last executing test programs:

13.91536936s ago: executing program 3 (id=13756):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000003000083850000002d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001900)=@newtaction={0xeb4, 0x30, 0xb, 0x0, 0x0, {}, [{0xea0, 0x1, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}, @m_pedit={0xe54, 0x2, 0x0, 0x0, {{0xa}, {0xe28, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe20, 0x2, {{{}, 0x1}, [{}, {}, {0x7}, {0x0, 0x0, 0x0, 0x970f}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x2000000}, {}, {}, {}, {}, {}, {}, {}, {}, {0x7}, {}, {}, {}, {0x80000}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0xfffffffe}, {}, {0x8000}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, {}, {0x0, 0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0xfffffffd}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x2000}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2100}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x1}, {}, {}, {0x1}, {}, {}, {}, {0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}]}}, @TCA_PEDIT_KEYS_EX={0x4}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xeb4}}, 0x0)

13.857576026s ago: executing program 3 (id=13758):
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x544, 0x65, 0x114, 0x0, 0x0, {}, [@TCA_CHAIN={0x8, 0xb, 0x8001}, @TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_flower={{0xb}, {0x50, 0x2, [@TCA_FLOWER_KEY_ARP_OP={0x5}, @TCA_FLOWER_KEY_ICMPV6_CODE={0x5}, @TCA_FLOWER_KEY_SCTP_DST_MASK={0x6}, @TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK={0x14}, @TCA_FLOWER_KEY_UDP_SRC_MASK={0x6}, @TCA_FLOWER_KEY_ICMPV6_TYPE={0x5}, @TCA_FLOWER_KEY_PORT_DST_MIN={0x6}, @TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK={0x6}]}}, @filter_kind_options=@f_route={{0xa}, {0x4a0, 0x2, [@TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_POLICE={0x30, 0x5, [@TCA_POLICE_RATE64={0xc}, @TCA_POLICE_RESULT={0x8}, @TCA_POLICE_PEAKRATE64={0xc}, @TCA_POLICE_RATE64={0xc}]}, @TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_IIF={0x8}, @TCA_ROUTE4_ACT={0x454, 0x6, [@m_tunnel_key={0x13c, 0x0, 0x0, 0x0, {{0xf}, {0x20, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c}]}, {0xed, 0x6, "d6ffbaa2d807e57d2fb5d20d34548ab7b37f8349e465ab4b081af6c4d264921cd8c936c513978e97737d21a5ab41e1e2d97b9274a9713da8bb2a7790e43e58a9382a0fefc1b0bd95680829a8f749c4a1b7578673e50b8c1f238e0564b2e86011a210d9798298010cdd47394ed3cf832f5a7cb7207d71e03efd3449463f6f23d4b2343ef7a21bade823b43fe276d1256ce22abacd5ac6cf14007e3e50df98b3a0ba69017e92816025e7ed3480f55d4bc6fd3ad7936845054ded5a03ac3666e0a223ed11842f19025ef317434e863afa0f7496bc06c02e425a42d3726cf12ea5cae79d407b644262f795"}, {0xc}, {0xc}}}, @m_ife={0x98, 0x0, 0x0, 0x0, {{0x8}, {0x4}, {0x6d, 0x6, "68f33c84b776915719434abe46a9ad66388de7f727e754e0482910d008dee0199b585271d39abe13f7c59928211ea2eea798182b0caf370760e543f9c63a2fafb29bde21d4a4166ea1d1c4e6f61174108c064b3b9a7cf04e9b165a21eef5e591bb3d865a0f1d264787"}, {0xc}, {0xc}}}, @m_nat={0xbc, 0x1, 0x0, 0x0, {{0x8}, {0x54, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{}, @rand_addr, @loopback}}, @TCA_NAT_PARMS={0x28, 0x1, {{}, @multicast2, @broadcast}}]}, {0x41, 0x6, "ef93daeef78df7f9a037a0d7a2f92a1cc341deabba437fc636cbf66a843bc4e0304e79be1f16cfa199b042be92c52b0490cb3ccc8a115bd7fba1ddd4a3"}, {0xc}, {0xc}}}, @m_gact={0x140, 0x19, 0x0, 0x0, {{0x9}, {0x7c, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0xc, 0x3, {0x0, 0x171b, 0x7}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x2486, 0x3}}, @TCA_GACT_PARMS={0x18, 0x2, {0xfffffffd, 0x779, 0x5, 0x6, 0x2}}, @TCA_GACT_PARMS={0x18, 0x2, {0x7, 0x2, 0x7, 0x8000, 0x2}}, @TCA_GACT_PROB={0xc, 0x3, {0x0, 0xc8c, 0x2}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x231c, 0x6}}, @TCA_GACT_PARMS={0x18, 0x2, {0x8, 0x1192ffc7, 0x0, 0xe6, 0x83}}]}, {0x99, 0x6, "add15fa36852638a96a7a61ad7cbad2a0ea4d5b50d78fc4470d56e0f0655e4f04a4646ed85b27b416706857890f37914a11b79d4d3a9adbd5a85f51cf2626d62854d0bda4d95eb08e2092846e8bff1f9ec60606b4ba174a4e4c0b8aaccd8cd330d3fd7fd42e90f6df49a741f5270ea8ae12e952742e929d280b23b1172af1029e7cf12998e079cc7ee83f6211af3fd44c44f14094b"}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}, @m_bpf={0x40, 0x0, 0x0, 0x0, {{0x8}, {0x18, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6}, @TCA_ACT_BPF_OPS={0xc, 0x4, [{}]}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}, @m_ctinfo={0x40, 0x0, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_CTINFO_PARMS_CPMARK_MASK={0x8}, @TCA_CTINFO_PARMS_CPMARK_MASK={0x8}]}, {0x4}, {0xc}, {0xc}}}]}]}}]}, 0x544}}, 0x0)
sendto(0xffffffffffffffff, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x598}, {&(0x7f00000007c0)=""/154, 0x4c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00', <r4=>0x0})
sendmsg$ETHTOOL_MSG_LINKINFO_GET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000001b00000020000180140002006261746164765f736c6176655f31000008000100", @ANYRES32=r4], 0x34}}, 0x4000)
r5 = signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x0)
ppoll(&(0x7f0000000080)=[{r5, 0xd502}, {r5, 0x240}], 0x2, 0x0, 0x0, 0x0)
unshare(0x2040400)
signalfd4(r5, &(0x7f0000000340)={[0x1]}, 0x8, 0x80800)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
r6 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r6, &(0x7f0000000240)='asymmetric\x00', &(0x7f0000000500)=@chain)

13.05040388s ago: executing program 3 (id=13785):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000000000000000000004b84ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000000c0)={0x1, &(0x7f0000000400)=[{0x4, 0x1b, 0x8, 0xc}]})

12.993869175s ago: executing program 3 (id=13787):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto]}}, 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r2}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f00000005c0)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r0, 0xc, &(0x7f00000000c0)={0x0, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

12.993052135s ago: executing program 3 (id=13790):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10)
iopl(0x3)

12.988323195s ago: executing program 3 (id=13792):
iopl(0x3)
open(&(0x7f0000000780)='./bus\x00', 0x14507e, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000280)='./file1\x00', 0x200000, &(0x7f0000000a40)={[{@noquota}, {@noauto_da_alloc}, {@jqfmt_vfsold}, {@data_err_ignore}, {@noauto_da_alloc}, {@delalloc}, {@resuid}, {@oldalloc}, {@jqfmt_vfsv1}]}, 0xfc, 0x550, &(0x7f0000000340)="$eJzs3d9rW1UcAPDvTdv91nUwhvoghT04mUvX1h8TfJiPosOBvs/Q3pXRZBlNOtY6cHtwL77IEEQciH+A7z4O/wH/ioEOhoyiD75EbnrTZWvSZm22Zubzgduec89Nzz0593t6bk5CAhhaE9mPQsSrEfFtEnG4rWw08sKJteNWH16fzbYkGo3P/koiyfe1jk/y3wfzzCsR8dvXEScLG+utLa8slMrldDHPT9YrVyZryyunLlVK8+l8enl6ZubMOzPT77/3bt/a+ub5f3749O5HZ745vvr9L/eP3E7ibBzKy9rbsQM32jMTMZE/J2Nx9okDp/pQ2SBJdvsE2JaRPM7HIhsDDsdIHvXA/99XEdEAhlQi/mFIteYBrXv7Pt0HvzAefLh2A7Sx/aNrr43Evua90YHV5LE7o+x+d7wP9Wd1/PrnndvZFv17HQJgSzduRsTp0dGN41+Sj3/bd7qHY56sw/gHz8/dbP7zVqf5T2F9/hMd5j8HO8Tudmwd/4X7faimq2z+90HH+e/6otX4SJ57qTnnG0suXiqn2dj2ckSciLG9WX6z9Zwzq/ca3cra53/ZltXfmgvm53F/dO/jj5kr1Us7aXO7BzcjXus4/03W+z/p0P/Z83G+xzqOpXde71a2dfufrcbPEW907P9HK1rJ5uuTk83rYbJ1VWz0961jv3erf7fbn/X/gc3bP560r9fWnr6On/b9m3Yr2+71vyf5vJnek++7VqrXF6ci9iSfbNw//eixrXzr+Kz9J45vPv51uv73R8QXPbb/1tFbXQ8dhP6fe6r+f/rEvY+//LFb/b31/9vN1Il8Ty/jX68nuJPnDgAAAAAAAAZNISIORVIorqcLhWJx7f0dR+NAoVyt1U9erC5dnovmZ2XHY6zQWuk+3PZ+iKn8/bCt/PQT+ZmIOBIR343sb+aLs9Xy3G43HgAAAAAAAAAAAAAAAAAAAAbEwYh9nT7/n/ljZLfPDnjmfOU3DK/u8Z+X9OObnoCB5P8/DC/xD8NL/MPwEv8wvMQ/DC/xD8NL/MPwEv8AAAAAAAAAAAAAAAAAAAAAAAAAAADQV+fPncu2xurD67NZfu7q8tJC9eqpubS2UKwszRZnq4tXivPV6nw5Lc5WK1v9vXK1emVqOpauTdbTWn2ytrxyoVJduly/cKlSmk8vpGPPpVUAAAAAAAAAAAAAAAAAAADwYqktryyUyuV0UUJiW4nRwTgNiT4ndntkAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBH/gsAAP//sQI4ww==")
sync()

3.413010739s ago: executing program 4 (id=14132):
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, 0x0, 0x0)
sendmmsg$unix(r3, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_clone(0x4010e000, 0x0, 0x0, 0x0, 0x0, 0x0)

3.209533357s ago: executing program 0 (id=14141):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000001340)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000afcd48d6494d614dcc6fab5335ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad96ed406f21caf5adcf920569c00cc1199684fa7c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c987d669f381faca0f9d9b24be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fca4e0b6eab1aa7d55545a34effa077faa56d59e88254f54077f799bf168301000000bf2255d6a0244d35b213bda84cc172afd8cc2e59a7d8b85a5e3d77ac463920e231b7ae0da8616d2b7958f91f5da6c025d060ab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c78fbfe5ab0255f347160ec83070000000000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab8b4b380a00d72bc0480f949c479757306720399379d9271cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2dc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78a602ca3cdf6a9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e559d17879570c8ad9433269af3be5fa6a9a5c24e392955f4e979ea13201bafe4f0f6ea508000000a0c548552b571bed5647223c78a992810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151ffdf6f7820549cda6cb799c6e924966a7f90bf8fd1e75ee76bd72346cfbb526890aa7fe5e68949a3b30567e54d3504723177d356c4604bca492ede62fc28839b5301160ecec37e83efceefd7ca2533659edc8be05cc85451c6a145074343caea5c4bf690441974b155f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffcebde1d9d3d35a142a9ec9a7a3755e0f209150a07682c4e14e3a83558df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e561a9845e4ff29e2bdb1d0b923b272341c5e093fd66a2946501559335781092cf8ce3c7c56cd31121624d76517fd3666276c3c0e812b28e2f30d035cee5d0e77a3c70008ec651cc0ae637fa474816bc59d2e2a00092419304b338a987e9d3044d856cf24f370030be3b5f79f030b8d3ebce68663ef5af469abe753314fae31651e0ecea5ece8fb11a4ee288eb149f1fa33669cc8d901fa8e46354c9c3a041a1e7b55c4e81dba1e12289ee34463baf28345bde0c195bc9f022ca8f3025ee9c8e3168b4177ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f241262fa3f1dabeb4fc4bda345360200000001fbddeacd3adaa4d2715e21c772ccd44341f7fd53df58ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d419de1a7b5c9dc22c96295a4601adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa700a86407e79ae29d2c117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb408c8a80f7f02f750d6c977a1919f9f69a6cfefdf879d447df53f3b9b70d10355b07466d1ef0056b5af553d18a6cc50feeb7bfad9b7be3283b6450d014e7712d2f1d7004548b19162cef04d18d4f5987baab97a9bfbd8f185b5671820420bf5b6522c0e21c882c66f4f25ffb6d95e07de02205fca4f18a2eb5b63e45d5d80fe52734093ae5aa3c0b4f3f45bfff2418a18217747ae442e31560e5b741445ea2a1acee2e98c9f3427834ba0a765d20b30f87af976a46f9a9a1ac7dea1ea6845f9aa6623920dacc107f532348cc21164efe794874eac73381e961f3d9c8c21578fe3245097c280abe51427a7f6cd72b5da6d0252803c66730cd5eac907f09b9695906313f8873522608c6fc01e1b9e16587bb5f721303e6b89e5c54d680ac66d09af90dbf50ee69a39265964279d17eb0000000000000000000000fa08ad0731c4b839688b22c4da2a6b00008a1949a6ba49fbf981f8265e7f1f4c2d97f4680b135f87c228ce69418a282bffff2481a0df1774fa7d94944bb92d2b89f73f0e8b63f6316c5762f3288bc970720f48b5647dd177db6810fae05334d5a44a020000001c0d882a564d74a7c72bf9a2152b261e58fea6d2f93589cfe261dc0410b5ccc92a5a0eab327a33431d62d2b7c75ce654d556c9e1817c1abca762ab53d40da51560351b673363652e1ecb56cfe4a746a45ab13c6014e9f361ab687d1cd1795ce9e05c817b83d76046bdb3709de5df7499a02d2f636a454b85b987580ada025d83bd7b8df28a540d5ec5537942e79f2f1ab25ea5f563bc77e4f9468bd309469880c7e34150ca886d1f13dff7e82dbe296c877d925c38c54cc8137b29028854b6bd57ca893927c331300e16aba792289e135589d93302fc37c73c303e383cdf8ef3f6d6265fe5ee01759d24027475c8901039a898582022bc95992b86dce0710887c8a625d9cbb897bdbfaf49a3f642a169827a9bae4fcfa5212461db000000000000e6ed75ca8fcda7ef3ee336189fef3b3ffb9f38fefc5ff39c4e69e3fa1f8b10ee97123e99b61eba065b1ad67530e7c4f11f9da7ae000002000000610101ad7f79cb9bbf64a0fc109f49fe8799fe266e2ccac80fefe750151f5ddfe51833ec65ece70e07ce8ab5d97db47da8f80000664dc0b86ae2b3ff9d4e220752a6b2f3ea9f793612386496dca5af7b8952aafa796ea7b156d19612297c63"], &(0x7f0000000000)='GPL\x00', 0x5, 0x252, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000011c0)={r0, 0xffffffffffffffff, 0x16, 0x0, @void}, 0x10)

3.209276017s ago: executing program 0 (id=14142):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000400)={0x0, &(0x7f0000000540)})
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="54771cdaf317bd2d2e8f868dc4e07de7066d50b42edbfe323bd91e2f94f868771a584fa66e0e8aa08b492369404cb9318e9ee15d6edb4c8bd89a8a813c691a84", @ANYRESHEX, @ANYBLOB="2ee40d301c5717bdbde8786985e42b294d2c4554e9c57c8eda350667a92a", @ANYRES16=0x0, @ANYRESDEC, @ANYRES32], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRESOCT=0x0], 0x0, 0x0, 0xfffffffffffffd20, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x2, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94)
ftruncate(0xffffffffffffffff, 0x8003)
r1 = openat$uhid(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
write$UHID_CREATE(r1, &(0x7f00000002c0)={0x0, {'syz0\x00', 'syz0\x00', 'syz1\x00', &(0x7f0000000480)=""/19, 0x13, 0xfffc, 0x0, 0xffffffff, 0x1}}, 0x120)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000540)=ANY=[@ANYRES64=r0], 0x0)
r2 = syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x0)
ioctl$HIDIOCGFEATURE(r2, 0xc0404809, &(0x7f00000000c0)={0x0, "277c968feb45a14b9d13aa865c15a5eaecdeecd810993081b239d4a3d23f64f1313939c9069b32eba8ea187c82613f238bdc42f990210277a196479b8e8df477"})
ioctl$HIDIOCGFEATURE(r2, 0xc0404807, &(0x7f00000001c0)={0x1, "5fbaf77c49a9e363eed255a8164a43edd3fbf3f53506ab88ceae7536ba00c7498731efa3dafb0258a1a0e6dacafa3ba666a4c94f7af45941f84c2857c71600b2"})
syz_usb_control_io$printer(0xffffffffffffffff, 0x0, 0x0)
mkdir(&(0x7f0000000300)='./file0\x00', 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x2000, &(0x7f00000009c0)={[{@min_batch_time={'min_batch_time', 0x3d, 0x6}}, {@stripe={'stripe', 0x3d, 0x62}}, {@nobh}], [{@dont_appraise}]}, 0x0, 0x601, &(0x7f0000001580)="$eJzs3ctvFEcaAPCvx2PjB1obtNpd9rBYWq1A2sUGAysUJRJcI2SRh3LJJQ42hGDAwo4Sk0gYiVwiRblEUaSccgh/RoLClVNyyiGXnCIklETcM1HPdBuP3eMX9jShfz9pmK6uaVe18TdVU1PVHUBljab/1CIORMRcEjGcLC3n1SPLHG297tFvH5xPH0k0Gq/8kkSS7ctfn2TPQ9nB/RHx3bdJ7O9ZW+784o3LU7OzM9ez9PjClbnx+cUbRy5dmbo4c3Hm6sT/J06dPHHy1LGj2zqvmwX7zt5++93hjyZf/+qLwYj4cTKJ0/Fi9sKV57FTRmO0+TtJ1mYNndrpwkrSk/2dNBqNRr4vqfeXWyk2Lf//642Iv8dw9GRRnxqOD18qtXLArmokrfduoIoS8Q8VlfcD8s/2qz8H10rplQDd8PBMawBgbfzXW2OD0d8cGxh8lKwYGWiNaW1vZK7d3oi4f2/y9oV7k7djl8bhgGJLtyLiH0XxnzTjfyT6Y6QZ/7W2+E/7Beey53T/y9ssv74qLf6he1rx379u/EeH+H8jfb7ZiuE3t1n+yOPNtwba4n9gu6cEAAAAAAAAlXX3TET8r+j7/9ry/J8omP8zFBGnd6D80VXptd//1x7sQDFAgYdnIp4vnP9by2f/jvSsWMI6Er3JhUuzM0cj4i8RcTh696TpY+uUceTj/Z93yhvN5v/lj7T8+9lcwKweD+p72o+ZnlqYeoJTBjIPb0X8s3D+b7Lc/icF7X/6zjC3yTL2/+fOuU55G8c/sFsaX0YcKmz/H1+1Iln/+hzjzf7AeN4rWOtf73/ydafytxv/q+cNA1uXtv+DzXjqGP8jycrr9cxvvYzji/VGp7zt9v/7klebVxXqy/a9N7WwcP1YRF9ytifd27Z/Yut1hmdRHg95vKTxf/jf64//FfX/ByJiadXPTn5tX1Oc+9vvQz91qo/+P5Qnjf/p9fv/q9r/rW9M3Bn5plP5m2v/TzTb+sPN9AuDu/n7gD+Tz/Iw7WvfXxCO9aKsbtcXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ4FtYjYG0ltbHm7VhsbixiKiL/GYG322vzCfy9ce+fqdJrXvP9/Lb/T73ArnWT3/2/eXyhPTzS3H6ePR8S+iPi0Z6CZHjt/bXa67JMHAAAAAAAAAAAAAAAAAACAp8RQh/X/qZ97yq4dsOvqZVcAKE1B/H9fRj2A7tP+Q3WJf6gu8Q/VJf6husQ/VJf4h+oS/1Bd4h8AAAAAAJ4p+w7e/SGJiKXnBpqPVF+W11tqzYDdViu7AkBpXOIHqsvUH6gun/GBZIP8/o4HbXTkeubOP8HBAAAAAAAAAAAAAFA5hw5Y/w9VZf0/VJf1/1Bd+fr/gyXXA+i+jp/xh7pbD6Bc663kL1z/v+FRAAAAAAAAAAAAAMBOml+8cXlqdnbmuo3XulFWEhGln+nyRqPRuJn+FTwt9dn5jSSbod6VQvOp8N0/077NnGC+1m9zP7m89yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDdHwEAAP//wBIeGA==")
chown(&(0x7f0000000140)='./file0\x00', 0xee00, 0x0)
r3 = open_tree(r1, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, 0x0, 0x230)
write$UHID_DESTROY(r1, &(0x7f0000000040), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={0x0, r3, 0x0, 0x9}, 0x18)
syz_open_procfs(0x0, 0x0)
signalfd4(0xffffffffffffffff, &(0x7f00000008c0), 0x8, 0x0)
socket$packet(0x11, 0x2, 0x300)

2.539660088s ago: executing program 4 (id=14145):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x28, r1, 0x301, 0x0, 0x0, {{0x32}, {@void, @val={0xc}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5}]]}, 0x28}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r4, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000180)=0x1, 0x87c5)
write$binfmt_script(r4, &(0x7f0000000140)={'#! ', './file0'}, 0xb)
setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x2, &(0x7f0000000500)=@gcm_256={{0x303}, "2a4001011f891d5b", "11682d84dd05bb63ae661f051e1e79ceafeaa60a5bd1dc83db142ade2bd907fd", "fd6ed24e", "590b0006000000fc"}, 0x38)
recvfrom$inet6(r4, &(0x7f0000000100)=""/25, 0x19, 0x10162, 0x0, 0x0)
sendmsg$IPVS_CMD_NEW_DAEMON(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='P\x00\x00=', @ANYRES16=r3, @ANYBLOB="01000000000000000000090000003c000380140002007663616e3000000000000000000000000800030000000000080001000100000014000600ff010000000000000000000000000001"], 0x50}}, 0x0)
sendmsg$IPVS_CMD_NEW_SERVICE(r0, &(0x7f0000000680)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x28, r3, 0x400, 0x70bd26, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x96d4}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x91)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
getsockopt$inet6_tcp_buf(r4, 0x6, 0x1c, 0x0, &(0x7f0000000900))
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f00000006c0)=ANY=[@ANYBLOB="180000000000000000000000000000001811000027b880d1e35f8c0c1761715a5fcd77beca65ef79369096820a4a489b270ced8f4098e628377febca9511f8b04766d2fb63d3908b31d71aa34b7c1f7faa11b55e39135ea1e7a392d4049a8ef25ad49c3bda347e3d10f30ddf50e40e56d59375e6aac42a2e190f22a43ee09836c1fde11a1f3d8cc54e68ff6cc0b43f1222080093e742121589420f1bf7286bef3f054b99939aa1", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r6}, 0x10)
syz_read_part_table(0x59d, &(0x7f0000000000)="$eJzs0r1Ls1cYB+CTwEsoVCIiONhBMLg0KsRBh2SwEtMsRsSKFGfBQQfBwUFSorMf/4DiF4iL2NlRjCAKcZKM4lxQXDKltD6FtnZpiyl9ua4lnHPf59w5/J7A/1o8/NRsNmMhhGbi75/+7jQ/XuyZHJ2aDiEW5kII+a++/LUSizp+u/U8WpeidTGRqe3fjL2ctt/23ldTh/GofhEP4YcQwuLjUfLfvo3P31nuKrm+sVzYXM0tPBTWnobm+/PdW/mlneGDbHmmKzsbfVgX8dbMT9VGju+apefdtoFP1Vojcx31pWMfM5//1p/z3+us1CuNib6TlcF0R/2yvB3l/ip/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgg53lrpLrG8uFzdXcwkNh7Wlovj/fvZVf2hk+yJZnurKz8be+i3hr5qdqI8d3zdLzbtvAp2qtkbmO+tKxd0e/+fFj/hIt9HX4Y/57nZV6pTHRd7IymO6oX5a3o9xf3+cPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPCX8uPFnsnRqekQYmEuhPDt/fe9v+w3E2/1WNR3Hv2Wov1iIlPbvxl7OW2/7b2vpg4nEyEkfnfv4uNR8otWPoR/5OcAAAD//2wlhu4=")

2.027521865s ago: executing program 4 (id=14148):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001700)={&(0x7f0000000080)='kmem_cache_free\x00', r0}, 0x10)
execve(0x0, 0x0, 0x0)

1.373452535s ago: executing program 4 (id=14151):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x5, 0x2, 0x1000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1}, 0x10)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
unlink(&(0x7f0000000580)='./file1\x00')
close(r2)

702.936266ms ago: executing program 2 (id=14153):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0xfe, 0x0, 0x7fff0006}]})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a09000000000000000000020000000900020073797a317153000008000440000000000900010073797a3000000000080003400000000114000000110001"], 0x64}}, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)

702.730596ms ago: executing program 4 (id=14154):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f00000002c0)={[{@barrier}, {@jqfmt_vfsold}, {@noquota}, {@min_batch_time={'min_batch_time', 0x3d, 0x10}}, {@journal_dev={'journal_dev', 0x3d, 0xd}}]}, 0x1, 0x4be, &(0x7f0000000540)="$eJzs3ctrW1caAPBPUvyMZ/KYYUgyMAlkIPMglh8MsWdmM6uZWQSGCXTTQuraiutatowlp7EJ1Gl3WXRRWlooXXRZ6D/QbppVQ6F03e5LFiWlTV1oCwUVXUmO/JArGjsC398PbnTuOTf6zrH4jq+OrnUDSK1ztX8yEUMR8UlEHKvvbj3gXP1h48HN6dqWiWr1yleZ5LjafvPQ5v87GhHrEdEfEf//d8QzmZ1xy6tr81PFYmG5sZ+vLCzly6trF+cWpmYLs4XF0YlLk5MTI+Njk/s21tsvP3f78vv/7X33u5fu333lww9q3RpqtLWOYz/Vh94TJ1rqjkTEPw8iWBfkGuMZ6HZH+EVqr99vIuJ8kv/HIpe8mkAaVKvV6o/VvnbN61Xg0Mom58CZ7HBE1MvZ7PBw/Rz+tzGYLZbKlb9eK60sztTPlY9HT/baXLEw0nivcDx6MrX90aT8cH9s2/54RHIO/GpuINkfni4VZx7vVAdsc3Rb/n+bq+c/kBLe8kN6yX9IL/kP6SX/Ib3kP6SX/If0kv+QXvIf0kv+Q3rJf0gv+Q+p9L/Ll2tbtfn37zPXV1fmS9cvzhTK88MLK9PD06XlGJ4t9b3X2fMVS6Wl0b/Fyo18pVCu5Mura1cXSiuLlatzC1OzvVHoOeDxAJ07cfbOZ5mIWP/7QLLV9Dba5CocbtUX6t8BAKRPrtsTENA1lv4gvbzHB3b5it4t+ts1LD1S1J8LCxygbLc7AHTNhdM+/4O0sv4P6WX9H9Jr6zm+swFIo+6s/wPdZP0f0muo5f4/mZb7f/2q5d5dIxHx64j4NNfT17zXF3AYZL/INHL/wrE/Dm1v7c18nywK9EbE829eef3GVKWyPFqr/3qzvvJGvb63G90HOpbk71jj0S9yAEi1jQc3p5vbZuXxg4/75b/qFyHsjH+ksTbZn3xGObiR2XKtQmafrl1YvxURp3aLn2nc77z+ycfgRm5H/JONx0z9KZL+Hknum/4o8e+902n80y3x/9AS/8wj/1QgHe7U5p+R3fI/m+R0bObf1vlnaJ+uj24//2U3579cm/nvbIcxnn3rxXtt49+KOLNr/Ga8/iTW9vi1vl3oMP79p574Xbu26tv159ktflOtlK8sLOXLq2sX5xamZguzhcXRiUuTkxMj42OT+WSNOt9cqd7pH6c+vrvX+AfbxN9r/LW6P3c4/h9+/9GT5/aI/6fzu7/+J/eIPxARf+kw/jdjnz/drq0Wf6bN+LPb47cs8NXqxjuMX37tP30dHgoAPAbl1bX5qWKxsKygoKCwWej2zAQctIdJ3+2eAAAAAAAAAAAAAJ16HJcTd3uMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACHwU8BAAD//zAx0oQ=")
r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
rename(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000340)='./bus\x00', 0x0, 0x1000, 0x0)
r1 = open(&(0x7f00000005c0)='./bus\x00', 0x700, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x4c02, &(0x7f0000000140))
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000200)=0x10)

328.39836ms ago: executing program 2 (id=14156):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffc}]})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000070000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
accept4$inet(0xffffffffffffffff, 0x0, 0x0, 0x800)

328.2398ms ago: executing program 4 (id=14157):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x20000000000000f4, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000021b70400000000000085000000c300000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_procs(r2, &(0x7f00000003c0)='tasks\x00', 0x2, 0x0)
preadv(r3, &(0x7f00000004c0)=[{&(0x7f0000000100)=""/240, 0xf0}], 0x1, 0x2, 0x0)

265.709856ms ago: executing program 2 (id=14159):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff15, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
write$selinux_access(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="2f7573722f7362696e2f6e74a61f20756e636f6e66696e65642030"], 0x2f)

265.407926ms ago: executing program 2 (id=14161):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x18)
sysinfo(0x0)

262.019726ms ago: executing program 1 (id=14162):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ec0)=ANY=[@ANYBLOB="18000000000080000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000a3850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1}, 0x10)
unshare(0x62040200)

243.081768ms ago: executing program 2 (id=14163):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01080000000000000000010000000900010073797a300000000048000000030a0102000000000000000001000000080007006e6174000900030073796031000000000900010073797a3000000000140004800800024000000000080001"], 0x90}}, 0x0)

198.714182ms ago: executing program 2 (id=14165):
r0 = memfd_create(&(0x7f0000000480)='\x9d#\x00%\xa5\x83\xa6#\r\x83y\xf3\xb2\xe6b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x17?$^\xe1Ob\xe1Y\xd6\xaa\x8d\x83;\xeb\xf1\xd0\xce\xe5\x19\x9f\xd9\xae\xcf>/\x05\x00\x00\x00\x15\x00\x00\x00\xa1\xa2\xe0g\x98\xbf*\xa2c\x12.\xb7\xbe`\'\xcb\xb6\xaf\xdc\xa0\xb04\xb7T5\\\xe4h\xfc\x14\x06\xb5\x03\x8a\xc40\xbe\xe3\x93A\x15\xec\xdb\xaa\t9\x01\x00\x00\x00&0\xdd\xcbC\x15\xfcp\x11\xda|\x99\xfd\x9eS\x80\xcb\x14G\xfa\xff\xff\xff\xff\x04\xa0\x05}\xff\xff\xff\xcd\xf0%\x97!\xba\xe3J\x82t\x96\xf8\xb1\xd2\x168\xbf`$\xbf\xca\xea\xa3\x83\x8e-k\x12F\x03\b\x9dh\xcb)\xf4f\x12[\xf9w\xd2\r\t\xef{h\xb0\xc0:\x8f|\x8f\x06\x00\x00\x00\x00\x00\x00\x00\x04\t0\xaf\\H\x06x-\x01\x13\xa0\xf9\xe8\xdf;\xb9\x03\x00^!\xc2\xff\xac\xb8\xac\xc5\n4\xe7\xd5\xf5@L\b\xd3\x88\xc7\xb2G\f^B\xfeR/\xd7\xf9a[Y\xe0;5!r\x92?FB\xde\xa0>0\xdc\xa6\xbf\xce\xd6?\x1f%7>i\x8d\xd0Nw=,\xcc<\v\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x000\xf5+\x1c\'\x06\x00\xd1\xc9k:\x9d\x18cP\x14\xb6\x91AT\xb5w\xe71\xf3\xf8]\xc4\xa6+\xb6\xdcZ\xf2\x82*f\x0etDt\xbf\xa4)\x8e<%\xbcijzt\xf7\x7fN\x8fR\n>\xa0\t\ae\x8d~\xa3!\"\xec&\x83\xec\xac\x01\a\xe9\x17\x0f\xce\x9f}4\xf3P\fx\xa3/]E\xd3\xdbc\xa9\x9d$T\a\x83\n$r\xcf\xf5\xaa\x19\xe2\xb2~\xa3N\x03\x90K\xf7\x9fR_y\x80t\xa2\"!5\xf1R\x90~iLeNm\x9c\\Wv\xe5\xbbK \xc2\xa7wx\xd7\xe1P\a\'<\xa2\x02\x84\xb7\x15\x99\xb4\x85\x9b\xe4\a\xc4\xbe\xe9\xd7~\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x88\xa1\x95\x8d\xad\x13\x10G\x99 !>\x01BS\x01w\xfc\xba\x1cu\x9d\x1aB\xaam\xddc\x1a`\xaflVlj\xb8G\xeb\xbe\a\xe4\xf38\xfba\xe8\xaf\xaa\x19\xa08\x0e\x80\xe2\x17\xde\x81\xd9fi\xca\xfa5\xb9\xf01{\xf5\xd4;Tj\xe7\xef\xfc\xdfAv\xd4\x9a\x83\xa5^\xbd\xa9\xb3\x9cE\xf3\x00Kg\x8aa\xd9|\xaa\xaa2\xf0/\\J\xc7\x13\x00\x00\x00\x00\x00\x00\x00\x00', 0x0)
fallocate(r0, 0x0, 0x0, 0x2400001)
lseek(r0, 0x1004002, 0x3)

198.149342ms ago: executing program 0 (id=14166):
r0 = syz_mount_image$vfat(&(0x7f0000003880), &(0x7f0000000000)='./file1\x00', 0x4000, &(0x7f0000000840)=ANY=[@ANYBLOB="6e6f6e756d7461696c3d302c636865636b3d7374726963742c756d61736b3d30303030303030303030303030303030303133363033302c756e695f786c6174653d312c756e695f786c6174653d302c666d61736b3d30303030303030303030303030303030303030303034302c757466383d302c6e6f6e756d7461696c3d302c73686f72746e616d653d77696e39352c73686f72746e616d653d6c6f7765722c73686f72746e616d653d77696e6e742c756e695f786c6174653d312c74696d655f6f66667365743d3078303030303030303030303030303166622c666c7573682c756e695f786c6174653d302c73686f72746e616d653d77696e39352c00208893fdd4787adad4209069"], 0x6, 0x2a6, &(0x7f0000000440)="$eJzs3T9rW1cUAPDzbFlS20EaOpVCH7RDJ2N77SJTbDDV1KKh7dCa2oZiiYINhv6hqqeuXTr2ExQC2fIlsmTIHsgayBYPhhee9F4kO7JsBcvOn99v8fV999x77vXFxoPO+/Hj3v5OGnvHfzyKej2JhVa04iSJZixE6a84o/VPAABvspMsi6fZ0CxxSUTU55cWADBHM//9vzv3lACAOfvm2+++Wm+3N75O03ps9v4+6uT/2edfh8/X9+Ln6MZurEQjTiOyF4btzSzL+pU014zPev2jTh7Z++F+Mf/6k4hB/Go0ojnoOhu/1d5YTYfG4vt5Hu8X67fy+LVoxIcT1t9qb6xNiI9ONT7/dCz/5WjEg5/il+jGziCJUfyfq2n6Zfbvs9+/z9PL45P+Uac2GDeSLd7wjwYAAAAAAAAAAAAAAAAAAAAAgLfYclE7pxaD+j15V1F/Z/E0/2Yp0lLzbH2eYXxSTnSuPlA/i//K+joraZpmxcBRfCU+qkTldnYNAAAAAAAAAAAAAAAAAAAAr5fDX3/b3+52dw+upVFWAyg/1v+q87TGej6J6YNro7UWiuaUmWOxHJNETE0j38Q1Hctljfcuyvn/O7NOWL98zNK087meRnm79reTyWdYi7KnXl6Se+NjqnHFtaoXPcpmun7ViY8aM++9+sGg0Z8yJpJpiX3xeHhyRU9yfhfVwalODF8qGmPh5+7GTPf55d8ViWodAAAAAAAAAAAAAAAAAAAwV6MP/U54eHxB0MOt4Uv+a3NODgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABuyOj9/zM0+kXwFQZX4+DwlrcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAO+B5AAAA///S9mga")
pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000280)={'veth0_to_batadv\x00', <r2=>0x0})
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000040)=0x200, 0x4)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000", @ANYRES32=<r4=>0xffffffffffffffff, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r5, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10)
sendto$inet(r5, 0x0, 0x0, 0x20020084, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$packet(r7, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1, 0x0, 0x6, @random="b6c1c02b5fbb"}, 0x14)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYRESOCT=r2, @ANYRESOCT=0x0, @ANYRESHEX=r7, @ANYRES8, @ANYRESDEC=0x0, @ANYRES8=r6, @ANYRES16=r4], 0x7c}}, 0x20004041)
sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000060a0b040000000000000000020000002c0004802800018007000100637400001c0002800800014000000002080002400000001605000300000000000900010073797a30000000000900020073797a320000000014000000110001000000000000000000920e586a"], 0x80}}, 0x0)
shutdown(r5, 0x1)
sendto$packet(r1, &(0x7f0000000100)="3f030603f00712000634381d001e0089e9aaa911d7c2290f0086dd1327c9167c64114a1b7880610cc9665598863522f38c3f5d49ff1f421c5ab1b141ab059b24d0fbc50df71548a3f6c5609063382ae56afffdcbd09b", 0xfffffc38, 0x18, &(0x7f0000000540)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @random="ecdac19c9b7e"}, 0x14)
open(&(0x7f0000000340)='./bus\x00', 0x8e046, 0x0)
fcntl$setflags(r0, 0x2, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r8 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r8, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x1718, 0x0, 0x0, 0x0, 0x0, "ef359f413bb93852f7d6d1ce5d29c3ee5e5ca9000f7c41499dc2aac63a4b78c660e677df701908b9aaa3f6a00400", "036c47c6780820d1cbf7896de1fdcf335263bdbcef549ba197fce47ddfdd753abd9501ce721b6ae9b49600002a00", "b7326736181c208220000000b9000000000000000000f0fffffffff2ff00"})
open(&(0x7f0000000580)='./file0\x00', 0x100000001a1540, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0)
flistxattr(r9, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

197.270162ms ago: executing program 1 (id=14167):
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)
r1 = socket$netlink(0x10, 0x3, 0x0)
writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
writev(r1, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000006"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
r4 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r4, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)
setsockopt$inet_msfilter(r4, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a010000000004"], 0x57)
setsockopt$inet_mreqsrc(r0, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc)

65.697024ms ago: executing program 1 (id=14168):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0b00000005000000020000000400000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000006000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
sendmsg$802154_dgram(r2, &(0x7f00000000c0)={&(0x7f0000000000)={0x24, @short={0x2, 0xffff, 0xffff}}, 0x14, &(0x7f0000000080)={0x0}}, 0x0)

65.419894ms ago: executing program 0 (id=14169):
r0 = socket$xdp(0x2c, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
socket$packet(0x11, 0x3, 0x300)
pipe2(&(0x7f0000000080), 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000c00)=@newqdisc={0x24, 0x24, 0xd0f, 0xa00, 0xffffffff, {0x60, 0x0, 0x0, 0x0, {0xfff2}, {0xffff, 0xffff}, {0x0, 0xfff3}}}, 0x24}}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

65.101974ms ago: executing program 1 (id=14170):
sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x18, 0x0, 0x20, 0x70bd26, 0x25dfdbfc, {}, [@ETHTOOL_A_PRIVFLAGS_FLAGS={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x8081}, 0x40000)
keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000000), 0x1000000000000232, 0x0)

49.362426ms ago: executing program 0 (id=14171):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000f000000c5000000a0ef010095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000580)='kmem_cache_free\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x1, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$OBJ_PIN_MAP(0x6, &(0x7f00000001c0)=@generic={&(0x7f0000000040)='./file0\x00', r1}, 0x18)

40.636866ms ago: executing program 1 (id=14172):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1c}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x4}, {0x3, 0x0, 0x3, 0xa, 0x2}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x0, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x4, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

757.39µs ago: executing program 0 (id=14173):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000010a850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000ac0)={&(0x7f0000000b00)='kmem_cache_free\x00', r0}, 0x10)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)

0s ago: executing program 1 (id=14174):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000f3ff000085000000700000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f00000004c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xfc, 0xfc, 0x3, [@struct={0x8, 0xa, 0x0, 0x4, 0x1, 0x9, [{0xb, 0x3, 0x200}, {0xe, 0x3, 0xc}, {0xf, 0x2, 0x6}, {0xc, 0x3, 0x1ff}, {0x4, 0x0, 0x4}, {0x2, 0x5, 0x9}, {0x3, 0x3, 0x5}, {0x7, 0x4, 0x401}, {0x1, 0x1, 0x7}, {0x10, 0x2, 0x3}]}, @typedef={0x3, 0x0, 0x0, 0x8, 0x5}, @struct={0x0, 0x8, 0x0, 0x4, 0x1, 0x7, [{0x9, 0x4, 0x659}, {0xc, 0x2, 0x5}, {0x10, 0x1, 0x2}, {0x7, 0x4, 0x800}, {0x0, 0x1, 0x4}, {0x5, 0x4, 0x400}, {0x0, 0x0, 0x5}, {0x10, 0x2, 0x80000000}]}]}, {0x0, [0x61]}}, &(0x7f0000000dc0)=""/4096, 0x117, 0x1000, 0x0, 0x1, 0x10000, @value}, 0x28)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000600)={{}, &(0x7f0000000400), &(0x7f0000000440)='%-010d \x00'}, 0x20)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000640)={0xffffffffffffffff, 0x3, 0x8}, 0xc)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/20, @ANYRES32, @ANYBLOB="0000000000000000b7080000002000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000f00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000008500000082"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$binfmt_aout(r3, &(0x7f0000000340)=ANY=[], 0xff2e)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$TCXONC(r3, 0x540a, 0x2)

kernel console output (not intermixed with test programs):

pf_probe_write_user helper that may corrupt user memory!
[ 3027.922167][    C1] eth0: bad gso: type: 1, size: 1408
[ 3027.936845][T11823] usb 3-1: new high-speed USB device number 100 using dummy_hcd
[ 3027.954955][   T20] usb 1-1: USB disconnect, device number 121
[ 3027.958601][T18606] EXT4-fs (loop4): 1 orphan inode deleted
[ 3027.966622][T18606] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,usrquota,. Quota mode: writeback.
[ 3027.989722][T18606] ext4 filesystem being mounted at /19/file1 supports timestamps until 2038 (0x7fffffff)
[ 3027.990192][    C1] eth0: bad gso: type: 1, size: 1408
[ 3028.376268][T18624] syz.4.13314[18624] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3028.376366][T18624] syz.4.13314[18624] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3028.721511][T11823] usb 3-1: Using ep0 maxpacket: 32
[ 3028.778241][T18629] loop4: detected capacity change from 0 to 512
[ 3028.821562][   T20] usb 1-1: new high-speed USB device number 122 using dummy_hcd
[ 3028.832286][T18629] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[ 3028.873514][T18629] EXT4-fs (loop4): 1 truncate cleaned up
[ 3028.879334][T18629] EXT4-fs (loop4): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000001,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,lazytime,nombcache,noload,,errors=continue. Quota mode: none.
[ 3028.901307][T11823] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3028.912364][T11823] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3028.931590][T11823] usb 3-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00
[ 3028.940640][T11823] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3028.949428][T11823] usb 3-1: config 0 descriptor??
[ 3028.956109][T18627] loop3: detected capacity change from 0 to 40427
[ 3029.015450][T18627] F2FS-fs (loop3): invalid crc value
[ 3029.034602][T18627] F2FS-fs (loop3): Found nat_bits in checkpoint
[ 3029.229342][T18627] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 3029.902098][T11823] hkems 0003:2006:0118.0248: unbalanced delimiter at end of report description
[ 3029.911042][T11823] hkems 0003:2006:0118.0248: parse failed
[ 3029.916804][   T20] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 3029.927203][   T20] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 3029.942633][T11823] hkems: probe of 0003:2006:0118.0248 failed with error -22
[ 3029.964025][T18136] attempt to access beyond end of device
[ 3029.964025][T18136] loop3: rw=2049, want=45104, limit=40427
[ 3029.976661][   T20] usb 1-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00
[ 3029.986057][T18645] netlink: 28 bytes leftover after parsing attributes in process `syz.1.13321'.
[ 3029.996772][T11823] usb 3-1: USB disconnect, device number 100
[ 3030.007782][   T20] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3030.021124][   T20] usb 1-1: config 0 descriptor??
[ 3030.072232][   T20] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[ 3030.338148][T18648] loop4: detected capacity change from 0 to 40427
[ 3030.384942][T18650] loop3: detected capacity change from 0 to 40427
[ 3030.392663][   T30] audit: type=1400 audit(2000001969.422:5588): avc:  denied  { create } for  pid=18651 comm="syz.2.13324" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[ 3030.405736][T18648] F2FS-fs (loop4): Invalid SB checksum offset: 0
[ 3030.424267][T18648] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[ 3030.433470][   T30] audit: type=1400 audit(2000001969.462:5589): avc:  denied  { write } for  pid=18651 comm="syz.2.13324" path="socket:[240021]" dev="sockfs" ino=240021 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[ 3030.513580][T18648] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 3030.546296][T18650] F2FS-fs (loop3): Invalid SB checksum offset: 0
[ 3030.553630][T18650] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[ 3030.560046][T18648] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[ 3030.568944][T18648] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 3030.621884][T18650] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 3030.668472][T18650] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[ 3030.681221][T18650] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 3031.261577][T18011] usb 2-1: new high-speed USB device number 89 using dummy_hcd
[ 3031.294331][T31068] usb 1-1: USB disconnect, device number 122
[ 3031.368234][   T26] usb 5-1: new high-speed USB device number 124 using dummy_hcd
[ 3031.781633][T18011] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3031.792689][T18011] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3031.802320][T18011] usb 2-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[ 3031.811247][T18011] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3031.854156][T18011] usb 2-1: config 0 descriptor??
[ 3031.921960][   T26] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3031.933312][   T26] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3031.945490][   T26] usb 5-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[ 3031.993155][   T26] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3032.060666][   T26] usb 5-1: config 0 descriptor??
[ 3032.195856][    C1] eth0: bad gso: type: 1, size: 1408
[ 3032.204374][T18696] UDC core: couldn't find an available UDC or it's busy: -16
[ 3032.217711][T18696] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[ 3032.252786][T18701] netlink: 12 bytes leftover after parsing attributes in process `syz.0.13334'.
[ 3032.333005][T18011] lg-g15 0003:046D:C222.0249: item fetching failed at offset 0/11
[ 3032.341082][T18011] lg-g15: probe of 0003:046D:C222.0249 failed with error -22
[ 3032.531563][T17258] usb 1-1: new high-speed USB device number 123 using dummy_hcd
[ 3032.542916][   T26] lg-g15 0003:046D:C222.024A: item fetching failed at offset 0/11
[ 3032.545979][T18671] UDC core: couldn't find an available UDC or it's busy: -16
[ 3032.556416][   T26] lg-g15: probe of 0003:046D:C222.024A failed with error -22
[ 3032.559203][T18671] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[ 3032.578577][T29747] usb 2-1: USB disconnect, device number 89
[ 3032.744964][T18674] loop4: detected capacity change from 0 to 512
[ 3032.833705][T18674] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue. Quota mode: writeback.
[ 3032.850145][T18674] ext4 filesystem being mounted at /22/bus supports timestamps until 2038 (0x7fffffff)
[ 3032.867266][T18674] UDC core: couldn't find an available UDC or it's busy: -16
[ 3032.874550][T18674] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[ 3032.883753][   T26] usb 5-1: USB disconnect, device number 124
[ 3032.892105][T17258] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3032.903570][T17258] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3032.913837][T17258] usb 1-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00
[ 3032.922755][T17258] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3032.939114][T17258] usb 1-1: config 0 descriptor??
[ 3033.288569][T18721] overlayfs: failed to resolve './file0': -2
[ 3033.397554][T18723] netlink: 324 bytes leftover after parsing attributes in process `syz.3.13340'.
[ 3033.640444][T17258] samsung 0003:0419:0600.024B: unknown main item tag 0x0
[ 3033.648037][T17258] samsung 0003:0419:0600.024B: unknown main item tag 0x0
[ 3033.658567][T17258] samsung 0003:0419:0600.024B: unknown main item tag 0x0
[ 3033.665569][T17258] samsung 0003:0419:0600.024B: unknown main item tag 0x0
[ 3033.673747][T17258] samsung 0003:0419:0600.024B: unknown main item tag 0x0
[ 3033.682134][T17258] samsung 0003:0419:0600.024B: hidraw0: USB HID v0.00 Device [HID 0419:0600] on usb-dummy_hcd.0-1/input0
[ 3033.842663][T17258] usb 1-1: USB disconnect, device number 123
[ 3034.083838][T18732] loop3: detected capacity change from 0 to 128
[ 3034.655786][T18734] loop3: detected capacity change from 0 to 40427
[ 3034.671300][   T30] audit: type=1400 audit(2000001973.692:5590): avc:  granted  { setsecparam } for  pid=18741 comm="syz.4.13347" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security
[ 3034.742274][T18734] F2FS-fs (loop3): Invalid SB checksum offset: 0
[ 3034.748551][T18734] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[ 3035.183741][T18734] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 3035.581694][T18734] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[ 3035.593886][T18734] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 3036.354155][T18781] cgroup: none used incorrectly
[ 3036.403481][T18783] loop2: detected capacity change from 0 to 512
[ 3036.935496][T18788] loop3: detected capacity change from 0 to 40427
[ 3036.966657][T18783] xt_CT: No such helper "syz1"
[ 3037.012364][T18788] F2FS-fs (loop3): Invalid SB checksum offset: 0
[ 3037.018532][T18788] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[ 3037.052936][T18788] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 3037.083673][T18788] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[ 3037.090680][T18788] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 3037.938581][    C1] eth0: bad gso: type: 1, size: 1408
[ 3038.016597][T18813] fuse: Unknown parameter ''
[ 3038.134893][T18817] netlink: 324 bytes leftover after parsing attributes in process `syz.4.13361'.
[ 3038.330302][   T26] usb 2-1: new high-speed USB device number 90 using dummy_hcd
[ 3038.738854][T18823] loop2: detected capacity change from 0 to 40427
[ 3038.797681][    C1] eth0: bad gso: type: 1, size: 1408
[ 3038.816594][T18823] F2FS-fs (loop2): Invalid SB checksum offset: 0
[ 3038.821620][   T26] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 3038.823927][T18823] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock
[ 3038.839985][   T26] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 3038.867739][   T26] usb 2-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00
[ 3038.881826][T18823] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 3038.886963][   T26] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3038.912135][   T26] usb 2-1: config 0 descriptor??
[ 3038.940848][T18823] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0
[ 3038.961514][T18823] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[ 3038.963247][   T26] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[ 3038.996750][T18829] loop3: detected capacity change from 0 to 40427
[ 3039.027831][T18829] F2FS-fs (loop3): invalid crc value
[ 3039.040312][T18829] F2FS-fs (loop3): Found nat_bits in checkpoint
[ 3039.076013][T18829] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 3039.102583][T18838] attempt to access beyond end of device
[ 3039.102583][T18838] loop3: rw=2049, want=45104, limit=40427
[ 3039.121755][T18831] loop4: detected capacity change from 0 to 40427
[ 3039.167652][   T30] audit: type=1400 audit(2000001978.192:5591): avc:  denied  { map } for  pid=18828 comm="syz.3.13368" path="socket:[240549]" dev="sockfs" ino=240549 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1
[ 3039.200215][T18831] F2FS-fs (loop4): Invalid SB checksum offset: 0
[ 3039.228889][T18831] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[ 3039.253155][T18831] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 3039.283301][T18831] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[ 3039.290237][T18831] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 3039.393236][T18851] loop2: detected capacity change from 0 to 512
[ 3039.712826][T18851] EXT4-fs (loop2): 1 orphan inode deleted
[ 3039.718390][T18851] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,usrquota,. Quota mode: writeback.
[ 3039.760014][T18851] ext4 filesystem being mounted at /48/file1 supports timestamps until 2038 (0x7fffffff)
[ 3039.979300][T18861] syz.2.13371[18861] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3039.979403][T18861] syz.2.13371[18861] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3040.793195][T18867] cgroup: none used incorrectly
[ 3040.989206][T11823] usb 2-1: USB disconnect, device number 90
[ 3041.037286][T18860] loop4: detected capacity change from 0 to 40427
[ 3041.075429][T18860] F2FS-fs (loop4): Invalid SB checksum offset: 0
[ 3041.087386][T18860] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[ 3041.113200][T18860] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 3041.143590][T17258] usb 1-1: new high-speed USB device number 124 using dummy_hcd
[ 3041.152074][T18860] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[ 3041.159009][T18860] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 3041.581605][T17258] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3041.592398][T17258] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3041.602219][T17258] usb 1-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[ 3041.611913][T17258] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3041.621923][T17258] usb 1-1: config 0 descriptor??
[ 3041.651641][T11823] usb 2-1: new high-speed USB device number 91 using dummy_hcd
[ 3042.012168][T18899] loop3: detected capacity change from 0 to 40427
[ 3042.125236][T18899] F2FS-fs (loop3): Invalid SB checksum offset: 0
[ 3042.133115][T17258] hid-steam 0003:28DE:1142.024C: unknown main item tag 0x0
[ 3042.146904][T18899] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[ 3042.155407][T17258] hid-steam 0003:28DE:1142.024C: unknown main item tag 0x0
[ 3042.157834][T18901] loop2: detected capacity change from 0 to 40427
[ 3042.162939][T17258] hid-steam 0003:28DE:1142.024C: unknown main item tag 0x0
[ 3042.172213][T18899] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 3042.176107][T17258] hid-steam 0003:28DE:1142.024C: unknown main item tag 0x0
[ 3042.194450][T17258] hid-steam 0003:28DE:1142.024C: unknown main item tag 0x0
[ 3042.203041][T18901] F2FS-fs (loop2): Invalid SB checksum offset: 0
[ 3042.209555][T17258] hid-steam 0003:28DE:1142.024C: hidraw0: USB HID v0.40 Device [HID 28de:1142] on usb-dummy_hcd.0-1/input0
[ 3042.215813][T18899] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[ 3042.221243][T18901] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock
[ 3042.227800][T18899] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 3042.246049][T18901] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 3042.281656][T11823] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3042.292844][T11823] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3042.302925][T11823] usb 2-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[ 3042.305615][T18901] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0
[ 3042.312111][T11823] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3042.324422][T18901] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[ 3042.331169][T11823] usb 2-1: config 0 descriptor??
[ 3042.347949][T17258] usb 1-1: USB disconnect, device number 124
[ 3042.604088][    C1] eth0: bad gso: type: 1, size: 1408
[ 3042.693715][T18925] loop3: detected capacity change from 0 to 256
[ 3042.747994][T18932] loop2: detected capacity change from 0 to 1024
[ 3042.762237][T18925] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[ 3042.842904][T11823] lg-g15 0003:046D:C222.024D: item fetching failed at offset 0/11
[ 3042.859316][T11823] lg-g15: probe of 0003:046D:C222.024D failed with error -22
[ 3042.978183][T18932] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[ 3043.162837][T18886] UDC core: couldn't find an available UDC or it's busy: -16
[ 3043.170210][T18886] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[ 3043.311941][ T6758] usb 2-1: USB disconnect, device number 91
[ 3043.342550][    C1] eth0: bad gso: type: 1, size: 1408
[ 3043.571308][T17258] usb 1-1: new high-speed USB device number 125 using dummy_hcd
[ 3043.608218][T18953] cgroup: none used incorrectly
[ 3043.750988][T18955] loop3: detected capacity change from 0 to 40427
[ 3043.760130][T18955] F2FS-fs (loop3): Invalid SB checksum offset: 0
[ 3043.766335][T18955] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[ 3043.777320][T18955] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 3043.799735][T18955] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[ 3043.806712][T18955] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 3043.978396][T17258] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 3044.068779][T17258] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 3044.148817][T17258] usb 1-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00
[ 3044.202657][T17258] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3044.267647][T17258] usb 1-1: config 0 descriptor??
[ 3044.312067][T17258] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[ 3044.629437][T18966] loop4: detected capacity change from 0 to 40427
[ 3044.672875][T18966] F2FS-fs (loop4): Invalid SB checksum offset: 0
[ 3044.679967][T18966] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[ 3044.716399][T18966] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 3044.765300][T18966] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[ 3044.772352][T18966] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 3044.792189][T18970] loop2: detected capacity change from 0 to 40427
[ 3044.807536][T18977] loop3: detected capacity change from 0 to 512
[ 3044.833462][T18970] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[ 3044.846455][T18970] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[ 3044.859598][T18977] EXT4-fs error (device loop3): ext4_orphan_get:1397: inode #15: comm syz.3.13397: casefold flag without casefold feature
[ 3044.863137][T18970] F2FS-fs (loop2): Found nat_bits in checkpoint
[ 3044.872862][T18977] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #12: comm syz.3.13397: missing EA_INODE flag
[ 3044.890007][T18977] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.13397: error while reading EA inode 12 err=-117
[ 3044.902889][T18977] EXT4-fs (loop3): 1 orphan inode deleted
[ 3044.906914][T18970] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[ 3044.915799][T18970] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[ 3044.923664][T18977] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[ 3045.574557][T19001] loop4: detected capacity change from 0 to 2048
[ 3045.619787][T19001] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[ 3045.710406][   T30] audit: type=1400 audit(2000001984.732:5592): avc:  denied  { write } for  pid=19000 comm="syz.4.13399" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[ 3045.731639][ T5208] usb 2-1: new high-speed USB device number 92 using dummy_hcd
[ 3045.731664][   T30] audit: type=1400 audit(2000001984.762:5593): avc:  denied  { ioctl } for  pid=19000 comm="syz.4.13399" path="socket:[241908]" dev="sockfs" ino=241908 ioctlcmd=0x8946 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[ 3045.962741][T19017] cgroup: none used incorrectly
[ 3046.081553][  T335] usb 3-1: new high-speed USB device number 101 using dummy_hcd
[ 3046.175329][ T8492] usb 1-1: USB disconnect, device number 125
[ 3046.431160][T19024] netlink: 324 bytes leftover after parsing attributes in process `syz.0.13407'.
[ 3046.492165][  T335] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3046.505899][  T335] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3046.519232][  T335] usb 3-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[ 3046.530751][  T335] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3046.534930][ T5208] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3046.543204][  T335] usb 3-1: config 0 descriptor??
[ 3046.563294][ T5208] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3046.572997][ T5208] usb 2-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00
[ 3046.581819][ T5208] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3046.590352][ T5208] usb 2-1: config 0 descriptor??
[ 3047.408232][T19035] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[ 3047.475710][T19039] netlink: 12 bytes leftover after parsing attributes in process `syz.0.13411'.
[ 3047.486674][ T5208] samsung 0003:0419:0600.024E: item fetching failed at offset 4/5
[ 3047.502512][ T5208] samsung 0003:0419:0600.024E: parse failed
[ 3047.516328][  T335] lg-g15 0003:046D:C222.024F: item fetching failed at offset 0/11
[ 3047.521646][ T5208] samsung: probe of 0003:0419:0600.024E failed with error -22
[ 3047.524191][  T335] lg-g15: probe of 0003:046D:C222.024F failed with error -22
[ 3047.545247][T19041] netlink: 12 bytes leftover after parsing attributes in process `syz.0.13412'.
[ 3047.656447][T19043] loop4: detected capacity change from 0 to 512
[ 3047.689490][T30259] usb 2-1: USB disconnect, device number 92
[ 3047.708104][T19007] loop2: detected capacity change from 0 to 512
[ 3047.733862][T19043] EXT4-fs error (device loop4): ext4_orphan_get:1423: comm syz.4.13413: bad orphan inode 17
[ 3047.744019][T19043] ext4_test_bit(bit=16, block=4) = 1
[ 3047.749129][T19043] is_bad_inode(inode)=0
[ 3047.753474][T19043] NEXT_ORPHAN(inode)=0
[ 3047.757488][T19043] max_ino=32
[ 3047.760553][T19043] i_nlink=1
[ 3047.763597][T19043] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[ 3047.777914][T19043] EXT4-fs error (device loop4): ext4_validate_block_bitmap:429: comm syz.4.13413: bg 0: block 7: invalid block bitmap
[ 3047.783445][T19007] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue. Quota mode: writeback.
[ 3047.806559][T19007] ext4 filesystem being mounted at /57/bus supports timestamps until 2038 (0x7fffffff)
[ 3047.821526][  T335] usb 1-1: new high-speed USB device number 126 using dummy_hcd
[ 3047.825356][T19007] UDC core: couldn't find an available UDC or it's busy: -16
[ 3047.836539][T19007] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[ 3047.845589][ T5208] usb 3-1: USB disconnect, device number 101
[ 3047.965866][   T30] audit: type=1400 audit(2000001986.992:5594): avc:  denied  { ioctl } for  pid=19052 comm="syz.4.13415" path="/42/file0/.pending_reads" dev="incremental-fs" ino=2 ioctlcmd=0x6726 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[ 3048.061544][  T335] usb 1-1: Using ep0 maxpacket: 32
[ 3048.181853][  T335] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3048.192638][  T335] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3048.205437][  T335] usb 1-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00
[ 3048.214559][  T335] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3048.295338][  T335] usb 1-1: config 0 descriptor??
[ 3048.357061][    C1] eth0: bad gso: type: 1, size: 1408
[ 3048.786821][T19068] cgroup: none used incorrectly
[ 3048.891777][ T8492] usb 3-1: new high-speed USB device number 102 using dummy_hcd
[ 3048.992478][  T335] hkems 0003:2006:0118.0250: unbalanced delimiter at end of report description
[ 3049.001438][  T335] hkems 0003:2006:0118.0250: parse failed
[ 3049.007004][  T335] hkems: probe of 0003:2006:0118.0250 failed with error -22
[ 3049.193225][  T335] usb 1-1: USB disconnect, device number 126
[ 3049.261654][ T8492] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 3049.271760][ T8492] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 3049.284827][ T8492] usb 3-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00
[ 3049.293927][ T8492] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3049.306384][ T8492] usb 3-1: config 0 descriptor??
[ 3049.344441][ T8492] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[ 3049.452414][T19077] netlink: 12 bytes leftover after parsing attributes in process `syz.1.13422'.
[ 3049.531815][T11823] Bluetooth: hci0: command 0x1003 tx timeout
[ 3049.537789][T24910] Bluetooth: hci0: sending frame failed (-49)
[ 3049.829615][   T30] audit: type=1400 audit(2000001988.852:5595): avc:  denied  { getopt } for  pid=19083 comm="syz.4.13424" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 3050.121506][T11823] usb 5-1: new high-speed USB device number 125 using dummy_hcd
[ 3050.487515][T19097] syz.1.13427[19097] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3050.488008][T19097] syz.1.13427[19097] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3050.881680][T11823] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3050.904687][T11823] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3050.914312][T11823] usb 5-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00
[ 3050.923133][T11823] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3050.933227][T11823] usb 5-1: config 0 descriptor??
[ 3051.171527][  T335] usb 1-1: new high-speed USB device number 127 using dummy_hcd
[ 3051.455861][ T8492] usb 3-1: USB disconnect, device number 102
[ 3051.532869][T11823] samsung 0003:0419:0600.0251: item fetching failed at offset 4/5
[ 3051.540672][T11823] samsung 0003:0419:0600.0251: parse failed
[ 3051.546746][T11823] samsung: probe of 0003:0419:0600.0251 failed with error -22
[ 3051.611532][T30259] Bluetooth: hci0: command 0x1001 tx timeout
[ 3051.617693][T24910] Bluetooth: hci0: sending frame failed (-49)
[ 3051.641588][  T335] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3051.652419][  T335] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3051.652651][T19106] loop2: detected capacity change from 0 to 40427
[ 3051.662028][  T335] usb 1-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[ 3051.678459][  T335] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3051.679678][T19106] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[ 3051.687195][  T335] usb 1-1: config 0 descriptor??
[ 3051.697398][T19106] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[ 3051.699002][T30259] usb 5-1: USB disconnect, device number 125
[ 3051.709589][T19106] F2FS-fs (loop2): Found nat_bits in checkpoint
[ 3051.735683][T19106] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[ 3051.742611][T19106] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[ 3052.173036][  T335] lg-g15 0003:046D:C222.0252: item fetching failed at offset 0/11
[ 3052.183016][  T335] lg-g15: probe of 0003:046D:C222.0252 failed with error -22
[ 3052.284222][   T30] audit: type=1326 audit(2000001991.312:5596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19120 comm="syz.1.13433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f854c621ff9 code=0x7ffc0000
[ 3052.307839][   T30] audit: type=1326 audit(2000001991.322:5597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19120 comm="syz.1.13433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f854c621ff9 code=0x7ffc0000
[ 3052.331384][   T30] audit: type=1326 audit(2000001991.322:5598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19120 comm="syz.1.13433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f854c621ff9 code=0x7ffc0000
[ 3052.355125][   T30] audit: type=1326 audit(2000001991.322:5599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19120 comm="syz.1.13433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f854c621ff9 code=0x7ffc0000
[ 3052.379155][   T30] audit: type=1326 audit(2000001991.322:5600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19120 comm="syz.1.13433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f854c621ff9 code=0x7ffc0000
[ 3052.403277][   T30] audit: type=1326 audit(2000001991.322:5601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19120 comm="syz.1.13433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f854c621ff9 code=0x7ffc0000
[ 3052.430274][T19100] UDC core: couldn't find an available UDC or it's busy: -16
[ 3052.432370][   T30] audit: type=1326 audit(2000001991.402:5602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19120 comm="syz.1.13433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f854c621ff9 code=0x7ffc0000
[ 3052.437631][T19100] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[ 3052.468752][   T30] audit: type=1326 audit(2000001991.402:5603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19120 comm="syz.1.13433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f854c621ff9 code=0x7ffc0000
[ 3052.493084][   T30] audit: type=1326 audit(2000001991.432:5604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19120 comm="syz.1.13433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f854c621ff9 code=0x7ffc0000
[ 3052.516461][  T335] usb 5-1: new high-speed USB device number 126 using dummy_hcd
[ 3052.527314][T11823] usb 1-1: USB disconnect, device number 127
[ 3052.534886][   T30] audit: type=1326 audit(2000001991.432:5605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19120 comm="syz.1.13433" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f854c621ff9 code=0x7ffc0000
[ 3052.932804][  T335] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3052.960126][  T335] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3053.019708][  T335] usb 5-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00
[ 3053.029023][  T335] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3053.042004][  T335] usb 5-1: config 0 descriptor??
[ 3053.145313][    C1] eth0: bad gso: type: 1, size: 1408
[ 3053.616188][T19146] loop2: detected capacity change from 0 to 1024
[ 3053.631789][T19146] EXT4-fs (loop2): first meta block group too large: 50331648 (group descriptor block count 1)
[ 3053.662134][  T335] usbhid 5-1:0.0: can't add hid device: -71
[ 3053.668027][  T335] usbhid: probe of 5-1:0.0 failed with error -71
[ 3053.693068][  T335] usb 5-1: USB disconnect, device number 126
[ 3053.703816][T31068] Bluetooth: hci0: command 0x1009 tx timeout
[ 3053.741181][T19146] loop2: detected capacity change from 0 to 256
[ 3053.753581][T19144] loop4: detected capacity change from 0 to 40427
[ 3053.854450][T19144] F2FS-fs (loop4): Invalid SB checksum offset: 0
[ 3053.866115][T19144] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[ 3053.877628][T19144] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 3053.899686][T19144] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[ 3053.906609][T19144] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 3053.971550][T31068] usb 2-1: new high-speed USB device number 93 using dummy_hcd
[ 3054.006188][T19155] loop2: detected capacity change from 0 to 128
[ 3054.333487][T19155] EXT4-fs (loop2): Test dummy encryption mode enabled
[ 3054.440367][T19155] EXT4-fs (loop2): mounted filesystem without journal. Opts: test_dummy_encryption,,errors=continue. Quota mode: none.
[ 3054.452961][T19155] ext4 filesystem being mounted at /61/mnt supports timestamps until 2038 (0x7fffffff)
[ 3054.563369][T19164] loop4: detected capacity change from 0 to 512
[ 3054.833257][T19164] EXT4-fs error (device loop4): ext4_orphan_get:1423: comm syz.4.13442: bad orphan inode 17
[ 3054.845079][T19164] ext4_test_bit(bit=16, block=4) = 1
[ 3054.850479][T19164] is_bad_inode(inode)=0
[ 3054.854892][T19164] NEXT_ORPHAN(inode)=0
[ 3054.858842][T19164] max_ino=32
[ 3054.861799][T31068] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 3054.861846][T31068] usb 2-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00
[ 3054.861867][T31068] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3054.874894][T31068] usb 2-1: config 0 descriptor??
[ 3054.883434][T19164] i_nlink=1
[ 3054.899395][T19164] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[ 3054.911455][T19164] FAULT_INJECTION: forcing a failure.
[ 3054.911455][T19164] name failslab, interval 1, probability 0, space 0, times 0
[ 3054.924274][T19164] CPU: 0 PID: 19164 Comm: syz.4.13442 Tainted: G        W         5.15.165-syzkaller-01568-g80dd36dca275 #0
[ 3054.932114][T31068] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[ 3054.935489][T19164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 3054.935505][T19164] Call Trace:
[ 3054.935511][T19164]  <TASK>
[ 3054.935518][T19164]  dump_stack_lvl+0x151/0x1c0
[ 3054.935544][T19164]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 3054.935565][T19164]  dump_stack+0x15/0x20
[ 3054.935589][T19164]  should_fail+0x3c6/0x510
[ 3054.935611][T19164]  __should_failslab+0xa4/0xe0
[ 3054.981929][T19164]  ? security_file_alloc+0x29/0x120
[ 3054.986958][T19164]  should_failslab+0x9/0x20
[ 3054.991302][T19164]  slab_pre_alloc_hook+0x37/0xd0
[ 3054.996071][T19164]  ? security_file_alloc+0x29/0x120
[ 3055.001105][T19164]  kmem_cache_alloc+0x44/0x200
[ 3055.005706][T19164]  security_file_alloc+0x29/0x120
[ 3055.010564][T19164]  __alloc_file+0xb2/0x2a0
[ 3055.014818][T19164]  alloc_empty_file+0x95/0x180
[ 3055.019417][T19164]  path_openat+0xfe/0x2f40
[ 3055.023672][T19164]  ? stack_trace_snprint+0xf0/0xf0
[ 3055.028619][T19164]  ? kmem_cache_free+0x116/0x2e0
[ 3055.033392][T19164]  ? __kasan_slab_alloc+0xc3/0xe0
[ 3055.038254][T19164]  ? __kasan_slab_alloc+0xb1/0xe0
[ 3055.043110][T19164]  ? slab_post_alloc_hook+0x53/0x2c0
[ 3055.048232][T19164]  ? kmem_cache_alloc+0xf5/0x200
[ 3055.053006][T19164]  ? getname_flags+0xba/0x520
[ 3055.057608][T19164]  ? getname+0x19/0x20
[ 3055.061509][T19164]  ? do_sys_openat2+0xd7/0x820
[ 3055.066112][T19164]  ? __x64_sys_open+0x221/0x270
[ 3055.070799][T19164]  ? x64_sys_call+0x36/0x9a0
[ 3055.075225][T19164]  ? do_syscall_64+0x3b/0xb0
[ 3055.079649][T19164]  ? entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 3055.085557][T19164]  ? do_filp_open+0x460/0x460
[ 3055.090145][T19164]  do_filp_open+0x21c/0x460
[ 3055.094471][T19164]  ? vfs_tmpfile+0x2c0/0x2c0
[ 3055.098841][T19164]  do_sys_openat2+0x13f/0x820
[ 3055.103344][T19164]  ? wait_for_completion_killable_timeout+0x10/0x10
[ 3055.109773][T19164]  ? __mutex_lock_slowpath+0x10/0x10
[ 3055.114654][T19169] loop2: detected capacity change from 0 to 40427
[ 3055.114885][T19164]  ? do_sys_open+0x220/0x220
[ 3055.125567][T19164]  ? __kasan_check_write+0x14/0x20
[ 3055.130513][T19164]  ? ksys_write+0x260/0x2c0
[ 3055.134853][T19164]  __x64_sys_open+0x221/0x270
[ 3055.139364][T19164]  ? do_sys_openat2+0x820/0x820
[ 3055.144052][T19164]  ? debug_smp_processor_id+0x17/0x20
[ 3055.149257][T19164]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 3055.155157][T19164]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 3055.160623][T19164]  x64_sys_call+0x36/0x9a0
[ 3055.164876][T19164]  do_syscall_64+0x3b/0xb0
[ 3055.169133][T19164]  ? clear_bhb_loop+0x35/0x90
[ 3055.173647][T19164]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 3055.179371][T19164] RIP: 0033:0x7f721c884ff9
[ 3055.183642][T19164] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 3055.203066][T19164] RSP: 002b:00007f721b4fe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 3055.211307][T19164] RAX: ffffffffffffffda RBX: 00007f721ca3cf80 RCX: 00007f721c884ff9
[ 3055.219120][T19164] RDX: 0000000000000000 RSI: 0000000000147042 RDI: 0000000020000040
[ 3055.226931][T19164] RBP: 00007f721b4fe090 R08: 0000000000000000 R09: 0000000000000000
[ 3055.234745][T19164] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3055.242553][T19164] R13: 0000000000000000 R14: 00007f721ca3cf80 R15: 00007ffed936e8b8
[ 3055.250383][T19164]  </TASK>
[ 3055.262917][T19169] F2FS-fs (loop2): Invalid SB checksum offset: 0
[ 3055.269078][T19169] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock
[ 3055.280000][T19169] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 3055.361129][T19169] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0
[ 3055.368421][T19169] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[ 3055.519624][T19174] loop4: detected capacity change from 0 to 40427
[ 3055.785733][T19174] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[ 3055.805880][T19174] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[ 3055.823448][T19174] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 3055.845618][T19174] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[ 3055.852848][T19174] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 3056.353000][T11823] usb 3-1: new high-speed USB device number 103 using dummy_hcd
[ 3056.611989][T19193] loop4: detected capacity change from 0 to 40427
[ 3056.635559][T19193] F2FS-fs (loop4): Invalid SB checksum offset: 0
[ 3056.642058][T19193] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[ 3056.658029][T19193] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 3056.702420][   T20] usb 2-1: USB disconnect, device number 93
[ 3056.720082][T19193] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[ 3056.727709][T19193] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 3056.729810][T11823] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3056.793785][T11823] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3056.804116][T11823] usb 3-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[ 3056.831301][T11823] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3056.842520][T11823] usb 3-1: config 0 descriptor??
[ 3057.323016][T19211] syz.1.13450[19211] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3057.323106][T19211] syz.1.13450[19211] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3057.561783][T31068] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[ 3057.674332][T19216] FAULT_INJECTION: forcing a failure.
[ 3057.674332][T19216] name failslab, interval 1, probability 0, space 0, times 0
[ 3057.687271][T19216] CPU: 0 PID: 19216 Comm: syz.1.13454 Tainted: G        W         5.15.165-syzkaller-01568-g80dd36dca275 #0
[ 3057.698570][T19216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 3057.708429][T19216] Call Trace:
[ 3057.711555][T19216]  <TASK>
[ 3057.714338][T19216]  dump_stack_lvl+0x151/0x1c0
[ 3057.718931][T19216]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 3057.724409][T19216]  ? avc_denied+0x1b0/0x1b0
[ 3057.728737][T19216]  ? __kasan_slab_alloc+0xc3/0xe0
[ 3057.733598][T19216]  dump_stack+0x15/0x20
[ 3057.737591][T19216]  should_fail+0x3c6/0x510
[ 3057.741931][T19216]  __should_failslab+0xa4/0xe0
[ 3057.746531][T19216]  ? __d_alloc+0x2d/0x6c0
[ 3057.750695][T19216]  should_failslab+0x9/0x20
[ 3057.755036][T19216]  slab_pre_alloc_hook+0x37/0xd0
[ 3057.759813][T19216]  ? __d_alloc+0x2d/0x6c0
[ 3057.764007][T19216]  kmem_cache_alloc+0x44/0x200
[ 3057.768575][T19216]  __d_alloc+0x2d/0x6c0
[ 3057.772569][T19216]  d_alloc_parallel+0xe6/0x12e0
[ 3057.777254][T19216]  ? inode_permission+0xf8/0x460
[ 3057.782031][T19216]  ? link_path_walk+0xb29/0xd90
[ 3057.786811][T19216]  ? d_hash_and_lookup+0x1e0/0x1e0
[ 3057.791759][T19216]  ? rwsem_mark_wake+0x770/0x770
[ 3057.796532][T19216]  ? __mnt_want_write+0x1f6/0x270
[ 3057.801408][T19216]  path_openat+0xa02/0x2f40
[ 3057.805732][T19216]  ? stack_trace_snprint+0xf0/0xf0
[ 3057.810767][T19216]  ? __kasan_slab_alloc+0xb1/0xe0
[ 3057.815624][T19216]  ? kmem_cache_alloc+0xf5/0x200
[ 3057.820404][T19216]  ? do_filp_open+0x460/0x460
[ 3057.824917][T19216]  do_filp_open+0x21c/0x460
[ 3057.829342][T19216]  ? vfs_tmpfile+0x2c0/0x2c0
[ 3057.833769][T19216]  do_sys_openat2+0x13f/0x820
[ 3057.838365][T19216]  ? wait_for_completion_killable_timeout+0x10/0x10
[ 3057.844789][T19216]  ? __mutex_lock_slowpath+0x10/0x10
[ 3057.849907][T19216]  ? do_sys_open+0x220/0x220
[ 3057.854342][T19216]  ? __kasan_check_write+0x14/0x20
[ 3057.859283][T19216]  ? ksys_write+0x260/0x2c0
[ 3057.863626][T19216]  __x64_sys_open+0x221/0x270
[ 3057.868136][T19216]  ? do_sys_openat2+0x820/0x820
[ 3057.872821][T19216]  ? debug_smp_processor_id+0x17/0x20
[ 3057.878114][T19216]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 3057.884018][T19216]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 3057.889485][T19216]  x64_sys_call+0x36/0x9a0
[ 3057.893751][T19216]  do_syscall_64+0x3b/0xb0
[ 3057.897990][T19216]  ? clear_bhb_loop+0x35/0x90
[ 3057.902503][T19216]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 3057.908751][T19216] RIP: 0033:0x7f854c621ff9
[ 3057.913007][T19216] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 3057.932554][T19216] RSP: 002b:00007f854b29b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 3057.940779][T19216] RAX: ffffffffffffffda RBX: 00007f854c7d9f80 RCX: 00007f854c621ff9
[ 3057.948704][T19216] RDX: 0000000000000000 RSI: 0000000000147042 RDI: 0000000020000040
[ 3057.956515][T19216] RBP: 00007f854b29b090 R08: 0000000000000000 R09: 0000000000000000
[ 3057.964321][T19216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3057.972132][T19216] R13: 0000000000000000 R14: 00007f854c7d9f80 R15: 00007fff2ea74d68
[ 3057.979950][T19216]  </TASK>
[ 3058.019080][T11823] lg-g15 0003:046D:C222.0253: item fetching failed at offset 0/11
[ 3058.031754][T11823] lg-g15: probe of 0003:046D:C222.0253 failed with error -22
[ 3058.097017][T19219] loop2: detected capacity change from 0 to 512
[ 3058.419948][T19214] bridge0: port 1(bridge_slave_0) entered blocking state
[ 3058.427156][T19214] bridge0: port 1(bridge_slave_0) entered disabled state
[ 3058.434790][T19214] device bridge_slave_0 entered promiscuous mode
[ 3058.458654][T19214] bridge0: port 2(bridge_slave_1) entered blocking state
[ 3058.465648][T31068] usb 1-1: config 0 has an invalid descriptor of length 160, skipping remainder of the config
[ 3058.477514][T19214] bridge0: port 2(bridge_slave_1) entered disabled state
[ 3058.487118][T31068] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 3058.487801][T19219] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue. Quota mode: writeback.
[ 3058.500689][T19214] device bridge_slave_1 entered promiscuous mode
[ 3058.521757][T31068] usb 1-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00
[ 3058.530518][T31068] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3058.530938][T19219] ext4 filesystem being mounted at /63/bus supports timestamps until 2038 (0x7fffffff)
[ 3058.565942][T19187] UDC core: couldn't find an available UDC or it's busy: -16
[ 3058.591527][T19187] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[ 3058.625536][T18692] usb 3-1: USB disconnect, device number 103
[ 3058.637452][T31068] usb 1-1: config 0 descriptor??
[ 3058.692162][T31068] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[ 3058.722462][T19214] bridge0: port 2(bridge_slave_1) entered blocking state
[ 3058.729319][T19214] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 3058.736514][T19214] bridge0: port 1(bridge_slave_0) entered blocking state
[ 3058.743459][T19214] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 3058.775722][T10194] bridge0: port 1(bridge_slave_0) entered disabled state
[ 3058.843045][T10194] bridge0: port 2(bridge_slave_1) entered disabled state
[ 3058.851059][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 3058.858760][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 3058.891914][T14062] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 3058.910001][T14062] bridge0: port 1(bridge_slave_0) entered blocking state
[ 3058.916900][T14062] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 3058.932293][T19238] loop4: detected capacity change from 0 to 40427
[ 3058.956455][T19238] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[ 3058.964116][T19238] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[ 3058.979150][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 3058.987438][T10194] bridge0: port 2(bridge_slave_1) entered blocking state
[ 3058.987737][T19238] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 3058.994335][T10194] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 3059.220882][ T2803] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 3059.270201][T19238] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[ 3059.291129][ T2803] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 3059.301994][T19238] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 3059.372249][T10171] device bridge_slave_1 left promiscuous mode
[ 3059.378285][T10171] bridge0: port 2(bridge_slave_1) entered disabled state
[ 3059.386445][T10171] device bridge_slave_0 left promiscuous mode
[ 3059.392581][T10171] bridge0: port 1(bridge_slave_0) entered disabled state
[ 3059.400807][T10171] device veth1_macvtap left promiscuous mode
[ 3059.407662][T10171] device veth0_vlan left promiscuous mode
[ 3059.640383][T31068] usb 2-1: new high-speed USB device number 94 using dummy_hcd
[ 3059.739099][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 3059.747642][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 3059.792073][T19252] loop2: detected capacity change from 0 to 40427
[ 3059.795208][T19214] device veth0_vlan entered promiscuous mode
[ 3059.805567][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 3059.813901][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 3059.821945][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 3059.829317][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 3059.843494][T19214] device veth1_macvtap entered promiscuous mode
[ 3059.851283][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 3059.856635][T19252] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[ 3059.867770][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 3059.874438][T19252] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[ 3059.884905][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 3059.892124][T19252] F2FS-fs (loop2): invalid crc value
[ 3059.903422][T19252] F2FS-fs (loop2): Found nat_bits in checkpoint
[ 3059.913915][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 3059.922892][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 3059.946845][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 3059.963508][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 3059.999728][T19252] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[ 3060.013168][T19252] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[ 3060.016294][T19265] UDC core: couldn't find an available UDC or it's busy: -16
[ 3060.027939][T19265] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[ 3060.042985][T19265] input: syz1 as /devices/virtual/input/input132
[ 3060.124293][T19266] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[ 3060.151741][T31068] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 3060.165585][   T30] kauditd_printk_skb: 26 callbacks suppressed
[ 3060.165600][   T30] audit: type=1400 audit(2000001999.194:5632): avc:  denied  { read } for  pid=19264 comm="syz.3.13463" name="loop-control" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[ 3060.217940][   T30] audit: type=1400 audit(2000001999.194:5633): avc:  denied  { open } for  pid=19264 comm="syz.3.13463" path="/dev/loop-control" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[ 3060.244448][   T30] audit: type=1400 audit(2000001999.244:5634): avc:  denied  { ioctl } for  pid=19264 comm="syz.3.13463" path="/dev/loop-control" dev="devtmpfs" ino=111 ioctlcmd=0x4c82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[ 3060.467974][T31068] usb 2-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00
[ 3060.477173][T31068] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3060.507602][ T5390] usb 1-1: USB disconnect, device number 2
[ 3060.514168][T31068] usb 2-1: config 0 descriptor??
[ 3060.552093][T31068] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[ 3061.453281][T19287] loop2: detected capacity change from 0 to 512
[ 3061.521987][T19287] EXT4-fs (loop2): couldn't mount as ext2 due to feature incompatibilities
[ 3061.831604][T11823] usb 3-1: new high-speed USB device number 104 using dummy_hcd
[ 3062.031623][T19297] syz.3.13471[19297] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3062.032193][T19297] syz.3.13471[19297] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3062.206102][ T5390] Bluetooth: hci0: command 0x1003 tx timeout
[ 3062.282356][T24910] Bluetooth: hci0: sending frame failed (-49)
[ 3062.316286][T28745] usb 2-1: USB disconnect, device number 94
[ 3062.471369][T19303] syz.0.13472[19303] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3062.472007][T19303] syz.0.13472[19303] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3062.743615][T19306] UDC core: couldn't find an available UDC or it's busy: -16
[ 3062.762201][T19306] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[ 3062.841637][T11823] usb 3-1: New USB device found, idVendor=1ac7, idProduct=0001, bcdDevice=cc.19
[ 3062.850547][T11823] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3062.858710][T11823] usb 3-1: Product: syz
[ 3063.161270][T11823] usb 3-1: Manufacturer: syz
[ 3063.184589][T11823] usb 3-1: SerialNumber: syz
[ 3063.194141][T11823] usb 3-1: config 0 descriptor??
[ 3063.221551][T28745] usb 2-1: new high-speed USB device number 95 using dummy_hcd
[ 3063.663236][T18692] usb 3-1: USB disconnect, device number 104
[ 3063.741565][T28745] usb 2-1: Using ep0 maxpacket: 32
[ 3063.937203][   T30] audit: type=1400 audit(2000002002.924:5635): avc:  denied  { bind } for  pid=19319 comm="syz.2.13477" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[ 3064.151755][T28745] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3064.163017][T28745] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3064.172705][T28745] usb 2-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00
[ 3064.181753][T28745] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3064.192562][T28745] usb 2-1: config 0 descriptor??
[ 3064.331534][ T5390] Bluetooth: hci0: command 0x1001 tx timeout
[ 3064.338321][T24910] Bluetooth: hci0: sending frame failed (-49)
[ 3064.593027][T19328] loop2: detected capacity change from 0 to 512
[ 3064.672240][T19328] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[ 3064.682519][T28745] hkems 0003:2006:0118.0254: unbalanced delimiter at end of report description
[ 3064.683357][T19328] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002]
[ 3064.693821][T28745] hkems 0003:2006:0118.0254: parse failed
[ 3064.699829][T19328] System zones: 1-12
[ 3064.704725][T28745] hkems: probe of 0003:2006:0118.0254 failed with error -22
[ 3064.716869][T19328] EXT4-fs (loop2): 1 truncate cleaned up
[ 3064.722434][T19328] EXT4-fs (loop2): mounted filesystem without journal. Opts: nogrpid,jqfmt=vfsv0,debug_want_extra_isize=0x0000000000000068,debug,nombcache,quota,nolazytime,,errors=continue. Quota mode: writeback.
[ 3064.886079][T28745] usb 2-1: USB disconnect, device number 95
[ 3065.404343][T19337] netlink: 20 bytes leftover after parsing attributes in process `syz.0.13481'.
[ 3066.050818][T19347] loop2: detected capacity change from 0 to 512
[ 3066.141423][T19347] EXT4-fs error (device loop2): ext4_orphan_get:1423: comm syz.2.13484: bad orphan inode 17
[ 3066.151822][T19347] ext4_test_bit(bit=16, block=4) = 1
[ 3066.156932][T19347] is_bad_inode(inode)=0
[ 3066.160919][T19347] NEXT_ORPHAN(inode)=0
[ 3066.165333][T19347] max_ino=32
[ 3066.168346][T19347] i_nlink=1
[ 3066.171336][T19347] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[ 3066.516176][T30259] Bluetooth: hci0: command 0x1009 tx timeout
[ 3066.553373][T19347] EXT4-fs error (device loop2): ext4_validate_block_bitmap:429: comm syz.2.13484: bg 0: block 7: invalid block bitmap
[ 3066.573462][T19356] FAULT_INJECTION: forcing a failure.
[ 3066.573462][T19356] name failslab, interval 1, probability 0, space 0, times 0
[ 3066.586870][T19356] CPU: 0 PID: 19356 Comm: syz.0.13486 Tainted: G        W         5.15.165-syzkaller-01568-g80dd36dca275 #0
[ 3066.598142][T19356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 3066.608039][T19356] Call Trace:
[ 3066.611171][T19356]  <TASK>
[ 3066.613935][T19356]  dump_stack_lvl+0x151/0x1c0
[ 3066.618449][T19356]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 3066.623918][T19356]  ? 0xffffffffa00124d0
[ 3066.627911][T19356]  dump_stack+0x15/0x20
[ 3066.631902][T19356]  should_fail+0x3c6/0x510
[ 3066.636154][T19356]  __should_failslab+0xa4/0xe0
[ 3066.640754][T19356]  should_failslab+0x9/0x20
[ 3066.645183][T19356]  slab_pre_alloc_hook+0x37/0xd0
[ 3066.649954][T19356]  __kmalloc+0x6d/0x270
[ 3066.653957][T19356]  ? kvmalloc_node+0x1f0/0x4d0
[ 3066.658634][T19356]  kvmalloc_node+0x1f0/0x4d0
[ 3066.663067][T19356]  ? vm_mmap+0xb0/0xb0
[ 3066.667053][T19356]  ? __kasan_slab_alloc+0x63/0xe0
[ 3066.671916][T19356]  seq_read_iter+0x1ff/0xd00
[ 3066.676341][T19356]  ? do_sendfile+0x613/0xfe0
[ 3066.680767][T19356]  ? __x64_sys_sendfile64+0x1ce/0x230
[ 3066.685974][T19356]  ? x64_sys_call+0x140/0x9a0
[ 3066.690491][T19356]  kernfs_fop_read_iter+0x145/0x470
[ 3066.695522][T19356]  generic_file_splice_read+0x4aa/0x780
[ 3066.700901][T19356]  ? splice_shrink_spd+0xb0/0xb0
[ 3066.705675][T19356]  ? __kasan_check_read+0x11/0x20
[ 3066.710539][T19356]  ? fsnotify_perm+0x269/0x5b0
[ 3066.715144][T19356]  ? security_file_permission+0x86/0xb0
[ 3066.720520][T19356]  ? rw_verify_area+0xa7/0x1c0
[ 3066.725115][T19356]  splice_direct_to_actor+0x439/0xbe0
[ 3066.730440][T19356]  ? do_splice_direct+0x3c0/0x3c0
[ 3066.735271][T19356]  ? pipe_to_sendpage+0x340/0x340
[ 3066.740139][T19356]  ? rw_verify_area+0xa7/0x1c0
[ 3066.744733][T19356]  do_splice_direct+0x27f/0x3c0
[ 3066.749514][T19356]  ? splice_direct_to_actor+0xbe0/0xbe0
[ 3066.754894][T19356]  ? fsnotify_perm+0x6a/0x5b0
[ 3066.759406][T19356]  ? security_file_permission+0x86/0xb0
[ 3066.764789][T19356]  do_sendfile+0x613/0xfe0
[ 3066.769040][T19356]  ? __kasan_check_write+0x14/0x20
[ 3066.773989][T19356]  ? do_preadv+0x350/0x350
[ 3066.778242][T19356]  ? ksys_write+0x260/0x2c0
[ 3066.782589][T19356]  __x64_sys_sendfile64+0x1ce/0x230
[ 3066.787616][T19356]  ? __ia32_sys_sendfile+0x240/0x240
[ 3066.792735][T19356]  ? debug_smp_processor_id+0x17/0x20
[ 3066.797941][T19356]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 3066.803844][T19356]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 3066.809333][T19356]  x64_sys_call+0x140/0x9a0
[ 3066.813759][T19356]  do_syscall_64+0x3b/0xb0
[ 3066.818010][T19356]  ? clear_bhb_loop+0x35/0x90
[ 3066.822525][T19356]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 3066.828254][T19356] RIP: 0033:0x7f10bd867ff9
[ 3066.832509][T19356] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 3066.852045][T19356] RSP: 002b:00007f10bc4e1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 3066.860287][T19356] RAX: ffffffffffffffda RBX: 00007f10bda1ff80 RCX: 00007f10bd867ff9
[ 3066.868099][T19356] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000007
[ 3066.875913][T19356] RBP: 00007f10bc4e1090 R08: 0000000000000000 R09: 0000000000000000
[ 3066.883720][T19356] R10: 0000000000000401 R11: 0000000000000246 R12: 0000000000000001
[ 3066.891533][T19356] R13: 0000000000000000 R14: 00007f10bda1ff80 R15: 00007ffc4b9873e8
[ 3066.899359][T19356]  </TASK>
[ 3067.062327][T29747] usb 2-1: new high-speed USB device number 96 using dummy_hcd
[ 3067.352645][T19369] syz.3.13490[19369] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3067.352737][T19369] syz.3.13490[19369] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3068.251683][T29747] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[ 3068.273915][T29747] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[ 3068.284862][T29747] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 3068.297544][T29747] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 3068.306387][T29747] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3068.315210][T29747] usb 2-1: config 0 descriptor??
[ 3068.331641][T19355] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[ 3068.792738][T29747] plantronics 0003:047F:FFFF.0255: ignoring exceeding usage max
[ 3068.859499][T19384] syz.0.13493[19384] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3068.859984][T19384] syz.0.13493[19384] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3069.103766][T29747] plantronics 0003:047F:FFFF.0255: No inputs registered, leaving
[ 3069.124275][T29747] plantronics 0003:047F:FFFF.0255: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[ 3069.138167][T29747] usb 2-1: USB disconnect, device number 96
[ 3069.674119][T19394] syz.1.13496[19394] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3069.674208][T19394] syz.1.13496[19394] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3069.715263][T19390] netlink: 20 bytes leftover after parsing attributes in process `syz.0.13495'.
[ 3069.894663][T19390] device ip6tnl0 entered promiscuous mode
[ 3069.923062][T19390] device vlan2 entered promiscuous mode
[ 3070.061798][T19390] device ip6tnl0 left promiscuous mode
[ 3070.305920][    C1] eth0: bad gso: type: 1, size: 1408
[ 3070.449556][T19407] loop2: detected capacity change from 0 to 40427
[ 3070.456438][T19408] bridge0: port 1(bridge_slave_0) entered blocking state
[ 3070.569227][T19416] syz.1.13502[19416] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3070.569775][T19416] syz.1.13502[19416] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3071.124744][T19408] bridge0: port 1(bridge_slave_0) entered disabled state
[ 3071.201728][T19420] UDC core: couldn't find an available UDC or it's busy: -16
[ 3071.219138][T19420] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[ 3071.228072][T19408] device bridge_slave_0 entered promiscuous mode
[ 3071.257522][T19408] bridge0: port 2(bridge_slave_1) entered blocking state
[ 3071.271595][T19408] bridge0: port 2(bridge_slave_1) entered disabled state
[ 3071.278923][T19408] device bridge_slave_1 entered promiscuous mode
[ 3071.388068][T19425] netlink: 12 bytes leftover after parsing attributes in process `syz.1.13505'.
[ 3071.619579][ T2803] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 3071.633267][ T2803] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 3071.661884][ T2803] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 3071.879514][ T2803] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 3071.906525][ T2803] bridge0: port 1(bridge_slave_0) entered blocking state
[ 3071.913416][ T2803] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 3071.949559][ T2803] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 3071.974382][ T2803] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 3072.003373][ T2803] bridge0: port 2(bridge_slave_1) entered blocking state
[ 3072.010247][ T2803] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 3072.058969][T19433] netlink: 24 bytes leftover after parsing attributes in process `syz.3.13507'.
[ 3072.075802][ T2803] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 3072.095019][ T2803] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 3072.119089][ T2803] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 3072.222441][T10171] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 3072.254371][T10171] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 3072.269419][T10171] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 3072.288242][T10171] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 3072.299283][T19445] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[ 3072.310487][T19408] device veth0_vlan entered promiscuous mode
[ 3072.325012][T10171] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 3072.334650][T10171] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 3072.360988][T19408] device veth1_macvtap entered promiscuous mode
[ 3072.380755][T10171] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 3072.389980][T10171] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 3072.423132][T10171] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 3072.457474][T10171] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 3072.468720][T10171] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 3072.533359][T31068] hid (null): global environment stack underflow
[ 3072.540039][   T30] audit: type=1400 audit(2000002011.560:5636): avc:  denied  { write } for  pid=19443 comm="syz.0.13510" name="file0" dev="tmpfs" ino=933 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[ 3072.564835][T31068] hid (null): invalid report_size 3331
[ 3072.582490][T31068] hid-generic 7775:0004:0004.0256: global environment stack underflow
[ 3072.615496][T31068] hid-generic 7775:0004:0004.0256: item 0 2 1 11 parsing failed
[ 3072.622924][   T30] audit: type=1400 audit(2000002011.560:5637): avc:  denied  { open } for  pid=19443 comm="syz.0.13510" path="/166/file0" dev="tmpfs" ino=933 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[ 3072.640926][T31068] hid-generic: probe of 7775:0004:0004.0256 failed with error -22
[ 3072.645916][   T30] audit: type=1400 audit(2000002011.590:5638): avc:  denied  { ioctl } for  pid=19443 comm="syz.0.13510" path="/166/file0" dev="tmpfs" ino=933 ioctlcmd=0x1264 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[ 3072.678355][T10194] device bridge_slave_1 left promiscuous mode
[ 3072.685467][T10194] bridge0: port 2(bridge_slave_1) entered disabled state
[ 3072.705878][T10194] device bridge_slave_0 left promiscuous mode
[ 3072.713983][T10194] bridge0: port 1(bridge_slave_0) entered disabled state
[ 3072.730282][T10194] device veth1_macvtap left promiscuous mode
[ 3072.743126][T10194] device veth0_vlan left promiscuous mode
[ 3072.771553][T11823] usb 2-1: new high-speed USB device number 97 using dummy_hcd
[ 3072.866274][T19455] loop2: detected capacity change from 0 to 40427
[ 3072.881616][T19458] loop4: detected capacity change from 0 to 40427
[ 3072.923390][T19455] F2FS-fs (loop2): Invalid SB checksum offset: 0
[ 3072.923445][T19458] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[ 3072.937494][T19458] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[ 3072.942600][T19455] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock
[ 3072.947467][T19458] F2FS-fs (loop4): invalid crc value
[ 3072.961903][T19458] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 3072.961899][T19455] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 3072.979068][T19455] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0
[ 3072.986694][T19455] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[ 3073.021538][T11823] usb 2-1: Using ep0 maxpacket: 32
[ 3073.040690][T19458] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[ 3073.047640][T19458] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 3073.441653][T11823] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3073.462012][T11823] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3073.483638][T11823] usb 2-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00
[ 3073.501807][T11823] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3073.523829][T11823] usb 2-1: config 0 descriptor??
[ 3073.542382][T19476] loop2: detected capacity change from 0 to 512
[ 3073.624424][T19476] EXT4-fs (loop2): 1 orphan inode deleted
[ 3073.629965][T19476] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,usrquota,. Quota mode: writeback.
[ 3073.651074][T19476] ext4 filesystem being mounted at /77/file1 supports timestamps until 2038 (0x7fffffff)
[ 3073.761617][T31068] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[ 3073.805861][T19481] syz.2.13514[19481] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3073.806445][T19481] syz.2.13514[19481] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3074.034650][T19483] loop4: detected capacity change from 0 to 512
[ 3074.144018][T19483] EXT4-fs (loop4): 1 orphan inode deleted
[ 3074.149659][T19483] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,usrquota,. Quota mode: writeback.
[ 3074.170414][T19483] ext4 filesystem being mounted at /1/file1 supports timestamps until 2038 (0x7fffffff)
[ 3074.184644][T11823] hkems 0003:2006:0118.0257: unbalanced delimiter at end of report description
[ 3074.193967][T11823] hkems 0003:2006:0118.0257: parse failed
[ 3074.199583][T11823] hkems: probe of 0003:2006:0118.0257 failed with error -22
[ 3074.352877][T19488] syz.4.13517[19488] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3074.353790][T19488] syz.4.13517[19488] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3074.577306][T11823] Bluetooth: hci0: command 0x1003 tx timeout
[ 3074.596061][T24910] Bluetooth: hci0: sending frame failed (-49)
[ 3074.605361][T30259] usb 2-1: USB disconnect, device number 97
[ 3074.611619][T31068] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3074.624615][T31068] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3074.634434][T31068] usb 1-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00
[ 3074.643318][T31068] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3074.660868][T31068] usb 1-1: config 0 descriptor??
[ 3074.712460][T19491] FAULT_INJECTION: forcing a failure.
[ 3074.712460][T19491] name failslab, interval 1, probability 0, space 0, times 0
[ 3074.725032][T19491] CPU: 1 PID: 19491 Comm: syz.2.13518 Tainted: G        W         5.15.165-syzkaller-01568-g80dd36dca275 #0
[ 3074.736303][T19491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 3074.746191][T19491] Call Trace:
[ 3074.749313][T19491]  <TASK>
[ 3074.752091][T19491]  dump_stack_lvl+0x151/0x1c0
[ 3074.756606][T19491]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 3074.762077][T19491]  ? avc_has_perm_noaudit+0x2dd/0x430
[ 3074.767291][T19491]  dump_stack+0x15/0x20
[ 3074.771278][T19491]  should_fail+0x3c6/0x510
[ 3074.775536][T19491]  __should_failslab+0xa4/0xe0
[ 3074.780132][T19491]  ? __alloc_skb+0xbe/0x550
[ 3074.784469][T19491]  should_failslab+0x9/0x20
[ 3074.788803][T19491]  slab_pre_alloc_hook+0x37/0xd0
[ 3074.793579][T19491]  ? __alloc_skb+0xbe/0x550
[ 3074.797920][T19491]  kmem_cache_alloc+0x44/0x200
[ 3074.802515][T19491]  __alloc_skb+0xbe/0x550
[ 3074.806780][T19491]  tipc_msg_append+0x164/0x6a0
[ 3074.811378][T19491]  __tipc_sendstream+0x850/0x1310
[ 3074.816243][T19491]  ? tsk_advance_rx_queue+0x260/0x260
[ 3074.821563][T19491]  ? sock_init_data+0xc0/0xc0
[ 3074.826069][T19491]  ? _raw_spin_lock_irqsave+0xf9/0x210
[ 3074.831364][T19491]  ? wait_woken+0x170/0x170
[ 3074.835706][T19491]  ? kmem_cache_free+0x116/0x2e0
[ 3074.840475][T19491]  ? kasan_set_track+0x5d/0x70
[ 3074.845078][T19491]  tipc_sendstream+0x55/0x70
[ 3074.849500][T19491]  ? tipc_getsockopt+0x790/0x790
[ 3074.854277][T19491]  ____sys_sendmsg+0x59e/0x8f0
[ 3074.858878][T19491]  ? __sys_sendmsg_sock+0x40/0x40
[ 3074.863760][T19491]  ? import_iovec+0xe5/0x120
[ 3074.868161][T19491]  ___sys_sendmsg+0x252/0x2e0
[ 3074.872683][T19491]  ? __sys_sendmsg+0x260/0x260
[ 3074.877281][T19491]  ? __fdget+0x1bc/0x240
[ 3074.881355][T19491]  __se_sys_sendmsg+0x19a/0x260
[ 3074.886042][T19491]  ? __x64_sys_sendmsg+0x90/0x90
[ 3074.890814][T19491]  ? ksys_write+0x260/0x2c0
[ 3074.895156][T19491]  ? debug_smp_processor_id+0x17/0x20
[ 3074.900361][T19491]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 3074.906266][T19491]  __x64_sys_sendmsg+0x7b/0x90
[ 3074.910865][T19491]  x64_sys_call+0x16a/0x9a0
[ 3074.915202][T19491]  do_syscall_64+0x3b/0xb0
[ 3074.919456][T19491]  ? clear_bhb_loop+0x35/0x90
[ 3074.923977][T19491]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 3074.929697][T19491] RIP: 0033:0x7f1d49da7ff9
[ 3074.933964][T19491] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 3074.953393][T19491] RSP: 002b:00007f1d48a00038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 3074.961638][T19491] RAX: ffffffffffffffda RBX: 00007f1d49f60058 RCX: 00007f1d49da7ff9
[ 3074.969534][T19491] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000007
[ 3074.977347][T19491] RBP: 00007f1d48a00090 R08: 0000000000000000 R09: 0000000000000000
[ 3074.985158][T19491] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3074.993055][T19491] R13: 0000000000000000 R14: 00007f1d49f60058 R15: 00007fff2d52b3c8
[ 3075.000874][T19491]  </TASK>
[ 3075.070061][T19493] loop4: detected capacity change from 0 to 512
[ 3075.143971][T19493] EXT4-fs error (device loop4): ext4_orphan_get:1423: comm syz.4.13519: bad orphan inode 17
[ 3075.154190][T19493] ext4_test_bit(bit=16, block=4) = 1
[ 3075.159288][T19493] is_bad_inode(inode)=0
[ 3075.163324][T19493] NEXT_ORPHAN(inode)=0
[ 3075.167228][T19493] max_ino=32
[ 3075.170230][T19493] i_nlink=1
[ 3075.173309][T19493] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[ 3075.185473][T19493] FAULT_INJECTION: forcing a failure.
[ 3075.185473][T19493] name failslab, interval 1, probability 0, space 0, times 0
[ 3075.198316][T19493] CPU: 0 PID: 19493 Comm: syz.4.13519 Tainted: G        W         5.15.165-syzkaller-01568-g80dd36dca275 #0
[ 3075.209580][T19493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 3075.219560][T19493] Call Trace:
[ 3075.222687][T19493]  <TASK>
[ 3075.225459][T19493]  dump_stack_lvl+0x151/0x1c0
[ 3075.230220][T19493]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 3075.235619][T19493]  ? write_boundary_block+0x150/0x150
[ 3075.240819][T19493]  ? arch_stack_walk+0xf3/0x140
[ 3075.245507][T19493]  dump_stack+0x15/0x20
[ 3075.249505][T19493]  should_fail+0x3c6/0x510
[ 3075.253755][T19493]  __should_failslab+0xa4/0xe0
[ 3075.258353][T19493]  should_failslab+0x9/0x20
[ 3075.262719][T19493]  slab_pre_alloc_hook+0x37/0xd0
[ 3075.267465][T19493]  __kmalloc+0x6d/0x270
[ 3075.271466][T19493]  ? ext4_xattr_block_set+0x340/0x37e0
[ 3075.276758][T19493]  ext4_xattr_block_set+0x340/0x37e0
[ 3075.281873][T19493]  ? errseq_check+0x41/0x70
[ 3075.286299][T19493]  ? __ext4_journal_ensure_credits+0x470/0x470
[ 3075.292296][T19493]  ? ext4_xattr_block_find+0x520/0x520
[ 3075.297581][T19493]  ? ext4_reserve_inode_write+0x30b/0x3d0
[ 3075.303139][T19493]  ? ext4_mark_iloc_dirty+0x3f40/0x3f40
[ 3075.308519][T19493]  ? ext4_xattr_block_find+0xda/0x520
[ 3075.313728][T19493]  ext4_xattr_set_handle+0xdac/0x1560
[ 3075.318932][T19493]  ? sidtab_sid2str_put+0x2d7/0x640
[ 3075.323967][T19493]  ? ext4_xattr_set_entry+0x3b50/0x3b50
[ 3075.329347][T19493]  ? selinux_inode_init_security+0x52d/0x780
[ 3075.335283][T19493]  ? selinux_inode_free_security+0x210/0x210
[ 3075.341097][T19493]  ext4_initxattrs+0xa7/0x120
[ 3075.345620][T19493]  security_inode_init_security+0x252/0x390
[ 3075.351328][T19493]  ? ext4_init_security+0x40/0x40
[ 3075.356191][T19493]  ? security_dentry_create_files_as+0xc0/0xc0
[ 3075.362178][T19493]  ? __ext4_set_acl+0x5e0/0x5e0
[ 3075.366862][T19493]  ? prandom_u32+0x24c/0x290
[ 3075.371288][T19493]  ext4_init_security+0x34/0x40
[ 3075.375979][T19493]  __ext4_new_inode+0x31f0/0x40a0
[ 3075.380850][T19493]  ? ext4_has_group_desc_csum+0x1f0/0x1f0
[ 3075.386392][T19493]  ? dquot_initialize+0x20/0x20
[ 3075.391076][T19493]  ? ext4_lookup+0x549/0xaa0
[ 3075.395505][T19493]  ? ext4_add_entry+0x12b0/0x12b0
[ 3075.400362][T19493]  ext4_create+0x275/0x550
[ 3075.404620][T19493]  ? ext4_lookup+0xaa0/0xaa0
[ 3075.409044][T19493]  ? selinux_inode_create+0x22/0x30
[ 3075.414079][T19493]  ? security_inode_create+0xbc/0x100
[ 3075.419285][T19493]  ? ext4_lookup+0xaa0/0xaa0
[ 3075.423798][T19493]  path_openat+0x13a8/0x2f40
[ 3075.428226][T19493]  ? do_filp_open+0x460/0x460
[ 3075.432826][T19493]  do_filp_open+0x21c/0x460
[ 3075.437163][T19493]  ? vfs_tmpfile+0x2c0/0x2c0
[ 3075.441600][T19493]  do_sys_openat2+0x13f/0x820
[ 3075.446106][T19493]  ? wait_for_completion_killable_timeout+0x10/0x10
[ 3075.452528][T19493]  ? __mutex_lock_slowpath+0x10/0x10
[ 3075.457647][T19493]  ? do_sys_open+0x220/0x220
[ 3075.462075][T19493]  ? __kasan_check_write+0x14/0x20
[ 3075.467107][T19493]  ? ksys_write+0x260/0x2c0
[ 3075.471447][T19493]  __x64_sys_open+0x221/0x270
[ 3075.475960][T19493]  ? do_sys_openat2+0x820/0x820
[ 3075.480646][T19493]  ? debug_smp_processor_id+0x17/0x20
[ 3075.485857][T19493]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 3075.491756][T19493]  ? exit_to_user_mode_prepare+0x39/0xa0
[ 3075.497223][T19493]  x64_sys_call+0x36/0x9a0
[ 3075.501480][T19493]  do_syscall_64+0x3b/0xb0
[ 3075.505731][T19493]  ? clear_bhb_loop+0x35/0x90
[ 3075.510242][T19493]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 3075.515970][T19493] RIP: 0033:0x7f1abd68aff9
[ 3075.520224][T19493] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 3075.539664][T19493] RSP: 002b:00007f1abc304038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 3075.547910][T19493] RAX: ffffffffffffffda RBX: 00007f1abd842f80 RCX: 00007f1abd68aff9
[ 3075.555721][T19493] RDX: 0000000000000000 RSI: 0000000000147042 RDI: 0000000020000040
[ 3075.563532][T19493] RBP: 00007f1abc304090 R08: 0000000000000000 R09: 0000000000000000
[ 3075.571343][T19493] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3075.579155][T19493] R13: 0000000000000000 R14: 00007f1abd842f80 R15: 00007ffc7ae312d8
[ 3075.586974][T19493]  </TASK>
[ 3075.597632][T31068] samsung 0003:0419:0600.0258: unknown main item tag 0x0
[ 3075.605235][T31068] samsung 0003:0419:0600.0258: unknown main item tag 0x0
[ 3075.612453][T31068] samsung 0003:0419:0600.0258: unknown main item tag 0x0
[ 3075.619321][T31068] samsung 0003:0419:0600.0258: unknown main item tag 0x0
[ 3075.626857][T31068] samsung 0003:0419:0600.0258: unknown main item tag 0x0
[ 3075.636280][T31068] samsung 0003:0419:0600.0258: hidraw0: USB HID v0.00 Device [HID 0419:0600] on usb-dummy_hcd.0-1/input0
[ 3075.649271][    C1] eth0: bad gso: type: 1, size: 1408
[ 3075.686884][T31068] kernel write not supported for file bpf-prog (pid: 31068 comm: kworker/1:3)
[ 3075.877256][T31068] usb 1-1: USB disconnect, device number 3
[ 3076.434726][T19511] netlink: 'syz.0.13524': attribute type 27 has an invalid length.
[ 3076.454216][T19511] bridge0: port 2(bridge_slave_1) entered disabled state
[ 3076.461263][T19511] bridge0: port 1(bridge_slave_0) entered disabled state
[ 3076.513127][T19512] device veth0_vlan left promiscuous mode
[ 3076.519035][T19512] device veth0_vlan entered promiscuous mode
[ 3076.526482][T19512] device veth1_macvtap left promiscuous mode
[ 3076.527876][T31068] usb 3-1: new high-speed USB device number 105 using dummy_hcd
[ 3076.541178][T19512] device veth1_macvtap entered promiscuous mode
[ 3076.548531][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 3076.556238][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 3076.564920][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 3076.573683][T10194] bridge0: port 1(bridge_slave_0) entered blocking state
[ 3076.580524][T10194] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 3076.590924][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 3076.599233][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 3076.607686][T10194] bridge0: port 2(bridge_slave_1) entered blocking state
[ 3076.614548][T10194] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 3076.622227][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 3076.630509][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[ 3076.638995][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 3076.647490][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[ 3076.655568][T28745] Bluetooth: hci0: command 0x1001 tx timeout
[ 3076.661434][T24910] Bluetooth: hci0: sending frame failed (-49)
[ 3076.669573][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 3076.678064][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 3076.686301][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 3076.694642][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 3076.702823][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 3076.711018][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 3076.719529][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 3076.728123][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 3076.736698][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 3076.745266][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 3076.753426][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 3076.760472][T19519] loop4: detected capacity change from 0 to 40427
[ 3076.761780][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 3076.775285][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 3076.783336][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 3076.791543][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 3076.799777][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 3076.807962][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 3076.809526][T19519] F2FS-fs (loop4): Invalid SB checksum offset: 0
[ 3076.816374][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 3076.828218][T19519] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[ 3076.829290][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 3076.839446][T19519] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 3076.844176][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 3076.862731][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 3076.870792][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 3076.871723][T19519] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[ 3076.878570][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): veth3: link becomes ready
[ 3076.885325][T19519] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 3076.892565][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): veth2: link becomes ready
[ 3076.908379][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 3076.951251][T31068] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3076.962376][T31068] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3076.972406][T31068] usb 3-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00
[ 3076.981248][T31068] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3076.990109][T31068] usb 3-1: config 0 descriptor??
[ 3077.633530][T19532] netlink: 8 bytes leftover after parsing attributes in process `syz.2.13523'.
[ 3077.917414][T19535] syz.0.13528[19535] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3077.917966][T19535] syz.0.13528[19535] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3078.252871][T19530] loop4: detected capacity change from 0 to 40427
[ 3078.281625][T31068] usbhid 3-1:0.0: can't add hid device: -71
[ 3078.287424][T31068] usbhid: probe of 3-1:0.0 failed with error -71
[ 3078.294867][T31068] usb 3-1: USB disconnect, device number 105
[ 3078.344058][T19530] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[ 3078.362682][T19530] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[ 3078.372166][T19530] F2FS-fs (loop4): invalid crc value
[ 3078.378763][T19530] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 3078.416825][T19530] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[ 3078.423770][T19530] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 3078.653207][T31068] usb 3-1: new high-speed USB device number 106 using dummy_hcd
[ 3078.741572][T28745] Bluetooth: hci0: command 0x1009 tx timeout
[ 3078.771551][T29747] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[ 3079.376327][T19558] overlayfs: failed to resolve './file2': -2
[ 3079.552041][T31068] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3079.563323][T31068] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3079.575505][T31068] usb 3-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[ 3079.586165][T31068] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3079.595625][T29747] usb 1-1: Using ep0 maxpacket: 16
[ 3079.600685][T31068] usb 3-1: config 0 descriptor??
[ 3079.685220][T19561] netlink: 12 bytes leftover after parsing attributes in process `syz.4.13535'.
[ 3079.781621][T29747] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3079.801516][T29747] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3079.821229][T29747] usb 1-1: New USB device found, idVendor=056a, idProduct=0003, bcdDevice= 0.00
[ 3079.841391][T29747] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3079.853725][T29747] usb 1-1: config 0 descriptor??
[ 3079.888381][T19563] loop4: detected capacity change from 0 to 40427
[ 3079.996567][T19563] F2FS-fs (loop4): Invalid SB checksum offset: 0
[ 3080.003237][T19563] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[ 3080.015028][T19563] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[ 3080.036040][T19563] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[ 3080.042931][T19563] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 3080.225530][T31068] lg-g15 0003:046D:C222.0259: unknown main item tag 0x0
[ 3080.290509][T31068] lg-g15 0003:046D:C222.0259: unknown main item tag 0x0
[ 3080.300510][T31068] lg-g15 0003:046D:C222.0259: item fetching failed at offset 2/11
[ 3080.340781][T31068] lg-g15: probe of 0003:046D:C222.0259 failed with error -22
[ 3080.433626][T19537] UDC core: couldn't find an available UDC or it's busy: -16
[ 3080.441253][T19537] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[ 3080.743477][ T5208] usb 3-1: USB disconnect, device number 106
[ 3080.791646][T29747] usbhid 1-1:0.0: can't add hid device: -71
[ 3080.797672][T29747] usbhid: probe of 1-1:0.0 failed with error -71
[ 3080.805143][T29747] usb 1-1: USB disconnect, device number 4
[ 3080.897723][T19582] loop4: detected capacity change from 0 to 512
[ 3080.994486][T19582] EXT4-fs (loop4): 1 orphan inode deleted
[ 3081.000056][T19582] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,usrquota,. Quota mode: writeback.
[ 3081.020816][T19582] ext4 filesystem being mounted at /12/file1 supports timestamps until 2038 (0x7fffffff)
[ 3081.021596][T28745] usb 2-1: new high-speed USB device number 98 using dummy_hcd
[ 3081.182423][T19587] syz.4.13540[19587] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3081.182975][T19587] syz.4.13540[19587] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3081.851633][T28745] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3081.873789][T28745] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3081.883419][T28745] usb 2-1: New USB device found, idVendor=056a, idProduct=00b0, bcdDevice= 0.00
[ 3081.892340][T28745] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3081.905143][T28745] usb 2-1: config 0 descriptor??
[ 3082.318147][T19603] loop4: detected capacity change from 0 to 131072
[ 3082.547751][T19609] bridge0: port 1(bridge_slave_0) entered blocking state
[ 3082.555715][T19603] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 3082.590674][T19603] F2FS-fs (loop4): Cannot turn on quotas: -2 on 0
[ 3082.597878][T19603] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 3082.615853][T19609] bridge0: port 1(bridge_slave_0) entered disabled state
[ 3082.623624][T19609] device bridge_slave_0 entered promiscuous mode
[ 3082.663304][T19609] bridge0: port 2(bridge_slave_1) entered blocking state
[ 3082.671742][T19609] bridge0: port 2(bridge_slave_1) entered disabled state
[ 3082.680763][T19620] cgroup: none used incorrectly
[ 3082.687170][T19609] device bridge_slave_1 entered promiscuous mode
[ 3082.691025][ T5208] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[ 3082.904187][  T426] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 3082.915044][  T426] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 3082.925189][  T426] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 3082.933112][  T426] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 3082.940547][  T426] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 3082.949320][  T426] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 3082.957670][  T426] bridge0: port 1(bridge_slave_0) entered blocking state
[ 3082.964535][  T426] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 3082.972618][  T426] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 3082.980949][  T426] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 3082.989683][  T426] bridge0: port 2(bridge_slave_1) entered blocking state
[ 3082.996556][  T426] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 3083.026146][T19609] device veth0_vlan entered promiscuous mode
[ 3083.039402][  T426] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 3083.052340][  T426] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 3083.072087][  T426] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 3083.083232][  T426] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 3083.098411][  T426] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 3083.116795][T19609] device veth1_macvtap entered promiscuous mode
[ 3083.169774][  T426] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 3083.178560][  T426] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 3083.189272][  T426] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 3083.201636][ T5208] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3083.768517][ T5208] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3083.783404][ T5208] usb 1-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00
[ 3083.824331][ T5208] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3083.951126][ T5208] usb 1-1: config 0 descriptor??
[ 3084.302517][T10194] device bridge_slave_1 left promiscuous mode
[ 3084.309663][T10194] bridge0: port 2(bridge_slave_1) entered disabled state
[ 3084.339499][T10194] device bridge_slave_0 left promiscuous mode
[ 3084.364186][T10194] bridge0: port 1(bridge_slave_0) entered disabled state
[ 3084.389414][T10194] device veth1_macvtap left promiscuous mode
[ 3084.403598][T10194] device veth0_vlan left promiscuous mode
[ 3084.432591][ T5208] samsung 0003:0419:0600.025A: unknown main item tag 0x0
[ 3084.439475][ T5208] samsung 0003:0419:0600.025A: unknown main item tag 0x0
[ 3084.472741][ T5208] samsung 0003:0419:0600.025A: unknown main item tag 0x0
[ 3084.497608][ T5208] samsung 0003:0419:0600.025A: unknown main item tag 0x0
[ 3084.521450][ T5208] samsung 0003:0419:0600.025A: unknown main item tag 0x0
[ 3084.540942][ T5208] samsung 0003:0419:0600.025A: hidraw0: USB HID v0.00 Device [HID 0419:0600] on usb-dummy_hcd.0-1/input0
[ 3084.640799][ T5208] usb 1-1: USB disconnect, device number 5
[ 3085.061670][T28745] usbhid 2-1:0.0: can't add hid device: -71
[ 3085.068058][T28745] usbhid: probe of 2-1:0.0 failed with error -71
[ 3085.076980][T28745] usb 2-1: USB disconnect, device number 98
[ 3085.143557][   T30] audit: type=1400 audit(2000002024.172:5639): avc:  denied  { relabelfrom } for  pid=19688 comm="syz.4.13577" name="" dev="pipefs" ino=243626 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[ 3085.253852][T19702] netlink: 324 bytes leftover after parsing attributes in process `syz.0.13583'.
[ 3085.264787][T19698] bridge0: port 3(vlan2) entered blocking state
[ 3085.291299][T19698] bridge0: port 3(vlan2) entered disabled state
[ 3085.581705][T19707] netlink: 16 bytes leftover after parsing attributes in process `syz.3.13579'.
[ 3085.631600][T19710] syz.0.13585[19710] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3085.631699][T19710] syz.0.13585[19710] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3085.663541][T19714] loop4: detected capacity change from 0 to 256
[ 3085.693880][T19714] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[ 3085.706395][T19714] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[ 3085.734583][   T30] audit: type=1400 audit(2000002024.762:5640): avc:  denied  { remount } for  pid=19711 comm="syz.4.13586" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[ 3085.755737][T19714] SELinux: security_context_str_to_sid(sysadm_u) failed for (dev ?, type ?) errno=-22
[ 3085.768707][T19714] SELinux: security_context_str_to_sid(sysadm_u) failed for (dev loop4, type vfat) errno=-22
[ 3085.854319][   T30] audit: type=1326 audit(2000002024.882:5641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19723 comm="syz.0.13593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10bd867ff9 code=0x7ffc0000
[ 3085.901578][   T30] audit: type=1326 audit(2000002024.912:5642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19723 comm="syz.0.13593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f10bd867ff9 code=0x7ffc0000
[ 3085.926237][   T30] audit: type=1326 audit(2000002024.912:5643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19723 comm="syz.0.13593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10bd867ff9 code=0x7ffc0000
[ 3085.950783][   T30] audit: type=1326 audit(2000002024.912:5644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19723 comm="syz.0.13593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f10bd867ff9 code=0x7ffc0000
[ 3085.974403][   T30] audit: type=1326 audit(2000002024.912:5645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19723 comm="syz.0.13593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10bd867ff9 code=0x7ffc0000
[ 3085.998259][   T30] audit: type=1326 audit(2000002024.912:5646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19723 comm="syz.0.13593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f10bd867ff9 code=0x7ffc0000
[ 3086.039724][   T30] audit: type=1326 audit(2000002024.912:5647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19723 comm="syz.0.13593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10bd867ff9 code=0x7ffc0000
[ 3086.039758][   T30] audit: type=1326 audit(2000002024.912:5648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19723 comm="syz.0.13593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f10bd867ff9 code=0x7ffc0000
[ 3086.112372][T19747] SELinux:  policydb string SE Le· does not match my string SE Linux
[ 3086.122498][T19747] SELinux: failed to load policy
[ 3086.159094][T19766] loop4: detected capacity change from 0 to 512
[ 3086.224615][T19766] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[ 3086.235680][T19766] ext4 filesystem being mounted at /31/file0 supports timestamps until 2038 (0x7fffffff)
[ 3086.309347][T19800] netlink: 68 bytes leftover after parsing attributes in process `syz.0.13626'.
[ 3086.325527][T19803] IPv6: NLM_F_CREATE should be specified when creating new route
[ 3086.826116][T19843] tmpfs: Unknown parameter 'nr'
[ 3087.142685][T19860] SELinux:  policydb version 0 does not match my version range 15-33
[ 3087.150792][T19860] SELinux: failed to load policy
[ 3087.174386][T19864] loop4: detected capacity change from 0 to 256
[ 3087.752003][T19881] syz.0.13664[19881] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3087.752666][T19881] syz.0.13664[19881] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3087.943821][T19887] netlink: 12 bytes leftover after parsing attributes in process `syz.0.13666'.
[ 3087.962032][T19889] SELinux:  Context Ü is not valid (left unmapped).
[ 3088.014402][T19891] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 3088.031363][T19892] 9pnet: Could not find request transport: rdma
[ 3088.215305][T19914] bridge0: port 1(bridge_slave_0) entered blocking state
[ 3088.222198][T19914] bridge0: port 1(bridge_slave_0) entered disabled state
[ 3088.229350][T19914] device bridge_slave_0 entered promiscuous mode
[ 3088.236818][T19914] bridge0: port 2(bridge_slave_1) entered blocking state
[ 3088.243946][T19914] bridge0: port 2(bridge_slave_1) entered disabled state
[ 3088.254301][T19914] device bridge_slave_1 entered promiscuous mode
[ 3088.393380][T19914] bridge0: port 2(bridge_slave_1) entered blocking state
[ 3088.400278][T19914] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 3088.407431][T19914] bridge0: port 1(bridge_slave_0) entered blocking state
[ 3088.414381][T19914] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 3088.446809][T19931] netlink: 10 bytes leftover after parsing attributes in process `syz.1.13688'.
[ 3088.462406][ T2803] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 3088.472673][ T2803] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 3088.482264][ T2803] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 3088.512964][ T2803] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 3088.526365][ T2803] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 3088.544041][T19937] netlink: 16 bytes leftover after parsing attributes in process `syz.1.13690'.
[ 3088.555092][T19937] device sit1 entered promiscuous mode
[ 3088.571417][ T2803] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 3088.590065][ T2803] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 3088.601802][ T2803] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 3088.609453][ T2803] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 3088.619530][T19914] device veth0_vlan entered promiscuous mode
[ 3088.638127][ T2803] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 3088.649606][T19914] device veth1_macvtap entered promiscuous mode
[ 3088.664463][ T2803] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 3088.677425][ T2803] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 3088.714602][T19957] syz.3.13699[19957] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3088.714686][T19957] syz.3.13699[19957] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3088.736729][T19960] loop4: detected capacity change from 0 to 512
[ 3088.756714][ T7798] device bridge_slave_1 left promiscuous mode
[ 3088.762980][ T7798] bridge0: port 2(bridge_slave_1) entered disabled state
[ 3088.784128][ T7798] device bridge_slave_0 left promiscuous mode
[ 3088.800637][ T7798] bridge0: port 1(bridge_slave_0) entered disabled state
[ 3088.841281][ T7798] device veth1_macvtap left promiscuous mode
[ 3088.848543][T19960] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue. Quota mode: writeback.
[ 3088.934562][ T7798] device veth0_vlan left promiscuous mode
[ 3088.961415][T19960] ext4 filesystem being mounted at /1/bus supports timestamps until 2038 (0x7fffffff)
[ 3089.203470][T19975] loop4: detected capacity change from 0 to 128
[ 3089.593953][T19983] loop4: detected capacity change from 0 to 2048
[ 3089.728563][T19983] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,usrjquota=,errors=remount-ro,norecovery,auto_da_alloc,noquota,grpquota,barrier=0x0000000000000000,grpjquota=,jqfmt=vfsold,. Quota mode: writeback.
[ 3089.839877][T19997] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.13708: bg 0: block 234: padding at end of block bitmap is not set
[ 3089.855080][T19997] EXT4-fs (loop4): Remounting filesystem read-only
[ 3089.991241][T20010] IPv6: NLM_F_CREATE should be specified when creating new route
[ 3090.048233][T20021] syz.0.13722[20021] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3090.048324][T20021] syz.0.13722[20021] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3090.190459][T20029] syz.0.13726[20029] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3090.220542][T20029] syz.0.13726[20029] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3090.472781][   T30] kauditd_printk_skb: 217 callbacks suppressed
[ 3090.472802][   T30] audit: type=1400 audit(2000002029.502:5866): avc:  denied  { mount } for  pid=20031 comm="syz.3.13727" name="/" dev="ramfs" ino=245339 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[ 3090.553365][   T30] audit: type=1400 audit(2000002029.582:5867): avc:  denied  { create } for  pid=20038 comm="syz.1.13731" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 3090.607467][   T30] audit: type=1400 audit(2000002029.612:5868): avc:  denied  { bind } for  pid=20038 comm="syz.1.13731" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 3090.630475][   T30] audit: type=1400 audit(2000002029.612:5869): avc:  denied  { read } for  pid=20038 comm="syz.1.13731" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 3090.688073][   T30] audit: type=1400 audit(2000002029.712:5870): avc:  granted  { setsecparam } for  pid=20047 comm="syz.3.13734" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security
[ 3090.727820][   T30] audit: type=1400 audit(2000002029.752:5871): avc:  denied  { write } for  pid=20056 comm="syz.3.13738" name="dev" dev="proc" ino=4026533153 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[ 3090.843539][T20076] syz.3.13747[20076] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3090.843619][T20076] syz.3.13747[20076] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3090.858534][   T30] audit: type=1400 audit(2000002029.882:5872): avc:  denied  { relabelfrom } for  pid=20075 comm="syz.3.13747" name="" dev="pipefs" ino=246276 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[ 3090.957511][   T30] audit: type=1400 audit(2000002029.952:5873): avc:  denied  { setopt } for  pid=20078 comm="syz.3.13749" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[ 3090.984191][   T30] audit: type=1400 audit(2000002029.982:5874): avc:  denied  { create } for  pid=20084 comm="syz.1.13748" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[ 3091.004467][   T30] audit: type=1326 audit(2000002030.032:5875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20092 comm="syz.4.13755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb347520ff9 code=0x7ffc0000
[ 3091.677555][T20120] usb usb8: usbfs: process 20120 (syz.0.13767) did not claim interface 0 before use
[ 3091.687110][T20120] usb usb8: selecting invalid altsetting 768
[ 3091.702958][T20122] netlink: 3 bytes leftover after parsing attributes in process `syz.0.13768'.
[ 3091.750204][T20130] loop6: detected capacity change from 0 to 7
[ 3091.983324][T20174] netlink: 28 bytes leftover after parsing attributes in process `syz.4.13793'.
[ 3092.102881][T20193] netlink: 8 bytes leftover after parsing attributes in process `syz.0.13801'.
[ 3092.189998][T20212] sch_tbf: peakrate 8 is lower than or equals to rate 12 !
[ 3092.440521][T20245] loop4: detected capacity change from 0 to 512
[ 3092.524708][T20245] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[ 3092.535912][T20245] ext4 filesystem being mounted at /25/file0 supports timestamps until 2038 (0x7fffffff)
[ 3092.903114][T20269] device veth0_vlan left promiscuous mode
[ 3092.909385][T20269] device veth0_vlan entered promiscuous mode
[ 3092.948496][T20269] syz.4.13837 (20269) used greatest stack depth: 18584 bytes left
[ 3093.462548][T20314] netlink: 20 bytes leftover after parsing attributes in process `syz.0.13858'.
[ 3094.378095][T20405] bpf_get_probe_write_proto: 4 callbacks suppressed
[ 3094.378161][T20405] syz.0.13901[20405] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3094.384714][T20405] syz.0.13901[20405] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3094.705935][T20419] loop4: detected capacity change from 0 to 512
[ 3094.754556][T20419] EXT4-fs (loop4): Ignoring removed bh option
[ 3094.775812][T20419] EXT4-fs error (device loop4): __ext4_iget:4903: inode #15: block 1803188595: comm syz.4.13906: invalid block
[ 3094.788419][T20419] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz.4.13906: couldn't read orphan inode 15 (err -117)
[ 3094.800792][T20419] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,abort,usrjquota=,,errors=continue. Quota mode: none.
[ 3094.919566][    C1] eth0: bad gso: type: 1, size: 1408
[ 3094.936274][T20434] bridge0: port 1(bridge_slave_0) entered blocking state
[ 3094.959665][T20434] bridge0: port 1(bridge_slave_0) entered disabled state
[ 3094.968809][T20434] device bridge_slave_0 entered promiscuous mode
[ 3094.979546][T20434] bridge0: port 2(bridge_slave_1) entered blocking state
[ 3094.989796][T20434] bridge0: port 2(bridge_slave_1) entered disabled state
[ 3095.007564][T20434] device bridge_slave_1 entered promiscuous mode
[ 3095.083448][T20458] netlink: 16 bytes leftover after parsing attributes in process `syz.0.13922'.
[ 3095.179569][T19629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 3095.190721][T19629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 3095.198555][T19629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 3095.207177][T19629] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 3095.215546][T19629] bridge0: port 1(bridge_slave_0) entered blocking state
[ 3095.222433][T19629] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 3095.230023][T19629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 3095.238729][T19629] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 3095.246962][T19629] bridge0: port 2(bridge_slave_1) entered blocking state
[ 3095.253831][T19629] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 3095.263234][T19629] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 3095.290462][T19629] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 3095.301270][T19629] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 3095.328613][T20470] netlink: 24 bytes leftover after parsing attributes in process `syz.0.13927'.
[ 3095.359715][T20473] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 3095.394097][ T7798] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 3095.406710][T20434] device veth0_vlan entered promiscuous mode
[ 3095.419660][ T7798] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 3095.428924][ T7798] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 3095.438111][ T7798] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 3095.461924][ T7798] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 3095.476918][T20434] device veth1_macvtap entered promiscuous mode
[ 3095.501712][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 3095.517007][   T30] kauditd_printk_skb: 234 callbacks suppressed
[ 3095.517022][   T30] audit: type=1326 audit(2000002034.542:6110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20490 comm="syz.1.13939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f854c621ff9 code=0x7ffc0000
[ 3095.546989][T11823] usb 5-1: new high-speed USB device number 127 using dummy_hcd
[ 3095.547160][   T30] audit: type=1326 audit(2000002034.552:6111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20490 comm="syz.1.13939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f854c621ff9 code=0x7ffc0000
[ 3095.586404][   T30] audit: type=1326 audit(2000002034.552:6112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20490 comm="syz.1.13939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=40 compat=0 ip=0x7f854c621ff9 code=0x7ffc0000
[ 3095.615815][ T7798] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 3095.650085][   T30] audit: type=1326 audit(2000002034.552:6113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20490 comm="syz.1.13939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f854c621ff9 code=0x7ffc0000
[ 3095.702163][T20507] tipc: Started in network mode
[ 3095.707039][T20507] tipc: Node identity f7, cluster identity 4711
[ 3095.713800][T20507] tipc: Node number set to 247
[ 3095.732321][   T30] audit: type=1400 audit(2000002034.762:6114): avc:  denied  { create } for  pid=20509 comm="syz.2.13947" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[ 3095.760305][   T30] audit: type=1400 audit(2000002034.782:6115): avc:  denied  { write } for  pid=20509 comm="syz.2.13947" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[ 3095.825697][   T30] audit: type=1400 audit(2000002034.852:6116): avc:  denied  { mounton } for  pid=20524 comm="syz.2.13955" path="/proc/10/task" dev="proc" ino=247199 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[ 3095.841708][T11823] usb 5-1: device descriptor read/64, error -71
[ 3095.886317][T20536] syz.2.13960[20536] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3095.886534][T20536] syz.2.13960[20536] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3095.914990][T20542] syz.2.13962[20542] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3095.926745][T20542] syz.2.13962[20542] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3095.940617][T20542] netlink: 24 bytes leftover after parsing attributes in process `syz.2.13962'.
[ 3096.024616][   T30] audit: type=1400 audit(2000002035.052:6117): avc:  denied  { setopt } for  pid=20558 comm="syz.2.13970" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 3096.064352][   T30] audit: type=1326 audit(2000002035.092:6118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20563 comm="syz.1.13973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f854c621ff9 code=0x7ffc0000
[ 3096.103261][   T30] audit: type=1326 audit(2000002035.092:6119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20563 comm="syz.1.13973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f854c621ff9 code=0x7ffc0000
[ 3096.204153][T20580] loop2: detected capacity change from 0 to 512
[ 3096.231962][T20580] SELinux: security_context_str_to_sid(system_u) failed for (dev ?, type ?) errno=-22
[ 3096.275576][T11823] usb 5-1: device descriptor read/64, error -71
[ 3096.308860][T20580] EXT4-fs (loop2): Unrecognized mount option "euid<00000000000000000000" or missing value
[ 3096.389289][T20596] loop2: detected capacity change from 0 to 512
[ 3096.407178][T20599] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow
[ 3096.425533][T20596] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[ 3096.445860][T20596] ext4 filesystem being mounted at /17/file0 supports timestamps until 2038 (0x7fffffff)
[ 3096.553196][T11823] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[ 3096.603249][T20619] netlink: 8 bytes leftover after parsing attributes in process `syz.1.13997'.
[ 3096.644711][T20626] netlink: 'syz.1.14001': attribute type 27 has an invalid length.
[ 3096.730239][T20626] bridge0: port 2(bridge_slave_1) entered disabled state
[ 3096.737290][T20626] bridge0: port 1(bridge_slave_0) entered disabled state
[ 3096.759164][T20632] loop2: detected capacity change from 0 to 8192
[ 3096.821926][T11823] usb 5-1: device descriptor read/64, error -71
[ 3096.837239][T20632] netlink: 12 bytes leftover after parsing attributes in process `syz.2.14004'.
[ 3096.868083][T20632] netlink: 12 bytes leftover after parsing attributes in process `syz.2.14004'.
[ 3097.231561][T11823] usb 5-1: device descriptor read/64, error -71
[ 3097.351620][T11823] usb usb5-port1: attempt power cycle
[ 3097.761579][T11823] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[ 3097.822891][T20675] netlink: 72 bytes leftover after parsing attributes in process `syz.0.14023'.
[ 3097.932387][T11823] usb 5-1: device descriptor read/8, error -71
[ 3098.114300][T20718] loop4: detected capacity change from 0 to 128
[ 3098.141538][T11823] usb 5-1: device descriptor read/8, error -71
[ 3098.150628][T20718] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[ 3098.165478][T20718] ext4 filesystem being mounted at /49/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff)
[ 3098.424000][T20735] 9pnet: Could not find request transport: rdma
[ 3098.967237][T20761] loop2: detected capacity change from 0 to 1024
[ 3098.989798][T20765] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[ 3098.998950][T20768] syz.1.14066[20768] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3098.999184][T20768] syz.1.14066[20768] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3099.011632][T20761] EXT4-fs (loop2): Ignoring removed nobh option
[ 3099.038818][T20761] EXT4-fs (loop2): Ignoring removed mblk_io_submit option
[ 3099.062074][T20761] EXT4-fs (loop2): mounted filesystem without journal. Opts: usrquota,debug_want_extra_isize=0x0000000000000088,resuid=0x0000000000000000,nouid32,lazytime,nobh,mblk_io_submit,nouid32,,errors=continue. Quota mode: writeback.
[ 3099.102112][T20761] Non-string source
[ 3099.165976][T20786] netlink: 272 bytes leftover after parsing attributes in process `syz.0.14073'.
[ 3099.434097][    C1] eth0: bad gso: type: 1, size: 1408
[ 3099.504874][T20798] loop4: detected capacity change from 0 to 2048
[ 3099.628334][T20798] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,usrjquota=,errors=remount-ro,norecovery,auto_da_alloc,noquota,grpquota,barrier=0x0000000000000000,grpjquota=,jqfmt=vfsold,. Quota mode: writeback.
[ 3099.771357][T20801] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.14077: bg 0: block 234: padding at end of block bitmap is not set
[ 3099.786522][T20801] EXT4-fs (loop4): Remounting filesystem read-only
[ 3100.106538][T20817] loop2: detected capacity change from 0 to 4096
[ 3100.188352][    C1] eth0: bad gso: type: 1, size: 1408
[ 3100.198224][T20825] hub 6-0:1.0: USB hub found
[ 3100.202628][T20817] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[ 3100.213724][T20825] hub 6-0:1.0: 1 port detected
[ 3100.226102][T20827] syz.1.14087[20827] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3100.226185][T20827] syz.1.14087[20827] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3100.265891][T20834] syz.0.14091[20834] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3100.277362][T20834] syz.0.14091[20834] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3100.316577][T20838] loop2: detected capacity change from 0 to 512
[ 3100.358410][T20838] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[ 3100.395190][T20838] EXT4-fs warning (device loop2): ext4_enable_quotas:6422: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[ 3100.451358][T20854] loop4: detected capacity change from 0 to 7
[ 3100.587487][   T30] kauditd_printk_skb: 345 callbacks suppressed
[ 3100.587503][   T30] audit: type=1400 audit(2000002039.612:6464): avc:  denied  { audit_write } for  pid=20865 comm="syz.2.14105" capability=29  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[ 3100.633410][   T30] audit: type=1107 audit(2000002039.642:6465): pid=20865 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg=''
[ 3100.654141][   T30] audit: type=1326 audit(2000002039.672:6466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20868 comm="syz.2.14106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d7d93fff9 code=0x7ffc0000
[ 3100.689430][   T30] audit: type=1326 audit(2000002039.672:6467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20868 comm="syz.2.14106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f5d7d93fff9 code=0x7ffc0000
[ 3100.713646][   T30] audit: type=1326 audit(2000002039.672:6468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20868 comm="syz.2.14106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d7d93fff9 code=0x7ffc0000
[ 3100.738808][   T30] audit: type=1326 audit(2000002039.672:6469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20868 comm="syz.2.14106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f5d7d93fff9 code=0x7ffc0000
[ 3100.763242][   T30] audit: type=1326 audit(2000002039.672:6470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20868 comm="syz.2.14106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d7d93fff9 code=0x7ffc0000
[ 3100.788027][T20875] netlink: 4 bytes leftover after parsing attributes in process `syz.0.14107'.
[ 3100.802943][   T30] audit: type=1326 audit(2000002039.672:6471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20868 comm="syz.2.14106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=285 compat=0 ip=0x7f5d7d93fff9 code=0x7ffc0000
[ 3100.820477][T20873] loop2: detected capacity change from 0 to 2048
[ 3100.827744][   T30] audit: type=1326 audit(2000002039.672:6472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20868 comm="syz.2.14106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=96 compat=0 ip=0xffffffffff600000 code=0x7ffc0000
[ 3100.858143][   T30] audit: type=1326 audit(2000002039.672:6473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20868 comm="syz.2.14106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d7d93fff9 code=0x7ffc0000
[ 3100.955180][T20873] EXT4-fs (loop2): mounted filesystem without journal. Opts: commit=0x0000000000000005,,errors=continue. Quota mode: none.
[ 3101.180182][T20899] loop2: detected capacity change from 0 to 512
[ 3101.220490][T20899] EXT4-fs (loop2): mounted filesystem without journal. Opts: user_xattr,,errors=continue. Quota mode: writeback.
[ 3101.233998][T20899] ext4 filesystem being mounted at /53/file0 supports timestamps until 2038 (0x7fffffff)
[ 3101.252391][T20899] EXT4-fs error (device loop2): ext4_acquire_dquot:6187: comm syz.2.14118: Failed to acquire dquot type 0
[ 3101.373235][T20916] loop2: detected capacity change from 0 to 1024
[ 3101.450711][T20916] EXT4-fs (loop2): mounted filesystem without journal. Opts: stripe=0x0000000000000002,noauto_da_alloc,jqfmt=vfsold,data_err=ignore,errors=continue,delalloc,resuid=0x0000000000000000,lazytime,jqfmt=vfsv1,,errors=continue. Quota mode: none.
[ 3101.521602][T20929] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 3101.536235][T20931] loop2: detected capacity change from 0 to 128
[ 3101.610920][T20939] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=20939 comm=syz.0.14135
[ 3101.624847][T20931] EXT4-fs (loop2): Ignoring removed bh option
[ 3101.632264][T20931] EXT4-fs (loop2): mounted filesystem without journal. Opts: bh,,errors=continue. Quota mode: none.
[ 3101.648197][T20931] ext4 filesystem being mounted at /56/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff)
[ 3101.734686][T28739] hid-generic FFFC:0000:FFFFFFFF.025B: unknown main item tag 0x0
[ 3101.742724][T28739] hid-generic FFFC:0000:FFFFFFFF.025B: unknown main item tag 0x0
[ 3101.750287][T28739] hid-generic FFFC:0000:FFFFFFFF.025B: unknown main item tag 0x0
[ 3101.768286][T28739] hid-generic FFFC:0000:FFFFFFFF.025B: unknown main item tag 0x0
[ 3101.776115][T28739] hid-generic FFFC:0000:FFFFFFFF.025B: unknown main item tag 0x0
[ 3101.783948][T28739] hid-generic FFFC:0000:FFFFFFFF.025B: unknown main item tag 0x0
[ 3101.791822][T28739] hid-generic FFFC:0000:FFFFFFFF.025B: unknown main item tag 0x0
[ 3101.799508][T28739] hid-generic FFFC:0000:FFFFFFFF.025B: unknown main item tag 0x0
[ 3101.807358][T28739] hid-generic FFFC:0000:FFFFFFFF.025B: unknown main item tag 0x0
[ 3101.815405][T28739] hid-generic FFFC:0000:FFFFFFFF.025B: unknown main item tag 0x0
[ 3101.823038][T28739] hid-generic FFFC:0000:FFFFFFFF.025B: unknown main item tag 0x0
[ 3101.830547][T28739] hid-generic FFFC:0000:FFFFFFFF.025B: unknown main item tag 0x0
[ 3101.838307][T28739] hid-generic FFFC:0000:FFFFFFFF.025B: unknown main item tag 0x0
[ 3101.846179][T28739] hid-generic FFFC:0000:FFFFFFFF.025B: unknown main item tag 0x0
[ 3101.853938][T28739] hid-generic FFFC:0000:FFFFFFFF.025B: unknown main item tag 0x0
[ 3101.861661][T28739] hid-generic FFFC:0000:FFFFFFFF.025B: unknown main item tag 0x0
[ 3101.869127][T28739] hid-generic FFFC:0000:FFFFFFFF.025B: unknown main item tag 0x0
[ 3101.876712][T28739] hid-generic FFFC:0000:FFFFFFFF.025B: unknown main item tag 0x0
[ 3101.884246][T28739] hid-generic FFFC:0000:FFFFFFFF.025B: unknown main item tag 0x0
[ 3101.893050][T28739] hid-generic FFFC:0000:FFFFFFFF.025B: hidraw0: <UNKNOWN> HID v0.01 Device [syz0] on syz0
[ 3102.161524][T11823] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[ 3102.431607][T11823] usb 1-1: device descriptor read/64, error -71
[ 3102.437903][T20967] loop4: detected capacity change from 0 to 2048
[ 3102.447585][T20967] Alternate GPT is invalid, using primary GPT.
[ 3102.453648][T20967]  loop4: p2 p3 p7
[ 3102.544337][T18480] udevd[18480]: inotify_add_watch(7, /dev/loop4p2, 10) failed: No such file or directory
[ 3102.544337][T18475] udevd[18475]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory
[ 3102.545651][T18482] udevd[18482]: inotify_add_watch(7, /dev/loop4p7, 10) failed: No such file or directory
[ 3102.841568][T11823] usb 1-1: device descriptor read/64, error -71
[ 3103.111594][T11823] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[ 3103.381579][T11823] usb 1-1: device descriptor read/64, error -71
[ 3103.535649][T20979] 9pnet: Could not find request transport: 0xffffffffffffffff
[ 3103.781548][T11823] usb 1-1: device descriptor read/64, error -71
[ 3103.901884][T11823] usb usb1-port1: attempt power cycle
[ 3104.262997][T20990] loop4: detected capacity change from 0 to 512
[ 3104.302851][T20990] EXT4-fs (loop4): Quota format mount options ignored when QUOTA feature is enabled
[ 3104.311587][T11823] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[ 3104.323521][T20990] EXT4-fs (loop4): mounted filesystem without journal. Opts: barrier,jqfmt=vfsold,noquota,min_batch_time=0x0000000000000010,journal_dev=0x000000000000000d,,errors=continue. Quota mode: writeback.
[ 3104.342648][T20990] ext4 filesystem being mounted at /81/file0 supports timestamps until 2038 (0x7fffffff)
[ 3104.401637][T20990] loop_set_status: loop4 () has still dirty pages (nrpages=2)
[ 3104.481624][T11823] usb 1-1: device descriptor read/8, error -71
[ 3104.751624][T11823] usb 1-1: device descriptor read/8, error -71
[ 3104.776413][T21028] netlink: 'syz.1.14167': attribute type 4 has an invalid length.
[ 3104.797914][T21028] netlink: 'syz.1.14167': attribute type 4 has an invalid length.
[ 3104.801765][T21029] loop0: detected capacity change from 256 to 11
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: repeatedly failed to execute the program
proc=3 req=14143 state=1 status=67 (errno 9: Bad file descriptor)
[ 3104.912337][ T7798] device bridge_slave_1 left promiscuous mode
[ 3104.920996][ T7798] bridge0: port 2(bridge_slave_1) entered disabled state
[ 3104.991763][ T7798] device bridge_slave_0 left promiscuous mode
[ 3104.997756][ T7798] bridge0: port 1(bridge_slave_0) entered disabled state
[ 3105.032518][ T7798] device veth1_macvtap left promiscuous mode
[ 3105.574460][ T7798] tipc: Left network mode
[ 3106.494231][ T7798] device bridge_slave_1 left promiscuous mode
[ 3106.500174][ T7798] bridge0: port 2(bridge_slave_1) entered disabled state
[ 3106.507614][ T7798] device bridge_slave_0 left promiscuous mode
[ 3106.513669][ T7798] bridge0: port 1(bridge_slave_0) entered disabled state
[ 3106.521394][ T7798] device bridge_slave_1 left promiscuous mode
[ 3106.527436][ T7798] bridge0: port 2(bridge_slave_1) entered disabled state
[ 3106.534802][ T7798] device bridge_slave_0 left promiscuous mode
[ 3106.540722][ T7798] bridge0: port 1(bridge_slave_0) entered disabled state
[ 3106.548613][ T7798] device bridge_slave_1 left promiscuous mode
[ 3106.554631][ T7798] bridge0: port 2(bridge_slave_1) entered disabled state
[ 3106.562002][ T7798] device bridge_slave_0 left promiscuous mode
[ 3106.567949][ T7798] bridge0: port 1(bridge_slave_0) entered disabled state
[ 3106.576180][ T7798] device veth1_macvtap left promiscuous mode
[ 3106.582035][ T7798] device veth0_vlan left promiscuous mode
[ 3106.587827][ T7798] device veth1_macvtap left promiscuous mode
[ 3106.593660][ T7798] device veth0_vlan left promiscuous mode