClgBK2ElrIyVsQpWwapYFathNayBNfBuvBt7YW2sjXWwDtbFupceT2EDbIANsSE2wkbYGBtjE2yCzbAZtsAW2BJbYitshW2wDbbFttgO22ESJmF7bI8dsAN2xI7YCTthZ+yMXbArds16IQfgi/gi9sRqohf2xt7YB1Ny9MP+2B9fxoH4Cr6Cr2IKDsYh+Bq+hq/jMDyJw3EEjsSRWFm8haNxDJIYh6mYihNwAk7EiTgJJ+NknIppOA2n43ScgTNxJr6Hs/F9fB/n4lycj+mYjgtwIWZgBi7CU5iJi3EJLsVluByX4UpchStxDa7FNbge1+NG3IibcTNuxa24Hbfjx6gA8BPcjbsxBffiXtyH+3A/7scDeACzMAsP4kE8hIfwMB7GI3gEj+IxPI7H8ASewJN4Ck/jaTyLZ/EcPpfwVcOPi69OAXGBEkrEiBgRK2JFnIgTuUQukVvkFhEREfEiXuQReURekVfkF/lFgkgQhUQhYYQRJMIYABBRERVFRVFRTBQTJUQJ4YQTiSJRlBalRRlRRpQVt4py4jZRXlQQrV0lUUlUFm1cFXGnqCqqimqiuqghaoqaopaoJWqL2qKOqCPqirqinnhA1Be9sB8+JC5UppEYjI3FEGwimgp58QhoKYZhK9FatBFPiBE4HNuJli5JPC3ai9HYQfxJjMFnRScxDjuL50UX0VV0Ey+I7qKV6yF6iknYS/QWU7GP6Cv6if5iBlYX7+HsnDXEqyJFDBZDxGtiPr4uhok3xHAxQowUb4pR4i0xWowRY8U4kSrGiwnibTFRvCMmicliipgq0sQ0MV28K2aImWKWeE/MFu+LOWKumCfmi3TxgVggFooM8aFYJD4SmWKxWCKWimViuVghVopVYrVYI9aKdWK92CA2ik1is9gitoptYrvYIT4WO8UnYpfYLfaIT8Ve8ZnYJz4X+8UX4oD4UmSJr8RB8bU4JL4Rh8W34oj4ThwVx8Rx8b04IX4QJ8UpcVqcEWfFj+Kc+EmcF16ARCmklEoGMkbmkLEyp4yTV8lcMrj47l4r4+V1Mo+8XuaV+WR+WUAmyIKykNTSSCtJhrKwLCKj8gZZVN4oi8nisoQsKZ0sJRPlTbK0vFmWkbfIsvJWWU7eJsvLCrKirCRvl5XlHRIiv2yjmqwua8ia8m6ZDPfI2vJeWUfeJ+vK+2U9+YCsLx+UDeRDsqF8WDaSj8jG8lHZRDaVzWRz2UI+JlvKx2Ur2Vq2kU/ItvJJ2U4+JZPk07K99Bc/Is/KTvI52Vk+L7vIrrKb/Emel172kD0l9ALZW74k+8i+sp/sLwfIl+VA+YocJF+VKXKwHCJfk0Pl63KYfEMOlyPkSPmmHCXfkqPlGDlWjpOpcrycIN+WE+U7cpKcLKfIqTJNTpP9Lo40S8q/mf/2r/MvnHrlNDno561vlJvkZrlFbpXb5Ha5Q34sd8qdcpfcJffIPXKv3Cv3yX1yv9wvD8gDMktmyYPyoDwkD8nD8rA8Io/Io/KYPCO/lyfkD/KkPCVPyTPyrDwrz118D0ChEkoqpQIVo3KoWJVTxamrVC51tcqtrlERda2KV9epPOp6lVflU/lVAZWgCqpCSiujrCIVqsKqiIqqG/DiB0aVUCWVU6VUorrpH8lXRdWNqpgq/pv8S/NL/gvza6FaqJaqpWqlWqk2qo1qq9qqdqqdSlJJqr1qrzqoDqqj6qg6qU6qs+qsuqguqpvqprqr7qqH6qGSVbLqrV5SfVRf1U/1VwPUy2qgGqgGqUEqRaWoIWqIGqqGqmFqmBquhquRaqQapUap0Wq0GqvGqlSVqiaoCWqimqgmqUlqipqi0lSamq6mqxlqhpqlZqnZaraao+aoeWqeSlfpaoFaoDJUhlqkFqlMtVgtVkvVUrVcLVcr1Uq1Wq1Wa9VatV6tV5lqk9qktqgtapvapnaoHWqn2ql2qV1qj9qj9qq9ap/ap/ar/eqAOqCyVJY6qA6qQ+qQOqwOqyPqiDqqjqrj6rg6oU6ok+qkOq1Oq7PqrDqnzqnz6ryCQIAIRKACFcQEMUFsEBvEBXFBriBXkDvIHUSCSBAfxAd5guuDvEG+IH9QIEgICgaFAh2YwAbiYtGjwQ1B0eDGoFhQPCgRlAxcUCpIDG4KSgc3B2WCW4Kywa1BueC2oHxQIagYVApuDyoHdwRVgjuDqsFdQbWgelAjqBncHdQK7glqB/cGdYL7grrB/UG94IGgfvBg0CB4KGgYPBw0Ch4JGgePBk2CpkGzoHnQ4t86vvcn8z3ueuieOln30r31S7qP7qv76f56gH5ZD9Sv6EH6VZ2iB+sh+jU9VL+uh+k39HA9Qo/Ub+pR+i09Wo/RY/U4narH6wn6bT1Rv6Mn6cl6ip6q0/Q0PV2/q2fomXqWfk/P1u/rOXqunqfn63T9gV6gF+oM/aFepD/SmXqxXqKX6mV6uV6hV+pVerVeo9fqdXq93qA36k16s96it+pterveoT/WO/UnepferffoT/Ve/Znepz/X+/UX+oD+Umfpr/RB/bU+pL/Rh/W3+oj+Th/Vx/Rx/b0+oX/QJ/UpfVqf0Wf1j/qc/kmf1/7Cxf2F07tRRpkYE2NiTayJM3Eml8llcpvcJmIiJt7Emzwmj8lr8pr8Jr9JMAmmkClkLiBDprApbKImaoqaoqaYKWZKmBLGGWcSTaIpbUqbMqaMKWvKmnKmnClvypuKpqK53dxu7jB3mDvNneYuc5epbqqbmqamqWVqmdqmtqlj6pi6pq6pZ+qZ+qa+aWAamIamoWlkGpnGprFpYpqYZqaZaWFamJampWllWpk2po1pa9qadqadSTJJpr1pbzqYDqaj6Wg6mU6ms+lsupguppvpZrqb7qaH6WGSTbLpbXqbPqaP6Wf6mQFmgBloBppBZpBJMSlmiBlihpqhZpgZZoabEWbkhQtV85YZbcaYsWacSTWpZoKZYCaaiWaSmWSmmCkmzaSZ6Wa6mWFmmFlmlpltZps5Zo6ZZ+aZdJNuFpgFJsNkmEVmkck0mWaJWWKWmWVmhVlhVplVZo1ZY9bBOrPBbDCbzCazxWwx28w2s8PsMDvNTrPL7DJ7zB6z1+w1+8w+s9/sNwfMAZNlssxBc9AcMofMYXPYHDFHzFFz1Bw3x80Jc8KcNCfNaXPanDX5Lp4vvYm1OW2cvcrmslfb3PYa+7/j/LaATbAFbSGrbV6b7zexsdYWs8VtCVvSOlvKJtqbfheXtxVsRVvJ3m4r2ztsld/Ftew9tra919ax99ma9u7fxHXt/baefcTWRwSwTW1D29w2so/YxvZR28Q2tc1sc9vWPmnb2adskn3atrfP/C5eYBfaVXa1XWPX2l12tz1tz9hD9ht71v5oe9iedoB92Q60r9hB9lWbYgf/Lh5p37Sj7Ft2tB1jx9pxv4un2Kk2zU6z0+27doad+bs43X5gZ9sMO8fOtfPs/J/jC3PKsB/aRfYjm2kDWGKX2mV2uV1hV/55rkvtervBbrQ77Sd2i91qt9ntdselC2G72+6xn9q99jN70H5t99sv7AF72GbZr36OL+zfYfutPWK/s0ftMXvcfm9P2B/UpewL+/69/cmet94CIQFJUhRQDOWgWMpJcXQV5aKrKTddQxG6luLpOspD11Neykf5qQAlUEEqRJoMWSIKqTAVoSjdQJemV4JKkqNSlEg3UWm6mcrQLVSWbqVydBuVpwpUkSrR7VSZ7qAqdCdVpbuoGlWnGlST7qZadA/VpnupDt1Hdel+qkcPUH16kBrQQ9SQHqZG9Ag1pkepCTWlZtScWtBj1JIep1bUmtrQE9SWnqR29BQl0dPUnp6hDvQn6kjPUid6jjrT89SFulI3eoG604vUg3pSMvWi3vQS9aG+1I/60wB6mQbSKzSIXqUUGkxD6DUaSq/TMHqDhtMIGklv0ih6i0bTGBpL4yiVxtMEepsm0js0iSbTFJpKaTSNptO7NINm0ix6j2bT+zSH5tI8mk/p9AEtoIWUQR/SIvqIMmkxLaGltIyW0wpaSatoNa2htbSO1tMG2kibaDNtoa20jbbTDvqYdtIntIt20x76lPbSZ7SPPqf99AUdoC8pi76ig/Q1HaJv6DB963vSd3SUjtFx+p5O0A90kk7RaTpDZ+lHOkc/0XnyBCGGIpShCoMwJswRxoY5w7jwqjBXeHWYO7wmjITXhvHhdWGe8Powb5gvzB8WCBPCgmGhUIcmtCGFYVg4LBJGwxvCouGNYbGweFgiLBm6sFSYGN4Ulg5vDsuEt4Rlw1vDcuFtYfmwQvjIfZXC28PK4R1hlfDOsGp4V1gtrB7WCGuGd4e1wnvC2uG9YZ3wvrBMeH9YL3wgrB8+GDYIHwobhg+HjcJHwsbho2GTsGnYLGwetggfC1uGj4etwtZhm/CJsG34ZNgufCpMCp8O24fP/Nx//8K/3J8c9gp7hy+FL4Xe3yvnRedH06MfRBdEF0Yzoh9GF0U/imZGF0eXRJdGl0WXR1dEV0ZXRVdH10TXRtdF10c3RDdGva+ZAxw64aRTLnAxLoeLdTldnLvK5XJXu9zuGhdx17p4d53L4653eV0+l98VcAmuoCvktDPOOnKhK+yKuKi7wRV1N7pirrgr4Uo650q5RNfctXAtXEv3uGvlWrs27gn3hHvSPemeck+5p11794zr4P7kOrpnXSf3nHvOPe+6uK6um3vBdXfjc/9yTCa73q636+P6uH6unxvgBriBbqAb5Aa5FJfihrghbqgb6oa5YW64G+5GupFulBvlRrvRbqwb61JdqpvgJriJbqKb5Ca5KW6KS3Npbrqb7ma4Ga7yzF+2MsfNcfPcPJfu0t0Cd+GaMcMtcotcpst0S9wSt8wtcyvcCrfKrXJr3Bq3zq1zG9wGt8ltclvcFrfNbXM73A630+10u/w1vwzq9rp9bp/b7/a7A+5Ll+W+cgfd1+6Q+8Yddt+6I+47d9Qdc8fd9+6E+8GddKfcaXfGnXU/unPuJ3feeZcaGR+ZEHk7MjHyTmRSZHJkSmRqJC0yLTI98m5kRmRmZFbkvcjsyPuROZG5kXmR+ZH0yAeRBZGFkYzIh5FFkY8imZHFkSWRpZFlkeUR7wtuCX1hX8RH/Q2+qL/RF/PFfQlf0jtfyif6m3xpf7Mv42/xZf2tvpy/zZf3FXxF/6hv4pv6Zr65b+Ef8y39476Vb+3b+Cd8W/+kb+ef8kn+ad/eP+M7+D/5jv5Z38k/5zv7530X39V38y/47v5F38P39Mm+l+/tX/J9fF/fz/f3A/zLfqB/xQ/yr/oUP9gP8a/5of51P8y/4Yf7EX5kzJt+1KVbZBjnU/14P8G/7Sf6d/wkP9lP8VN9mp/mp/t3/Qw/08/y7/nZ/n0/x8/18/x8n+4/8Av8Qp/hP/SL/Ec+0y++9FDSr/Ar/Sq/2q/xa/06v95v8Bv9Jr/Zb/Fb/Ta/3e/wH/ud/hO/y+/2e/ynfq//zO/zn/v9/gt/wH/ps/xX/qD/2h/y3/jD/lt/xH/nj/pj/rj/3p/wP/iT/pQ/7c/4s/5Hf87/5M/z36wxxhhjjP1dxl9uit/2/PI4v9cf5IhfrdwbAK7eWiDr1/0XrijX5f2l3VcktI0AwNM9Oz90aalWLTk5+eK6mRKCInMBLv0k6IIYuBwvhjbwJCRBayj9h/PvK7qepb8xfvRWgLhf5cTC5fjy+J8DYPIfjP/YEyMXlAtPx/+V8ecCFCtyOScnXI4XQ5ufn6+0hjJ/Yf75Wv6N+ef8IhWg1a9ycsHl+PL8E+FxeAaSfrMmY4wxxhhjjDH2i76iYsdL95+XfuPzj+7PE9TlnBxwOf5b9+eMMcYYY4wxxhi78p7t2u2px5KSWnf8xxtV/qmsv7vRGP5TI3PjDxveA1x6RQHAvzggwIWG/G/uxeb/yrZSLh46/7tr2RkfwP+NUv7zjbF/fuUKf2NijDHGGGOM/dtdvvr/7evqSk2IMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhjLhv4b/1fsSu8jY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxdqX9TwAAAP//HmP+kg==")
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000000)={0xfc, {"a2e3ad21ed0d1bf91b29550987f70e06d038e7ff7fc6e5539b0d3d0e8b089b3f3b096c060890e0878f0e1ac6e7049b096e959b449a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070b075d0d36cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130f91850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f4077fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a81aa1020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b21052010689af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153fae46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c343f7f140f319539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474b0679dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691951264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d984836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a70500be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x8f5}}, 0x1006)
timer_create(0x2, 0x0, &(0x7f0000000100))
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
mlockall(0x7)
munlockall()
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xc, &(0x7f00000011c0)=ANY=[@ANYBLOB="18000000fdffffff000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800008af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000894770968a5d4bd12b271428f998b2c376bb531eb712fa31d88703c5064ba0e07a1e58e70e96b6e2b6c07b62d471e33d2549ab2353911356e40eac8f"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x28, '\x00', 0x0, @sk_reuseport=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000086"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r6}, &(0x7f0000000280), &(0x7f0000000240)=r3}, 0x20)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r6, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f00000000c0)=r7, 0x4)
sendmsg$inet(r5, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
creat(&(0x7f0000000000)='./bus\x00', 0x1b3)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000cd03000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0xedf0e51957efc755, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

176.21116ms ago: executing program 2 (id=1186):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, 0x0, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
syz_open_dev$usbfs(&(0x7f0000000080), 0x74, 0x101301)
prlimit64(0x0, 0xe, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
clock_gettime(0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00'})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
recvmmsg(r3, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}], 0x40000000000012d, 0x2, 0x0)
setsockopt$inet_int(r3, 0x0, 0xa, &(0x7f0000000180)=0x2ec, 0x4)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff8000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff6000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ff9000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0}, 0x68)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r5, &(0x7f0000000500)={0xa, 0x4e20, 0xffffffff, @empty, 0x4}, 0x1c)
connect$inet6(r5, &(0x7f0000000300)={0xa, 0x4e1d, 0x9, @local, 0x2}, 0x1c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000003c0)={r0, &(0x7f0000000340)="e427238ba251091101796e23a30f9df63ea3bf947bc5d41731d68c7737aebc7c14ec4c46f4a3b3f8ada9e53879e00020d97780fabf2e5d92351ac80662536676d2273286a13f49318b28a9e224", &(0x7f0000000200)=@tcp6=r1, 0x1}, 0x20)
bind$inet6(r4, &(0x7f0000000500)={0xa, 0x4e20, 0xffffffff, @mcast2, 0x1}, 0x1c)
syz_emit_ethernet(0x7e, &(0x7f0000000240)={@local, @local, @void, {@ipv6={0x86dd, @udp={0xa, 0x6, "331800", 0x48, 0x11, 0x0, @dev={0xfe, 0x80, '\x00', 0xa}, @mcast2, {[], {0x4e1d, 0x4e20, 0x48, 0x0, @wg=@cookie={0x3, 0x0, "dc521c259b538a2bf2a113dc2eeec0a072edf20b6d59027f", "d646c088088f51e72eb2f7e7b219c2c3b85e4508546e551af9e59631718ba089"}}}}}}}, 0x0)
setsockopt$inet_int(r3, 0x0, 0x7, &(0x7f0000000140)=0x6, 0x4)
bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x36, &(0x7f0000000100)={@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @val={@val={0x88a8, 0x1, 0x0, 0x3}, {0x8100, 0x7, 0x1, 0x3}}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x80, 0x11, 0x0, @empty, @empty}, {0x1, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0)
r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_GET_DIRTY_LOG(r6, 0x4010ae42, 0x0)

36.684158ms ago: executing program 3 (id=1187):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'dummy0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)=@getchain={0x44, 0x66, 0x1, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r2, {0xffff, 0x4}, {0x2, 0xfff2}, {0xb}}, [{0x8, 0xb, 0x5daa}, {0x8, 0xb, 0x9}, {0x8, 0xb, 0x1}, {0x8, 0xb, 0x2}]}, 0x44}, 0x1, 0x0, 0x0, 0x4800}, 0x20000)

30.214588ms ago: executing program 3 (id=1188):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="090000000400000006000000ff"], 0x50)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
capset(&(0x7f0000000300)={0x20071026}, &(0x7f0000000340)={0x0, 0x0, 0xfffff, 0x0, 0x0, 0xfffffff7})
chroot(&(0x7f0000000100)='./file0\x00')
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x619, r1}, 0xffffff6c)
write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0)
ioctl$BLKROTATIONAL(r0, 0x127e, &(0x7f0000000040))
bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x7cf, 0x1}, 0x38)

2.23017ms ago: executing program 3 (id=1189):
r0 = memfd_create(&(0x7f00000000c0)='-B\xd5N4\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\x8a\xd7Uw\x00\xbc\xa92\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x19\xea\xef\xe3\xe1@\x84\x13\xefZb:\x8f\t\x01B\xec\xde\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@Ip]D\xd6\r\xac\v#co\xd5\xb9\xc806\xa8\x99\xffs7\xa1b1\xb1;i)j\x0e\x1e\xedI\xa2\x80\x89\x1d\xd9p!\xc86s\xe07(\xee\xf9<\"\xf0\xc8\xae\x96J\xe2]\x01\x86\xb7.<\xf5N\xd3\x94W1\xff\x18z>\xa7q,\xf7\x96\xb8{\x8e\xbf4\xe0\x95\x1ce\xe4\x85\xcdi\xed\xd3>\xeb\xa5\xaf\x87\x90@\xd1\xbd`^\xfa\xb6\x9cj\x13/\xc5\\W\x04\br\x17X\xe3\xfb\xc8\xd4\xaeX\xc9s\xd18\xd9L\xbf\xa0\xa6\xdf2\a\x99i\xb1/\x19@\x1cq\xeb?\xc1z:\x913\xfa8\xac\xd3q\xe4vPGU', 0x1)
r1 = dup(r0)
execveat(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)

0s ago: executing program 3 (id=1190):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x48001, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket(0x10, 0x2, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000080)={0x6f47957f, 0x0, 0x1002}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000007110110000000000950a008000000000e8b6579ddee9ca80fa107a2a4ec3fc29eb3400fe00456b00f4161d817bc2897f8a7db7c8c936199e5ae2bafb43744e85f5bcd2f6de240f399962f2be99bb117d42323f375fc363f90af49b85a70a9bd68593a990434d57e9a1f209a1223adedfd9111767c0b2e0d71377580da2796348c08d2d54f20dc9a6e39d6e0e2a1c5f1b27ad518bafd921a914"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb}, 0x80)
ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000140))
write(r2, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f000000000001000000000000", 0x1c)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r4 = syz_open_dev$loop(&(0x7f0000000000), 0x6000, 0x200000)
ioctl$KVM_CAP_VM_TYPES(r1, 0x4068aea3, &(0x7f0000000200)={0xeb, 0x0, 0x2})
ioctl$BLKFRASET(r4, 0x1264, &(0x7f0000000100)=0x4)
syz_kvm_setup_cpu$x86(r1, r3, &(0x7f0000f65000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000500)="c4e22147045d04000000b9800000c00f3235010000000f3066b87f008ec0360f38cc1eb9800000c00f3235010000000f30ea84990000240066bad004ec66baf80cb8e7da4b88ef66bafc0cecf26d9a378817eff000", 0x55}], 0x1, 0x1, 0x0, 0x0)
ioctl$KVM_SET_GUEST_DEBUG_x86(r3, 0x4048ae9b, &(0x7f0000000180)={0x8d099b6c9fb3a5a3, 0x0, {[0x7, 0x10005, 0x6, 0x7fff, 0xa, 0x4, 0x2005a6d771c, 0x1ff]}})
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=@base={0x1, 0x4, 0xc, 0xb}, 0x50)
r6 = open(&(0x7f0000000200)='./file1\x00', 0x4827e, 0xdc)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r6, 0x5000)
fallocate(r6, 0x0, 0x0, 0x8800000)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r8, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_IE={0x6, 0x2a, [@random={0xdd}]}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_SET_BEACON(r6, &(0x7f0000000600)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000005c0)={&(0x7f0000000700)={0x1580, r8, 0x1, 0x70bd2d, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x5, 0x42}}}}, [@NL80211_ATTR_IE_ASSOC_RESP={0x26, 0x80, [@mic={0x8c, 0x18, {0x45b, "652b7843cf57", @long="9487b5626e0fa111960cbc9e063b5926"}}, @ssid={0x0, 0x6, @default_ap_ssid}]}, @NL80211_ATTR_IE_PROBE_RESP={0x7, 0x7f, [@supported_rates={0x1, 0x1, [{0x6}]}]}, @NL80211_ATTR_IE={0xf, 0x2a, [@mesh_id={0x72, 0x6}, @erp={0x2a, 0x1, {0x1, 0x0, 0x1}}]}, @NL80211_ATTR_FTM_RESPONDER={0x2a4, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0x97, 0x3, "7a20178215a38b15fb19f1fce25963e3edde93cafcbb6f85d92350d4241b1d209bc5295ac7f7b2871fe333ea637cb7a36dd78d6e4b3497808c1a9161d6e21ba5dce7df61cc47e5ea640eb9e7808ac74de23945bd1d1446b0be57fd74a5e974ebed424a019a0d3d2985f7c0b6abd9bbe71de109d30dbdaecf600b8eca40790cdf7079dee8a0c1521bb5b9bb09cd19408350a0bc"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x50, 0x3, "00bca524569fb10f3620fa28457d4d52f442fed2a7b6cf24169923d1454e3783a7a16c4a276d60bc2fb9f205ea67d1143fbad121fc5d15940d8c9a5226d4b49a718ab8194a99c7bac05b1583"}, @NL80211_FTM_RESP_ATTR_LCI={0x3d, 0x2, "c64ad1036228f09f9acca41dc17c9e3ea8f2f6668626adc73af127e171a51fcfbca644a93519b0c18332123ae7357be472a6f38fa28236269b"}, @NL80211_FTM_RESP_ATTR_LCI={0xc9, 0x2, "499a55f90fcbcb5d2fb58d8e2dac70a4baeb7c378b6c974a1cd00c89b70a6184e8653c853ca60a5a346620d373a70c1806ccf18276e83a18f3ce36425b2806f0d5a5fc67a76eb436b57b2ec1bc113571c7f015eba8177da31f21597c39585dca897c145b40185ed61987097f79e4eaf284acf73bf6d2d32244724c31d2562256e08ee1af71e0483450fed95ed639708f39abb7f570e5b7a3a235d715ea302e6cdcaeca0d94eed453c03aa18b47a42707fa2a30520b28fb8e7774799820815459af3656c45c"}, @NL80211_FTM_RESP_ATTR_LCI={0x2a, 0x2, "6afc150f5dadf959a754a803359c21225a38611289005b26eb2bcbb19ff19691a4afded13aa6"}, @NL80211_FTM_RESP_ATTR_LCI={0x4a, 0x2, "afbd7e22384d930e3186b3651acd6b3c248bfc7294adb0e3e43fef613e98960fd6f79f62d5b0c438b800c95a87ae3c14c4541b766fc07929377165020118b6c722dc4a09ace9"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x29, 0x3, "546663c6cde3ef8aa5c8354b56c4f9c119884334de907c72e048dbf4685c2a6ccc8e15ee0a"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0x4}]}, @NL80211_ATTR_IE={0x3c, 0x2a, [@link_id={0x65, 0x12, {@random="37bf88d90b19", @broadcast, @broadcast}}, @sec_chan_ofs={0x3e, 0x1, 0x2}, @supported_rates={0x1, 0x5, [{0x1b}, {0x6c}, {0x3, 0x1}, {0x12}, {0x12, 0x1}]}, @rann={0x7e, 0x15, {{0x0, 0x7}, 0x9, 0x0, @device_a, 0x100, 0x6, 0x9}}, @sec_chan_ofs={0x3e, 0x1}]}, @NL80211_ATTR_FTM_RESPONDER={0x11e4, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0xec, 0x2, "58d24a10a5f6ede80499eaa0fdffe2882b98390fcd96d3feec1dab89c064a1c087ae70c4447f962c637760f2bfc00ed5eadcfe454258e06698f8f318aaab37316789a50e5d43931ee9a570bbdbb4f7e899ec68556e218f07fa94f01af3d1e554a063941d0b9f8db97faf54d962f739265f0adb1ef30dfb5d4b5b5468e59bd60b7733a557b9419676f6f86fcc86aea7c2f1fee717a4e3bbe78183c6c7ed1ec44f95d70d64acc827bdcdf8215bd02d8a5a31e6e1d02c2cdd4116c4394b7868ef4bdb803a44e075d791f0e28f08023b42a87e0d2bac6a542575c3629ee083fed6bea0755313f41add28"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x1004, 0x3, "f52d1c61d22f8351a1c128e562c1581781203bbba53382c99d9dca17b63b198ca42676cf47c4a8c5774241b4cf406559ed16c798976079caace25c99170531150da4f624d0931e7ce1a9b663d286deea8cbf74db7390eaf236b1a03e7d122efef67ee12507c747aad7a1507058d5d6a91f330c25e9daea1cd273ec3a8352588b68f42a9803f6f3bb64c6727f78ae6010344deab426528eb4862495bdc15669fe529e2d537eae03a2b056740be19521ec116d90d5ed72bd6d18073e467c88e17561f82d25547f44f5a31b252a238d275f427964435037c129f250304225987c7985ee8a126608334b54ca34cae6c7c78b144ec15e6fb2404be5d3958ee716351f5df850d6605e2a7c760e5925288286519fbded9411c5b5679cdc7e60038a97441ce8d4761ca12629c6fb80dbdffaacefe86dded608ca92fb32f95240885c36dbc5126b012edc043119b635b818b815a78ecd414f923604b138ea5dadae55192ad2872b07d2f58960b5543dac06fe8e59e64e512b35acbd3493db3a3a1055d4b9314bcb4634b771bd1abf9198c443b7f94cefa39a5c48768ae8c73dd272376e6ee51e2ae9fa69aa6e1a1e1d88d56b02a12fb927d361dbf297c19afce4c7bd4918d5ab5af82b5c944c75139b2f607059c6c9025cc1435f1fd1af23ca790385856185a28340614444bd873dac84aa0a335284fc222f6a1f4ac9c14bc3a4966d756e4e064da9761496fb3367565c56d435f96ff3d05e3a0d27513943077a80f9af11acd1a3cf643df193a9b2a1b7ac7bf28790f7690ebbfd17febab6dd10e4e135ef98677b0983731fb870f65cf1200c5b0c9a6687be1523f6e25af7fa32cb8dca0bd4ab2e147f1587a57261d0bf6e066d9b4a0e42d13a55be27fe7f6cf3e8208b337f5d1e98f0dd723576d58f0a7a75afc2cff9e363a6ae811ea07658a89df558c49e4214732e7bc558339f2b0f595022fb2e5afa9d7ae45be120bb5d9a9b046af81f11df2f9aa886c939110a54b99e66694be2d043d3157867c0624d1f81b9fbc2bbf39a60b8361b839821a343286496b9af7056aa92eff8cbe11cfb6dda140986f1b150a0de6ec2fa203556a439b75a87dcdedb3a1c3381ae0371add3e4374a97f29d1825dd7e03ca6d5e6d2b08a858f28a1114f3072666e4e3d9f4c65028f478751b09cf17ee486cc9ef81c4d7ab6d493d59c6eabcc3be058b06844408562bb805eb3ce81d3f9f6df0b41c23b552df69c8c23f40d9347d2482f0c1d349064b89841e855e73617f84227e5b4bee940f74a15e33276382d8a52ec9161866b15175d43bfb123fabe09ad5d52e7160b29ce791e091a6aa322cfd43904cd965737af5825961cc92044510365d6764992a5e5047703d14db58dd19a5744c1aaa8e5798b4172805fa45d2922651fa116338b247b15e8ef7a82ec0044bd5f4157b97d37bd8d95a51143d5e13eaffa5d1d9dcb539401884b27bd10583951c191e6183cf303336d70697b080f7c29fa10e433dfd139a4f5f5c85fc50b2ee38d871b18d09dd940e5176384ce3ed22905d9fd1837b7875984a73ef61b80ab78c9318324d1abb4f8a033cfe52bff26ce262da193d509bacd64976f54491d8b0f82e9d1c64638c3a6b92a47dcbc726d723a76d4f3c8ddc80ed2d415c8a603a3b008e3f2d2484a8db1c67b79a823a499b8bbb3624c2bdecdb5bfa1035368d3b92cf07faff2bbd7092c0f410bc32d89e5f1350bbdfd20fc504c42a9c22502c4390a2514f85255dddae66092df14e8d54ee357ec69059502791987acfb47c6472097ff99706bcfd518ac6d2bc736d86f4a476e44d659e9202d5d276d5356f1e7fce479a40d543d5d44a1f481f5b019b3e959f70d3bcc8ec1b12047aab1c0f18405910be22c73fffb80734b01793a180e8d3917b01d64747b94eebb8e4663017c50a1dfd38b3da0a6c2ac53929e2b15cd83f0d31cdd08cd5f79a2bc5206f8000c2641ab6471263d54338c5fb27f5f80ffe371e2337467456ee9d4f5f9acae4b0ab00cce9f79543b503f789bd4430a4f62929bdc466eb9a6ec101a106237a5888c64f20cfc38d507bc3d717431850d4a37eefaff2bc4ddf948633d100ce4539565a8f20e79ac22b5b93e389239dfea2d54ec2ecee3fe4959afe3be28d6cb0caf3bc1e044de577e1ce24628cabba7b9517394838f05a4aa3a38e311c6c7cef9f6bc985f15049c1e093145b379f09d97b8055dd36ac346a33931d4487332377381b40b2e1ba1a611360a0333a0a74f0eea23e925321225b7a86b117962c584554a5cbbec7a6f698a9c21f92a83ccd21c44301c4afeed61568134a85af77b5fae735f1f4592c9350a0bc082e71325cd1ef77c3610529fa8410776f929721802346abfe370f90d4c55052ebfceec597e6add2d23b5e6bbb7b10bc2a9c42fdada6e8aeadb6bdd5f7b30656be4c05dd0575394bf5a8b2fbe801ddeb2799218d395ce1ad54761e4d0f21b16bcff1c5767e9a0c602d7d378e36d75007db8111ca7f285edc114e502b1c64683d751aa39927efeb138e47d93b72a735cda9805d9ce0f009d0aa084f33f0850714354f262d28afc73ecaddd6ac301cd0a598d986d3c25a05bf11f82e853159c81142834db42471048d0a7631a84a74b23bf139ad0abef15561abbd8cea28de58cb1177ea539fc6cb494942a2150c942bab98f2097d723c404412495ef0c419eb3d5e69cdced2b79526cb91652ce85b3cbbcf0ca81d4e6ce930d0d31f27f03984c97fa442afb521a32f7e8fb211661b0c09a0d7b5d32cc8fd72dcf039961e96867de7efd56bdf5e03c0eebbe78aa58489fdf1e912254d8676fbaf0f5ef90d4cd62024ec954983326ce0e4739a559384789f091f515f40634ab760fa672f247a8c54fe653f55fa241f8706ce13b716b7d22a3f1721c6138077b163ae169dc9c222f8a5c1c475edb59387c059fb0c80d01a8e47074ff572620521cdebc4706f5b77638922fd24d1642f5481fde66e6ac6f4c74d2411ba64ef65c0ab0fc316202b42d79d7de4678554088ea9e4aee634cb82e7fd2de467423f3295ce3a92ecd7ec284007cf911257edbd952148f6925bf8ad0982e59df1460bd2d6d8ac4b808efcbbddee0a161d0d3d0e27c324f442826ac036e115d09bf40ac76fed4636a9a910de2c9b491482f4f00cff378cdf10ab87a9d00296678a65c794f5b547e77ada4541912b621b6ff63dfd395cb438587e1dc345b3bc0d156cc9dd6a17f4036f1ae3d6649cf7e5e946ee351df3be6522aa3436b6f04063ecfce3d3cd3dc3a40b6a1d0d907744f5263c4dcb6d5a16a9fe9ea6ae4992c64ffdd2ce63e8fedea70b2e323bea7f0d7dce8f7ec2339f0479fb48bf6253e59aec7d4d2f4040a3d22902d2d30369e1f0be38a94f02f307844b35be55f8ec57fb1ac5588e24b297f9179e6c3cdfb736235a0d160a7efd72a4e7c208a792c0198ea3546c5dadcf8d50ce27ec2309f08cd09ac2634b98dd4c095595f44037ad169c14d50e639ebae54f0e1d20db36d1aecb697062c05310b18f5c423ed5bc771fa4c686bf35351e49967da42997c4083acf653a41fbed5f861b74d0d51701109ed47f6adbdf6dce0d7cdc299203e743e9f66bc33710f85cfaca056a8a27ec773b51cb11b14461120e2c5584b831b21ea6c6ab424b00a3c188254e4a8ff41afe79896a42adb2487a7db80fb74b75c6d336270fd2303eaf475b99343a8fa7d14409d16dbe31da36232d06339d76d41360b824f0e7a16cb7470fb78940b9a4fd428103b7d1b8210165a21e2214f8e04e9dad1b70077beb16e50c9306986e87ca27bf8619cc6f1c2c4ce83715571d800b1be217b374b89cb12ecc74be38eee0eb57149d8affb1c80c44ec102075c03717d52bfb049a2917f1489e933643e9a2c233fe9332acb09556224b447c332f6615c346b1b71d747dcb56673f29d89cd7a046edd7c1ac4614d2c60cd19b02cc91f4f01ab5f28da7e90731f202bf5f94523ac859ba9160cdfe80e5a23073af7a695488c04fd4c002be43989fee3c010b6201b4b40e50110ae0f55909709f2990d085466195f9607fabeca52fb6118ed50ebb798f443d7c9b0ea9c73b5e084f1e650b6e3cefbab3ac66f729e29329ded2ac8b04a01b10edca7439f50bb4c2f45dc7357587762af41f838e5b7b4c1dc1baa62ae164fc1942d6ded315c3b39e35caaa714a353d55a84a324fcb5062335d1680d3f0b6cf9400a4f9dd5500f677910cf24acc48d2d6344fb3bc14c83746decbb9236fd045c05c294eca8842b632a280c85af95758a049b62e92c8c6330785dbc1272f52ea05247b214c59a6356715fca6c72d16889924f7def11fd061678f43043e0b8d2f8a01f046a3ec80011fdf3aca23e993c22bf420210f3275fe73b18436e0732d86d693f537dc8d2e1c926698d06b3c841a48920cf73f7b747d41754092e0231be1ffd440ed79f9220bdfa492bc52a56ffa07748d946aa49141c993760bdd47bf08006cf80e7906553717e21085ca31ca4c5e5ced6e36c21a59fe51e877c6aefff1b8d7a768fe0b148b0468368179600874ce4a8186252faef8ee2ddc9cef7b1ba2fb868281557dd28400a9322ae08c15a6b7366c5b40ed0c8a3631360a35cbd000a48e5550195e32eb4c3ebf1957d08a404d3b483f33d61b494ea12a4bf01a8070250f65e37a7a00dc8a2506e7dd0a46055ebdc02d5019cd656e55f6e7fddccaa1874aec0323de2ff0d727c65bd9690692c9b318e28f4280b6450882fdfe227cc66edb8976435b76f232a21899fa2724e4a44b10c08d44cc57f52e3e3817581345c68ea7dfbd4c4d0f800d063582fad80d6fa7bd481e6cfbe16a73f6cc84ab60015ad5720d7a0dd405f043fcca939d9693c8022a3ca718f49139224511397f401b5d683ce2c73f33b9828f216ebe2844f8523882930e2dc1261ad977f2fb09a545f06a582b4d618eb6470d93e70a2c6ad656a8ed7aaa3810fb63d356bd2e81a7269481aaa6514ba1cf7f93f96b7fbd42faf4c412e4ac95ab4fac06e5eafbbbcda483231a1c55f78ab97e194c9b962557d5196f42b5afcbdd3439a1a5d9d793dadb0603b69d82510f45f67a4841b445afa1d5d6fea817eb1575cea2e1eacaaaafc7eff302e26ad1f8b359c6d1dcf7557a1c0f250a1b3f0a8e7e780d6440c84d1129081f6c5c1a3479336df2d505662de0ad69be6d98fe8eaeb49fc3124540102a630e60ed61349f6e1bc1a53e1ab5186d8bf67bf7823fef0c48b7747add3dc0246d27bd3a07c9d53486f8d1f2b04dbe9a88ad6a607c5e3cbd742ec3210192d90a44cc9226fc8d3139a1caac96c9976b03acba7efec2cfdfa25749bd18702eca346b434eb76680ff6f27de735821eff9cd068281f0e1696ba5a020670ac01a7eaefad19b2c11f0c020afb7e3885e4a032f9cee04aa404c03ef79e75ab53b17b2c8535b9cf097328150dddd6bcc8565ed3a9111735ff78b8fdb45762d857e0d8546532f2b2717074ad762b48ebc38bb55ebfc03383335b9861a46548411c2f677c69f2c7408849640e619a37ef4414a0f5270e6c94dbd76e79ae88964dad2e230cf68f756c290762e7e85dc661eecaf47a2f41727427ca3b555b32343a23d3c32dedc6680f23addb6e23eebd00d740461a5c9b8377ec74b952d2ab5360a09096104611754491ec9ac4b3d8235f8a4fc6be67aeb8ada44688913a315c1791a74f76d5e822d8b78d0a4e5939a4688ac0ec55efc6d6d8a5e7e7491a84a238592a02f142b6fbf64b8219c24282f42d6c8e85f77"}, @NL80211_FTM_RESP_ATTR_LCI={0x43, 0x2, "b2e63b882ed58367ef492007472ff7a1daba37867a42c06782881efc48169bd0437db4b13329fa070d13ce13bc19b0422c5e5ad86f98043b4f7f3a174210d3"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x9d, 0x3, "78b7f388f96e201d55882d4340995fa01fa7e74e4cdf0f6e29b75074741fbb4857ccd525ea58739d67cf0e852d9063d2a58e1891d2a43ff6ffda7c8ca44d28bd50e8965e0f92e7190aad4e9b68af7af5209993b74eed01709c31446c345a4c4f10d6c1168aaee9259498fcc5c99b1c8a3c7037ea0e6e1f85ed48ac7760eb00947a38b427cef5dad9ec0fe3d6a4d44953db2f33e18263da79af"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x4}]}, @NL80211_ATTR_FTM_RESPONDER={0x5c, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0x58, 0x3, "34b3fb897a3dd4d3503bb8c195cf3cc2f4de1153eb504468a1f3a343945950bd6b7853b1e81ef76dee6b9c039e050affd7443104f49feb708a9cedcb6db3af979a3f6b5b28095518f4d413964f039d831be8cc7f"}]}]}, 0x1580}, 0x1, 0x0, 0x0, 0x4}, 0x40)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000400)={{r5}, &(0x7f00000000c0), &(0x7f0000000200)='%pK    \x00'}, 0x20)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007300000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r9}, 0xc)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

kernel console output (not intermixed with test programs):

 T2668]  ? selinux_file_permission+0x2a5/0x510
[  118.549151][ T2668]  ? ext4_file_read_iter+0x530/0x530
[  118.554411][ T2668]  ? security_file_permission+0x83/0xa0
[  118.559937][ T2668]  ? iov_iter_init+0x3f/0x120
[  118.564590][ T2668]  vfs_write+0x758/0xdc0
[  118.568809][ T2668]  ? kernel_write+0x3c0/0x3c0
[  118.573459][ T2668]  ? mutex_lock+0x92/0xf0
[  118.577761][ T2668]  ? mutex_trylock+0xa0/0xa0
[  118.582326][ T2668]  ? __fget_files+0x2c4/0x320
[  118.586975][ T2668]  ? __fdget+0x1a1/0x230
[  118.591193][ T2668]  ? __x64_sys_pwrite64+0xf2/0x220
[  118.596279][ T2668]  __x64_sys_pwrite64+0x197/0x220
[  118.601282][ T2668]  ? ksys_pwrite64+0x1b0/0x1b0
[  118.606024][ T2668]  ? debug_smp_processor_id+0x17/0x20
[  118.611371][ T2668]  ? fpregs_assert_state_consistent+0xb1/0xe0
[  118.617413][ T2668]  ? exit_to_user_mode_prepare+0x2f/0xa0
[  118.623017][ T2668]  do_syscall_64+0x31/0x40
[  118.627424][ T2668]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  118.633299][ T2668] RIP: 0033:0x7fdbc21eaf79
[  118.637691][ T2668] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  118.657271][ T2668] RSP: 002b:00007fdbc0c46028 EFLAGS: 00000246 ORIG_RAX: 0000000000000012
[  118.665664][ T2668] RAX: ffffffffffffffda RBX: 00007fdbc2464fa0 RCX: 00007fdbc21eaf79
[  118.673609][ T2668] RDX: 00000000200000c1 RSI: 00002000000000c0 RDI: 0000000000000005
[  118.681556][ T2668] RBP: 00007fdbc0c46090 R08: 0000000000000000 R09: 0000000000000000
[  118.689522][ T2668] R10: 0000000000009000 R11: 0000000000000246 R12: 0000000000000001
[  118.697478][ T2668] R13: 00007fdbc2465038 R14: 00007fdbc2464fa0 R15: 00007ffcf2af2158
[  118.712732][ T2671] FAT-fs (loop3): Directory bread(block 66) failed
[  118.780911][ T2671] FAT-fs (loop3): Directory bread(block 67) failed
[  118.791018][ T2671] FAT-fs (loop3): Directory bread(block 68) failed
[  118.855509][ T2671] FAT-fs (loop3): Directory bread(block 69) failed
[  118.869168][ T2671] FAT-fs (loop3): Directory bread(block 70) failed
[  118.883545][ T2671] FAT-fs (loop3): Directory bread(block 71) failed
[  118.890987][ T2671] FAT-fs (loop3): Directory bread(block 72) failed
[  118.898978][ T2671] FAT-fs (loop3): Directory bread(block 73) failed
[  119.014488][  T300] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  119.072334][ T2686] FAT-fs (loop2): Directory bread(block 64) failed
[  119.099286][ T2686] FAT-fs (loop2): Directory bread(block 65) failed
[  119.130068][ T2686] FAT-fs (loop2): Directory bread(block 66) failed
[  119.168787][ T2686] FAT-fs (loop2): Directory bread(block 67) failed
[  119.192576][ T2686] FAT-fs (loop2): Directory bread(block 68) failed
[  119.258253][ T2686] FAT-fs (loop2): Directory bread(block 69) failed
[  119.274593][  T300] usb 6-1: Using ep0 maxpacket: 8
[  119.332606][ T2686] FAT-fs (loop2): Directory bread(block 70) failed
[  119.417811][ T2686] FAT-fs (loop2): Directory bread(block 71) failed
[  119.462579][ T2686] FAT-fs (loop2): Directory bread(block 72) failed
[  119.524295][  T300] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 16
[  119.525089][ T2686] FAT-fs (loop2): Directory bread(block 73) failed
[  119.914197][  T300] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  119.936574][  T300] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  119.954007][  T300] usb 6-1: Manufacturer: ф
[  119.961053][  T300] usb 6-1: SerialNumber: ⠇
[  120.083988][  T295] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  120.166588][ T2708] EXT4-fs (loop4): Mount option "noacl" will be removed by 3.5
[  120.166588][ T2708] Contact linux-ext4@vger.kernel.org if you think we should keep it.
[  120.166588][ T2708] 
[  120.189543][ T2708] EXT4-fs (loop4): Ignoring removed orlov option
[  120.205341][ T2708] EXT4-fs (loop4): mounted filesystem without journal. Opts: noquota,bsddf,grpquota,nobarrier,noacl,orlov,nogrpid,noauto_da_alloc,stripe=0x0000000000000002,nombcache,,errors=continue
[  120.293280][ T2716] EXT4-fs (loop4): Test dummy encryption mode enabled
[  120.294923][ T2679] netlink: 4 bytes leftover after parsing attributes in process `syz.5.670'.
[  120.306771][ T2716] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  120.317239][ T2716] System zones: 0-5
[  120.322695][ T2716] EXT4-fs (loop4): mounted filesystem without journal. Opts: debug,delalloc,inlinecrypt,test_dummy_encryption,errors=continue,errors=continue,delalloc,barrier,,errors=continue
[  120.344069][  T295] usb 1-1: Using ep0 maxpacket: 16
[  120.393971][  T300] cdc_ncm 6-1:1.0: bind() failure
[  120.402030][  T300] cdc_ncm 6-1:1.1: bind() failure
[  120.410166][  T300] usb 6-1: USB disconnect, device number 9
[  120.464042][  T295] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  120.474241][  T295] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  120.506492][ T2723] FAT-fs (loop4): error, invalid access to FAT (entry 0x0fff0000)
[  120.514454][ T2723] FAT-fs (loop4): Filesystem has been set read-only
[  120.521370][ T2723] FAT-fs (loop4): error, invalid access to FAT (entry 0x0fff0000)
[  120.579435][   T24] kauditd_printk_skb: 26 callbacks suppressed
[  120.579443][   T24] audit: type=1400 audit(120.561:1028): avc:  denied  { bind } for  pid=2725 comm="syz.4.685" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  120.604891][   T24] audit: type=1400 audit(120.561:1029): avc:  denied  { name_bind } for  pid=2725 comm="syz.4.685" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[  120.625418][   T24] audit: type=1400 audit(120.561:1030): avc:  denied  { node_bind } for  pid=2725 comm="syz.4.685" saddr=ff02::1 src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1
[  120.646800][  T295] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  120.646812][  T295] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  120.646820][  T295] usb 1-1: Product: syz
[  120.646828][  T295] usb 1-1: Manufacturer: syz
[  120.646836][  T295] usb 1-1: SerialNumber: syz
[  120.695456][ T2731] netem: incorrect gi model size
[  120.700458][ T2731] netem: change failed
[  120.701541][ T2733] EXT4-fs warning (device loop4): ext4_xattr_inode_get:506: inode #11: comm syz.4.687: EA inode hash validation failed
[  120.718542][ T2733] EXT4-fs error (device loop4) in ext4_do_update_inode:5355: error 27
[  120.727424][ T2733] EXT4-fs error (device loop4): ext4_dirty_inode:6162: inode #15: comm syz.4.687: mark_inode_dirty error
[  120.738882][ T2733] EXT4-fs error (device loop4) in ext4_do_update_inode:5355: error 27
[  120.747306][ T2733] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2941: inode #15: comm syz.4.687: mark_inode_dirty error
[  120.759348][ T2733] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2944: inode #15: comm syz.4.687: mark inode dirty (error -27)
[  120.771980][ T2733] EXT4-fs warning (device loop4): ext4_evict_inode:303: xattr delete (err -27)
[  120.781237][ T2733] EXT4-fs (loop4): 1 orphan inode deleted
[  120.787210][ T2733] EXT4-fs (loop4): mounted filesystem without journal. Opts: nojournal_checksum,journal_dev=0x00000000000000ff,debug_want_extra_isize=0x000000000000005c,nouid32,resgid=0x0000000000000000,acl,init_itable=0x0000000000008d55,,errors=continue
[  120.833407][ T2739] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  120.854951][ T2739] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_nolock,data_err=abort,inlinecrypt,noauto_da_alloc,data_err=ignore,nojournal_checksum,errors=remount-ro,grpquota,noblock_validity,discard,nombcache,errors=remount-ro,
[  120.889861][ T2739] EXT4-fs (loop2): shut down requested (1)
[  120.896823][ T2739] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop2 ino=15
[  120.907169][ T2739] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop2 ino=15
[  120.907197][ T2739] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop2 ino=15
[  120.910216][   T24] audit: type=1107 audit(120.901:1031): pid=2738 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='���'
[  120.938369][ T2739] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop2 ino=15
[  120.947652][ T2739] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop2 ino=15
[  120.964149][  T295] usb 1-1: 0:2 : does not exist
[  121.037641][  T295] usb 1-1: USB disconnect, device number 12
[  121.926965][ T2765] EXT4-fs (loop5): Ignoring removed orlov option
[  122.098255][ T2765] EXT4-fs (loop5): mounted filesystem without journal. Opts: nogrpid,auto_da_alloc=0x0000000000000001,orlov,usrquota,data_err=ignore,sb=0x0000000000000003,noauto_da_alloc,,errors=continue
[  122.193437][   T24] audit: type=1326 audit(122.161:1032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2758 comm="syz.5.695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faac788ff79 code=0x7ffc0000
[  122.488129][ T2777] SELinux: security_context_str_to_sid() failed for (dev binder, type binder) errno=-22
[  122.495175][  T317] udevd[317]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  122.594477][   T24] audit: type=1326 audit(122.161:1033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2758 comm="syz.5.695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faac788ff79 code=0x7ffc0000
[  122.627009][   T24] audit: type=1326 audit(122.171:1034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2758 comm="syz.5.695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7faac788ff79 code=0x7ffc0000
[  122.649967][   T24] audit: type=1326 audit(122.201:1035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2758 comm="syz.5.695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faac788ff79 code=0x7ffc0000
[  122.672988][   T24] audit: type=1326 audit(122.201:1036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2758 comm="syz.5.695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faac788ff79 code=0x7ffc0000
[  122.721413][   T24] audit: type=1326 audit(122.201:1037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2758 comm="syz.5.695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faac788ff79 code=0x7ffc0000
[  122.833482][ T2785] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  122.841333][ T2785] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  122.850438][ T2785] F2FS-fs (loop5): invalid crc value
[  122.858255][ T2785] F2FS-fs (loop5): Found nat_bits in checkpoint
[  122.905974][ T2785] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  122.913008][ T2785] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  122.925897][ T2785] FAULT_INJECTION: forcing a failure.
[  122.925897][ T2785] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  122.939772][ T2785] CPU: 0 PID: 2785 Comm: syz.5.702 Not tainted syzkaller #0
[  122.947055][ T2785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  122.957107][ T2785] Call Trace:
[  122.960408][ T2785]  __dump_stack+0x21/0x24
[  122.964811][ T2785]  dump_stack_lvl+0x1a7/0x208
[  122.969472][ T2785]  ? show_regs_print_info+0x18/0x18
[  122.974655][ T2785]  ? kasan_set_track+0x5b/0x70
[  122.979402][ T2785]  ? __kasan_slab_free+0x11/0x20
[  122.984326][ T2785]  ? kmem_cache_free+0x100/0x2d0
[  122.989254][ T2785]  ? putname+0xfe/0x150
[  122.993395][ T2785]  ? do_sys_openat2+0x68e/0x750
[  122.998230][ T2785]  ? do_syscall_64+0x31/0x40
[  123.002806][ T2785]  dump_stack+0x15/0x1c
[  123.006951][ T2785]  should_fail+0x3c1/0x510
[  123.011360][ T2785]  should_fail_usercopy+0x1a/0x20
[  123.016380][ T2785]  _copy_from_user+0x20/0xd0
[  123.020976][ T2785]  iovec_from_user+0x1bc/0x2f0
[  123.025731][ T2785]  __import_iovec+0x71/0x390
[  123.030450][ T2785]  import_iovec+0x7c/0xb0
[  123.034787][ T2785]  vfs_writev+0x153/0x530
[  123.039116][ T2785]  ? preempt_count_add+0x90/0x1b0
[  123.044141][ T2785]  ? do_writev+0x2c0/0x2c0
[  123.048577][ T2785]  ? __kasan_check_write+0x14/0x20
[  123.053678][ T2785]  ? mutex_lock+0x92/0xf0
[  123.058007][ T2785]  ? mutex_trylock+0xa0/0xa0
[  123.062585][ T2785]  ? __fget_files+0x2c4/0x320
[  123.067260][ T2785]  ? __fdget_pos+0x2d2/0x380
[  123.071839][ T2785]  ? do_writev+0x76/0x2c0
[  123.076161][ T2785]  do_writev+0x14e/0x2c0
[  123.080397][ T2785]  ? do_readv+0x450/0x450
[  123.084719][ T2785]  ? ____fput+0x15/0x20
[  123.088869][ T2785]  ? debug_smp_processor_id+0x17/0x20
[  123.094235][ T2785]  __x64_sys_writev+0x7d/0x90
[  123.098917][ T2785]  do_syscall_64+0x31/0x40
[  123.103325][ T2785]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  123.109206][ T2785] RIP: 0033:0x7faac788ff79
[  123.113613][ T2785] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  123.133214][ T2785] RSP: 002b:00007faac62eb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  123.141633][ T2785] RAX: ffffffffffffffda RBX: 00007faac7b09fa0 RCX: 00007faac788ff79
[  123.149593][ T2785] RDX: 0000000000000002 RSI: 0000200000000840 RDI: 0000000000000004
[  123.157546][ T2785] RBP: 00007faac62eb090 R08: 0000000000000000 R09: 0000000000000000
[  123.165497][ T2785] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  123.173444][ T2785] R13: 00007faac7b0a038 R14: 00007faac7b09fa0 R15: 00007ffcf85f1888
[  123.255029][ T2798] raw_sendmsg: syz.2.704 forgot to set AF_INET. Fix it!
[  123.284842][ T2778] F2FS-fs (loop4): Invalid log sectorsize (67108873)
[  123.305558][ T2778] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  123.336906][ T2778] F2FS-fs (loop4): invalid crc value
[  123.399288][ T2778] F2FS-fs (loop4): Found nat_bits in checkpoint
[  123.430452][ T2795] F2FS-fs (loop3): fault_injection options not supported
[  123.506352][ T2795] F2FS-fs (loop3): fault_type options not supported
[  123.515214][ T2795] F2FS-fs (loop3): Project quota feature not enabled. Cannot enable project quota enforcement.
[  123.529409][ T2778] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  123.536752][ T2778] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  123.804026][  T533] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  123.935716][ T2826] EXT4-fs (loop3): Test dummy encryption mode enabled
[  123.950609][ T2826] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  123.960429][ T2826] System zones: 0-5
[  123.964864][ T2826] EXT4-fs (loop3): mounted filesystem without journal. Opts: debug,delalloc,inlinecrypt,test_dummy_encryption,errors=continue,errors=continue,delalloc,barrier,,errors=continue
[  123.991165][ T2826] FAULT_INJECTION: forcing a failure.
[  123.991165][ T2826] name failslab, interval 1, probability 0, space 0, times 0
[  124.003834][ T2826] CPU: 0 PID: 2826 Comm: syz.3.712 Not tainted syzkaller #0
[  124.011092][ T2826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  124.021243][ T2826] Call Trace:
[  124.024517][ T2826]  __dump_stack+0x21/0x24
[  124.028827][ T2826]  dump_stack_lvl+0x1a7/0x208
[  124.033481][ T2826]  ? show_regs_print_info+0x18/0x18
[  124.038771][ T2826]  ? __kernel_text_address+0xa0/0x100
[  124.044127][ T2826]  dump_stack+0x15/0x1c
[  124.048275][ T2826]  should_fail+0x3c1/0x510
[  124.052673][ T2826]  ? ext4_find_extent+0x36b/0xe20
[  124.057679][ T2826]  __should_failslab+0xa4/0xe0
[  124.062421][ T2826]  should_failslab+0x9/0x20
[  124.066898][ T2826]  __kmalloc+0x60/0x330
[  124.071031][ T2826]  ? stack_trace_snprint+0xf0/0xf0
[  124.076119][ T2826]  ext4_find_extent+0x36b/0xe20
[  124.080956][ T2826]  ext4_ext_map_blocks+0x20b/0x5dd0
[  124.086132][ T2826]  ? 0xffffffffa002a000
[  124.090261][ T2826]  ? is_bpf_text_address+0x177/0x190
[  124.095519][ T2826]  ? __kernel_text_address+0xa0/0x100
[  124.100953][ T2826]  ? unwind_get_return_address+0x4d/0x90
[  124.106561][ T2826]  ? ext4_ext_release+0x10/0x10
[  124.111384][ T2826]  ? arch_stack_walk+0xee/0x140
[  124.116211][ T2826]  ? ext4_es_lookup_extent+0x54c/0x900
[  124.121643][ T2826]  ext4_map_blocks+0x985/0x1bd0
[  124.124022][  T533] usb 1-1: device descriptor read/64, error -71
[  124.126471][ T2826]  ? __kasan_slab_alloc+0xbd/0xf0
[  124.126482][ T2826]  ? slab_post_alloc_hook+0x5d/0x2f0
[  124.126491][ T2826]  ? kmem_cache_alloc+0x162/0x2d0
[  124.126511][ T2826]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  124.154431][ T2826]  ? ext4_issue_zeroout+0x1a0/0x1a0
[  124.159611][ T2826]  _ext4_get_block+0x1d1/0x4e0
[  124.164351][ T2826]  ? ext4_get_block+0x50/0x50
[  124.169004][ T2826]  ? slab_post_alloc_hook+0x7d/0x2f0
[  124.174263][ T2826]  ext4_get_block_unwritten+0x2a/0x40
[  124.179608][ T2826]  ext4_block_write_begin+0x573/0x1340
[  124.185039][ T2826]  ? _ext4_get_block+0x4e0/0x4e0
[  124.189946][ T2826]  ? ext4_print_free_blocks+0x2c0/0x2c0
[  124.195465][ T2826]  ? __kasan_check_read+0x11/0x20
[  124.200465][ T2826]  ? ext4_inode_journal_mode+0x19a/0x480
[  124.206073][ T2826]  ext4_write_begin+0x67e/0x1690
[  124.210992][ T2826]  ? ext4_readahead+0x110/0x110
[  124.215825][ T2826]  ? can_reuse_spf_vma+0xe0/0xe0
[  124.220743][ T2826]  ? memset+0x35/0x40
[  124.224721][ T2826]  ? vmacache_update+0xb7/0x120
[  124.229548][ T2826]  ext4_da_write_begin+0x478/0xf10
[  124.234633][ T2826]  ? up_read+0x12/0x50
[  124.238674][ T2826]  ? ext4_set_page_dirty+0x1a0/0x1a0
[  124.243960][ T2826]  ? exc_page_fault+0x67/0xc0
[  124.248616][ T2826]  ? asm_exc_page_fault+0x1e/0x30
[  124.253616][ T2826]  ? __get_user_nocheck_1+0x6/0x10
[  124.258702][ T2826]  generic_perform_write+0x2ce/0x540
[  124.263971][ T2826]  ? grab_cache_page_write_begin+0xb0/0xb0
[  124.269748][ T2826]  ? down_write+0xb2/0x120
[  124.274137][ T2826]  ? down_read_killable+0xe0/0xe0
[  124.279139][ T2826]  ? __schedule+0xb5b/0x1320
[  124.283702][ T2826]  ? generic_write_checks+0x3b3/0x480
[  124.289047][ T2826]  ext4_buffered_write_iter+0x4b8/0x640
[  124.294577][ T2826]  ext4_file_write_iter+0x53f/0x1980
[  124.299835][ T2826]  ? __kasan_check_read+0x11/0x20
[  124.304841][ T2826]  ? preempt_schedule_irq+0xca/0x120
[  124.310107][ T2826]  ? preempt_schedule_notrace+0x120/0x120
[  124.315837][ T2826]  ? __irq_exit_rcu+0x40/0x150
[  124.320600][ T2826]  ? irqentry_exit+0x56/0x60
[  124.325168][ T2826]  ? sysvec_apic_timer_interrupt+0xcb/0xe0
[  124.330956][ T2826]  ? ext4_file_read_iter+0x530/0x530
[  124.336230][ T2826]  ? iov_iter_init+0x3f/0x120
[  124.340888][ T2826]  vfs_write+0x758/0xdc0
[  124.345117][ T2826]  ? kernel_write+0x3c0/0x3c0
[  124.349769][ T2826]  ? mutex_lock+0x92/0xf0
[  124.354074][ T2826]  ? mutex_trylock+0xa0/0xa0
[  124.358651][ T2826]  ? __fget_files+0x2c4/0x320
[  124.363308][ T2826]  ? __fdget+0x1a1/0x230
[  124.367614][ T2826]  ? __x64_sys_pwrite64+0xf2/0x220
[  124.372709][ T2826]  __x64_sys_pwrite64+0x197/0x220
[  124.377720][ T2826]  ? ksys_pwrite64+0x1b0/0x1b0
[  124.382463][ T2826]  ? debug_smp_processor_id+0x17/0x20
[  124.387816][ T2826]  ? fpregs_assert_state_consistent+0xb1/0xe0
[  124.393865][ T2826]  ? exit_to_user_mode_prepare+0x2f/0xa0
[  124.399485][ T2826]  do_syscall_64+0x31/0x40
[  124.403885][ T2826]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  124.409759][ T2826] RIP: 0033:0x7fab96cbcf79
[  124.414152][ T2826] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  124.433731][ T2826] RSP: 002b:00007fab95718028 EFLAGS: 00000246 ORIG_RAX: 0000000000000012
[  124.442118][ T2826] RAX: ffffffffffffffda RBX: 00007fab96f36fa0 RCX: 00007fab96cbcf79
[  124.450067][ T2826] RDX: 00000000200000c1 RSI: 00002000000000c0 RDI: 0000000000000005
[  124.458012][ T2826] RBP: 00007fab95718090 R08: 0000000000000000 R09: 0000000000000000
[  124.465957][ T2826] R10: 0000000000009000 R11: 0000000000000246 R12: 0000000000000001
[  124.473906][ T2826] R13: 00007fab96f37038 R14: 00007fab96f36fa0 R15: 00007ffc350b0518
[  124.779228][ T2844] SELinux: security_context_str_to_sid() failed for (dev binder, type binder) errno=-22
[  124.893960][  T533] usb 1-1: device descriptor read/64, error -71
[  124.895045][  T300] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  125.163991][  T533] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  125.173990][   T20] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  125.183948][  T300] usb 5-1: device descriptor read/64, error -71
[  125.425709][   T20] usb 3-1: Using ep0 maxpacket: 16
[  125.434014][  T533] usb 1-1: device descriptor read/64, error -71
[  125.484222][   T20] usb 3-1: too many configurations: 55, using maximum allowed: 8
[  125.574009][  T300] usb 5-1: device descriptor read/64, error -71
[  125.853945][  T533] usb 1-1: device descriptor read/64, error -71
[  125.943990][  T295] usb 6-1: new full-speed USB device number 10 using dummy_hcd
[  125.951605][  T300] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  125.984058][  T533] usb usb1-port1: attempt power cycle
[  126.223973][  T300] usb 5-1: device descriptor read/64, error -71
[  126.274015][  T295] usb 6-1: not running at top speed; connect to a high speed hub
[  126.303947][   T20] usb 3-1: string descriptor 0 read error: -71
[  126.310180][   T20] usb 3-1: New USB device found, idVendor=2304, idProduct=a1a0, bcdDevice=7f.58
[  126.319252][   T20] usb 3-1: New USB device strings: Mfr=220, Product=245, SerialNumber=158
[  126.328366][   T20] usb 3-1: rejected 8 configurations due to insufficient available bus power
[  126.357694][   T20] usb 3-1: no configuration chosen from 8 choices
[  126.374078][  T295] usb 6-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  126.383148][  T295] usb 6-1: config 1 has no interface number 1
[  126.389034][   T20] usb 3-1: USB disconnect, device number 23
[  126.395139][  T533] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  126.397308][  T295] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  126.564131][  T533] usb 1-1: device descriptor read/8, error -71
[  126.783991][  T533] usb 1-1: device descriptor read/8, error -71
[  126.804240][  T295] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  126.813289][  T295] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  126.821505][  T295] usb 6-1: Product: syz
[  126.825791][  T295] usb 6-1: Manufacturer: syz
[  126.830374][  T295] usb 6-1: SerialNumber: syz
[  126.874001][  T300] usb 5-1: device descriptor read/64, error -71
[  126.993981][  T300] usb usb5-port1: attempt power cycle
[  127.113975][  T574] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  127.135686][ T2875] netlink: 20 bytes leftover after parsing attributes in process `syz.5.721'.
[  127.144728][ T2875] device veth1_macvtap left promiscuous mode
[  127.256760][ T2872] EXT4-fs (loop4): Test dummy encryption mode enabled
[  127.264478][ T2872] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  127.277567][  T533] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  127.284051][ T2872] System zones: 0-5
[  127.293666][ T2872] EXT4-fs (loop4): mounted filesystem without journal. Opts: debug,delalloc,inlinecrypt,test_dummy_encryption,errors=continue,errors=continue,delalloc,barrier,,errors=continue
[  127.297711][   T24] kauditd_printk_skb: 34 callbacks suppressed
[  127.297722][   T24] audit: type=1326 audit(127.271:1072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2878 comm="syz.3.728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab96cbcf79 code=0x7ffc0000
[  127.340692][   T24] audit: type=1326 audit(127.311:1073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2878 comm="syz.3.728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab96cbcf79 code=0x7ffc0000
[  127.364934][  T574] usb 3-1: Using ep0 maxpacket: 16
[  127.375342][   T24] audit: type=1326 audit(127.311:1074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2878 comm="syz.3.728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fab96cbcf79 code=0x7ffc0000
[  127.398531][   T24] audit: type=1326 audit(127.311:1075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2878 comm="syz.3.728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab96cbcf79 code=0x7ffc0000
[  127.422199][   T24] audit: type=1326 audit(127.311:1076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2878 comm="syz.3.728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab96cbcf79 code=0x7ffc0000
[  127.455220][   T24] audit: type=1326 audit(127.311:1077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2878 comm="syz.3.728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fab96cbcf79 code=0x7ffc0000
[  127.504618][   T24] audit: type=1326 audit(127.311:1078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2878 comm="syz.3.728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab96cbcf79 code=0x7ffc0000
[  127.528794][   T24] audit: type=1326 audit(127.311:1079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2878 comm="syz.3.728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab96cbcf79 code=0x7ffc0000
[  127.552078][   T24] audit: type=1326 audit(127.311:1080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2878 comm="syz.3.728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fab96cbcf79 code=0x7ffc0000
[  127.575143][  T533] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  127.586213][  T533] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  127.596149][  T533] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  127.609326][   T24] audit: type=1326 audit(127.311:1081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2878 comm="syz.3.728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab96cbcf79 code=0x7ffc0000
[  127.633442][  T533] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  127.643492][  T533] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  127.660666][  T533] usb 1-1: config 0 descriptor??
[  127.714004][  T574] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  127.723061][  T574] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  127.743963][  T574] usb 3-1: Product: syz
[  127.748157][  T574] usb 3-1: Manufacturer: syz
[  127.774054][  T574] usb 3-1: SerialNumber: syz
[  127.781351][  T574] usb 3-1: config 0 descriptor??
[  127.894013][  T295] usb 6-1: 2:1 : no or invalid class specific endpoint descriptor
[  127.950034][  T295] usb 6-1: USB disconnect, device number 10
[  128.034615][ T2870] udc-core: couldn't find an available UDC or it's busy
[  128.041621][ T2870] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  128.066709][ T2883] F2FS-fs (loop3): invalid crc value
[  128.074017][  T574] r8152 3-1:0.0: Unknown version 0x0000
[  128.080989][  T574] usb 3-1: USB disconnect, device number 24
[  128.134673][ T2883] F2FS-fs (loop3): Found nat_bits in checkpoint
[  128.134826][  T533] plantronics 0003:047F:FFFF.0013: unknown main item tag 0xd
[  128.167241][ T2883] F2FS-fs (loop3): Cannot turn on quotas: -2 on 2
[  128.177625][ T2883] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  128.211706][  T533] plantronics 0003:047F:FFFF.0013: No inputs registered, leaving
[  128.224832][  T533] plantronics 0003:047F:FFFF.0013: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  128.809153][ T2910] FAT-fs (loop2): Directory bread(block 64) failed
[  128.815883][ T2910] FAT-fs (loop2): Directory bread(block 65) failed
[  128.822425][ T2910] FAT-fs (loop2): Directory bread(block 66) failed
[  128.829528][ T2910] FAT-fs (loop2): Directory bread(block 67) failed
[  128.836354][ T2910] FAT-fs (loop2): Directory bread(block 68) failed
[  128.842935][ T2910] FAT-fs (loop2): Directory bread(block 69) failed
[  128.850169][ T2910] FAT-fs (loop2): Directory bread(block 70) failed
[  128.856941][ T2910] FAT-fs (loop2): Directory bread(block 71) failed
[  128.863675][ T2910] FAT-fs (loop2): Directory bread(block 72) failed
[  128.871242][ T2910] FAT-fs (loop2): Directory bread(block 73) failed
[  129.072403][  T533] usb 1-1: USB disconnect, device number 16
[  130.447853][ T2939] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  130.469212][ T2937] netlink: 196 bytes leftover after parsing attributes in process `syz.2.743'.
[  130.483645][ T2939] exFAT-fs (loop3): Medium has reported failures. Some data may be lost.
[  130.500230][ T2939] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  130.571204][ T2939] overlayfs: filesystem on './file2' not supported
[  130.778898][ T2951] EXT4-fs (loop2): Mount option "noacl" will be removed by 3.5
[  130.778898][ T2951] Contact linux-ext4@vger.kernel.org if you think we should keep it.
[  130.778898][ T2951] 
[  131.126941][ T2951] EXT4-fs (loop2): Ignoring removed orlov option
[  131.172605][ T2951] EXT4-fs (loop2): mounted filesystem without journal. Opts: noquota,bsddf,grpquota,nobarrier,noacl,orlov,nogrpid,noauto_da_alloc,stripe=0x0000000000000002,nombcache,,errors=continue
[  131.844035][  T533] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  131.992877][ T2977] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  132.039823][ T2977] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  132.134006][  T533] usb 6-1: Using ep0 maxpacket: 32
[  132.213674][ T2977] F2FS-fs (loop3): invalid crc value
[  132.259961][ T2977] F2FS-fs (loop3): Found nat_bits in checkpoint
[  132.323457][ T2977] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  132.331201][  T533] usb 6-1: unable to get BOS descriptor or descriptor too short
[  132.339498][ T2977] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  132.453007][ T2977] attempt to access beyond end of device
[  132.453007][ T2977] loop3: rw=2049, want=45224, limit=40427
[  132.464711][  T533] usb 6-1: config 0 has an invalid interface number: 89 but max is 0
[  132.472909][  T533] usb 6-1: config 0 has no interface number 0
[  132.516996][ T2977] overlayfs: './file0' not a directory
[  132.527499][   T24] kauditd_printk_skb: 73 callbacks suppressed
[  132.527510][   T24] audit: type=1400 audit(132.501:1155): avc:  denied  { mounton } for  pid=2975 comm="syz.3.757" path="/154/bus/bus" dev="loop3" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[  132.613834][ T2977] attempt to access beyond end of device
[  132.613834][ T2977] loop3: rw=2049, want=45232, limit=40427
[  132.644017][  T533] usb 6-1: New USB device found, idVendor=0460, idProduct=0004, bcdDevice=cf.b9
[  132.659403][  T533] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  132.668394][  T276] attempt to access beyond end of device
[  132.668394][  T276] loop3: rw=2051, want=45232, limit=40427
[  132.679820][  T533] usb 6-1: Product: syz
[  132.684566][  T276] F2FS-fs (loop3): Issue discard(5653, 5653, 1) failed, ret: -5
[  132.685478][  T533] usb 6-1: Manufacturer: syz
[  132.698855][  T533] usb 6-1: SerialNumber: syz
[  132.705309][  T533] usb 6-1: config 0 descriptor??
[  133.107649][ T3009] EXT4-fs (loop2): Mount option "noacl" will be removed by 3.5
[  133.107649][ T3009] Contact linux-ext4@vger.kernel.org if you think we should keep it.
[  133.107649][ T3009] 
[  133.137203][ T3009] EXT4-fs (loop2): Ignoring removed orlov option
[  133.148961][  T533] usb 6-1: USB disconnect, device number 11
[  133.167920][ T3009] EXT4-fs (loop2): mounted filesystem without journal. Opts: noquota,bsddf,grpquota,nobarrier,noacl,orlov,nogrpid,noauto_da_alloc,stripe=0x0000000000000002,nombcache,,errors=continue
[  133.344978][ T3009] overlayfs: missing 'lowerdir'
[  133.407937][ T3019] EXT4-fs error (device loop4): ext4_orphan_get:1395: inode #15: comm syz.4.767: inode has both inline data and extents flags
[  133.436522][ T3019] EXT4-fs error (device loop4): ext4_orphan_get:1400: comm syz.4.767: couldn't read orphan inode 15 (err -117)
[  133.456179][ T3019] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,resgid=0x000000000000ee00,acl,noload,journal_dev=0x0000000000000003,nodiscard,,errors=continue
[  133.473841][   T24] audit: type=1326 audit(133.421:1156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3025 comm="syz.3.768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab96cbcf79 code=0x7ffc0000
[  133.503559][   T24] audit: type=1326 audit(133.431:1157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3025 comm="syz.3.768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fab96cbcf79 code=0x7ffc0000
[  133.527774][   T24] audit: type=1326 audit(133.431:1158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3025 comm="syz.3.768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab96cbcf79 code=0x7ffc0000
[  133.550868][   T24] audit: type=1326 audit(133.431:1159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3025 comm="syz.3.768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fab96cbcf79 code=0x7ffc0000
[  133.578717][   T24] audit: type=1326 audit(133.431:1160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3025 comm="syz.3.768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab96cbcf79 code=0x7ffc0000
[  133.601825][   T24] audit: type=1326 audit(133.431:1161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3025 comm="syz.3.768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fab96cbcf79 code=0x7ffc0000
[  133.625154][   T24] audit: type=1326 audit(133.431:1162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3025 comm="syz.3.768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab96cbcf79 code=0x7ffc0000
[  133.643532][ T3032] netlink: 20 bytes leftover after parsing attributes in process `syz.2.769'.
[  133.672274][   T24] audit: type=1326 audit(133.431:1163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3025 comm="syz.3.768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=40 compat=0 ip=0x7fab96cbcf79 code=0x7ffc0000
[  133.695229][   T24] audit: type=1326 audit(133.441:1164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3025 comm="syz.3.768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab96cbcf79 code=0x7ffc0000
[  133.771574][ T3037] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  133.782617][ T3037] exFAT-fs (loop2): Medium has reported failures. Some data may be lost.
[  133.793562][ T3037] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  133.819999][ T3037] overlayfs: filesystem on './file2' not supported
[  134.357569][ T3053] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  134.377202][ T3053] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  134.394620][ T3053] F2FS-fs (loop2): invalid crc value
[  134.403011][ T3053] F2FS-fs (loop2): Found nat_bits in checkpoint
[  134.437468][ T3053] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  134.444588][ T3053] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  134.863960][  T295] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  135.084226][   T15] usb 3-1: new full-speed USB device number 25 using dummy_hcd
[  135.113926][  T295] usb 4-1: Using ep0 maxpacket: 32
[  135.233983][  T295] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  135.642828][ T3093] EXT4-fs (loop4): 1 truncate cleaned up
[  135.649405][ T3093] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[  135.678211][  T295] usb 4-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[  135.724915][   T15] usb 3-1: config 0 interface 0 altsetting 7 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  135.736127][  T295] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  135.744458][   T15] usb 3-1: config 0 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  135.757547][  T295] usb 4-1: Product: syz
[  135.761795][  T295] usb 4-1: Manufacturer: syz
[  135.766428][   T15] usb 3-1: config 0 interface 0 has no altsetting 0
[  135.773037][   T15] usb 3-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00
[  135.782241][  T295] usb 4-1: SerialNumber: syz
[  135.787514][  T295] usb 4-1: config 0 descriptor??
[  135.792523][   T15] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  135.828886][ T3113] exFAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  135.831350][  T295] usb 4-1: bad CDC descriptors
[  135.840022][ T3113] exFAT-fs (loop5): Medium has reported failures. Some data may be lost.
[  135.847808][   T15] usb 3-1: config 0 descriptor??
[  135.855035][ T3113] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  135.858304][  T295] usb 4-1: unsupported MDLM descriptors
[  135.886615][ T3113] overlayfs: filesystem on './file2' not supported
[  136.045878][   T49] Bluetooth: hci0: Frame reassembly failed (-84)
[  136.112920][   T49] Bluetooth: hci0: Frame reassembly failed (-84)
[  136.196081][ T3118] EXT4-fs (loop4): dax option not supported
[  136.237306][ T3123] EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  136.247243][ T3123] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[  136.257347][ T3123] EXT4-fs error (device loop5): ext4_get_journal_inode:5242: inode #5: comm syz.5.799: unexpected bad inode w/o EXT4_IGET_BAD
[  136.270853][ T3123] EXT4-fs (loop5): no journal found
[  136.276121][ T3123] EXT4-fs (loop5): can't get journal size
[  136.282424][ T3123] EXT4-fs (loop5): mounted filesystem without journal. Opts: noblock_validity,noinit_itable,norecovery,min_batch_time=0x000000000000071d,abort,,errors=continue
[  136.312334][ T3118] netlink: 8 bytes leftover after parsing attributes in process `syz.4.792'.
[  136.374817][   T15] holtek 0003:1241:5015.0014: unknown main item tag 0x0
[  136.381929][   T15] holtek 0003:1241:5015.0014: unknown main item tag 0x0
[  136.389089][   T15] holtek 0003:1241:5015.0014: unknown main item tag 0x0
[  136.396245][   T15] holtek 0003:1241:5015.0014: unknown main item tag 0x0
[  136.407414][   T15] holtek 0003:1241:5015.0014: unknown main item tag 0x0
[  136.415105][   T15] holtek 0003:1241:5015.0014: hidraw0: USB HID v0.00 Device [HID 1241:5015] on usb-dummy_hcd.2-1/input0
[  136.426280][   T15] holtek 0003:1241:5015.0014: no inputs found
[  136.435897][ T3128] EXT4-fs (loop5): Test dummy encryption mode enabled
[  136.458047][ T3128] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  136.466797][ T3128] System zones: 0-5
[  136.574824][ T3128] EXT4-fs (loop5): mounted filesystem without journal. Opts: debug,delalloc,inlinecrypt,test_dummy_encryption,errors=continue,errors=continue,delalloc,barrier,,errors=continue
[  136.785233][ T3075] F2FS-fs (loop2): Corrupted extension count (64 + 1 > 64)
[  136.792563][ T3075] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  136.801109][ T3075] F2FS-fs (loop2): fault_type options not supported
[  136.808433][ T3075] F2FS-fs (loop2): invalid crc value
[  136.814795][ T3075] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109)
[  136.835794][ T3075] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  136.842867][ T3075] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  136.874560][ T2884] usb 3-1: USB disconnect, device number 25
[  137.148705][ T1162] usb 4-1: USB disconnect, device number 13
[  137.309210][ T3147] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x987a2e96, utbl_chksum : 0xe619d30d)
[  137.316948][ T3155] netlink: 20 bytes leftover after parsing attributes in process `syz.4.807'.
[  137.758055][ T3161] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  137.765043][ T3156] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  137.773745][ T3161] exFAT-fs (loop3): Medium has reported failures. Some data may be lost.
[  137.786649][ T3161] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  137.789054][ T3156] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  137.811617][ T3156] F2FS-fs (loop5): invalid crc value
[  137.818547][ T3156] F2FS-fs (loop5): Found nat_bits in checkpoint
[  137.832231][ T3161] overlayfs: filesystem on './file2' not supported
[  137.852874][ T3156] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  137.860090][ T3156] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  137.874811][   T24] kauditd_printk_skb: 33 callbacks suppressed
[  137.874820][   T24] audit: type=1400 audit(137.861:1198): avc:  denied  { create } for  pid=3153 comm="syz.5.806" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=blk_file permissive=1
[  137.995057][ T3175] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
[  138.043977][ T2884] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  138.088279][   T24] audit: type=1400 audit(138.071:1199): avc:  denied  { connect } for  pid=3181 comm="syz.5.814" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  138.147102][   T25] Bluetooth: hci0: command 0x1003 tx timeout
[  138.164098][  T940] Bluetooth: hci0: Frame reassembly failed (-84)
[  138.442600][   T25] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  138.503947][ T2884] usb 3-1: Using ep0 maxpacket: 16
[  138.584360][   T24] audit: type=1400 audit(138.571:1200): avc:  denied  { write } for  pid=3191 comm="syz.4.817" name="/" dev="configfs" ino=1163 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  138.623977][ T2884] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  138.634181][ T2884] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  138.655907][   T24] audit: type=1400 audit(138.641:1201): avc:  denied  { add_name } for  pid=3191 comm="syz.4.817" name="blkio.bfq.io_merged" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  138.677351][   T24] audit: type=1400 audit(138.641:1202): avc:  denied  { create } for  pid=3191 comm="syz.4.817" name="blkio.bfq.io_merged" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:configfs_t tclass=file permissive=1
[  138.803988][ T2884] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  138.813106][ T2884] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  138.821164][ T2884] usb 3-1: Product: syz
[  138.825388][ T2884] usb 3-1: Manufacturer: syz
[  138.829992][ T2884] usb 3-1: SerialNumber: syz
[  138.834004][   T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  138.845493][   T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  138.855244][   T25] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  138.868148][   T25] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  138.877382][   T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  138.885866][   T25] usb 4-1: config 0 descriptor??
[  139.324027][ T2884] usb 3-1: 0:2 : does not exist
[  139.349068][ T3203] FAULT_INJECTION: forcing a failure.
[  139.349068][ T3203] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  139.362188][ T3203] CPU: 0 PID: 3203 Comm: syz.4.820 Not tainted syzkaller #0
[  139.364762][   T25] plantronics 0003:047F:FFFF.0015: unknown main item tag 0xd
[  139.369449][ T3203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  139.369454][ T3203] Call Trace:
[  139.369470][ T3203]  __dump_stack+0x21/0x24
[  139.369487][ T3203]  dump_stack_lvl+0x1a7/0x208
[  139.378189][   T25] plantronics 0003:047F:FFFF.0015: No inputs registered, leaving
[  139.386870][ T3203]  ? show_regs_print_info+0x18/0x18
[  139.386880][ T3203]  ? path_openat+0x2970/0x31c0
[  139.386889][ T3203]  dump_stack+0x15/0x1c
[  139.386905][ T3203]  should_fail+0x3c1/0x510
[  139.392156][   T25] plantronics 0003:047F:FFFF.0015: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  139.394478][ T3203]  should_fail_usercopy+0x1a/0x20
[  139.394492][ T3203]  _copy_from_user+0x20/0xd0
[  139.394508][ T3203]  iovec_from_user+0x1bc/0x2f0
[  139.452284][ T3203]  ? __copy_msghdr_from_user+0x329/0x630
[  139.457892][ T3203]  __import_iovec+0x71/0x390
[  139.462451][ T3203]  ? __ia32_sys_shutdown+0x1e0/0x1e0
[  139.467703][ T3203]  import_iovec+0x7c/0xb0
[  139.471999][ T3203]  ___sys_sendmsg+0x1fd/0x2e0
[  139.476646][ T3203]  ? __sys_sendmsg+0x280/0x280
[  139.481378][ T3203]  ? rw_verify_area+0x1c0/0x360
[  139.486202][ T3203]  ? __fdget+0x1a1/0x230
[  139.490412][ T3203]  __x64_sys_sendmsg+0x1f9/0x2c0
[  139.495318][ T3203]  ? fput+0x1a/0x20
[  139.499097][ T3203]  ? ___sys_sendmsg+0x2e0/0x2e0
[  139.503927][ T3203]  ? debug_smp_processor_id+0x17/0x20
[  139.509267][ T3203]  ? fpregs_assert_state_consistent+0xb1/0xe0
[  139.515301][ T3203]  ? exit_to_user_mode_prepare+0x2f/0xa0
[  139.520899][ T3203]  do_syscall_64+0x31/0x40
[  139.525287][ T3203]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  139.531145][ T3203] RIP: 0033:0x7f6e80a52f79
[  139.535529][ T3203] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  139.555110][ T3203] RSP: 002b:00007f6e7f4ae028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  139.563491][ T3203] RAX: ffffffffffffffda RBX: 00007f6e80cccfa0 RCX: 00007f6e80a52f79
[  139.571447][ T3203] RDX: 0000000000004040 RSI: 0000200000000000 RDI: 0000000000000003
[  139.579537][ T3203] RBP: 00007f6e7f4ae090 R08: 0000000000000000 R09: 0000000000000000
[  139.587613][ T3203] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  139.595577][ T3203] R13: 00007f6e80ccd038 R14: 00007f6e80cccfa0 R15: 00007ffd478935b8
[  139.607485][   T25] kernel write not supported for file /input/event0 (pid: 25 comm: kworker/1:1)
[  139.608483][ T2884] usb 3-1: USB disconnect, device number 26
[  139.638658][ T3205] EXT4-fs (loop5): 1 truncate cleaned up
[  139.644538][ T3205] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue
[  139.793801][ T3222] print_req_error: 3 callbacks suppressed
[  139.793826][ T3222] blk_update_request: I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  139.810768][ T3222] F2FS-fs (loop9): Unable to read 1th superblock
[  139.817519][ T3222] blk_update_request: I/O error, dev loop9, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  139.828543][ T3222] F2FS-fs (loop9): Unable to read 2th superblock
[  139.971959][ T3227] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  139.975080][  T317] udevd[317]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  139.982027][ T3227] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[  140.008841][ T3227] EXT4-fs error (device loop2): ext4_get_journal_inode:5242: inode #5: comm syz.2.826: unexpected bad inode w/o EXT4_IGET_BAD
[  140.022070][ T3227] EXT4-fs (loop2): no journal found
[  140.027410][ T3227] EXT4-fs (loop2): can't get journal size
[  140.034701][ T3227] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,noinit_itable,norecovery,min_batch_time=0x000000000000071d,abort,,errors=continue
[  140.152177][ T2884] usb 4-1: USB disconnect, device number 14
[  140.160376][ T3235] EXT4-fs (loop2): Ignoring removed mblk_io_submit option
[  140.169704][ T3235] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  140.181011][ T3235] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c802e028, mo2=0002]
[  140.189330][ T3235] EXT4-fs (loop2): orphan cleanup on readonly fs
[  140.195945][ T3235] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.828: bg 0: block 361: padding at end of block bitmap is not set
[  140.210373][   T25] Bluetooth: hci0: command 0x1001 tx timeout
[  140.211018][ T3235] EXT4-fs (loop2): Remounting filesystem read-only
[  140.223058][  T432] Bluetooth: hci0: sending frame failed (-49)
[  140.226193][ T3235] EXT4-fs error (device loop2) in ext4_mb_clear_bb:5661: Corrupt filesystem
[  140.238031][ T3235] EXT4-fs error (device loop2): ext4_clear_blocks:880: inode #11: comm syz.2.828: attempt to clear invalid blocks 33619980 len 1
[  140.253156][ T3235] EXT4-fs error (device loop2): ext4_free_branches:1026: inode #11: comm syz.2.828: invalid indirect mapped block 1811939328 (level 0)
[  140.268625][ T3235] EXT4-fs error (device loop2): ext4_free_branches:1026: inode #11: comm syz.2.828: invalid indirect mapped block 2185560079 (level 1)
[  140.284240][ T3235] EXT4-fs (loop2): 1 truncate cleaned up
[  140.289920][ T3235] EXT4-fs (loop2): mounted filesystem without journal. Opts: nogrpid,noblock_validity,discard,errors=remount-ro,mblk_io_submit
[  140.516155][ T3248] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  140.527836][ T3248] exFAT-fs (loop4): Medium has reported failures. Some data may be lost.
[  140.538130][ T3248] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  140.563458][ T3248] overlayfs: filesystem on './file2' not supported
[  140.582302][ T3256] incfs: Backing dir is not set, filesystem can't be mounted.
[  140.590309][ T3256] incfs: mount failed -2
[  140.629627][   T24] audit: type=1400 audit(140.611:1203): avc:  denied  { map } for  pid=3257 comm="syz.4.835" path="socket:[26727]" dev="sockfs" ino=26727 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1
[  140.763928][   T25] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  140.863927][ T1162] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  141.014107][   T25] usb 3-1: Using ep0 maxpacket: 16
[  141.103928][ T1162] usb 6-1: Using ep0 maxpacket: 32
[  141.134037][   T25] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  141.144547][ T3267] netlink: 'syz.3.837': attribute type 5 has an invalid length.
[  141.152216][   T25] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  141.244045][ T1162] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  141.254298][ T1162] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  141.263361][ T1162] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  141.272630][ T1162] usb 6-1: config 0 descriptor??
[  141.314845][ T1162] hub 6-1:0.0: bad descriptor, ignoring hub
[  141.320999][ T1162] hub: probe of 6-1:0.0 failed with error -5
[  141.364024][   T25] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  141.373589][   T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  141.381803][   T25] usb 3-1: Product: syz
[  141.386338][   T25] usb 3-1: Manufacturer: syz
[  141.390960][   T25] usb 3-1: SerialNumber: syz
[  141.713976][   T25] usb 3-1: 0:2 : does not exist
[  141.755386][   T25] usb 3-1: USB disconnect, device number 27
[  141.964125][ T1162] usb 6-1: reset high-speed USB device number 12 using dummy_hcd
[  142.296153][    T5] Bluetooth: hci0: command 0x1009 tx timeout
[  142.486093][ T3286] EXT4-fs (loop2): mounted filesystem without journal. Opts: delalloc,,errors=continue
[  142.496364][ T3283] EXT4-fs (loop4): mounted filesystem without journal. Opts: barrier,nodioread_nolock,noquota,noquota,auto_da_alloc,nodiscard,,errors=continue
[  142.515120][ T3286] EXT4-fs (loop2): Cannot change journaled quota options when quota turned on
[  142.568875][ T3256] bridge0: port 1(bridge_slave_0) entered disabled state
[  142.583480][ T3256] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  142.624496][   T24] audit: type=1400 audit(142.611:1204): avc:  denied  { watch watch_reads } for  pid=3255 comm="syz.5.834" path="/138" dev="tmpfs" ino=760 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  142.974038][ T2884] usb 6-1: USB disconnect, device number 12
[  143.010478][   T24] audit: type=1400 audit(142.991:1205): avc:  denied  { ioctl } for  pid=3296 comm="syz.3.843" path="socket:[26819]" dev="sockfs" ino=26819 ioctlcmd=0xf515 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  143.010753][ T3298] fuse: Invalid rootmode
[  143.296593][  T940] EXT4-fs error (device loop4): ext4_map_blocks:740: inode #15: comm kworker/u4:5: lblock 0 mapped to illegal pblock 0 (length 6)
[  143.310513][  T940] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 6 with error 117
[  143.327584][  T940] EXT4-fs (loop4): This should not happen!! Data will be lost
[  143.327584][  T940] 
[  143.343869][  T940] EXT4-fs error (device loop4): ext4_map_blocks:740: inode #15: block 8: comm kworker/u4:5: lblock 8 mapped to illegal pblock 8 (length 8)
[  143.383514][  T940] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  143.395931][  T940] EXT4-fs (loop4): This should not happen!! Data will be lost
[  143.395931][  T940] 
[  143.970296][ T3309] netlink: 4 bytes leftover after parsing attributes in process `syz.3.848'.
[  144.021379][ T3316] netlink: 20 bytes leftover after parsing attributes in process `syz.3.851'.
[  144.093660][ T3320] overlayfs: failed to clone upperpath
[  144.101026][ T3320] overlayfs: failed to clone upperpath
[  144.111514][   T24] audit: type=1400 audit(144.101:1206): avc:  denied  { listen } for  pid=3321 comm="syz.2.854" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  144.151670][ T3324] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  144.284987][ T3326] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  144.292800][ T3326] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  144.301761][ T3326] F2FS-fs (loop2): invalid crc value
[  144.309983][ T3326] F2FS-fs (loop2): Found nat_bits in checkpoint
[  144.310613][ T3338] EXT4-fs (loop4): Mount option "noacl" will be removed by 3.5
[  144.310613][ T3338] Contact linux-ext4@vger.kernel.org if you think we should keep it.
[  144.310613][ T3338] 
[  144.334003][ T3338] EXT4-fs (loop4): Ignoring removed orlov option
[  144.347354][ T3338] EXT4-fs (loop4): mounted filesystem without journal. Opts: noquota,bsddf,grpquota,nobarrier,noacl,orlov,nogrpid,noauto_da_alloc,stripe=0x0000000000000002,nombcache,,errors=continue
[  144.348586][ T3326] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  144.370110][ T3338] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  144.378795][ T3326] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  144.381634][ T3338] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  145.136159][ T3362] netlink: 'syz.5.865': attribute type 13 has an invalid length.
[  145.143972][ T3362] netlink: 'syz.5.865': attribute type 17 has an invalid length.
[  145.170456][ T3362] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  145.178170][ T3362] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  145.201391][ T3362] device syz_tun entered promiscuous mode
[  145.215075][ T3362] device vlan2 left promiscuous mode
[  145.226652][ T3362] device dummy0 left promiscuous mode
[  145.238199][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  145.246368][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[  145.253397][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[  145.261235][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[  145.269532][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  145.277932][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[  145.286391][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  145.294955][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  145.303215][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  145.311890][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  145.312955][ T3366] xt_hashlimit: size too large, truncated to 1048576
[  145.320255][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  145.335506][    T5] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  145.362215][   T24] audit: type=1400 audit(145.341:1207): avc:  denied  { lock } for  pid=3364 comm="syz.2.866" path="socket:[26914]" dev="sockfs" ino=26914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  145.385365][ T3363] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  145.393210][ T3363] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  145.402577][ T3363] F2FS-fs (loop5): invalid crc value
[  145.410255][ T3363] F2FS-fs (loop5): Found nat_bits in checkpoint
[  145.447299][ T3363] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  145.454476][ T3363] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  145.518102][ T3362] attempt to access beyond end of device
[  145.518102][ T3362] loop5: rw=2049, want=45224, limit=40427
[  145.689967][ T3373] EXT4-fs (loop2): Test dummy encryption mode enabled
[  145.705907][ T3373] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  145.714123][ T3373] System zones: 0-5
[  145.718468][ T3373] EXT4-fs (loop2): mounted filesystem without journal. Opts: debug,delalloc,inlinecrypt,test_dummy_encryption,errors=continue,errors=continue,delalloc,barrier,,errors=continue
[  146.080767][ T3373] FAULT_INJECTION: forcing a failure.
[  146.080767][ T3373] name failslab, interval 1, probability 0, space 0, times 0
[  146.097746][ T3373] CPU: 0 PID: 3373 Comm: syz.2.868 Not tainted syzkaller #0
[  146.102927][ T3379] EXT4-fs (loop5): 1 truncate cleaned up
[  146.105034][ T3373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  146.105039][ T3373] Call Trace:
[  146.105057][ T3373]  __dump_stack+0x21/0x24
[  146.105065][ T3373]  dump_stack_lvl+0x1a7/0x208
[  146.105074][ T3373]  ? show_regs_print_info+0x18/0x18
[  146.105084][ T3373]  dump_stack+0x15/0x1c
[  146.105093][ T3373]  should_fail+0x3c1/0x510
[  146.105104][ T3373]  ? ext4_mb_new_blocks+0x557/0x4340
[  146.105115][ T3373]  __should_failslab+0xa4/0xe0
[  146.105126][ T3373]  should_failslab+0x9/0x20
[  146.105136][ T3373]  kmem_cache_alloc+0x3d/0x2d0
[  146.105153][ T3373]  ext4_mb_new_blocks+0x557/0x4340
[  146.110870][ T3379] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue
[  146.120814][ T3373]  ? sysvec_reschedule_ipi+0x69/0x70
[  146.120827][ T3373]  ? ext4_ext_search_right+0x4b1/0x880
[  146.120836][ T3373]  ? ext4_mb_pa_callback+0xd0/0xd0
[  146.120845][ T3373]  ? ext4_ext_find_goal+0x11d/0x200
[  146.120854][ T3373]  ext4_ext_map_blocks+0x1679/0x5dd0
[  146.120867][ T3373]  ? __kasan_check_read+0x11/0x20
[  146.120877][ T3373]  ? preempt_schedule_irq+0xca/0x120
[  146.120884][ T3373]  ? preempt_schedule_notrace+0x120/0x120
[  146.120901][ T3373]  ? __kasan_check_write+0x14/0x20
[  146.227586][ T3373]  ? ext4_ext_release+0x10/0x10
[  146.232426][ T3373]  ? plist_check_list+0x255/0x270
[  146.237549][ T3373]  ext4_map_blocks+0x985/0x1bd0
[  146.242379][ T3373]  ? __switch_to_asm+0x34/0x60
[  146.247124][ T3373]  ? ext4_issue_zeroout+0x1a0/0x1a0
[  146.252297][ T3373]  ? finish_task_switch+0x12e/0x5a0
[  146.257471][ T3373]  _ext4_get_block+0x1d1/0x4e0
[  146.262210][ T3373]  ? ext4_get_block+0x50/0x50
[  146.266866][ T3373]  ext4_get_block_unwritten+0x2a/0x40
[  146.272208][ T3373]  ext4_block_write_begin+0x573/0x1340
[  146.277642][ T3373]  ? _ext4_get_block+0x4e0/0x4e0
[  146.282555][ T3373]  ? ext4_print_free_blocks+0x2c0/0x2c0
[  146.288078][ T3373]  ? __kasan_check_read+0x11/0x20
[  146.293081][ T3373]  ? ext4_inode_journal_mode+0x19a/0x480
[  146.298689][ T3373]  ext4_write_begin+0x67e/0x1690
[  146.303597][ T3373]  ? ext4_readahead+0x110/0x110
[  146.308420][ T3373]  ? can_reuse_spf_vma+0xe0/0xe0
[  146.313342][ T3373]  ? memset+0x35/0x40
[  146.317296][ T3373]  ? vmacache_update+0xb7/0x120
[  146.322125][ T3373]  ext4_da_write_begin+0x478/0xf10
[  146.327209][ T3373]  ? up_read+0x12/0x50
[  146.331256][ T3373]  ? ext4_set_page_dirty+0x1a0/0x1a0
[  146.336512][ T3373]  ? ext4_initxattrs+0x110/0x110
[  146.341423][ T3373]  ? exc_page_fault+0x67/0xc0
[  146.346067][ T3373]  ? asm_exc_page_fault+0x1e/0x30
[  146.351063][ T3373]  ? __get_user_nocheck_1+0x6/0x10
[  146.356157][ T3373]  generic_perform_write+0x2ce/0x540
[  146.361417][ T3373]  ? preempt_count_add+0x90/0x1b0
[  146.366450][ T3373]  ? grab_cache_page_write_begin+0xb0/0xb0
[  146.372234][ T3373]  ? down_write+0xb2/0x120
[  146.376623][ T3373]  ? down_read_killable+0xe0/0xe0
[  146.381622][ T3373]  ? generic_write_checks+0x3b3/0x480
[  146.386967][ T3373]  ext4_buffered_write_iter+0x4b8/0x640
[  146.392486][ T3373]  ext4_file_write_iter+0x53f/0x1980
[  146.397744][ T3373]  ? update_rt_rq_load_avg+0x25/0x230
[  146.403088][ T3373]  ? _raw_spin_unlock_irq+0x4e/0x70
[  146.408266][ T3373]  ? avc_policy_seqno+0x1b/0x70
[  146.413096][ T3373]  ? selinux_file_permission+0x2a5/0x510
[  146.418700][ T3373]  ? ext4_file_read_iter+0x530/0x530
[  146.423959][ T3373]  ? security_file_permission+0x83/0xa0
[  146.429479][ T3373]  ? iov_iter_init+0x3f/0x120
[  146.434131][ T3373]  vfs_write+0x758/0xdc0
[  146.438344][ T3373]  ? kernel_write+0x3c0/0x3c0
[  146.442993][ T3373]  ? __fget_files+0x2c4/0x320
[  146.447653][ T3373]  ? __fdget+0x1a1/0x230
[  146.451870][ T3373]  ? __x64_sys_pwrite64+0xf2/0x220
[  146.457299][ T3373]  __x64_sys_pwrite64+0x197/0x220
[  146.462301][ T3373]  ? ksys_pwrite64+0x1b0/0x1b0
[  146.467044][ T3373]  ? __kasan_check_read+0x11/0x20
[  146.472039][ T3373]  ? exit_to_user_mode_prepare+0x9a/0xa0
[  146.477643][ T3373]  do_syscall_64+0x31/0x40
[  146.482041][ T3373]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  146.487910][ T3373] RIP: 0033:0x7fdbc21eaf79
[  146.492300][ T3373] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  146.511880][ T3373] RSP: 002b:00007fdbc0c46028 EFLAGS: 00000246 ORIG_RAX: 0000000000000012
[  146.520269][ T3373] RAX: ffffffffffffffda RBX: 00007fdbc2464fa0 RCX: 00007fdbc21eaf79
[  146.528219][ T3373] RDX: 00000000200000c1 RSI: 00002000000000c0 RDI: 0000000000000005
[  146.536166][ T3373] RBP: 00007fdbc0c46090 R08: 0000000000000000 R09: 0000000000000000
[  146.544109][ T3373] R10: 0000000000009000 R11: 0000000000000246 R12: 0000000000000001
[  146.552056][ T3373] R13: 00007fdbc2465038 R14: 00007fdbc2464fa0 R15: 00007ffcf2af2158
[  146.936364][ T3407] EXT4-fs (loop2): user quota file already specified
[  147.128842][ T3417] attempt to access beyond end of device
[  147.128842][ T3417] loop4: rw=2049, want=234, limit=128
[  147.240394][ T3414] netlink: 'syz.0.878': attribute type 4 has an invalid length.
[  147.543762][   T24] audit: type=1400 audit(147.521:1208): avc:  denied  { ioctl } for  pid=3422 comm="syz.2.879" path="socket:[27060]" dev="sockfs" ino=27060 ioctlcmd=0xf510 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  147.879448][ T3428] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  147.932611][ T3428] EXT4-fs (loop2): re-mounted. Opts: 
[  147.939548][   T24] audit: type=1400 audit(147.921:1209): avc:  denied  { bind } for  pid=3426 comm="syz.2.881" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  148.003577][ T3437] netlink: 80 bytes leftover after parsing attributes in process `syz.2.883'.
[  148.066144][ T3439] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  148.085141][ T3439] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_nolock,data_err=abort,inlinecrypt,noauto_da_alloc,data_err=ignore,nojournal_checksum,errors=remount-ro,grpquota,noblock_validity,discard,nombcache,errors=remount-ro,
[  148.130708][ T3439] EXT4-fs (loop2): shut down requested (1)
[  148.137184][ T3439] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop2 ino=15
[  148.146365][ T3439] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop2 ino=15
[  148.155583][ T3439] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop2 ino=15
[  148.165101][   T24] audit: type=1107 audit(148.151:1210): pid=3438 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='���'
[  148.178433][ T3439] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop2 ino=15
[  148.187321][ T3439] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop2 ino=15
[  148.344677][ T3446] EXT4-fs (loop5): Ignoring removed nobh option
[  148.351008][ T3446] EXT4-fs (loop5): Ignoring removed nomblk_io_submit option
[  148.359362][ T3446] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=6001c02c, mo2=0002]
[  148.367646][ T3446] System zones: 0-1, 3-36
[  148.372755][ T3446] EXT4-fs (loop5): mounted filesystem without journal. Opts: errors=remount-ro,nobh,resuid=0x0000000000000000,debug,noinit_itable,bsddf,nomblk_io_submit,noauto_da_alloc,
[  149.003963][    C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  149.186929][   T24] audit: type=1400 audit(148.901:1211): avc:  denied  { mount } for  pid=3444 comm="syz.5.886" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  149.217122][   T24] audit: type=1400 audit(149.181:1212): avc:  denied  { unmount } for  pid=908 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  149.315544][ T3467] EXT4-fs (loop4): Test dummy encryption mode enabled
[  149.333963][ T3467] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  149.354512][ T3467] EXT4-fs error (device loop4): ext4_orphan_get:1421: comm syz.4.891: bad orphan inode 131083
[  149.365020][ T3467] EXT4-fs (loop4): mounted filesystem without journal. Opts: test_dummy_encryption,init_itable,journal_dev=0x0000000000000002,,errors=continue
[  149.390833][   T24] audit: type=1400 audit(149.371:1213): avc:  denied  { create } for  pid=3463 comm="syz.4.891" name="memory.events.local" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  149.412320][ T3467] fscrypt: AES-256-XTS using implementation "xts-aes-aesni"
[  149.420833][   T24] audit: type=1400 audit(149.401:1214): avc:  denied  { read append open } for  pid=3463 comm="syz.4.891" path="/166/bus/memory.events.local" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  149.465612][   T24] audit: type=1400 audit(149.451:1215): avc:  denied  { map } for  pid=3463 comm="syz.4.891" path="/166/bus/memory.events.local" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  149.714856][   T24] audit: type=1400 audit(149.481:1216): avc:  denied  { write } for  pid=3463 comm="syz.4.891" path="/166/bus/memory.events.local" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  149.756373][ T3483] netlink: 20 bytes leftover after parsing attributes in process `syz.3.896'.
[  149.943943][   T24] audit: type=1400 audit(149.911:1217): avc:  denied  { accept } for  pid=3508 comm="syz.2.905" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  150.008479][ T3513] EXT4-fs error (device loop2): ext4_orphan_get:1395: inode #15: comm syz.2.906: inode has both inline data and extents flags
[  150.021799][ T3513] EXT4-fs error (device loop2): ext4_orphan_get:1400: comm syz.2.906: couldn't read orphan inode 15 (err -117)
[  150.033799][ T3513] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,resgid=0x000000000000ee00,acl,noload,journal_dev=0x0000000000000003,nodiscard,,errors=continue
[  150.054708][ T3513] EXT4-fs error (device loop2): ext4_mb_generate_buddy:824: group 0, block bitmap and bg descriptor inconsistent: 7925 vs 220 free clusters
[  150.133941][   T25] usb 5-1: new full-speed USB device number 16 using dummy_hcd
[  150.469843][ T3526] netlink: 'syz.2.910': attribute type 25 has an invalid length.
[  150.477670][ T3526] netlink: 20 bytes leftover after parsing attributes in process `syz.2.910'.
[  150.487977][ T3526] netlink: 44 bytes leftover after parsing attributes in process `syz.2.910'.
[  150.496874][ T3526] netlink: 40 bytes leftover after parsing attributes in process `syz.2.910'.
[  150.508449][ T3526] bridge0: port 2(bridge_slave_1) entered disabled state
[  150.543978][   T25] usb 5-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  150.555169][   T25] usb 5-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[  150.564910][   T25] usb 5-1: config 0 interface 0 has no altsetting 0
[  150.571499][   T25] usb 5-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[  150.580818][   T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  150.613768][   T25] usb 5-1: config 0 descriptor??
[  150.659913][   T20] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  150.922066][   T24] audit: type=1400 audit(150.901:1218): avc:  denied  { associate } for  pid=3547 comm="syz.3.916" name="core" scontext=root:object_r:etc_runtime_t tcontext=system_u:object_r:root_t tclass=filesystem permissive=1
[  151.043993][   T20] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  151.064382][   T20] usb 6-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00
[  151.083549][   T20] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  151.101013][   T20] usb 6-1: config 0 descriptor??
[  151.174859][   T25] hid-steam 0003:28DE:1102.0016: unknown main item tag 0x0
[  151.182116][   T25] hid-steam 0003:28DE:1102.0016: unknown main item tag 0x0
[  151.189578][   T25] hid-steam 0003:28DE:1102.0016: : USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.4-1/input0
[  151.201175][   T25] hid-steam 0003:28DE:1102.0017: unknown main item tag 0x0
[  151.208422][   T25] hid-steam 0003:28DE:1102.0017: unknown main item tag 0x0
[  151.216165][   T25] hid-steam 0003:28DE:1102.0017: hidraw0: USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.4-1/input0
[  151.293918][   T25] hid-steam 0003:28DE:1102.0016: Steam Controller 'XXXXXXXXXX' connected
[  151.302848][   T25] input: Steam Controller as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:28DE:1102.0016/input/input11
[  151.356753][ T3556] FAULT_INJECTION: forcing a failure.
[  151.356753][ T3556] name failslab, interval 1, probability 0, space 0, times 0
[  151.373335][ T3556] CPU: 1 PID: 3556 Comm: syz.5.918 Not tainted syzkaller #0
[  151.380618][ T3556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  151.390661][ T3556] Call Trace:
[  151.393932][ T3556]  __dump_stack+0x21/0x24
[  151.398238][ T3556]  dump_stack_lvl+0x1a7/0x208
[  151.402890][ T3556]  ? thaw_kernel_threads+0x220/0x220
[  151.408145][ T3556]  ? show_regs_print_info+0x18/0x18
[  151.413311][ T3556]  ? mutex_lock+0x92/0xf0
[  151.417616][ T3556]  ? mutex_trylock+0xa0/0xa0
[  151.422175][ T3556]  ? __fget_files+0x2c4/0x320
[  151.426822][ T3556]  dump_stack+0x15/0x1c
[  151.430948][ T3556]  should_fail+0x3c1/0x510
[  151.435337][ T3556]  ? __se_sys_memfd_create+0xf2/0x3a0
[  151.440680][ T3556]  __should_failslab+0xa4/0xe0
[  151.445421][ T3556]  should_failslab+0x9/0x20
[  151.449901][ T3556]  __kmalloc+0x60/0x330
[  151.454027][ T3556]  ? strnlen_user+0x13b/0x1c0
[  151.458684][ T3556]  __se_sys_memfd_create+0xf2/0x3a0
[  151.463874][ T3556]  __x64_sys_memfd_create+0x5b/0x70
[  151.469058][ T3556]  do_syscall_64+0x31/0x40
[  151.473458][ T3556]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  151.479327][ T3556] RIP: 0033:0x7faac788ff79
[  151.483722][ T3556] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  151.503304][ T3556] RSP: 002b:00007faac62eae08 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  151.511690][ T3556] RAX: ffffffffffffffda RBX: 0000000000000468 RCX: 00007faac788ff79
[  151.519647][ T3556] RDX: 00007faac62eaee0 RSI: 0000000000000000 RDI: 00007faac79269dd
[  151.527609][ T3556] RBP: 00002000000004c0 R08: 00000000ffffffff R09: 0000000000000000
[  151.535572][ T3556] R10: 0000000000000001 R11: 0000000000000202 R12: 0000200000000480
[  151.543531][ T3556] R13: 00007faac62eaee0 R14: 00007faac62eaea0 R15: 0000200000000140
[  151.634347][   T20] usbhid 6-1:0.0: can't add hid device: -71
[  151.661564][ T3561] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  151.681455][   T20] usbhid: probe of 6-1:0.0 failed with error -71
[  151.688919][   T24] audit: type=1326 audit(151.671:1219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3557 comm="syz.3.919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab96cbcf79 code=0x7ffc0000
[  151.689836][ T3561] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[  151.770143][ T3567] blk_update_request: I/O error, dev loop11, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  151.781283][ T3567] F2FS-fs (loop11): Unable to read 1th superblock
[  151.788114][ T3567] blk_update_request: I/O error, dev loop11, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  151.799200][ T3567] F2FS-fs (loop11): Unable to read 2th superblock
[  151.859695][   T20] usb 6-1: USB disconnect, device number 13
[  151.912819][ T3568] udc-core: couldn't find an available UDC or it's busy
[  151.920200][ T3561] EXT4-fs error (device loop2): ext4_get_journal_inode:5242: inode #5: comm syz.2.920: unexpected bad inode w/o EXT4_IGET_BAD
[  151.934346][ T3568] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  151.947992][ T3561] EXT4-fs (loop2): no journal found
[  151.953230][ T3561] EXT4-fs (loop2): can't get journal size
[  151.959798][ T3561] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,noinit_itable,norecovery,min_batch_time=0x000000000000071d,abort,,errors=continue
[  152.204209][ T3577] EXT4-fs (loop2): Test dummy encryption mode enabled
[  152.229054][ T3577] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  152.240324][ T3577] System zones: 0-5
[  152.249457][ T3577] EXT4-fs (loop2): mounted filesystem without journal. Opts: debug,delalloc,inlinecrypt,test_dummy_encryption,errors=continue,errors=continue,delalloc,barrier,,errors=continue
[  152.423936][   T20] usb 5-1: reset full-speed USB device number 16 using dummy_hcd
[  152.615223][ T3588] 9pnet: p9_errstr2errno: server reported unknown error �
[  152.645328][ T3585] EXT4-fs (loop5): mounted filesystem without journal. Opts: usrjquota=,stripe=0x00000000000077b2,grpquota,block_validity,,errors=continue
[  152.668360][ T3585] SELinux:  Context system_u:object_r:semanage is not valid (left unmapped).
[  152.952165][ T3599] EXT4-fs (loop5): ea_inode feature is not supported for Hurd
[  153.335354][  T574] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  153.366589][ T1162] usb 5-1: USB disconnect, device number 16
[  153.378718][ T1162] hid-steam 0003:28DE:1102.0016: Steam Controller 'XXXXXXXXXX' disconnected
[  153.384232][ T3621] netlink: 28 bytes leftover after parsing attributes in process `syz.5.939'.
[  153.404830][   T24] kauditd_printk_skb: 20 callbacks suppressed
[  153.404842][   T24] audit: type=1400 audit(2000000000.390:1240): avc:  denied  { ioctl } for  pid=3620 comm="syz.5.939" path="socket:[27913]" dev="sockfs" ino=27913 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  153.534668][ T3621] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  153.542691][ T3621] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  153.554772][ T3621] F2FS-fs (loop5): invalid crc value
[  153.561790][ T3621] F2FS-fs (loop5): Found nat_bits in checkpoint
[  153.585794][ T3621] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  153.592909][ T3621] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  153.604254][  T574] usb 3-1: Using ep0 maxpacket: 16
[  153.734034][  T574] usb 3-1: config 1 has an invalid descriptor of length 235, skipping remainder of the config
[  153.750072][  T574] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  153.934066][  T574] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  153.944199][  T574] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  153.952307][  T574] usb 3-1: Product: syz
[  153.957261][  T574] usb 3-1: Manufacturer: syz
[  153.961969][  T574] usb 3-1: SerialNumber: syz
[  153.970724][ T3646] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[  153.980036][ T3646] ext4 filesystem being mounted at /170/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  154.086807][ T3651] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  154.106226][ T3651] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8802e02c, mo2=0002]
[  154.114744][ T3651] EXT4-fs (loop4): orphan cleanup on readonly fs
[  154.121118][ T3651] EXT4-fs error (device loop4): ext4_orphan_get:1421: comm syz.4.948: bad orphan inode 267
[  154.131708][ T3651] EXT4-fs (loop4): Remounting filesystem read-only
[  154.138435][ T3651] EXT4-fs (loop4): mounted filesystem without journal. Opts: nojournal_checksum,noblock_validity,errors=remount-ro,errors=remount-ro,inode_readahead_blks=0x0000000001000000
[  154.257092][   T24] audit: type=1400 audit(2000000001.240:1241): avc:  denied  { ioctl } for  pid=3641 comm="syz.3.946" path="socket:[27458]" dev="sockfs" ino=27458 ioctlcmd=0xf506 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  154.294635][ T3656] Module has invalid ELF structures
[  154.294876][   T24] audit: type=1400 audit(2000000001.280:1242): avc:  denied  { module_load } for  pid=3608 comm="syz.2.932" path=2F6D656D66643A2D42D54E49C56A9A08202864656C6574656429 dev="tmpfs" ino=232 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=system permissive=1
[  154.337526][ T3657] fuse: Bad value for 'fd'
[  154.415914][ T3665] EXT4-fs (loop4): Ignoring removed nobh option
[  154.422196][ T3665] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  154.455014][ T3665] EXT4-fs (loop4): mounted filesystem without journal. Opts: noload,nojournal_checksum,barrier=0x0000000000000002,dioread_lock,nolazytime,resgid=0x0000000000000000,jqfmt=vfsold,journal_dev=0x0000000000000800,nobh,inlinecrypt,bsddf,dioread_nolock,,errors=continue
[  154.582110][ T3679] overlayfs: failed to resolve './file0': -2
[  154.589757][   T24] audit: type=1400 audit(2000000001.570:1243): avc:  denied  { ioctl } for  pid=3680 comm="syz.4.956" path="socket:[28006]" dev="sockfs" ino=28006 ioctlcmd=0x942e scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  154.625295][ T3679] overlayfs: failed to clone upperpath
[  154.746277][ T3684] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue
[  154.764167][ T3684] ext4 filesystem being mounted at /159/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  155.520128][ T3701] serio: Serial port ttyS3
[  155.576550][   T24] audit: type=1400 audit(2000000002.560:1244): avc:  denied  { setopt } for  pid=3700 comm="syz.0.964" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  155.662306][   T24] audit: type=1400 audit(2000000002.580:1245): avc:  denied  { write } for  pid=3700 comm="syz.0.964" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  155.724735][   T24] audit: type=1400 audit(2000000002.710:1246): avc:  denied  { name_bind } for  pid=3705 comm="syz.4.965" src=65530 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=rawip_socket permissive=1
[  155.777021][   T24] audit: type=1400 audit(2000000002.760:1247): avc:  denied  { accept } for  pid=3709 comm="syz.3.967" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  155.844637][ T3707] EXT4-fs (loop4): Ignoring removed orlov option
[  155.875828][ T3707] EXT4-fs (loop4): mounted filesystem without journal. Opts: nogrpid,auto_da_alloc=0x0000000000000001,orlov,usrquota,data_err=ignore,sb=0x0000000000000003,noauto_da_alloc,,errors=continue
[  155.894478][ T3707] ext4 filesystem being mounted at /175/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  155.981425][   T24] audit: type=1400 audit(2000000002.960:1248): avc:  denied  { audit_read } for  pid=3722 comm="syz.3.970" capability=37  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  156.056630][ T3732] netlink: 140 bytes leftover after parsing attributes in process `syz.2.972'.
[  156.097264][ T3734] netlink: 8 bytes leftover after parsing attributes in process `syz.2.974'.
[  156.106250][  T574] usb 3-1: 0:2 : does not exist
[  156.127088][ T3734] netlink: 'syz.2.974': attribute type 1 has an invalid length.
[  156.134806][ T3734] netlink: 12 bytes leftover after parsing attributes in process `syz.2.974'.
[  156.143672][ T3734] netlink: 'syz.2.974': attribute type 2 has an invalid length.
[  156.152044][ T3720] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  156.159972][ T3720] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  156.170208][ T3720] F2FS-fs (loop5): invalid crc value
[  156.171980][ T3734] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  156.191849][ T3720] F2FS-fs (loop5): Found nat_bits in checkpoint
[  156.194422][  T574] usb 3-1: USB disconnect, device number 28
[  156.206826][   T24] audit: type=1400 audit(2000000003.190:1249): avc:  denied  { accept } for  pid=3733 comm="syz.2.974" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  156.248887][ T3720] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  156.257284][ T3720] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  156.379729][ T3749] EXT4-fs (loop5): unsupported inode size: 13
[  156.386013][ T3749] EXT4-fs (loop5): blocksize: 1024
[  156.464789][ T3751] FAT-fs (loop2): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1)
[  156.547138][    T9] FAT-fs (loop2): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1)
[  156.636450][ T3765] SELinux:  Context system_u:object_r:printer_device_t:s0 is not valid (left unmapped).
[  156.844063][    C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  156.852993][ T1162] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  156.956255][ T3766] F2FS-fs (loop2): invalid crc value
[  156.986959][ T3766] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109)
[  157.094058][ T1162] usb 5-1: Using ep0 maxpacket: 16
[  157.148706][ T3766] F2FS-fs (loop2): Cannot turn on quotas: -2 on 0
[  157.155959][ T3766] F2FS-fs (loop2): Start checkpoint disabled!
[  157.163687][ T3766] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  157.213991][ T1162] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  157.225084][ T1162] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  157.235541][ T1162] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  157.248686][ T1162] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  157.257975][ T1162] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  157.268947][ T1162] usb 5-1: config 0 descriptor??
[  157.473137][ T3791] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2567 sclass=netlink_route_socket pid=3791 comm=syz.3.990
[  157.488426][ T3791] netlink: 24 bytes leftover after parsing attributes in process `syz.3.990'.
[  157.501790][ T3791] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=3791 comm=syz.3.990
[  157.524210][ T3757] udc-core: couldn't find an available UDC or it's busy
[  157.531243][ T3757] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  157.538882][ T3757] udc-core: couldn't find an available UDC or it's busy
[  157.539166][ T3791] netlink: 'syz.3.990': attribute type 1 has an invalid length.
[  157.546040][ T3757] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  157.561381][ T3786] F2FS-fs (loop2): fault_injection options not supported
[  157.562494][ T3757] udc-core: couldn't find an available UDC or it's busy
[  157.577930][ T3786] F2FS-fs (loop2): invalid crc value
[  157.577979][ T3757] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  157.591026][ T3757] udc-core: couldn't find an available UDC or it's busy
[  157.598017][ T3757] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  157.605702][ T3757] udc-core: couldn't find an available UDC or it's busy
[  157.612675][ T3757] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  157.634584][ T3786] F2FS-fs (loop2): Found nat_bits in checkpoint
[  157.686526][ T3786] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  157.717451][  T278] attempt to access beyond end of device
[  157.717451][  T278] loop2: rw=2049, want=45104, limit=40427
[  157.864260][ T3807] device bridge0 entered promiscuous mode
[  157.890229][ T3807] device vlan1 entered promiscuous mode
[  158.025024][ T1162] microsoft 0003:045E:07DA.0018: ignoring exceeding usage max
[  158.042346][ T1162] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.0018/input/input12
[  158.217466][ T1162] microsoft 0003:045E:07DA.0018: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0
[  159.124483][ T3828] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  159.141827][ T3828] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  159.150787][ T3828] F2FS-fs (loop2): invalid crc value
[  159.157457][ T3828] F2FS-fs (loop2): Found nat_bits in checkpoint
[  159.194878][ T3828] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  159.201970][ T3828] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  159.268075][   T24] kauditd_printk_skb: 3 callbacks suppressed
[  159.268086][   T24] audit: type=1326 audit(2000000006.250:1253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3809 comm="syz.0.996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4154944f79 code=0x7ffc0000
[  159.297542][   T24] audit: type=1326 audit(2000000006.250:1254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3809 comm="syz.0.996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4154944f79 code=0x7ffc0000
[  159.320852][   T25] usb 5-1: reset high-speed USB device number 17 using dummy_hcd
[  159.593245][ T3844] EXT4-fs (loop4): Ignoring removed bh option
[  159.599431][ T3844] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  159.625054][ T3844] EXT4-fs (loop4): 1 truncate cleaned up
[  159.630702][ T3844] EXT4-fs (loop4): mounted filesystem without journal. Opts: noload,max_dir_size_kb=0x0000000000000001,bh,noload,data_err=ignore,usrjquota=,,errors=continue
[  159.662568][ T3844] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=8212 sclass=netlink_xfrm_socket pid=3844 comm=syz.4.1004
[  159.700424][ T3841] F2FS-fs (loop2): invalid crc value
[  159.707343][ T3841] F2FS-fs (loop2): Found nat_bits in checkpoint
[  159.729301][ T3841] F2FS-fs (loop2): Cannot turn on quotas: -2 on 2
[  159.736064][ T3850] EXT4-fs (loop4): Mount option "journal_checksum" incompatible with ext2
[  159.736405][ T3841] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[  160.237232][ T3874] EXT4-fs (loop4): 1 truncate cleaned up
[  160.244983][ T3874] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[  160.255520][ T3874] ext4 filesystem being mounted at /183/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  160.304535][  T316] usb 5-1: USB disconnect, device number 17
[  160.713933][   T25] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  160.863953][    T5] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  161.233922][   T49] Bluetooth: hci0: Frame reassembly failed (-84)
[  161.234036][   T25] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  161.250782][   T25] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18
[  161.293940][    T5] usb 6-1: Using ep0 maxpacket: 32
[  161.344033][   T25] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  161.353131][   T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  161.361381][   T25] usb 1-1: SerialNumber: syz
[  161.413987][    T5] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  161.424201][    T5] usb 6-1: config 0 has no interfaces?
[  161.543962][    T5] usb 6-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  161.553037][    T5] usb 6-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  161.561422][    T5] usb 6-1: Product: syz
[  161.565780][    T5] usb 6-1: Manufacturer: syz
[  161.569526][ T3898] EXT4-fs (loop4): Test dummy encryption mode enabled
[  161.574700][    T5] usb 6-1: config 0 descriptor??
[  161.582469][ T3898] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  161.590780][ T3898] System zones: 0-5
[  161.595525][ T3898] EXT4-fs (loop4): mounted filesystem without journal. Opts: debug,delalloc,inlinecrypt,test_dummy_encryption,errors=continue,errors=continue,delalloc,barrier,,errors=continue
[  162.397381][ T3923] EXT4-fs (loop4): Mount option "noacl" will be removed by 3.5
[  162.397381][ T3923] Contact linux-ext4@vger.kernel.org if you think we should keep it.
[  162.397381][ T3923] 
[  162.465781][ T3923] EXT4-fs (loop4): Ignoring removed orlov option
[  162.604705][    C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0)
[  162.635582][ T3923] EXT4-fs (loop4): mounted filesystem without journal. Opts: noquota,bsddf,grpquota,nobarrier,noacl,orlov,nogrpid,noauto_da_alloc,stripe=0x0000000000000002,nombcache,,errors=continue
[  162.674133][   T24] audit: type=1400 audit(2000000009.660:1255): avc:  denied  { rename } for  pid=3920 comm="syz.4.1025" name="#19" dev="loop4" ino=20 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  162.703544][   T24] audit: type=1400 audit(2000000009.660:1256): avc:  denied  { unlink } for  pid=3920 comm="syz.4.1025" name="#1a" dev="loop4" ino=20 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  162.725596][   T24] audit: type=1400 audit(2000000009.680:1257): avc:  denied  { getopt } for  pid=3931 comm="syz.3.1027" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  162.788444][ T3942] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  162.803273][ T1162] usb 6-1: USB disconnect, device number 14
[  162.814615][ T3942] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[  162.828674][ T3942] EXT4-fs error (device loop4): ext4_get_journal_inode:5242: inode #5: comm syz.4.1030: unexpected bad inode w/o EXT4_IGET_BAD
[  162.842463][ T3942] EXT4-fs (loop4): no journal found
[  162.847778][ T3942] EXT4-fs (loop4): can't get journal size
[  162.967634][ T3942] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,noinit_itable,norecovery,min_batch_time=0x000000000000071d,abort,,errors=continue
[  163.127693][ T3956] EXT4-fs (loop4): 1 truncate cleaned up
[  163.133417][ T3956] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[  163.142701][ T3956] ext4 filesystem being mounted at /191/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  163.250198][ T1162] Bluetooth: hci0: command 0x1003 tx timeout
[  163.256563][   T49] Bluetooth: hci0: Frame reassembly failed (-84)
[  163.525319][   T24] audit: type=1326 audit(2000000010.500:1258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3962 comm="syz.4.1037" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e80a52f79 code=0x7ffc0000
[  163.594073][ T3421] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  163.821676][   T24] audit: type=1326 audit(2000000010.500:1259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3962 comm="syz.4.1037" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e80a52f79 code=0x7ffc0000
[  163.865167][   T25] usb 1-1: bad CDC descriptors
[  163.884891][   T25] usb 1-1: USB disconnect, device number 17
[  163.958662][ T3971] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1039'.
[  164.213491][ T3984] overlayfs: failed to clone lowerpath
[  164.268788][ T3991] device dummy0 entered promiscuous mode
[  164.274833][ T3991] device dummy0 left promiscuous mode
[  164.429694][ T3991] fuse: Bad value for 'fd'
[  164.473930][ T3421] usb 6-1: Using ep0 maxpacket: 16
[  164.593986][ T3421] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  164.604122][ T3421] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  164.773961][ T3421] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  164.783042][ T3421] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  164.791050][ T3421] usb 6-1: Product: syz
[  164.795243][ T3421] usb 6-1: Manufacturer: syz
[  164.799861][ T3421] usb 6-1: SerialNumber: syz
[  165.123996][ T3421] usb 6-1: 0:2 : does not exist
[  165.165668][ T3421] usb 6-1: USB disconnect, device number 15
[  165.966767][ T4018] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1054'.
[  165.975747][ T4018] netlink: 51 bytes leftover after parsing attributes in process `syz.0.1054'.
[  165.984706][ T4018] netlink: 'syz.0.1054': attribute type 4 has an invalid length.
[  165.993603][   T25] Bluetooth: hci0: command 0x1001 tx timeout
[  166.018308][  T432] Bluetooth: hci0: sending frame failed (-49)
[  166.078487][ T4025] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1056'.
[  166.098647][   T24] audit: type=1326 audit(2000000013.080:1260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4011 comm="syz.4.1053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e80a52f79 code=0x7ffc0000
[  166.115522][ T4025] device vlan1 entered promiscuous mode
[  166.127812][ T4025] device dummy0 entered promiscuous mode
[  166.130854][   T24] audit: type=1326 audit(2000000013.080:1261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4011 comm="syz.4.1053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e80a52f79 code=0x7ffc0000
[  166.217541][ T4031] overlayfs: failed to clone upperpath
[  166.253510][   T24] audit: type=1107 audit(2000000013.230:1262): pid=4032 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='���'
[  166.374581][ T4034] SELinux:  Context system_u:object_r:fsadm_exec_t:s0 is not valid (left unmapped).
[  166.442775][   T24] audit: type=1400 audit(2000000013.370:1263): avc:  denied  { relabelto } for  pid=4026 comm="syz.0.1057" name="246" dev="tmpfs" ino=1355 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:fsadm_exec_t:s0"
[  166.866980][ T4037] EXT4-fs (loop4): Ignoring removed orlov option
[  167.195388][ T4037] EXT4-fs (loop4): mounted filesystem without journal. Opts: nogrpid,auto_da_alloc=0x0000000000000001,orlov,usrquota,data_err=ignore,sb=0x0000000000000003,noauto_da_alloc,,errors=continue
[  167.224571][   T24] audit: type=1400 audit(2000000013.370:1264): avc:  denied  { associate } for  pid=4026 comm="syz.0.1057" name="246" dev="tmpfs" ino=1355 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:fsadm_exec_t:s0"
[  167.244070][ T4037] ext4 filesystem being mounted at /196/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  167.265695][   T24] audit: type=1400 audit(2000000013.380:1265): avc:  denied  { write } for  pid=4026 comm="syz.0.1057" name="246" dev="tmpfs" ino=1355 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:fsadm_exec_t:s0"
[  167.291832][   T24] audit: type=1400 audit(2000000013.380:1266): avc:  denied  { add_name } for  pid=4026 comm="syz.0.1057" name="cpuset.effective_mems" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:fsadm_exec_t:s0"
[  167.318036][   T24] audit: type=1400 audit(2000000013.380:1267): avc:  denied  { associate } for  pid=4026 comm="syz.0.1057" name="cpuset.effective_mems" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  167.340895][   T24] audit: type=1400 audit(2000000013.610:1268): avc:  denied  { mounton } for  pid=4035 comm="syz.4.1060" path="/syzcgroup/cpu/syz4/cgroup.procs" dev="cgroup" ino=213 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=file permissive=1
[  167.365932][   T24] audit: type=1400 audit(2000000014.210:1269): avc:  denied  { remove_name } for  pid=277 comm="syz-executor" name="cpuset.effective_mems" dev="tmpfs" ino=1360 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:fsadm_exec_t:s0"
[  168.046861][  T981] Bluetooth: hci0: command 0x1009 tx timeout
[  168.086942][   T25] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  169.751327][   T25] usb 1-1: Using ep0 maxpacket: 16
[  169.974149][   T25] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  169.995435][   T25] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  170.118203][ T4091] EXT4-fs (loop4): Ignoring removed orlov option
[  170.150650][ T4091] EXT4-fs (loop4): mounted filesystem without journal. Opts: nogrpid,auto_da_alloc=0x0000000000000001,orlov,usrquota,data_err=ignore,sb=0x0000000000000003,noauto_da_alloc,,errors=continue
[  170.169481][ T4091] ext4 filesystem being mounted at /200/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  170.237970][   T25] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  170.328008][   T25] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  170.338042][   T25] usb 1-1: Product: syz
[  170.342277][   T25] usb 1-1: Manufacturer: syz
[  170.347901][   T25] usb 1-1: SerialNumber: syz
[  171.353774][   T25] usb 1-1: cannot find UAC_HEADER
[  171.364253][   T25] snd-usb-audio: probe of 1-1:1.0 failed with error -22
[  171.372002][   T25] usb 1-1: USB disconnect, device number 18
[  171.434920][ T4105] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  172.416539][ T4129] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  172.507718][ T4120] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  172.520992][ T4120] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  172.537182][ T4120] F2FS-fs (loop2): invalid crc value
[  172.780973][ T4120] F2FS-fs (loop2): Found nat_bits in checkpoint
[  172.844368][    C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  172.854324][ T4118] EXT4-fs (loop4): Test dummy encryption mode enabled
[  172.881722][ T4118] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  172.892968][ T4118] System zones: 0-5
[  172.897232][ T4120] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  172.904606][ T4120] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  172.913522][ T4118] EXT4-fs (loop4): mounted filesystem without journal. Opts: debug,delalloc,inlinecrypt,test_dummy_encryption,errors=continue,errors=continue,delalloc,barrier,,errors=continue
[  172.971600][ T4148] EXT4-fs (loop5): Mount option "journal_checksum" incompatible with ext2
[  173.008778][ T4120] attempt to access beyond end of device
[  173.008778][ T4120] loop2: rw=2049, want=45224, limit=40427
[  173.021045][   T24] kauditd_printk_skb: 27 callbacks suppressed
[  173.021058][   T24] audit: type=1400 audit(2000000019.990:1297): avc:  denied  { lock } for  pid=4119 comm="syz.2.1082" path="/183/bus/cpuset.effective_cpus" dev="loop2" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  173.246138][   T24] audit: type=1400 audit(2000000020.230:1298): avc:  denied  { create } for  pid=4168 comm="syz.3.1099" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  173.277531][ T4169] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability
[  175.043688][ T4203] netlink: 'syz.5.1108': attribute type 298 has an invalid length.
[  175.143906][   T15] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  175.285863][ T4193] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1105'.
[  175.294871][ T4193] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1105'.
[  175.303941][ T4193] device xfrm0 entered promiscuous mode
[  175.312198][ T4193] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1105'.
[  175.334939][ T4216] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  175.383901][   T15] usb 3-1: Using ep0 maxpacket: 32
[  175.509233][   T24] audit: type=1326 audit(2000000022.490:1299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4215 comm="syz.3.1111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab96cbcf79 code=0x7ffc0000
[  175.539841][    T5] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  175.539953][   T24] audit: type=1326 audit(2000000022.490:1300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4215 comm="syz.3.1111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab96cbcf79 code=0x7ffc0000
[  175.572339][   T24] audit: type=1326 audit(2000000022.490:1301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4215 comm="syz.3.1111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7fab96cbcf79 code=0x7ffc0000
[  175.599397][   T24] audit: type=1326 audit(2000000022.510:1302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4215 comm="syz.3.1111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab96cbcf79 code=0x7ffc0000
[  175.623762][   T24] audit: type=1326 audit(2000000022.510:1303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4215 comm="syz.3.1111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab96cbcf79 code=0x7ffc0000
[  175.647350][   T15] usb 3-1: config 0 has an invalid interface number: 248 but max is 0
[  175.648398][   T24] audit: type=1326 audit(2000000022.520:1304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4215 comm="syz.3.1111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fab96cbcf79 code=0x7ffc0000
[  175.681019][   T24] audit: type=1326 audit(2000000022.520:1305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4215 comm="syz.3.1111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab96cbcf79 code=0x7ffc0000
[  175.705532][   T24] audit: type=1326 audit(2000000022.520:1306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4215 comm="syz.3.1111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab96cbcf79 code=0x7ffc0000
[  175.729738][   T15] usb 3-1: config 0 has no interface number 0
[  175.755551][   T15] usb 3-1: config 0 interface 248 has no altsetting 0
[  175.942431][   T15] usb 3-1: New USB device found, idVendor=1a0a, idProduct=0102, bcdDevice=18.ca
[  175.952598][   T15] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  175.960620][   T15] usb 3-1: Product: syz
[  175.976267][    T5] usb 6-1: Using ep0 maxpacket: 16
[  175.984897][   T15] usb 3-1: Manufacturer: syz
[  176.003086][   T15] usb 3-1: SerialNumber: syz
[  176.102934][   T15] usb 3-1: config 0 descriptor??
[  176.116605][    T5] usb 6-1: config 1 has an invalid descriptor of length 236, skipping remainder of the config
[  176.136076][    T5] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  176.174885][   T15] usb_ehset_test: probe of 3-1:0.248 failed with error -32
[  176.297823][ T4223] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  176.304005][    T5] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  176.318192][    T5] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  176.326198][    T5] usb 6-1: Product: syz
[  176.330363][    T5] usb 6-1: Manufacturer: syz
[  176.334973][    T5] usb 6-1: SerialNumber: syz
[  176.396229][ T4197] udc-core: couldn't find an available UDC or it's busy
[  176.403209][ T4197] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  176.411560][   T15] usb 3-1: USB disconnect, device number 29
[  176.653962][    T5] usb 6-1: 0:2 : does not exist
[  176.658880][    T5] usb 6-1: unit 6 not found!
[  176.665367][    T5] usb 6-1: USB disconnect, device number 16
[  176.864421][  T317] udevd[317]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  177.547490][ T4250] EXT4-fs error (device loop2): ext4_orphan_get:1395: inode #15: comm syz.2.1124: inode has both inline data and extents flags
[  177.561149][ T4250] EXT4-fs error (device loop2): ext4_orphan_get:1400: comm syz.2.1124: couldn't read orphan inode 15 (err -117)
[  177.662291][ T4250] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,resgid=0x000000000000ee00,acl,noload,journal_dev=0x0000000000000003,nodiscard,,errors=continue
[  177.771376][ T4250] EXT4-fs error (device loop2): ext4_mb_generate_buddy:824: group 0, block bitmap and bg descriptor inconsistent: 7962 vs 220 free clusters
[  178.246403][ T4271] netlink: 232 bytes leftover after parsing attributes in process `syz.0.1129'.
[  179.125912][ T4301] netlink: 'syz.3.1138': attribute type 27 has an invalid length.
[  179.228699][ T4297] F2FS-fs (loop2): Invalid SB checksum offset: 0
[  179.235379][ T4297] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock
[  179.244729][ T4301] bridge0: port 3(syz_tun) entered disabled state
[  179.244813][ T4297] F2FS-fs (loop2): invalid crc value
[  179.263572][ T4301] bridge0: port 2(bridge_slave_1) entered disabled state
[  179.270763][ T4301] bridge0: port 1(bridge_slave_0) entered disabled state
[  179.284880][ T4297] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[  179.360054][ T4301] device xfrm0 left promiscuous mode
[  179.365665][ T4297] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0
[  179.374045][ T4297] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  179.429571][ T4297] attempt to access beyond end of device
[  179.429571][ T4297] loop2: rw=2049, want=53256, limit=40427
[  179.449047][ T4297] futex_wake_op: syz.2.1136 tries to shift op by 36; fix this program
[  179.457290][ T4301] device vlan1 left promiscuous mode
[  179.462728][ T4301] device dummy0 left promiscuous mode
[  179.469278][ T4297] netlink: 'syz.2.1136': attribute type 11 has an invalid length.
[  179.477030][ T4303] bridge0: port 3(syz_tun) entered blocking state
[  179.483498][ T4303] bridge0: port 3(syz_tun) entered forwarding state
[  179.494717][ T4303] bridge0: port 1(bridge_slave_0) entered blocking state
[  179.501768][ T4303] bridge0: port 1(bridge_slave_0) entered forwarding state
[  179.510344][ T4303] bridge0: port 2(bridge_slave_1) entered blocking state
[  179.517393][ T4303] bridge0: port 2(bridge_slave_1) entered forwarding state
[  179.532054][ T4303] device veth0_vlan left promiscuous mode
[  179.538455][ T4303] device veth0_vlan entered promiscuous mode
[  179.545559][ T4303] device veth1_macvtap left promiscuous mode
[  179.552366][ T4303] device veth1_macvtap entered promiscuous mode
[  179.567917][  T940] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  179.584898][  T940] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  179.602911][  T940] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  179.620411][  T940] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  179.637905][  T940] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  179.655313][  T940] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  179.672037][  T940] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  179.689672][  T940] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  179.706612][  T940] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  179.735240][  T940] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[  179.754433][  T940] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  179.780798][  T940] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[  179.800999][  T940] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  179.817415][  T940] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  179.835550][  T940] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  179.852423][  T940] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  179.870008][  T940] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  179.870052][  T278] attempt to access beyond end of device
[  179.870052][  T278] loop2: rw=2049, want=45112, limit=40427
[  179.883917][  T940] IPv6: ADDRCONF(NETDEV_CHANGE): veth3: link becomes ready
[  179.896678][  T940] IPv6: ADDRCONF(NETDEV_CHANGE): veth2: link becomes ready
[  179.946964][ T4293] F2FS-fs (loop5): invalid crc value
[  179.955563][ T4293] F2FS-fs (loop5): Found nat_bits in checkpoint
[  179.960796][ T4323] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1142'.
[  179.999673][ T4293] F2FS-fs (loop5): Cannot turn on quotas: -2 on 2
[  180.034659][ T4293] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4
[  180.108956][ T4331] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1134'.
[  180.119492][ T4331] device vlan0 entered promiscuous mode
[  180.127385][ T4331] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1134'.
[  180.136483][ T4331] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1134'.
[  180.145519][ T4331] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1134'.
[  180.154879][ T4331] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1134'.
[  180.165614][   T24] kauditd_printk_skb: 6 callbacks suppressed
[  180.165624][   T24] audit: type=1400 audit(2000000027.150:1313): avc:  denied  { read } for  pid=4290 comm="syz.5.1134" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  180.333922][    T5] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  180.433925][   T25] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  180.618431][    T5] usb 3-1: Using ep0 maxpacket: 16
[  180.664678][ T4338] EXT4-fs (loop5): Ignoring removed orlov option
[  180.694203][   T25] usb 1-1: Using ep0 maxpacket: 16
[  180.748853][ T4338] EXT4-fs (loop5): mounted filesystem without journal. Opts: nogrpid,auto_da_alloc=0x0000000000000001,orlov,usrquota,data_err=ignore,sb=0x0000000000000003,noauto_da_alloc,,errors=continue
[  180.767603][ T4338] ext4 filesystem being mounted at /189/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  180.804514][   T24] audit: type=1326 audit(2000000027.780:1314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4334 comm="syz.5.1145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faac788ff79 code=0x7ffc0000
[  180.911161][   T25] usb 1-1: config 0 has an invalid interface number: 105 but max is 0
[  181.024378][   T24] audit: type=1326 audit(2000000027.780:1315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4334 comm="syz.5.1145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faac788ff79 code=0x7ffc0000
[  181.049252][   T25] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  181.071451][   T24] audit: type=1326 audit(2000000027.790:1316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4334 comm="syz.5.1145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7faac788ff79 code=0x7ffc0000
[  181.076859][   T25] usb 1-1: config 0 has no interface number 0
[  181.104519][   T24] audit: type=1326 audit(2000000027.810:1317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4334 comm="syz.5.1145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faac788ff79 code=0x7ffc0000
[  181.114001][ T4353] bridge0: port 1(syz_tun) entered blocking state
[  181.129800][   T24] audit: type=1326 audit(2000000027.810:1318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4334 comm="syz.5.1145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faac788ff79 code=0x7ffc0000
[  181.134497][ T4353] bridge0: port 1(syz_tun) entered disabled state
[  181.160557][   T24] audit: type=1326 audit(2000000027.810:1319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4334 comm="syz.5.1145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7faac788ff79 code=0x7ffc0000
[  181.167035][ T4353] device syz_tun entered promiscuous mode
[  181.189368][   T24] audit: type=1326 audit(2000000027.810:1320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4334 comm="syz.5.1145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faac788ff79 code=0x7ffc0000
[  181.214054][ T4353] bridge0: port 1(syz_tun) entered blocking state
[  181.217118][ T4357] __nla_validate_parse: 16 callbacks suppressed
[  181.217126][ T4357] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1150'.
[  181.223057][ T4353] bridge0: port 1(syz_tun) entered forwarding state
[  181.254234][    T5] usb 3-1: unable to get BOS descriptor or descriptor too short
[  181.262021][   T24] audit: type=1326 audit(2000000027.810:1321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4334 comm="syz.5.1145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faac788ff79 code=0x7ffc0000
[  181.286533][   T24] audit: type=1326 audit(2000000027.810:1322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4334 comm="syz.5.1145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=295 compat=0 ip=0x7faac788ff79 code=0x7ffc0000
[  181.334008][   T25] usb 1-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  181.343794][   T25] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  181.346220][    T5] usb 3-1: config 1 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  181.352252][   T25] usb 1-1: Product: syz
[  181.368861][   T25] usb 1-1: Manufacturer: syz
[  181.373441][   T25] usb 1-1: SerialNumber: syz
[  181.378705][    T5] usb 3-1: config 1 interface 0 has no altsetting 0
[  181.379566][   T25] usb 1-1: config 0 descriptor??
[  181.424460][   T25] uvcvideo: Found UVC 0.00 device syz (046d:08f3)
[  181.433924][   T25] uvcvideo: No valid video chain found.
[  181.521270][ T4363] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  181.564037][    T5] usb 3-1: New USB device found, idVendor=03f0, idProduct=0004, bcdDevice= 0.40
[  181.573092][    T5] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  181.581605][    T5] usb 3-1: Product: syz
[  181.586045][    T5] usb 3-1: Manufacturer: syz
[  181.590632][    T5] usb 3-1: SerialNumber: syz
[  181.674357][ T4333] udc-core: couldn't find an available UDC or it's busy
[  181.681399][ T4333] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  181.690927][   T15] usb 1-1: USB disconnect, device number 19
[  181.768355][ T4358] xt_TPROXY: Can be used only with -p tcp or -p udp
[  181.875378][    T5] usb 3-1: USB disconnect, device number 30
[  182.460224][ T4376] FAULT_INJECTION: forcing a failure.
[  182.460224][ T4376] name failslab, interval 1, probability 0, space 0, times 0
[  182.529960][ T4376] CPU: 1 PID: 4376 Comm: syz.2.1159 Not tainted syzkaller #0
[  182.537343][ T4376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  182.547393][ T4376] Call Trace:
[  182.550672][ T4376]  __dump_stack+0x21/0x24
[  182.554976][ T4376]  dump_stack_lvl+0x1a7/0x208
[  182.559627][ T4376]  ? sysvec_reschedule_ipi+0x69/0x70
[  182.564887][ T4376]  ? show_regs_print_info+0x18/0x18
[  182.570059][ T4376]  dump_stack+0x15/0x1c
[  182.574187][ T4376]  should_fail+0x3c1/0x510
[  182.578577][ T4376]  ? getname_flags+0xb9/0x500
[  182.583340][ T4376]  __should_failslab+0xa4/0xe0
[  182.588105][ T4376]  should_failslab+0x9/0x20
[  182.592593][ T4376]  kmem_cache_alloc+0x3d/0x2d0
[  182.597334][ T4376]  getname_flags+0xb9/0x500
[  182.601813][ T4376]  __x64_sys_execveat+0xc3/0xf0
[  182.606642][ T4376]  do_syscall_64+0x31/0x40
[  182.611037][ T4376]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  182.616903][ T4376] RIP: 0033:0x7fdbc21eaf79
[  182.621295][ T4376] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  182.640885][ T4376] RSP: 002b:00007fdbc0c46028 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  182.649284][ T4376] RAX: ffffffffffffffda RBX: 00007fdbc2464fa0 RCX: 00007fdbc21eaf79
[  182.657241][ T4376] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004
[  182.665194][ T4376] RBP: 00007fdbc0c46090 R08: 0000000000001000 R09: 0000000000000000
[  182.673143][ T4376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  182.681092][ T4376] R13: 00007fdbc2465038 R14: 00007fdbc2464fa0 R15: 00007ffcf2af2158
[  182.787456][ T4384] device syzkaller0 entered promiscuous mode
[  182.845228][ T4390] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  182.917912][ T4398] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  183.329507][   T25] kernel write not supported for file /input/event0 (pid: 25 comm: kworker/1:1)
[  183.343919][   T20] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  183.473931][   T15] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  183.734902][   T15] usb 5-1: Using ep0 maxpacket: 8
[  183.784148][   T20] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  183.795152][   T20] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  183.805151][   T20] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  183.822769][   T20] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  183.831833][   T20] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  183.840581][   T20] usb 3-1: config 0 descriptor??
[  183.953967][   T15] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 16
[  184.218175][ T4430] EXT4-fs error (device loop5): ext4_orphan_get:1395: inode #15: comm syz.5.1176: inode has both inline data and extents flags
[  184.231594][ T4430] EXT4-fs error (device loop5): ext4_orphan_get:1400: comm syz.5.1176: couldn't read orphan inode 15 (err -117)
[  184.243725][ T4430] EXT4-fs (loop5): mounted filesystem without journal. Opts: noblock_validity,resgid=0x000000000000ee00,acl,noload,journal_dev=0x0000000000000003,nodiscard,,errors=continue
[  184.264189][ T4430] EXT4-fs error (device loop5): ext4_mb_generate_buddy:824: group 0, block bitmap and bg descriptor inconsistent: 7962 vs 220 free clusters
[  184.353985][   T15] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  184.367887][ T4439] netlink: 120 bytes leftover after parsing attributes in process `syz.0.1179'.
[  184.368209][   T15] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  184.383942][   T20] usbhid 3-1:0.0: can't add hid device: -71
[  184.385943][   T15] usb 5-1: Manufacturer: ф
[  184.391050][   T20] usbhid: probe of 3-1:0.0 failed with error -71
[  184.395779][   T15] usb 5-1: SerialNumber: ⠇
[  184.403192][   T20] usb 3-1: USB disconnect, device number 31
[  184.683999][  T400] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  184.710305][ T4448] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1169'.
[  184.793969][  T300] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  184.801634][   T15] cdc_ncm 5-1:1.0: bind() failure
[  184.807336][   T15] cdc_ncm 5-1:1.1: bind() failure
[  184.815992][   T15] usb 5-1: USB disconnect, device number 18
[  185.043932][  T300] usb 6-1: Using ep0 maxpacket: 16
[  185.064011][  T400] usb 1-1: New USB device found, idVendor=046d, idProduct=ca03, bcdDevice= 0.00
[  185.073140][  T400] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  185.081994][  T400] usb 1-1: config 0 descriptor??
[  185.164154][  T300] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  185.175071][  T300] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  185.187882][  T300] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  185.196956][  T300] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  185.205471][  T300] usb 6-1: config 0 descriptor??
[  185.258611][   T24] kauditd_printk_skb: 9 callbacks suppressed
[  185.258621][   T24] audit: type=1400 audit(2000000032.240:1332): avc:  denied  { create } for  pid=4451 comm="syz.4.1184" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  185.286937][   T24] audit: type=1326 audit(2000000032.270:1333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4451 comm="syz.4.1184" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6e80a52f79 code=0x0
[  185.378648][ T4456] mmap: syz.2.1185 (4456) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst.
[  185.391263][ T4456] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1185'.
[  185.445373][ T4456] exfat: Deprecated parameter 'utf8'
[  185.450776][ T4456] exfat: Bad value for 'umask'
[  185.484607][ T4458] EXT4-fs (loop4): Ignoring removed orlov option
[  185.490977][ T4458] EXT4-fs (loop4): Journaled quota options ignored when QUOTA feature is enabled
[  185.500156][ T4458] EXT4-fs (loop4): Unrecognized mount option "permit_directio" or missing value
[  185.574627][  T400] logitech 0003:046D:CA03.0019: unknown main item tag 0x0
[  185.581799][  T400] logitech 0003:046D:CA03.0019: item fetching failed at offset 3/5
[  185.590849][  T400] logitech 0003:046D:CA03.0019: parse failed
[  185.597218][  T400] logitech: probe of 0003:046D:CA03.0019 failed with error -22
[  185.694741][  T300] microsoft 0003:045E:07DA.001A: unknown main item tag 0x0
[  185.702207][  T300] microsoft 0003:045E:07DA.001A: unknown main item tag 0x0
[  185.709498][  T300] microsoft 0003:045E:07DA.001A: unknown main item tag 0x0
[  185.716748][  T300] microsoft 0003:045E:07DA.001A: unknown main item tag 0x0
[  185.724214][  T300] microsoft 0003:045E:07DA.001A: unknown main item tag 0x0
[  185.731461][  T300] microsoft 0003:045E:07DA.001A: unknown main item tag 0x0
[  185.738747][  T300] microsoft 0003:045E:07DA.001A: unknown main item tag 0x0
[  185.764103][  T300] microsoft 0003:045E:07DA.001A: unknown main item tag 0x0
[  185.771917][  T300] HID 045e:07da: Invalid code 65791 type 1
[  185.782451][  T300] input: HID 045e:07da as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:045E:07DA.001A/input/input13
[  185.795467][  T300] microsoft 0003:045E:07DA.001A: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.5-1/input0
[  185.812666][   T15] usb 1-1: USB disconnect, device number 20
[  186.055230][ T4472] ==================================================================
[  186.063329][ T4472] BUG: KASAN: use-after-free in unaccount_page_cache_page+0x9e0/0xac0
[  186.071457][ T4472] Read of size 4 at addr ffff8881100b7470 by task syz.3.1190/4472
[  186.079229][ T4472] 
[  186.081540][ T4472] CPU: 0 PID: 4472 Comm: syz.3.1190 Not tainted syzkaller #0
[  186.088881][ T4472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  186.098911][ T4472] Call Trace:
[  186.102184][ T4472]  __dump_stack+0x21/0x24
[  186.106489][ T4472]  dump_stack_lvl+0x1a7/0x208
[  186.111143][ T4472]  ? show_regs_print_info+0x18/0x18
[  186.116319][ T4472]  ? thaw_kernel_threads+0x220/0x220
[  186.121581][ T4472]  print_address_description+0x7f/0x2c0
[  186.127104][ T4472]  ? unaccount_page_cache_page+0x9e0/0xac0
[  186.132883][ T4472]  kasan_report+0xe2/0x130
[  186.137276][ T4472]  ? unaccount_page_cache_page+0x9e0/0xac0
[  186.143056][ T4472]  __asan_report_load4_noabort+0x14/0x20
[  186.148661][ T4472]  unaccount_page_cache_page+0x9e0/0xac0
[  186.154272][ T4472]  __delete_from_page_cache+0xc3/0x470
[  186.159705][ T4472]  ? memset+0x35/0x40
[  186.163666][ T4472]  ? __bpf_trace_file_check_and_advance_wb_err+0x30/0x30
[  186.170663][ T4472]  ? _raw_spin_lock_irqsave+0xc2/0x130
[  186.176095][ T4472]  ? _raw_spin_lock+0xf0/0xf0
[  186.180744][ T4472]  ? __kasan_check_read+0x11/0x20
[  186.185741][ T4472]  ? workingset_eviction+0x3dc/0x940
[  186.191000][ T4472]  ? __kasan_check_read+0x11/0x20
[  186.196004][ T4472]  __remove_mapping+0x562/0x690
[  186.200858][ T4472]  shrink_page_list+0x21a9/0x4250
[  186.205874][ T4472]  ? __this_cpu_preempt_check+0x13/0x20
[  186.211406][ T4472]  ? reclaim_clean_pages_from_list+0x750/0x750
[  186.217545][ T4472]  ? shrink_inactive_list+0xef0/0xef0
[  186.222896][ T4472]  ? lru_add_drain_cpu+0x580/0x6e0
[  186.227986][ T4472]  ? _raw_spin_lock_irq+0x95/0xf0
[  186.232992][ T4472]  ? __count_memcg_events+0x89/0x210
[  186.238253][ T4472]  shrink_inactive_list+0x532/0xef0
[  186.243428][ T4472]  ? should_run_aging+0x440/0x440
[  186.248426][ T4472]  ? blk_flush_plug_list+0x404/0x450
[  186.253688][ T4472]  ? __kasan_check_read+0x11/0x20
[  186.258690][ T4472]  ? __kasan_check_read+0x11/0x20
[  186.263685][ T4472]  ? lruvec_lru_size+0x230/0x250
[  186.268597][ T4472]  ? blk_start_plug+0x5a/0x170
[  186.273337][ T4472]  shrink_lruvec+0x1235/0x2860
[  186.278079][ T4472]  ? __init_rwsem+0x1c0/0x1c0
[  186.282729][ T4472]  ? mem_cgroup_shrink_node+0x4c0/0x4c0
[  186.288249][ T4472]  ? shrink_slab+0x65f/0x810
[  186.292813][ T4472]  ? drop_slab_node+0x140/0x140
[  186.297641][ T4472]  ? __kasan_check_read+0x11/0x20
[  186.302641][ T4472]  ? inactive_is_low+0x183/0x300
[  186.307551][ T4472]  shrink_node+0xf0c/0x2690
[  186.312035][ T4472]  ? ktime_get+0x10e/0x140
[  186.316437][ T4472]  do_try_to_free_pages+0x603/0x1590
[  186.321698][ T4472]  ? try_to_free_pages+0xc20/0xc20
[  186.326785][ T4472]  ? sched_clock_cpu+0x1b/0x3d0
[  186.331608][ T4472]  try_to_free_mem_cgroup_pages+0x261/0x610
[  186.337473][ T4472]  ? shrink_lruvec+0x2860/0x2860
[  186.342389][ T4472]  ? _raw_spin_unlock_irq+0x4e/0x70
[  186.347562][ T4472]  ? psi_memstall_enter+0xff/0x150
[  186.352648][ T4472]  try_charge+0x43e/0x1500
[  186.357045][ T4472]  ? __memcg_kmem_charge+0x150/0x150
[  186.362303][ T4472]  ? percpu_counter_add_batch+0x13c/0x160
[  186.368000][ T4472]  ? get_mem_cgroup_from_mm+0x197/0x1b0
[  186.373521][ T4472]  __mem_cgroup_charge+0x14c/0x6d0
[  186.378606][ T4472]  shmem_add_to_page_cache+0x574/0xe30
[  186.384042][ T4472]  ? shmem_alloc_page+0x380/0x380
[  186.389043][ T4472]  ? _raw_spin_lock_irq+0x95/0xf0
[  186.394043][ T4472]  ? find_lock_entry+0x4b/0x200
[  186.398869][ T4472]  shmem_getpage_gfp+0x8eb/0x2120
[  186.403871][ T4472]  shmem_fallocate+0x841/0xc40
[  186.408611][ T4472]  ? __get_user_pages+0x1400/0x1400
[  186.413783][ T4472]  ? shmem_mmap+0x200/0x200
[  186.418265][ T4472]  ? selinux_file_permission+0x2a5/0x510
[  186.423878][ T4472]  ? fsnotify_perm+0x66/0x4b0
[  186.428532][ T4472]  ? preempt_count_add+0x90/0x1b0
[  186.433531][ T4472]  vfs_fallocate+0x4b4/0x590
[  186.438094][ T4472]  __x64_sys_fallocate+0xc0/0x110
[  186.443096][ T4472]  do_syscall_64+0x31/0x40
[  186.447487][ T4472]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  186.453357][ T4472] RIP: 0033:0x7fab96cbcf79
[  186.457753][ T4472] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  186.477334][ T4472] RSP: 002b:00007fab95718028 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
[  186.485725][ T4472] RAX: ffffffffffffffda RBX: 00007fab96f36fa0 RCX: 00007fab96cbcf79
[  186.493669][ T4472] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
[  186.501615][ T4472] RBP: 00007fab96d537e0 R08: 0000000000000000 R09: 0000000000000000
[  186.509560][ T4472] R10: 0000000008800000 R11: 0000000000000246 R12: 0000000000000000
[  186.517506][ T4472] R13: 00007fab96f37038 R14: 00007fab96f36fa0 R15: 00007ffc350b0518
[  186.525456][ T4472] 
[  186.527763][ T4472] Allocated by task 4126:
[  186.532074][ T4472]  __kasan_kmalloc+0xda/0x110
[  186.536731][ T4472]  __kmalloc+0x1a4/0x330
[  186.540947][ T4472]  vmemdup_user+0x45/0x170
[  186.545338][ T4472]  kvm_vcpu_ioctl_set_cpuid2+0x89/0x3b0
[  186.550859][ T4472]  kvm_arch_vcpu_ioctl+0xf38/0x1cc0
[  186.556046][ T4472]  kvm_vcpu_ioctl+0x6cf/0xbe0
[  186.560708][ T4472]  __se_sys_ioctl+0x121/0x1a0
[  186.565364][ T4472]  __x64_sys_ioctl+0x7b/0x90
[  186.569939][ T4472]  do_syscall_64+0x31/0x40
[  186.574337][ T4472]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  186.580207][ T4472] 
[  186.582512][ T4472] Freed by task 4124:
[  186.586475][ T4472]  kasan_set_track+0x4a/0x70
[  186.591042][ T4472]  kasan_set_free_info+0x23/0x40
[  186.595955][ T4472]  ____kasan_slab_free+0x125/0x160
[  186.601097][ T4472]  __kasan_slab_free+0x11/0x20
[  186.605876][ T4472]  slab_free_freelist_hook+0xc5/0x190
[  186.611235][ T4472]  kfree+0xc0/0x270
[  186.615058][ T4472]  kvfree+0x35/0x40
[  186.618852][ T4472]  kvm_arch_vcpu_destroy+0x1f3/0x270
[  186.624117][ T4472]  kvm_vcpu_destroy+0x21/0xb0
[  186.628768][ T4472]  kvm_arch_destroy_vm+0x447/0x740
[  186.633852][ T4472]  kvm_put_kvm+0x8fe/0x10d0
[  186.638330][ T4472]  kvm_vm_release+0x46/0x50
[  186.642808][ T4472]  __fput+0x2fb/0x770
[  186.646763][ T4472]  ____fput+0x15/0x20
[  186.650716][ T4472]  task_work_run+0x127/0x190
[  186.655282][ T4472]  exit_to_user_mode_loop+0xcb/0xe0
[  186.660452][ T4472]  exit_to_user_mode_prepare+0x76/0xa0
[  186.665887][ T4472]  syscall_exit_to_user_mode+0x1d/0x40
[  186.671317][ T4472]  do_syscall_64+0x3d/0x40
[  186.675707][ T4472]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  186.681568][ T4472] 
[  186.683872][ T4472] Last potentially related work creation:
[  186.689571][ T4472]  kasan_save_stack+0x3a/0x60
[  186.694221][ T4472]  __kasan_record_aux_stack+0xd2/0x100
[  186.699651][ T4472]  kasan_record_aux_stack_noalloc+0xb/0x10
[  186.705432][ T4472]  call_rcu+0x11a/0x10b0
[  186.709648][ T4472]  netlink_release+0x12ea/0x1710
[  186.714560][ T4472]  sock_release+0x7f/0x140
[  186.718953][ T4472]  netlink_kernel_release+0x4d/0x60
[  186.724129][ T4472]  genl_pernet_exit+0x40/0x60
[  186.728777][ T4472]  cleanup_net+0x58e/0xb80
[  186.733165][ T4472]  process_one_work+0x6e1/0xba0
[  186.737991][ T4472]  worker_thread+0xa6a/0x13c0
[  186.742656][ T4472]  kthread+0x346/0x3d0
[  186.746711][ T4472]  ret_from_fork+0x1f/0x30
[  186.751099][ T4472] 
[  186.753407][ T4472] Second to last potentially related work creation:
[  186.759986][ T4472]  kasan_save_stack+0x3a/0x60
[  186.764641][ T4472]  __kasan_record_aux_stack+0xd2/0x100
[  186.770076][ T4472]  kasan_record_aux_stack_noalloc+0xb/0x10
[  186.775857][ T4472]  insert_work+0x52/0x310
[  186.780161][ T4472]  __queue_work+0x923/0xca0
[  186.784636][ T4472]  queue_work_on+0xe6/0x140
[  186.789113][ T4472]  destroy_super_rcu+0xd1/0xe0
[  186.793852][ T4472]  rcu_do_batch+0x4ef/0xab0
[  186.798330][ T4472]  rcu_core+0x577/0xd80
[  186.802459][ T4472]  rcu_core_si+0x9/0x10
[  186.806588][ T4472]  __do_softirq+0x255/0x563
[  186.811056][ T4472] 
[  186.813363][ T4472] The buggy address belongs to the object at ffff8881100b7000
[  186.813363][ T4472]  which belongs to the cache kmalloc-2k of size 2048
[  186.827388][ T4472] The buggy address is located 1136 bytes inside of
[  186.827388][ T4472]  2048-byte region [ffff8881100b7000, ffff8881100b7800)
[  186.840800][ T4472] The buggy address belongs to the page:
[  186.846423][ T4472] page:ffffea0004402c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1100b0
[  186.856629][ T4472] head:ffffea0004402c00 order:3 compound_mapcount:0 compound_pincount:0
[  186.864925][ T4472] flags: 0x4000000000010200(slab|head)
[  186.870364][ T4472] raw: 4000000000010200 dead000000000100 dead000000000122 ffff888100042d80
[  186.878923][ T4472] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[  186.887475][ T4472] page dumped because: kasan: bad access detected
[  186.893858][ T4472] page_owner tracks the page as allocated
[  186.899555][ T4472] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 322, ts 24265309767, free_ts 24265257318
[  186.919924][ T4472]  prep_new_page+0x179/0x180
[  186.924492][ T4472]  get_page_from_freelist+0x223b/0x23d0
[  186.930020][ T4472]  __alloc_pages_nodemask+0x290/0x620
[  186.935365][ T4472]  new_slab+0x84/0x3f0
[  186.939409][ T4472]  ___slab_alloc+0x2a6/0x450
[  186.943974][ T4472]  __slab_alloc+0x63/0xa0
[  186.948277][ T4472]  kmem_cache_alloc_trace+0x1b0/0x2e0
[  186.953625][ T4472]  f2fs_build_segment_manager+0x19ae/0x4900
[  186.959490][ T4472]  f2fs_fill_super+0x4a3a/0x73f0
[  186.964403][ T4472]  mount_bdev+0x28b/0x3a0
[  186.968707][ T4472]  f2fs_mount+0x34/0x40
[  186.972839][ T4472]  legacy_get_tree+0xed/0x190
[  186.977490][ T4472]  vfs_get_tree+0x89/0x260
[  186.981882][ T4472]  do_new_mount+0x25a/0xa20
[  186.986358][ T4472]  path_mount+0x585/0xc90
[  186.990659][ T4472]  __se_sys_mount+0x320/0x390
[  186.995303][ T4472] page last free stack trace:
[  186.999962][ T4472]  __free_pages_ok+0x80b/0x830
[  187.004698][ T4472]  __free_pages+0xd8/0x3b0
[  187.009086][ T4472]  __free_slab+0xcf/0x190
[  187.013389][ T4472]  unfreeze_partials+0x15f/0x190
[  187.018300][ T4472]  put_cpu_partial+0xc1/0x180
[  187.022962][ T4472]  __slab_free+0x2c9/0x3a0
[  187.027353][ T4472]  ___cache_free+0x10e/0x130
[  187.031917][ T4472]  qlink_free+0x50/0x90
[  187.036047][ T4472]  qlist_free_all+0x5f/0xb0
[  187.040522][ T4472]  kasan_quarantine_reduce+0x14a/0x160
[  187.045964][ T4472]  __kasan_slab_alloc+0x2f/0xf0
[  187.050789][ T4472]  slab_post_alloc_hook+0x5d/0x2f0
[  187.055873][ T4472]  kmem_cache_alloc+0x162/0x2d0
[  187.060695][ T4472]  prepare_creds+0x2c/0x5d0
[  187.065170][ T4472]  selinux_setprocattr+0x277/0x990
[  187.070253][ T4472]  security_setprocattr+0xcb/0xe0
[  187.075245][ T4472] 
[  187.077545][ T4472] Memory state around the buggy address:
[  187.083150][ T4472]  ffff8881100b7300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  187.091185][ T4472]  ffff8881100b7380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  187.099222][ T4472] >ffff8881100b7400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  187.107252][ T4472]                                                              ^
[  187.114941][ T4472]  ffff8881100b7480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  187.122981][ T4472]  ffff8881100b7500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  187.131011][ T4472] ==================================================================
[  187.139046][ T4472] Disabling lock debugging due to kernel taint
[  187.162962][ T4447] udc-core: couldn't find an available UDC or it's busy
[  187.172142][ T4447] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  187.214204][  T400] usb 6-1: USB disconnect, device number 17