last executing test programs:

3.274707055s ago: executing program 4:
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdirat(r0, &(0x7f0000000040)='./bus\x00', 0x0)
mkdirat(r0, &(0x7f00000002c0)='./file1\x00', 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r1, 0x40086602, &(0x7f0000000140)={0x17f})
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000380), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
setregid(0x0, 0xee00)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@index_on}]})

3.235857071s ago: executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r0}, &(0x7f0000000000), &(0x7f0000000040)=r1}, 0x20)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='ext4_mballoc_prealloc\x00', r2}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='ext4_mballoc_prealloc\x00', r3}, 0x10)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r4, &(0x7f0000000180), 0x2000)

3.205085046s ago: executing program 4:
epoll_create1(0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={0x0}, 0x10)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x70, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
socket$packet(0x11, 0x0, 0x300)
sendmmsg$inet(r0, &(0x7f0000000540)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000001340)="45f9e8e5af9f7e488a1619ea0cd4902570249f1e29b175dfa0d3ae9be1933b972b835f966d432045a33e064403006bdb8ef95b90e76baae34f74778049ff8fa4a59adf7623aaddb922b32dbbfda740b88a07e87eb2cd97c0393db1036a1ec8a376c919cdd0b40dbb899c07f1349c7a1113f57495c795bc7e38166a7bdef463457189549f4b13279fffd050bdfea3477a62d3edea8321a2e98c65330fe7199ca6bee7202aa5a5d56c4ed4c22dbb28cebcaec033c75eb78820ad1d8ceb6f90b569e165002e702e1a2066", 0xc9}], 0x1}}, {{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000004c0)="708a1e780c80493af0ae967732a4a61a80ffa64a3d523ac1e41791691881a9c95e0563d19f19f157684f927f8dbb5c4f55da666e378858421464f4542d3216e2a08fc2c4c06b724b46b2628e6adb4e0ccfc1da20", 0x54}, {&(0x7f0000000640)}], 0x2, &(0x7f0000000840)=[@ip_ttl={{0x14, 0x0, 0x2, 0x401}}, @ip_ttl={{0x14}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x9d}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @broadcast, @private=0xa010101}}}, @ip_ttl={{0x14, 0x0, 0x2, 0x3}}, @ip_retopts={{0x48, 0x0, 0x7, {[@noop, @end, @timestamp_addr={0x44, 0xc, 0x60, 0x1, 0x8, [{@local, 0x3ff}]}, @rr={0x7, 0x7, 0xd5, [@local]}, @timestamp_prespec={0x44, 0x1c, 0xe1, 0x3, 0x4, [{@multicast2, 0x4}, {@private=0xa010102, 0x101}, {@multicast2, 0x1}]}, @ra={0x94, 0x4}]}}}, @ip_ttl={{0x14, 0x0, 0x2, 0xe4}}, @ip_tos_int={{0x14}}, @ip_ttl={{0x14, 0x0, 0x2, 0x6}}], 0x110}}], 0x2, 0x0)
mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x100000d, 0x6031, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000ceb000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
munlock(&(0x7f00001f1000/0x2000)=nil, 0x2000)
munlock(&(0x7f0000ec4000/0x1000)=nil, 0x1000)
munlock(&(0x7f0000ce8000/0x1000)=nil, 0x1000)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
munlockall()
sendto$inet(r0, &(0x7f0000000700)="09268a60fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88ff4f90b1a7511bf746bec66ba1fe92e8615fc3f7af9c3310b39cc2dc3616dcdfaebc65ca325fd99357ed9d11b266a7c88722db6e38df1089394f438cb9fbc08e62754c233cced4a4d4d05a3e5029a01298d3ee87d8a0803a2d26906f42f5b5aaf47d2752a8b23954f309cae13ef250cf76775ddfd153eef2b1a8458a3cb6dc764f19b41c8c61c7305a51a4bfa0c897c7c1f438a851222a5560c0e77b0b5934296bc6f28af87d651f7348a2ba2ca67f930cc655afe0220cbeb79a2a87bba6be2de3e756e674c405bcc51843b4cc75ff7ec38a34d1a2a61f0a1223e69484b5d922b5590758c33317df18c401ff910f9b3f0eaef8b9d928392097a025b0459", 0xfe6a, 0x40040, 0x0, 0xfffffffffffffe93)

3.132898447s ago: executing program 3:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000040)={'sit0\x00', &(0x7f0000000000)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @remote, @local}}}})

3.1096815s ago: executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x2, 0xc}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r2 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r2, 0x0, 0x60, &(0x7f0000000200)={0x0, 'ipvlan1\x00'}, 0x18)

3.089532233s ago: executing program 3:
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, <r2=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r2)
fsetxattr$security_evm(r0, &(0x7f0000000480), &(0x7f00000004c0)=@md5={0x1, "210d2c4159399180746d4758d9ba96d3"}, 0x11, 0x0)

3.079900855s ago: executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000340)='sched_process_wait\x00', r1}, 0x10)
wait4(0x0, 0x0, 0x0, 0x0)

2.955983104s ago: executing program 4:
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="9feb01001800000000000000340000003400000002000000000000000000000d0300000000000000000000010500200080000000"], 0x0, 0x4e}, 0x20)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
write$UHID_CREATE(r0, &(0x7f00000002c0)={0x0, {'syz0\x00', 'syz0\x00', 'syz1\x00', &(0x7f0000000540)=""/32, 0x20}}, 0x120)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1a34, 0x802, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, {0x9}}}]}}]}}, 0x0)
r1 = syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000000085"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000005c0)='rtc_alarm_irq_enable\x00', r2}, 0x10)
ioctl$RTC_UIE_ON(0xffffffffffffffff, 0x7003)
ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x7004, 0x0)
ioctl$AUTOFS_IOC_PROTOVER(r1, 0x8004480b, 0x0)
pipe2(&(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
splice(r5, 0x0, r4, 0x0, 0x6, 0x0)
dup3(r3, r4, 0x0)
ioctl$int_in(r4, 0x5452, &(0x7f0000000100)=0x3ff)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x15, 0x4, 0x80000005, 0x2, 0x0, r4, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x100000, 0x0, 0xfffffffc}, 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000141007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5a)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r7}, 0x10)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x12, r8, 0x0)
fcntl$setstatus(r4, 0x4, 0x7c00)
dup3(r5, r4, 0x0)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYBLOB="14000000020acb"], 0x14}}, 0x0)
pidfd_send_signal(r4, 0x2e, &(0x7f0000000000)={0x23, 0x6, 0x7fffffff}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000b80)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x30, 0xa, [@struct={0x0, 0x1, 0x0, 0x4, 0x0, 0x0, [{0x0, 0x3}]}, @func={0x8}, @restrict={0x0, 0x0, 0x0, 0x9, 0x2}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61]}}, 0x0, 0x52}, 0x20)

2.946736415s ago: executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000440)=0x2, 0x4)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c0000000203050000000000fffffffffffffffd0800010001000000"], 0x1c}}, 0x0)
sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x1c, 0x2, 0x3, 0x401, 0x0, 0x0, {0x0, 0x0, 0x10}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xd, 0x4, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000000000000000000000000000850000004600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000008c0)={'ip6gre0\x00', &(0x7f0000000840)={'syztnl0\x00', 0x0, 0x29, 0xf9, 0x2, 0x5, 0x24, @loopback, @private1, 0x8000, 0x8, 0x7fffffff, 0x1f}})
r3 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), 0xffffffffffffffff)
r4 = socket$inet6(0xa, 0x3, 0x9)
setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, &(0x7f00000000c0)=0x8e98, 0x4)
sendmsg$IPVS_CMD_NEW_SERVICE(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000003800018007000600666f00000800086933000000060001000200000008000500000000000c00070000000000000000000800090000000000"], 0x4c}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$inet6(0xa, 0x3, 0x5)
setsockopt$inet6_int(r5, 0x29, 0x1000000000021, &(0x7f0000000180)=0xffffffc1, 0x4)
sendmmsg(r5, &(0x7f0000001c00)=[{{&(0x7f0000000180)=@l2tp6={0xa, 0x500, 0x0, @mcast2}, 0x80, 0x0}, 0x5b4}, {{&(0x7f0000000200)=@l2tp6={0xa, 0x0, 0x80000, @private0}, 0x80, 0x0}}], 0x2, 0x0)
socket$tipc(0x1e, 0x5, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xc, 0x4, &(0x7f0000000800)=ANY=[@ANYBLOB="b4000000000078787b1928cb9972005a59bc593a48384ac9ef76a70061114c000000000085ffffffff000000"], &(0x7f0000000080)='syzkaller\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x48)
bind$tipc(0xffffffffffffffff, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000007c0)={r6, 0xe0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f00000004c0)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x3, &(0x7f0000000500)=[0x0, 0x0, 0x0], &(0x7f0000000580)=[0x0, 0x0, 0x0], 0x0, 0xfb, &(0x7f00000005c0)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f0000000600), &(0x7f0000000640), 0x8, 0x6b, 0x8, 0x8, &(0x7f0000000680)}}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={<r7=>0xffffffffffffffff})
r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r8}, 0x4)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000510700140000000000000001b7080000000000007b8af8ff00000000b7080000fcffffff7b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r8, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='mm_page_alloc\x00', r9}, 0x10)
recvmsg$unix(r7, &(0x7f0000000240)={0x0, 0x12000000, &(0x7f00000000c0)=[{&(0x7f0000000140)=""/79, 0x8e80}], 0x300}, 0x0)
sendmsg$IPVS_CMD_FLUSH(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x14, r3, 0x1}, 0x14}}, 0x0)

2.888528095s ago: executing program 3:
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(0xffffffffffffffff, 0x40505412, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
getdents64(0xffffffffffffffff, 0x0, 0x2000)
syz_usb_control_io$hid(r0, 0x0, 0x0)

1.960639658s ago: executing program 1:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000c50000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000002c0)='ext4_mballoc_alloc\x00', r0}, 0x10)
mkdir(&(0x7f0000000540)='./file0\x00', 0x0)

1.900197367s ago: executing program 1:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = eventfd(0x0)
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000080)={0x0, 0x0, 0x0, r3})
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
close_range(r0, 0xffffffffffffffff, 0x0)

1.68594857s ago: executing program 1:
r0 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10)
sendmmsg$inet(r0, &(0x7f0000005240), 0x4000095, 0x0)
setsockopt$inet_MCAST_LEAVE_GROUP(r0, 0x0, 0x25, 0x0, 0x0)

1.546317682s ago: executing program 1:
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000002c00)=ANY=[@ANYBLOB="b0"], 0xb0)
getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)=<r3=>0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r4}, 0x10)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000001000)=ANY=[@ANYBLOB="b0"], 0xb0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',privport,access=', @ANYRESDEC=r3])
lstat(&(0x7f0000000d40)='./file0\x00', &(0x7f0000000d80))

1.535894874s ago: executing program 1:
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={0xffffffffffffffff, 0x58, &(0x7f0000000400)}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="9feb01001800000000000000340000003400000002000000000000000000000d03000000000000000000000105002000800000000000000000000003000000000200000002"], 0x0, 0x4e}, 0x20)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x3000490, &(0x7f0000000440)={[{@lazytime}, {@usrjquota}, {@errors_remount}, {@norecovery}, {@nobh}, {@mblk_io_submit}, {@grpquota}, {@delalloc}, {@grpjquota}, {}]}, 0x45, 0x7ac, &(0x7f0000000f80)="$eJzs3c9rHNcdAPDvrFY/7VYqFFr3JCi0BuNV5ap2C4Wq9FAKNRiSc2yxWgtHK63RrowlRGITArkEkpBbcvE5Py8h1/w45JL8H8HGSWQThxyCwuwPaWXtyru2tGvHnw+M9d7MG733nTf75mlnvBvAU2sy/ScTcSwiXksixuvrk4gYrKayEbO1cvc2N/LpksTW1jPfJtUydzc38tG0T+pIPfP7iPjs5YgTmb31ltfWF+eKxcJKPT9VWbo8VV5bP3lpaW6hsFBYPj09M3PqzN/OnD64WL//av3ordf/++f3Z3986XcfvPp5ErNxtL6tOY6DMhmT9WMymB7CXf5z0JX1zUcvdFCo6QzIHmZj6FLaMQP1XjkW4zGwX/+M9rJlAMBheTEittoZaLsFAHiiJbXr/7/63Q4AoFca7wPc3dzIN5b+viPRW7f/HREjtfgb9zdrW7L1e3Yj1fugY3eTXXdGkoiYOID6JyPi7Y+fezdd4pDuQwK0cu16RFyYmNw7/id7nlno1l9ar15ozkzet9H4B73zSTr/+Xur+V9me/4TLeY/wy1euw/jwa//zM0DqKatdP73z6Zn2+41xV83MVDP/ao65xtMLl4qFtKx7dcRcTwGh9P89D51HL/z051225rnf9+98fw7af3pz50SmZvZ4d37zM9V5h4l5ma3r0f8Idsq/nT8H672f9Jm/nuuwzr+949X3mq3LY0/jbex7I3/cG3diPhTy/5Ptssk+z6fOFU9HaYaJ0ULH87GWLv6J7M7/Z8uaf2NvwV6Ie3/sf3jn0ian9csd/yrt58W+/LG+KftCjWf/63jb33+DyXPVtND9XVX5yqVlemIoeT/e9ef2tm3kW+UT+M//sfWr//G+Nfq/E//JrzQ4YHI3vrmvYeP/3Cl8c931f9dJ2Lk3uJAu/o76/+ZXft0Mv512sCHPW4AAAAAAAAAAAAAAAAAAAAAAAAA0I1MRByNJJPbTmcyuVztO7x/G2OZYqlcOXGxtLo8H9Xvyp6IwUzjoy7Hmz4Pdbr+efiN/Kn78n+NiN9ExJvDo9V8Ll8qzvc7eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACoO9Lm+/9TXw/3u3UAwKEZGeh3CwCAHkuy2X43AQDotZGuSo8eWjsAgN7p7voPAPwSuP4DwNPnAdd//w0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAR3Xu7Nl02fphcyOf5uevrK0ulq6cnC+UF3NLq/lcvrRyObdQKi0UC7l8aantL7pW+1EslS7PxPLq1alKoVyZKq+tn18qrS5Xzl9amlsonC8M9iwyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOhceW19ca5YLKxI9CWx+EWtHx6X9kh0l4hrtf57XNpzcIkY2hklRvszOAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8AX4OAAD//1N1IyI=")
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x1c, 0x2, 0x3, 0x5, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x1c, 0x2, 0x3, 0x401, 0x0, 0x0, {0x0, 0x0, 0x10}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0)
sendmsg$NFQNL_MSG_VERDICT(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=ANY=[@ANYBLOB="200000000303010346a3ba7a00000000000070"], 0x20}}, 0x0)
creat(&(0x7f0000002000)='./file3\x00', 0x0)

1.476551342s ago: executing program 0:
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000003200)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f7fc70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cb64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f440af2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719a674e802a0d42bc6099ad238af770b5ed8925161729298700000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea00020000cf4591c926abfb076719237c8d0e60b0eea24490a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb72fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28d5271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1fcff7a1ef3282830689da6b53b263339863297771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969cc1595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d4173731efe895ff2e1c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6d372ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee99de7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8e3070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2eaa6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000100000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750890ae71555b3228b1bd627e87306703be8672d70d1ab57075228a9f46ed90868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e0700000005bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba68df304a8bd66fcdf240430a537a395dc73bda1b7bf12cb2d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0d482ac3750e0170da9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422636f949e2ab8f162d7e3f855e378f4a1f40bc96fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e73970413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c28fd4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d25f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5001000000006065d6735eb7a00e127c0000000000000000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f5054b078acd74b4a9c944e4505da485a3a4154387a0a88370d9ed9467b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7e661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428713b4218821176d8067997527230fa67d26950d3e4f2750fa7c8720000000001000000b08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a8d5bb7f5f1028453a0562a3ea93117076dd4940b7df50d78289fe66197525f6095f8662d232970bef61b03fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9f74257c7c4a23ac4a34eec5aa17e78c5167216f5e72138d20f8325dd5f8f96c32189c904eaef580987f1ce601a7cdc35461db9981ac42f9e24b0699bbe4e3d986e38952b0b7938eefd9e7a292bbb66367ad77045fdc18855c81c031dedd185c723238373eaea36546791d04f1f0da240455a0980b1882f31ed190233d58ecee949e310bf2b1a51b8a33ae65a06d2b6ad386bf8dc49dd328bcd75d1843a13d68560175a18af7efc3c0f20e32f84f6aaaf000000000000000000000013a6c66bce74a8fb9092023df695da2714a7933d699d42de2bc4a85e0a0e22228290a7a7553ab93a16e42453ed86869a02df2f47d4088fac1772d3cd955c81cbf91c2ca7942942f61723b558079b82547844f92df2499c4b2c2ef2539e5daa8d8727baaa6b5755e6f83bbfca005d0000000000000000001a462fe02852f49e1fb5f1fec6893f9ae8af00"/3232], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff7e}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f00000003c0))
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
timer_create(0x0, &(0x7f0000000100)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r2=>0x0)
timer_settime(r2, 0x0, &(0x7f0000000140)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0)

1.412796973s ago: executing program 1:
syz_btf_id_by_name$bpf_lsm(0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(0xffffffffffffffff, 0x8008f511, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x8}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000500)={{r3}, &(0x7f0000000400), &(0x7f00000004c0)=r4}, 0x20)
socket$nl_route(0x10, 0x3, 0x0)
syz_usb_connect$cdc_ecm(0x0, 0x66, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000020000402505a1a4400001020301090254000101000000090400000002060000052406000005240000000d240f01000000000000000000152412"], 0x0)
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000280)={'wg2\x00'})
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48)

1.024784872s ago: executing program 4:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0x5}, 0x48)
gettid()
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000280)=ANY=[@ANYRES8=r0, @ANYRES8=r0, @ANYRES16=r0, @ANYRES16=r1, @ANYRES64=r1, @ANYRES8=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='itimer_state\x00', r3}, 0x10)
r4 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
fcntl$setstatus(r4, 0x4, 0x46802)
io_setup(0x1, &(0x7f0000000000))
r5 = open(&(0x7f0000000780)='./bus\x00', 0x14507e, 0x0)
fallocate(r5, 0x0, 0x0, 0x8800000)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r6, &(0x7f0000000040)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe)
listen(r6, 0x0)
setitimer(0x0, 0x0, 0x0)
r7 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
fsmount(r7, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x4, 0x0, 0x30}, 0x48)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r8, 0x89f0, &(0x7f0000000900)={'bridge0\x00', @random='\x00\x00\x00 \x00'})

1.001278836s ago: executing program 2:
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/\x00et/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44\x8cm\xa0\x8dN\xd4\xa2\x88\x00\xd1l,'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
fchdir(r0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000700)='.\x00', 0x0, 0x0)
getdents(r1, &(0x7f0000000180)=""/59, 0x3b)
getdents(r1, 0xfffffffffffffffd, 0x58)

985.544138ms ago: executing program 2:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000180)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x5, [@struct={0x2, 0x0, 0x0, 0x13, 0x0, 0x2}]}, {0x0, [0x0, 0x61, 0x2e]}}, &(0x7f0000000080)=""/221, 0x29, 0xdd, 0x1}, 0x20)

975.46487ms ago: executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @remote})
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0))
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @random="0106002010ff"})
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, &(0x7f0000000540)=@v2={0x2, @aes256, 0x0, '\x00', @c})
syz_mount_image$fuse(0x0, &(0x7f0000000440)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000680)=ANY=[@ANYBLOB, @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x0, 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r5, 0x800c6613, &(0x7f0000000000)=@v1={0x0, @adiantum, 0x0, @desc1})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)

648.687711ms ago: executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd600a847500140600fe8000000000000000000000000000bb", @ANYRES32=0x41424344], 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000327000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000ec0)=[{{&(0x7f0000000300)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c, &(0x7f00000002c0)=[{&(0x7f0000000100)}], 0x1}}], 0x1, 0x0)
getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x0, 0x0, &(0x7f0000000000))
ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f0000000240)={0x20, 0x4})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

632.591153ms ago: executing program 0:
r0 = syz_open_dev$evdev(&(0x7f0000000140), 0x0, 0x0)
ioctl$EVIOCREVOKE(r0, 0x40044591, 0x0)
read(r0, &(0x7f0000000180)=""/215, 0xd7)

608.342597ms ago: executing program 0:
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000002c00)=ANY=[@ANYBLOB="b0"], 0xb0)
getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)=<r3=>0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r4}, 0x10)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000001000)=ANY=[@ANYBLOB="b0"], 0xb0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',privport,access=', @ANYRESDEC=r3])
lstat(&(0x7f0000000d40)='./file0\x00', &(0x7f0000000d80))

595.192878ms ago: executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x6, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='qdisc_create\x00', r1}, 0x10)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={'pim6reg1\x00', 0x2})
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='qdisc_create\x00', r3}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000140)={'pim6reg1\x00', @broadcast})

529.477159ms ago: executing program 0:
unshare(0x22020400)
unshare(0x20000)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000003c0)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
chmod(0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
setxattr$incfs_size(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140), 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000010850000008200000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0xfca804a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
lremovexattr(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)=@known='user.incfs.size\x00')
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000340), 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x5, &(0x7f0000000100)=@framed={{}, [@map_val={0x18, 0x0, 0x2, 0x0, r2}]}, &(0x7f0000000140)='syzkaller\x00', 0x4, 0xd5, &(0x7f0000000340)=""/213}, 0x90)

509.979782ms ago: executing program 0:
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="9feb01001800000000000000340000003400000002000000000000000000000d0300000000000000000000010500200080000000"], 0x0, 0x4e}, 0x20)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
write$UHID_CREATE(r0, &(0x7f00000002c0)={0x0, {'syz0\x00', 'syz0\x00', 'syz1\x00', &(0x7f0000000540)=""/32, 0x20}}, 0x120)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1a34, 0x802, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, {0x9}}}]}}]}}, 0x0)
r1 = syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000000085"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000005c0)='rtc_alarm_irq_enable\x00', r2}, 0x10)
ioctl$RTC_UIE_ON(0xffffffffffffffff, 0x7003)
ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x7004, 0x0)
ioctl$AUTOFS_IOC_PROTOVER(r1, 0x8004480b, 0x0)
pipe2(&(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
splice(r5, 0x0, r4, 0x0, 0x6, 0x0)
dup3(r3, r4, 0x0)
ioctl$int_in(r4, 0x5452, &(0x7f0000000100)=0x3ff)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x15, 0x4, 0x80000005, 0x2, 0x0, r4, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x100000, 0x0, 0xfffffffc}, 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000141007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5a)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r7}, 0x10)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x12, r8, 0x0)
fcntl$setstatus(r4, 0x4, 0x7c00)
dup3(r5, r4, 0x0)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYBLOB="14000000020acb"], 0x14}}, 0x0)
pidfd_send_signal(r4, 0x2e, &(0x7f0000000000)={0x23, 0x6, 0x7fffffff}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000b80)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x30, 0xa, [@struct={0x0, 0x1, 0x0, 0x4, 0x0, 0x0, [{0x0, 0x3}]}, @func={0x8}, @restrict={0x0, 0x0, 0x0, 0x9, 0x2}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61]}}, 0x0, 0x52}, 0x20)

73.720789ms ago: executing program 2:
r0 = userfaultfd(0x80001)
r1 = io_uring_setup(0x109b, &(0x7f0000000000))
r2 = eventfd(0x0)
io_uring_register$IORING_REGISTER_EVENTFD(r1, 0x4, &(0x7f0000000200)=r2, 0x1)
dup3(r0, r1, 0x0)

18.091508ms ago: executing program 2:
r0 = socket$inet6(0xa, 0x3, 0x6)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000100)={@loopback, 0x800, 0x0, 0x2000000000903, 0x1}, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@dev, 0x0, 0x0, 0x3, 0x1}, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000100)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x800, 0x0, 0x2, 0xa}, 0x20)

0s ago: executing program 2:
syz_mount_image$erofs(&(0x7f0000000140), &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="00157ed0"], 0x1, 0x178, &(0x7f0000000240)="$eJzslL9OAkEQxr/dQxDjE9hYSCIWHneHGhsKGisLE/8QCxOJnAQ9xMAVQmLhE/gMFr6Htj6EQRttsNL6zN4u3Gr4Y0yUGOdXzH17Ozs3O5d8IAji3/L48NYOXnNPBoBppJBQ75+NKIdr+feTL+e362uFy73ru0TbTParGQRf/34MwE3egN87+/F0Sj23wHt6GxwLShfAYCq9D44dpV0w7Cp9pOmayDfNw4rnmgc1rySEJYItgiNC9nN/nQuGktYf0/YbzdZx0fPc+g+KUfPr5DlyWn/6/+rOxtLmZ4PDVjoLhk2lV5HozkaORLv/TCyqb/zy/UmQIPHXRORPwRXDvOZPMc0/Mn71NNNothYr1WLZLbsnjpNdsZYsa9nJhEYk4xD/S4b+NKXVnxiQG2dxnBV9v27L2Fs7MvZzXB76H0d6Tq6F98cHdiP3mTrHQpU2hqQTBEGMjVmw0DNH4GyMu1GCIAiCIAiCIAiCIL7NewAAAP//Lt94Bg==")
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="f00000001a000000000000000000000000e000000200000000000000000000000000000000000000000000000008000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000007f00000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00"/167], 0xf0}}, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_opts(r0, 0x29, 0x4d, &(0x7f0000000200)=ANY=[@ANYBLOB="96"], 0x8)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
recvmsg(r0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x40000122)
sendto$inet6(r1, &(0x7f0000000300), 0x5aa, 0x0, 0x0, 0xfffffffffffffdfd)

kernel console output (not intermixed with test programs):

 } for  pid=83 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[   32.639700][   T28] audit: type=1400 audit(1718292131.081:130): avc:  denied  { read } for  pid=439 comm="syz-executor.2" name="binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[   32.663049][   T28] audit: type=1400 audit(1718292131.081:131): avc:  denied  { open } for  pid=439 comm="syz-executor.2" path="/dev/binderfs/binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[   32.689587][   T28] audit: type=1400 audit(1718292131.091:132): avc:  denied  { ioctl } for  pid=439 comm="syz-executor.2" path="/dev/binderfs/binder0" dev="binder" ino=7 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[   32.733345][   T28] audit: type=1400 audit(1718292131.091:133): avc:  denied  { set_context_mgr } for  pid=439 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[   32.756917][   T28] audit: type=1400 audit(1718292131.161:134): avc:  denied  { map } for  pid=439 comm="syz-executor.2" path="/dev/binderfs/binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[   32.787748][   T28] audit: type=1400 audit(1718292131.161:135): avc:  denied  { call } for  pid=439 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[   32.830578][  T460] loop1: detected capacity change from 0 to 1024
[   32.845061][  T460] EXT4-fs: Ignoring removed oldalloc option
[   32.850744][  T458] device syzkaller0 entered promiscuous mode
[   32.853339][  T460] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   32.889141][  T466] loop3: detected capacity change from 0 to 16
[   32.897362][  T466] erofs: (device loop3): mounted with root inode @ nid 36.
[   32.907226][   T28] audit: type=1400 audit(1718292131.341:136): avc:  denied  { read } for  pid=442 comm="syz-executor.3" name="file3" dev="loop3" ino=89 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   32.911888][   T47] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -41 in[4096, 0] out[9000]
[   33.424206][  T466] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -41 in[4096, 0] out[8192]
[   33.589008][  T347] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   33.598277][   T28] audit: type=1400 audit(1718292131.341:137): avc:  denied  { open } for  pid=442 comm="syz-executor.3" path="/root/syzkaller-testdir768007717/syzkaller.eeeKrp/6/file0/file3" dev="loop3" ino=89 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   33.626934][  T460] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[   33.639589][   T28] audit: type=1400 audit(1718292132.081:138): avc:  denied  { mounton } for  pid=459 comm="syz-executor.1" path="/root/syzkaller-testdir133311814/syzkaller.UD4uuL/9/file1/file0" dev="loop1" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   33.688090][  T348] EXT4-fs error (device loop1): ext4_readdir:260: inode #11: block 32: comm syz-executor.1: path /root/syzkaller-testdir133311814/syzkaller.UD4uuL/9/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[   33.713084][   T28] audit: type=1400 audit(1718292132.151:139): avc:  denied  { remove_name } for  pid=83 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   33.719126][  T348] EXT4-fs error (device loop1): ext4_empty_dir:3099: inode #11: block 32: comm syz-executor.1: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[   33.759002][  T301] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   33.767282][  T348] EXT4-fs warning (device loop1): ext4_empty_dir:3101: inode #11: comm syz-executor.1: directory missing '.'
[   33.779813][  T348] EXT4-fs error (device loop1): ext4_readdir:260: inode #11: block 32: comm syz-executor.1: path /root/syzkaller-testdir133311814/syzkaller.UD4uuL/9/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[   33.806608][  T348] EXT4-fs error (device loop1): ext4_empty_dir:3099: inode #11: block 32: comm syz-executor.1: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[   33.806764][  T348] EXT4-fs warning (device loop1): ext4_empty_dir:3101: inode #11: comm syz-executor.1: directory missing '.'
[   33.838018][  T348] EXT4-fs error (device loop1): ext4_readdir:260: inode #11: block 32: comm syz-executor.1: path /root/syzkaller-testdir133311814/syzkaller.UD4uuL/9/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[   33.838439][  T348] EXT4-fs error (device loop1): ext4_empty_dir:3099: inode #11: block 32: comm syz-executor.1: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[   33.884300][  T348] EXT4-fs warning (device loop1): ext4_empty_dir:3101: inode #11: comm syz-executor.1: directory missing '.'
[   33.884439][  T348] EXT4-fs error (device loop1): ext4_readdir:260: inode #11: block 32: comm syz-executor.1: path /root/syzkaller-testdir133311814/syzkaller.UD4uuL/9/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[   33.923612][  T348] EXT4-fs error (device loop1): ext4_empty_dir:3099: inode #11: block 32: comm syz-executor.1: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[   33.923925][  T348] EXT4-fs warning (device loop1): ext4_empty_dir:3101: inode #11: comm syz-executor.1: directory missing '.'
[   33.924057][  T348] EXT4-fs error (device loop1): ext4_readdir:260: inode #11: block 32: comm syz-executor.1: path /root/syzkaller-testdir133311814/syzkaller.UD4uuL/9/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[   33.982430][  T348] EXT4-fs error (device loop1): ext4_empty_dir:3099: inode #11: block 32: comm syz-executor.1: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[   34.002730][  T348] EXT4-fs warning (device loop1): ext4_empty_dir:3101: inode #11: comm syz-executor.1: directory missing '.'
[   34.018302][  T348] EXT4-fs warning (device loop1): ext4_empty_dir:3101: inode #11: comm syz-executor.1: directory missing '.'
[   34.030782][  T478] bridge0: port 1(bridge_slave_0) entered disabled state
[   34.030846][  T348] EXT4-fs warning (device loop1): ext4_empty_dir:3101: inode #11: comm syz-executor.1: directory missing '.'
[   34.049887][  T301] usb 3-1: Using ep0 maxpacket: 8
[   34.055626][  T348] EXT4-fs warning (device loop1): ext4_empty_dir:3101: inode #11: comm syz-executor.1: directory missing '.'
[   34.070124][  T347] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   34.071302][  T348] EXT4-fs warning (device loop1): ext4_empty_dir:3101: inode #11: comm syz-executor.1: directory missing '.'
[   34.092824][  T348] EXT4-fs warning (device loop1): ext4_empty_dir:3101: inode #11: comm syz-executor.1: directory missing '.'
[   34.189055][  T301] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[   34.191038][  T348] EXT4-fs (loop1): unmounting filesystem.
[   34.198073][  T301] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   34.212147][  T301] usb 3-1: config 0 descriptor??
[   34.279038][  T347] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   34.289129][  T347] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   34.297327][  T347] usb 1-1: Product: syz
[   34.301638][  T347] usb 1-1: Manufacturer: syz
[   34.306153][  T347] usb 1-1: SerialNumber: syz
[   34.338690][  T484] bridge0: port 1(bridge_slave_0) entered blocking state
[   34.345565][  T484] bridge0: port 1(bridge_slave_0) entered disabled state
[   34.353192][  T484] device bridge_slave_0 entered promiscuous mode
[   34.362301][  T484] bridge0: port 2(bridge_slave_1) entered blocking state
[   34.369235][  T484] bridge0: port 2(bridge_slave_1) entered disabled state
[   34.376747][  T484] device bridge_slave_1 entered promiscuous mode
[   34.419228][  T484] bridge0: port 2(bridge_slave_1) entered blocking state
[   34.426162][  T484] bridge0: port 2(bridge_slave_1) entered forwarding state
[   34.433645][  T484] bridge0: port 1(bridge_slave_0) entered blocking state
[   34.440948][  T484] bridge0: port 1(bridge_slave_0) entered forwarding state
[   34.461878][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   34.469882][   T40] bridge0: port 1(bridge_slave_0) entered disabled state
[   34.477167][   T40] bridge0: port 2(bridge_slave_1) entered disabled state
[   34.488211][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   34.496461][  T331] bridge0: port 1(bridge_slave_0) entered blocking state
[   34.503893][  T331] bridge0: port 1(bridge_slave_0) entered forwarding state
[   34.515722][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   34.525203][   T40] bridge0: port 2(bridge_slave_1) entered blocking state
[   34.532262][   T40] bridge0: port 2(bridge_slave_1) entered forwarding state
[   34.556132][  T470] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   34.564413][  T470] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   34.582091][  T470] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   34.591364][  T470] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   34.600268][  T470] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   34.607426][  T470] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   34.615065][  T484] device veth0_vlan entered promiscuous mode
[   34.628706][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   34.638401][  T484] device veth1_macvtap entered promiscuous mode
[   34.647998][  T470] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   34.658270][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   34.709194][  T502] syz-executor.1[502] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   34.709268][  T502] syz-executor.1[502] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   34.769849][   T10] device bridge_slave_1 left promiscuous mode
[   34.788700][   T10] bridge0: port 2(bridge_slave_1) entered disabled state
[   34.796741][   T10] device bridge_slave_0 left promiscuous mode
[   34.803499][   T10] bridge0: port 1(bridge_slave_0) entered disabled state
[   34.812277][   T10] device veth1_macvtap left promiscuous mode
[   34.818264][   T10] device veth0_vlan left promiscuous mode
[   34.948624][  T528] syz-executor.1[528] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   34.948674][  T528] syz-executor.1[528] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   35.005965][  T534] loop1: detected capacity change from 0 to 512
[   35.031470][  T534] EXT4-fs (loop1): 1 orphan inode deleted
[   35.037288][  T534] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   35.046420][  T534] ext4 filesystem being mounted at /root/syzkaller-testdir246389248/syzkaller.cTcYdl/18/file1 supports timestamps until 2038 (0x7fffffff)
[   35.216247][  T538] syz-executor.1[538] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   35.216586][  T538] syz-executor.1[538] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   35.419042][  T347] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[   35.437008][  T347] cdc_ncm 1-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[   35.444692][  T347] cdc_ncm 1-1:1.0: setting rx_max = 2048
[   35.649186][  T347] cdc_ncm 1-1:1.0: setting tx_max = 184
[   35.657472][  T347] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[   35.683919][  T347] usb 1-1: USB disconnect, device number 2
[   35.690283][  T347] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
[   35.873176][  T552] loop3: detected capacity change from 0 to 131072
[   35.884583][  T484] EXT4-fs (loop1): unmounting filesystem.
[   35.896778][  T552] F2FS-fs (loop3): Unrecognized mount option "whint_mode=user-based" or missing value
[   36.117038][  T587] loop1: detected capacity change from 0 to 256
[   36.329998][  T592] loop0: detected capacity change from 0 to 1024
[   36.336675][  T592] EXT4-fs: Ignoring removed oldalloc option
[   36.349935][  T592] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   36.370735][  T592] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   36.387975][  T312] EXT4-fs error (device loop0): ext4_readdir:260: inode #11: block 32: comm syz-executor.0: path /root/syzkaller-testdir2631811384/syzkaller.sh7loz/5/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[   36.414953][  T312] EXT4-fs error (device loop0): ext4_empty_dir:3099: inode #11: block 32: comm syz-executor.0: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[   36.434929][  T312] EXT4-fs warning (device loop0): ext4_empty_dir:3101: inode #11: comm syz-executor.0: directory missing '.'
[   36.447419][  T312] EXT4-fs error (device loop0): ext4_readdir:260: inode #11: block 32: comm syz-executor.0: path /root/syzkaller-testdir2631811384/syzkaller.sh7loz/5/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[   36.474027][  T312] EXT4-fs error (device loop0): ext4_empty_dir:3099: inode #11: block 32: comm syz-executor.0: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[   36.494033][  T312] EXT4-fs warning (device loop0): ext4_empty_dir:3101: inode #11: comm syz-executor.0: directory missing '.'
[   36.506109][  T312] EXT4-fs error (device loop0): ext4_readdir:260: inode #11: block 32: comm syz-executor.0: path /root/syzkaller-testdir2631811384/syzkaller.sh7loz/5/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[   36.532489][  T312] EXT4-fs error (device loop0): ext4_empty_dir:3099: inode #11: block 32: comm syz-executor.0: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[   36.553099][  T312] EXT4-fs warning (device loop0): ext4_empty_dir:3101: inode #11: comm syz-executor.0: directory missing '.'
[   36.566091][  T312] EXT4-fs error (device loop0): ext4_readdir:260: inode #11: block 32: comm syz-executor.0: path /root/syzkaller-testdir2631811384/syzkaller.sh7loz/5/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[   36.592266][  T312] EXT4-fs error (device loop0): ext4_empty_dir:3099: inode #11: block 32: comm syz-executor.0: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[   36.612189][  T312] EXT4-fs warning (device loop0): ext4_empty_dir:3101: inode #11: comm syz-executor.0: directory missing '.'
[   36.624296][  T312] EXT4-fs error (device loop0): ext4_readdir:260: inode #11: block 32: comm syz-executor.0: path /root/syzkaller-testdir2631811384/syzkaller.sh7loz/5/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[   36.651165][  T312] EXT4-fs error (device loop0): ext4_empty_dir:3099: inode #11: block 32: comm syz-executor.0: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[   36.670727][  T312] EXT4-fs warning (device loop0): ext4_empty_dir:3101: inode #11: comm syz-executor.0: directory missing '.'
[   36.682855][  T312] EXT4-fs warning (device loop0): ext4_empty_dir:3101: inode #11: comm syz-executor.0: directory missing '.'
[   36.696409][  T312] EXT4-fs warning (device loop0): ext4_empty_dir:3101: inode #11: comm syz-executor.0: directory missing '.'
[   36.708673][  T312] EXT4-fs warning (device loop0): ext4_empty_dir:3101: inode #11: comm syz-executor.0: directory missing '.'
[   36.720778][  T312] EXT4-fs warning (device loop0): ext4_empty_dir:3101: inode #11: comm syz-executor.0: directory missing '.'
[   36.733230][  T312] EXT4-fs warning (device loop0): ext4_empty_dir:3101: inode #11: comm syz-executor.0: directory missing '.'
[   36.821559][  T312] EXT4-fs (loop0): unmounting filesystem.
[   36.878870][  T612] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.1'.
[   36.949212][  T613] bridge0: port 1(bridge_slave_0) entered blocking state
[   36.956335][  T613] bridge0: port 1(bridge_slave_0) entered disabled state
[   36.964249][  T613] device bridge_slave_0 entered promiscuous mode
[   36.971141][  T613] bridge0: port 2(bridge_slave_1) entered blocking state
[   36.978083][  T613] bridge0: port 2(bridge_slave_1) entered disabled state
[   36.986100][  T613] device bridge_slave_1 entered promiscuous mode
[   37.028061][  T613] bridge0: port 2(bridge_slave_1) entered blocking state
[   37.035236][  T613] bridge0: port 2(bridge_slave_1) entered forwarding state
[   37.042473][  T613] bridge0: port 1(bridge_slave_0) entered blocking state
[   37.049558][  T613] bridge0: port 1(bridge_slave_0) entered forwarding state
[   37.071851][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   37.079440][  T331] bridge0: port 1(bridge_slave_0) entered disabled state
[   37.086522][  T331] bridge0: port 2(bridge_slave_1) entered disabled state
[   37.099009][  T301] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[   37.109104][  T301] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0088: ffffffb9
[   37.119943][  T301] asix: probe of 3-1:0.0 failed with error -71
[   37.126657][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   37.129206][  T301] usb 3-1: USB disconnect, device number 2
[   37.135045][  T331] bridge0: port 1(bridge_slave_0) entered blocking state
[   37.147019][  T331] bridge0: port 1(bridge_slave_0) entered forwarding state
[   37.155416][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   37.163787][    T6] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   37.171328][  T331] bridge0: port 2(bridge_slave_1) entered blocking state
[   37.178347][  T331] bridge0: port 2(bridge_slave_1) entered forwarding state
[   37.185675][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   37.193946][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   37.212267][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   37.223234][  T613] device veth0_vlan entered promiscuous mode
[   37.230736][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   37.238445][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   37.246131][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   37.259047][  T613] device veth1_macvtap entered promiscuous mode
[   37.268984][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   37.277090][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   37.285368][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   37.307835][  T620] overlayfs: upper fs does not support tmpfile.
[   37.359714][  T391] device bridge_slave_1 left promiscuous mode
[   37.365763][  T391] bridge0: port 2(bridge_slave_1) entered disabled state
[   37.373524][  T391] device bridge_slave_0 left promiscuous mode
[   37.380059][  T391] bridge0: port 1(bridge_slave_0) entered disabled state
[   37.388191][  T391] device veth1_macvtap left promiscuous mode
[   37.394290][  T391] device veth0_vlan left promiscuous mode
[   37.419044][    T6] usb 2-1: Using ep0 maxpacket: 16
[   37.579014][    T6] usb 2-1: config 0 has an invalid interface number: 2 but max is 0
[   37.587508][    T6] usb 2-1: config 0 has no interface number 0
[   37.594578][    T6] usb 2-1: config 0 interface 2 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024
[   37.612532][  T635] loop0: detected capacity change from 0 to 256
[   38.053153][    T6] usb 2-1: New USB device found, idVendor=0582, idProduct=0005, bcdDevice= 0.88
[   38.062138][    T6] usb 2-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[   38.070111][    T6] usb 2-1: Product: syz
[   38.074173][    T6] usb 2-1: SerialNumber: syz
[   38.083255][    T6] usb 2-1: config 0 descriptor??
[   38.099156][  T612] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[   38.206997][   T28] kauditd_printk_skb: 46 callbacks suppressed
[   38.207012][   T28] audit: type=1400 audit(1718292136.269:186): avc:  denied  { create } for  pid=649 comm="syz-executor.3" anonclass=[userfaultfd] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[   38.234587][   T28] audit: type=1400 audit(1718292136.269:187): avc:  denied  { ioctl } for  pid=649 comm="syz-executor.3" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=16545 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[   38.294827][  T653] overlayfs: invalid redirect ((null))
[   38.312793][   T28] audit: type=1400 audit(1718292136.379:188): avc:  denied  { read } for  pid=649 comm="syz-executor.3" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=16545 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[   38.389722][   T28] audit: type=1400 audit(1718292136.459:189): avc:  denied  { write } for  pid=611 comm="syz-executor.1" name="001" dev="devtmpfs" ino=144 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[   38.471258][  T671] loop0: detected capacity change from 0 to 512
[   38.477993][  T671] EXT4-fs: Ignoring removed orlov option
[   38.488221][  T671] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   38.501357][  T671] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=6040e09c, mo2=0002]
[   38.509437][  T671] System zones: 1-12
[   38.514255][  T671] EXT4-fs error (device loop0): ext4_orphan_get:1396: inode #15: comm syz-executor.0: casefold flag without casefold feature
[   38.528062][  T671] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #12: comm syz-executor.0: missing EA_INODE flag
[   38.540173][  T671] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor.0: error while reading EA inode 12 err=-117
[   38.555740][  T671] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2810: Unable to expand inode 15. Delete some EAs or run e2fsck.
[   38.568741][  T671] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #12: comm syz-executor.0: missing EA_INODE flag
[   38.581371][  T671] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor.0: error while reading EA inode 12 err=-117
[   38.609115][   T28] audit: type=1400 audit(1718292136.659:190): avc:  denied  { create } for  pid=675 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   38.628830][   T28] audit: type=1400 audit(1718292136.659:191): avc:  denied  { listen } for  pid=675 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   38.656265][  T671] EXT4-fs (loop0): 1 orphan inode deleted
[   38.665760][   T28] audit: type=1400 audit(1718292136.729:192): avc:  denied  { create } for  pid=675 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[   38.671062][  T671] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   38.691513][   T28] audit: type=1400 audit(1718292136.729:193): avc:  denied  { write } for  pid=675 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[   38.718512][   T28] audit: type=1400 audit(1718292136.729:194): avc:  denied  { nlmsg_read } for  pid=675 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[   38.744867][  T613] EXT4-fs (loop0): unmounting filesystem.
[   38.918788][  T693] loop2: detected capacity change from 0 to 256
[   39.462538][  T706] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[   39.473920][   T28] audit: type=1400 audit(1718292137.549:195): avc:  denied  { ioctl } for  pid=705 comm="syz-executor.3" path="socket:[16698]" dev="sockfs" ino=16698 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   39.508848][  T711] loop3: detected capacity change from 0 to 512
[   39.521107][  T711] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[   39.530030][  T711] ext4 filesystem being mounted at /root/syzkaller-testdir768007717/syzkaller.eeeKrp/36/file0 supports timestamps until 2038 (0x7fffffff)
[   39.620101][  T315] EXT4-fs (loop3): unmounting filesystem.
[   39.693465][  T720] tipc: Started in network mode
[   39.698551][  T720] tipc: Node identity 2007ff, cluster identity 4711
[   39.706764][  T720] tipc: Node number set to 2099199
[   39.746264][  T724] loop3: detected capacity change from 0 to 512
[   39.753291][  T724] EXT4-fs: Ignoring removed orlov option
[   39.762978][  T724] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   39.775970][  T724] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=6040e09c, mo2=0002]
[   39.784530][  T724] System zones: 1-12
[   39.790149][  T724] EXT4-fs error (device loop3): ext4_orphan_get:1396: inode #15: comm syz-executor.3: casefold flag without casefold feature
[   39.804247][  T724] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #12: comm syz-executor.3: missing EA_INODE flag
[   39.816462][  T724] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor.3: error while reading EA inode 12 err=-117
[   39.829684][  T724] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #12: comm syz-executor.3: missing EA_INODE flag
[   39.841948][  T724] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor.3: error while reading EA inode 12 err=-117
[   39.855045][  T724] EXT4-fs (loop3): 1 orphan inode deleted
[   39.862536][  T724] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[   39.898214][  T315] EXT4-fs (loop3): unmounting filesystem.
[   39.909833][    T6] usb 2-1: invalid MIDI in EP 0
[   39.922027][    T6] snd-usb-audio: probe of 2-1:0.2 failed with error -22
[   39.933333][  T450] udevd[450]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.2/sound/card0/controlC0/../uevent} for writing: No such file or directory
[   39.950297][    T6] usb 2-1: USB disconnect, device number 2
[   39.997424][  T716] loop2: detected capacity change from 0 to 131072
[   40.031694][  T716] F2FS-fs (loop2): Unrecognized mount option "whint_mode=user-based" or missing value
[   40.348314][  T743] loop2: detected capacity change from 0 to 256
[   40.474599][  T739] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[   40.567562][  T750] loop0: detected capacity change from 0 to 512
[   40.686791][  T750] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[   40.688313][  T756] tipc: Started in network mode
[   40.700946][  T750] ext4 filesystem being mounted at /root/syzkaller-testdir3199718946/syzkaller.8VsPWr/13/file0 supports timestamps until 2038 (0x7fffffff)
[   40.701596][  T756] tipc: Node identity 2007ff, cluster identity 4711
[   40.721542][  T756] tipc: Node number set to 2099199
[   40.756046][  T758] loop1: detected capacity change from 0 to 512
[   40.782424][  T758] EXT4-fs (loop1): VFS: Can't find ext4 filesystem
[   40.807812][  T613] EXT4-fs (loop0): unmounting filesystem.
[   40.856510][  T767] loop1: detected capacity change from 0 to 1024
[   40.877937][  T767] EXT4-fs: Ignoring removed oldalloc option
[   40.878365][  T770] loop3: detected capacity change from 0 to 512
[   40.891527][  T767] EXT4-fs: Mount option(s) incompatible with ext2
[   40.891979][  T770] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   40.921893][  T770] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   40.945765][  T774] device dummy0 entered promiscuous mode
[   40.951569][  T774] device vlan2 entered promiscuous mode
[   40.958370][  T774] device dummy0 left promiscuous mode
[   40.972563][  T770] EXT4-fs (loop3): 1 truncate cleaned up
[   40.996271][  T770] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[   41.007418][  T770] EXT4-fs (loop3): unmounting filesystem.
[   41.019647][  T766] kvm [765]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0x186 data 0x10df00000800
[   41.203669][  T780] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[   41.213718][  T782] loop2: detected capacity change from 0 to 40427
[   41.220850][  T782] F2FS-fs (loop2): Small segment_count (9 < 1 * 24)
[   41.230736][  T782] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[   41.255130][  T782] F2FS-fs (loop2): Found nat_bits in checkpoint
[   41.355602][  T782] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[   41.363477][  T782] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   41.386821][  T314] syz-executor.2: attempt to access beyond end of device
[   41.386821][  T314] loop2: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[   41.756606][  T796] loop2: detected capacity change from 0 to 512
[   41.783974][  T796] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[   41.793988][  T796] ext4 filesystem being mounted at /root/syzkaller-testdir1476674675/syzkaller.M5N424/28/file0 supports timestamps until 2038 (0x7fffffff)
[   41.847723][  T314] EXT4-fs (loop2): unmounting filesystem.
[   41.870409][  T805] loop2: detected capacity change from 0 to 512
[   41.888665][  T805] EXT4-fs (loop2): VFS: Can't find ext4 filesystem
[   41.902126][  T809] loop0: detected capacity change from 0 to 1024
[   41.911858][  T809] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[   41.956495][  T814] loop2: detected capacity change from 0 to 2048
[   41.964237][  T613] EXT4-fs (loop0): unmounting filesystem.
[   41.984034][  T814] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[   42.001740][  T814] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.2: corrupted in-inode xattr
[   42.051959][  T314] EXT4-fs error (device loop2): ext4_map_blocks:607: inode #2: block 16: comm syz-executor.2: lblock 0 mapped to illegal pblock 16 (length 1)
[   42.082927][  T314] EXT4-fs (loop2): unmounting filesystem.
[   42.153013][  T829] loop3: detected capacity change from 0 to 512
[   42.177198][  T829] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[   42.199079][  T829] ext4 filesystem being mounted at /root/syzkaller-testdir768007717/syzkaller.eeeKrp/48/file0 supports timestamps until 2038 (0x7fffffff)
[   42.242970][  T315] EXT4-fs (loop3): unmounting filesystem.
[   42.374362][  T841] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.381738][  T841] bridge0: port 1(bridge_slave_0) entered disabled state
[   42.390095][  T841] device bridge_slave_0 entered promiscuous mode
[   42.399745][  T841] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.406806][  T841] bridge0: port 2(bridge_slave_1) entered disabled state
[   42.414866][  T841] device bridge_slave_1 entered promiscuous mode
[   42.698240][  T850] loop0: detected capacity change from 0 to 1024
[   42.721734][  T850] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[   42.744152][  T613] EXT4-fs (loop0): unmounting filesystem.
[   42.749770][  T841] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.756898][  T841] bridge0: port 2(bridge_slave_1) entered forwarding state
[   42.764142][  T841] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.770877][  T841] bridge0: port 1(bridge_slave_0) entered forwarding state
[   42.804123][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   42.817715][   T40] bridge0: port 1(bridge_slave_0) entered disabled state
[   42.825194][   T40] bridge0: port 2(bridge_slave_1) entered disabled state
[   42.842640][  T347] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   42.851806][  T347] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.858861][  T347] bridge0: port 1(bridge_slave_0) entered forwarding state
[   42.866320][  T347] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   42.874544][  T347] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.881409][  T347] bridge0: port 2(bridge_slave_1) entered forwarding state
[   42.898800][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   42.906939][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   42.922142][  T841] device veth0_vlan entered promiscuous mode
[   42.933560][  T347] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   42.942130][  T347] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   42.951164][  T347] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   42.959089][  T347] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   42.973802][  T841] device veth1_macvtap entered promiscuous mode
[   42.985038][  T347] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   43.009437][  T347] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   43.017907][  T347] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   43.028490][   T10] device bridge_slave_1 left promiscuous mode
[   43.035374][   T10] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.048092][   T10] device bridge_slave_0 left promiscuous mode
[   43.055114][   T10] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.063713][   T10] device veth1_macvtap left promiscuous mode
[   43.069950][   T10] device veth0_vlan left promiscuous mode
[   43.294223][   T28] kauditd_printk_skb: 12 callbacks suppressed
[   43.294238][   T28] audit: type=1400 audit(1718292141.359:208): avc:  denied  { setattr } for  pid=866 comm="syz-executor.2" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   43.622759][   T28] audit: type=1400 audit(1718292141.689:209): avc:  denied  { write } for  pid=873 comm="syz-executor.1" path="socket:[17058]" dev="sockfs" ino=17058 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   43.689820][  T876] syz-executor.2[876] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   43.689954][  T876] syz-executor.2[876] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   43.716567][  T856] loop0: detected capacity change from 0 to 131072
[   43.727932][  T878] loop2: detected capacity change from 0 to 1024
[   43.744928][  T882] loop1: detected capacity change from 0 to 512
[   43.751958][  T856] F2FS-fs (loop0): Found nat_bits in checkpoint
[   43.759633][  T882] EXT4-fs: Ignoring removed orlov option
[   43.769768][  T882] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   43.779429][  T878] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[   43.791667][  T882] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=6040e09c, mo2=0002]
[   43.811042][  T882] System zones: 1-12
[   43.811762][  T856] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   43.815654][  T882] EXT4-fs error (device loop1): ext4_orphan_get:1396: inode #15: comm syz-executor.1: casefold flag without casefold feature
[   43.834300][  T856] F2FS-fs (loop0): switch extent_cache option is not allowed
[   43.842667][  T882] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz-executor.1: missing EA_INODE flag
[   43.855067][  T882] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz-executor.1: error while reading EA inode 12 err=-117
[   43.856976][  T841] EXT4-fs (loop2): unmounting filesystem.
[   43.876051][  T882] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz-executor.1: missing EA_INODE flag
[   43.893896][  T882] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz-executor.1: error while reading EA inode 12 err=-117
[   43.907142][  T882] EXT4-fs (loop1): 1 orphan inode deleted
[   43.919273][  T882] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[   43.955478][  T484] EXT4-fs (loop1): unmounting filesystem.
[   44.126393][   T28] audit: type=1400 audit(1718292142.179:210): avc:  denied  { ioctl } for  pid=901 comm="syz-executor.3" path="socket:[17099]" dev="sockfs" ino=17099 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   44.170617][   T28] audit: type=1400 audit(1718292142.239:211): avc:  denied  { create } for  pid=895 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[   44.569017][  T347] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   44.701031][   T28] audit: type=1400 audit(1718292142.769:212): avc:  denied  { map } for  pid=915 comm="syz-executor.3" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=17117 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[   44.725672][   T28] audit: type=1400 audit(1718292142.769:213): avc:  denied  { write } for  pid=915 comm="syz-executor.3" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=17117 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[   44.934773][  T936] process 'syz-executor.1' launched './file1' with NULL argv: empty string added
[   44.955360][   T28] audit: type=1400 audit(1718292143.019:214): avc:  denied  { setopt } for  pid=937 comm="syz-executor.0" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   44.960389][  T938] xt_time: invalid argument - start or stop time greater than 23:59:59
[   44.977027][  T347] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   45.305069][  T347] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   45.317611][  T347] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   45.326205][  T347] usb 3-1: Product: syz
[   45.330425][  T347] usb 3-1: Manufacturer: syz
[   45.334975][  T347] usb 3-1: SerialNumber: syz
[   46.129175][  T347] usb 3-1: bad CDC descriptors
[   46.410093][  T967] sch_fq: defrate 0 ignored.
[   46.418937][   T28] audit: type=1400 audit(1718292144.479:215): avc:  denied  { create } for  pid=966 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[   46.440846][   T28] audit: type=1400 audit(1718292144.489:216): avc:  denied  { write } for  pid=966 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[   46.461514][   T28] audit: type=1400 audit(1718292144.489:217): avc:  denied  { connect } for  pid=966 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   46.634176][  T975] loop1: detected capacity change from 0 to 40427
[   46.641328][  T975] F2FS-fs (loop1): Small segment_count (9 < 1 * 24)
[   46.648074][  T975] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[   46.658958][  T975] F2FS-fs (loop1): Found nat_bits in checkpoint
[   46.685183][  T975] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[   46.692137][  T975] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   46.725791][  T484] syz-executor.1: attempt to access beyond end of device
[   46.725791][  T484] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[   46.820222][  T984] syz-executor.1[984] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   46.820309][  T984] syz-executor.1[984] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   46.849577][  T988] syz-executor.1[988] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   46.862477][  T988] syz-executor.1[988] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   47.240635][  T336] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   47.260535][  T641] usb 3-1: USB disconnect, device number 3
[   47.678969][  T336] usb 1-1: Using ep0 maxpacket: 16
[   47.799187][  T336] usb 1-1: config 0 has no interfaces?
[   47.805862][  T336] usb 1-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77
[   47.825329][  T336] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   47.842954][  T336] usb 1-1: config 0 descriptor??
[   47.912248][ T1012] loop1: detected capacity change from 0 to 40427
[   48.246144][ T1012] F2FS-fs (loop1): invalid crc value
[   48.257812][ T1012] F2FS-fs (loop1): Found nat_bits in checkpoint
[   48.296312][ T1012] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   48.312745][   T28] kauditd_printk_skb: 8 callbacks suppressed
[   48.312758][   T28] audit: type=1400 audit(1718292146.379:226): avc:  denied  { write } for  pid=1011 comm="syz-executor.1" path="/root/syzkaller-testdir246389248/syzkaller.cTcYdl/64/file2/file0" dev="loop1" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   48.357011][   T28] audit: type=1400 audit(1718292146.419:227): avc:  denied  { mounton } for  pid=1011 comm="syz-executor.1" path="/root/syzkaller-testdir246389248/syzkaller.cTcYdl/64/file2/file0" dev="loop1" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   48.387243][  T484] syz-executor.1: attempt to access beyond end of device
[   48.387243][  T484] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   48.468410][   T28] audit: type=1400 audit(1718292146.529:228): avc:  denied  { mount } for  pid=1027 comm="syz-executor.1" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[   48.493256][   T28] audit: type=1400 audit(1718292146.539:229): avc:  denied  { watch watch_reads } for  pid=1027 comm="syz-executor.1" path="/root/syzkaller-testdir246389248/syzkaller.cTcYdl/65/file0" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=dir permissive=1
[   48.524579][   T28] audit: type=1400 audit(1718292146.559:230): avc:  denied  { unmount } for  pid=484 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[   48.603731][ T1034] sch_fq: defrate 0 ignored.
[   48.684174][ T1017] syz-executor.3 (1017) used greatest stack depth: 19792 bytes left
[   48.733180][   T28] audit: type=1326 audit(1718292146.799:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1041 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7faa8bc7cea9 code=0x0
[   48.923908][ T1038] loop1: detected capacity change from 0 to 131072
[   48.931903][ T1038] F2FS-fs (loop1): QUOTA feature is enabled, so ignore jquota_fmt
[   48.941458][ T1038] F2FS-fs (loop1): invalid crc value
[   48.948744][ T1038] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387)
[   48.972297][ T1038] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b
[   49.054413][   T28] audit: type=1400 audit(1718292147.119:232): avc:  denied  { map } for  pid=1037 comm="syz-executor.1" path="/root/syzkaller-testdir246389248/syzkaller.cTcYdl/70/mnt/blkio.throttle.io_service_bytes_recursive" dev="loop1" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   49.128871][ T1038] kvm: emulating exchange as write
[   49.479961][ T1006] usb 1-1: USB disconnect, device number 3
[   49.670766][ T1061] loop0: detected capacity change from 0 to 512
[   49.686722][ T1061] EXT4-fs: Ignoring removed mblk_io_submit option
[   49.694495][ T1061] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   49.709330][ T1061] EXT4-fs (loop0): 1 truncate cleaned up
[   49.715272][ T1061] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[   49.767497][ T1061] EXT4-fs (loop0): unmounting filesystem.
[   49.782329][ T1065] syz-executor.3[1065] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   49.782689][ T1065] syz-executor.3[1065] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   50.237847][ T1071] sch_fq: defrate 0 ignored.
[   50.746239][ T1094] loop1: detected capacity change from 0 to 256
[   50.751807][   T28] audit: type=1400 audit(1718292148.809:233): avc:  denied  { getopt } for  pid=1091 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   50.808418][   T28] audit: type=1400 audit(1718292148.869:234): avc:  denied  { read } for  pid=1095 comm="syz-executor.0" name="cgroup.controllers" dev="incremental-fs" ino=1960 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   50.834731][   T28] audit: type=1400 audit(1718292148.869:235): avc:  denied  { open } for  pid=1095 comm="syz-executor.0" path="/root/syzkaller-testdir3199718946/syzkaller.8VsPWr/36/file0/cgroup.controllers" dev="incremental-fs" ino=1960 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   51.007847][  T301] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   51.131687][ T1111] syz-executor.0[1111] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   51.132100][ T1111] syz-executor.0[1111] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   51.339510][ T1082] syz-executor.2 (1082) used greatest stack depth: 19096 bytes left
[   51.418985][  T301] usb 4-1: Using ep0 maxpacket: 16
[   51.558537][  T301] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   51.569708][  T301] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[   51.582594][  T301] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[   51.591651][  T301] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   51.600261][  T301] usb 4-1: config 0 descriptor??
[   52.069022][  T347] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[   52.091767][ T1134] loop1: detected capacity change from 0 to 256
[   52.190082][  T301] microsoft 0003:045E:07DA.0002: No inputs registered, leaving
[   52.205255][  T301] microsoft 0003:045E:07DA.0002: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0
[   52.226754][  T301] microsoft 0003:045E:07DA.0002: no inputs found
[   52.236841][  T301] microsoft 0003:045E:07DA.0002: could not initialize ff, continuing anyway
[   52.429024][  T347] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   52.444892][ T1142] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   52.458642][ T1142] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   52.513494][ T1127] loop0: detected capacity change from 0 to 131072
[   52.528189][ T1127] F2FS-fs (loop0): Test dummy encryption mode enabled
[   52.546724][ T1127] F2FS-fs (loop0): invalid crc value
[   52.553695][ T1127] F2FS-fs (loop0): Found nat_bits in checkpoint
[   52.590401][ T1127] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   52.619056][  T347] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   52.628102][  T347] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   52.641048][  T347] usb 3-1: Product: syz
[   52.645035][  T347] usb 3-1: Manufacturer: syz
[   52.649855][  T347] usb 3-1: SerialNumber: syz
[   52.689464][  T347] usb 3-1: bad CDC descriptors
[   52.750251][  T336] usb 4-1: USB disconnect, device number 2
[   52.883540][ T1160] syz-executor.0[1160] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   52.883856][ T1160] syz-executor.0[1160] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   53.429899][ T1172] loop3: detected capacity change from 0 to 256
[   53.519269][ T1177] loop1: detected capacity change from 0 to 256
[   54.188170][   T28] kauditd_printk_skb: 3 callbacks suppressed
[   54.188183][   T28] audit: type=1400 audit(1718292152.249:239): avc:  denied  { write } for  pid=1188 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   54.508159][   T40] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   54.515685][  T301] usb 3-1: USB disconnect, device number 4
[   54.606313][ T1210] loop2: detected capacity change from 0 to 128
[   54.614193][ T1210] FAT-fs (loop2): Directory bread(block 3145772) failed
[   54.621656][ T1210] FAT-fs (loop2): Directory bread(block 3145773) failed
[   54.630451][ T1210] FAT-fs (loop2): Directory bread(block 3145774) failed
[   54.637533][ T1210] FAT-fs (loop2): Directory bread(block 3145775) failed
[   54.644566][ T1210] FAT-fs (loop2): Directory bread(block 3145776) failed
[   54.651612][ T1210] FAT-fs (loop2): Directory bread(block 3145777) failed
[   54.659414][ T1210] FAT-fs (loop2): Directory bread(block 3145778) failed
[   54.666129][ T1210] FAT-fs (loop2): Directory bread(block 3145779) failed
[   54.681343][ T1210] FAT-fs (loop2): FAT read failed (blocknr 128)
[   54.779899][   T40] usb 1-1: Using ep0 maxpacket: 16
[   54.791351][   T28] audit: type=1400 audit(1718292152.859:240): avc:  denied  { relabelfrom } for  pid=1219 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[   54.812592][   T28] audit: type=1400 audit(1718292152.859:241): avc:  denied  { relabelto } for  pid=1219 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[   54.850322][ T1222] loop3: detected capacity change from 0 to 256
[   55.140988][ T1228] loop1: detected capacity change from 0 to 512
[   55.151372][ T1228] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   55.159229][   T40] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   55.161062][ T1228] ext4 filesystem being mounted at /root/syzkaller-testdir246389248/syzkaller.cTcYdl/92/file0 supports timestamps until 2038 (0x7fffffff)
[   55.172061][   T40] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[   55.191021][ T1228] EXT4-fs error (device loop1): ext4_do_update_inode:5212: inode #2: comm syz-executor.1: corrupted inode contents
[   55.205137][   T40] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[   55.212640][ T1228] EXT4-fs error (device loop1): ext4_dirty_inode:6074: inode #2: comm syz-executor.1: mark_inode_dirty error
[   55.220728][   T40] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   55.234213][ T1228] EXT4-fs error (device loop1): ext4_do_update_inode:5212: inode #2: comm syz-executor.1: corrupted inode contents
[   55.244581][   T40] usb 1-1: config 0 descriptor??
[   55.253371][ T1228] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #2: comm syz-executor.1: mark_inode_dirty error
[   55.277573][   T28] audit: type=1400 audit(1718292153.339:242): avc:  denied  { create } for  pid=1227 comm="syz-executor.1" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1
[   55.281955][ T1228] EXT4-fs warning (device loop1): ext4_update_dynamic_rev:1086: updating to rev 1 because of new feature flag, running e2fsck is recommended
[   55.300013][  T336] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[   55.322698][ T1228] EXT4-fs warning (device loop1): ext4_dirblock_csum_verify:405: inode #2: comm syz-executor.1: No space for directory leaf checksum. Please run e2fsck -D.
[   55.339366][ T1228] EXT4-fs error (device loop1): ext4_add_entry:2437: inode #2: comm syz-executor.1: Directory block failed checksum
[   55.352722][ T1228] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory
[   55.362449][ T1228] EXT4-fs error (device loop1): ext4_add_nondir:2806: inode #19: comm syz-executor.1: mark_inode_dirty error
[   55.378619][ T1228] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory
[   55.388178][ T1228] EXT4-fs error (device loop1): ext4_evict_inode:279: inode #19: comm syz-executor.1: mark_inode_dirty error
[   55.389104][   T28] audit: type=1400 audit(1718292153.449:243): avc:  denied  { rename } for  pid=83 comm="syslogd" name="messages" dev="tmpfs" ino=6 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   55.400593][ T1228] EXT4-fs warning (device loop1): ext4_evict_inode:282: couldn't mark inode dirty (err -12)
[   55.422899][   T28] audit: type=1400 audit(1718292153.449:244): avc:  denied  { unlink } for  pid=83 comm="syslogd" name="messages.0" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   55.451573][  T484] EXT4-fs warning (device loop1): ext4_dirblock_csum_verify:405: inode #2: comm syz-executor.1: No space for directory leaf checksum. Please run e2fsck -D.
[   55.455241][   T28] audit: type=1400 audit(1718292153.449:245): avc:  denied  { create } for  pid=83 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   55.471715][  T484] EXT4-fs error (device loop1): ext4_readdir:220: inode #2: comm syz-executor.1: path /root/syzkaller-testdir246389248/syzkaller.cTcYdl/92/file0: directory fails checksum at offset 0
[   55.512338][  T484] EXT4-fs warning (device loop1): ext4_dirblock_csum_verify:405: inode #2: comm syz-executor.1: No space for directory leaf checksum. Please run e2fsck -D.
[   55.529029][  T484] EXT4-fs warning (device loop1): ext4_dirblock_csum_verify:405: inode #2: comm syz-executor.1: No space for directory leaf checksum. Please run e2fsck -D.
[   55.545621][  T484] EXT4-fs warning (device loop1): ext4_dirblock_csum_verify:405: inode #2: comm syz-executor.1: No space for directory leaf checksum. Please run e2fsck -D.
[   55.563724][  T484] EXT4-fs warning (device loop1): ext4_dirblock_csum_verify:405: inode #2: comm syz-executor.1: No space for directory leaf checksum. Please run e2fsck -D.
[   55.589317][  T484] EXT4-fs warning (device loop1): ext4_dirblock_csum_verify:405: inode #2: comm syz-executor.1: No space for directory leaf checksum. Please run e2fsck -D.
[   55.605556][  T484] EXT4-fs warning (device loop1): ext4_dirblock_csum_verify:405: inode #2: comm syz-executor.1: No space for directory leaf checksum. Please run e2fsck -D.
[   55.679015][  T336] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   55.690270][  T336] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   55.700761][  T336] usb 3-1: New USB device found, idVendor=046d, idProduct=c29a, bcdDevice= 0.00
[   55.709969][  T336] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   55.722199][  T336] usb 3-1: config 0 descriptor??
[   55.760005][   T40] microsoft 0003:045E:07DA.0003: No inputs registered, leaving
[   55.767939][   T40] microsoft 0003:045E:07DA.0003: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0
[   55.779707][   T40] microsoft 0003:045E:07DA.0003: no inputs found
[   55.786113][   T40] microsoft 0003:045E:07DA.0003: could not initialize ff, continuing anyway
[   56.029787][ T1238] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   56.038418][ T1238] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   56.199863][  T336] logitech 0003:046D:C29A.0004: unknown main item tag 0x0
[   56.207130][  T336] logitech 0003:046D:C29A.0004: item fetching failed at offset 5/7
[   56.217703][  T336] logitech 0003:046D:C29A.0004: parse failed
[   56.224149][  T336] logitech: probe of 0003:046D:C29A.0004 failed with error -22
[   56.300349][  T301] usb 1-1: USB disconnect, device number 4
[   56.354015][  T484] EXT4-fs (loop1): unmounting filesystem.
[   56.361761][   T10] Quota error (device loop1): do_check_range: Getting block 1634105445 out of range 1-6
[   56.402084][  T641] usb 3-1: USB disconnect, device number 5
[   56.411088][    T8] tipc: Left network mode
[   56.577510][ T1245] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.586563][ T1245] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.594331][ T1245] device bridge_slave_0 entered promiscuous mode
[   56.602378][ T1245] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.609514][ T1245] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.617285][ T1245] device bridge_slave_1 entered promiscuous mode
[   56.688830][ T1245] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.692794][ T1262] loop3: detected capacity change from 0 to 1024
[   56.696074][ T1245] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.702971][ T1262] EXT4-fs: Ignoring removed nomblk_io_submit option
[   56.709525][ T1245] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.720096][ T1262] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[   56.723081][ T1245] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.732934][ T1262] EXT4-fs (loop3): Test dummy encryption mode enabled
[   56.747762][ T1262] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c815c01c, mo2=0003]
[   56.758584][ T1262] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[   56.775214][  T470] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   56.781312][ T1262] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni"
[   56.782797][  T470] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   56.794783][ T1262] fscrypt: AES-256-XTS using implementation "xts-aes-aesni"
[   56.798732][   T28] audit: type=1400 audit(1718292154.859:246): avc:  denied  { write } for  pid=1261 comm="syz-executor.3" name="bus" dev="loop3" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[   56.828833][  T470] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   56.837904][   T28] audit: type=1400 audit(1718292154.859:247): avc:  denied  { add_name } for  pid=1261 comm="syz-executor.3" name="cpuset.memory_pressure" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[   56.837982][  T315] EXT4-fs (loop3): unmounting filesystem.
[   56.872420][  T470] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   56.893683][ T1245] device veth0_vlan entered promiscuous mode
[   56.901183][  T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   56.919337][  T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   56.928127][  T301] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   56.945625][  T301] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   56.954080][  T301] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   56.972343][ T1245] device veth1_macvtap entered promiscuous mode
[   56.981643][  T470] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   56.998585][  T641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   57.020145][  T641] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   57.120096][    T8] device bridge_slave_1 left promiscuous mode
[   57.129724][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.160732][    T8] device bridge_slave_0 left promiscuous mode
[   57.187025][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.198063][    T8] device veth1_macvtap left promiscuous mode
[   57.204699][    T8] device veth0_vlan left promiscuous mode
[   57.263953][ T1296] syz-executor.1[1296] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   57.264325][ T1296] syz-executor.1[1296] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   58.408993][   T19] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[   58.470602][ T1310] loop1: detected capacity change from 0 to 40427
[   58.482867][ T1310] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[   58.491609][ T1310] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[   58.503580][ T1310] F2FS-fs (loop1): Found nat_bits in checkpoint
[   58.548179][ T1310] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[   58.558708][ T1310] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   58.668953][   T19] usb 4-1: Using ep0 maxpacket: 16
[   58.789032][   T19] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   58.817497][   T19] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[   58.832105][   T19] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[   58.841798][   T19] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   58.850827][   T19] usb 4-1: config 0 descriptor??
[   58.879052][  T301] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   58.950099][ T1330] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[   58.959776][ T1330] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[   59.075153][ T1346] loop2: detected capacity change from 0 to 1024
[   59.089702][ T1346] EXT4-fs: Ignoring removed nomblk_io_submit option
[   59.099756][ T1346] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[   59.109148][ T1346] EXT4-fs (loop2): Test dummy encryption mode enabled
[   59.118495][ T1346] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c815c01c, mo2=0003]
[   59.128202][ T1346] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[   59.137170][  T347] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[   59.154259][  T841] EXT4-fs (loop2): unmounting filesystem.
[   59.209219][ T1354] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[   59.219438][ T1354] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[   59.249019][  T301] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 97, changing to 10
[   59.273399][  T301] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24840, setting to 1024
[   59.296986][  T301] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[   59.313076][  T301] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   59.324560][  T301] usb 2-1: config 0 descriptor??
[   59.336426][   T19] microsoft 0003:045E:07DA.0005: No inputs registered, leaving
[   59.347779][   T19] microsoft 0003:045E:07DA.0005: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0
[   59.359805][   T19] microsoft 0003:045E:07DA.0005: no inputs found
[   59.366062][   T19] microsoft 0003:045E:07DA.0005: could not initialize ff, continuing anyway
[   59.388393][ T1362] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.395821][ T1362] bridge0: port 1(bridge_slave_0) entered disabled state
[   59.398980][  T347] usb 1-1: Using ep0 maxpacket: 16
[   59.403686][ T1362] device bridge_slave_0 entered promiscuous mode
[   59.415137][ T1362] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.423339][ T1362] bridge0: port 2(bridge_slave_1) entered disabled state
[   59.430940][ T1362] device bridge_slave_1 entered promiscuous mode
[   59.492193][ T1362] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.494418][   T28] kauditd_printk_skb: 5 callbacks suppressed
[   59.494433][   T28] audit: type=1400 audit(1718292157.559:253): avc:  denied  { read } for  pid=1372 comm="syz-executor.2" name="ppp" dev="devtmpfs" ino=138 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[   59.500748][ T1362] bridge0: port 2(bridge_slave_1) entered forwarding state
[   59.530808][   T28] audit: type=1400 audit(1718292157.569:254): avc:  denied  { open } for  pid=1372 comm="syz-executor.2" path="/dev/ppp" dev="devtmpfs" ino=138 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[   59.538540][ T1362] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.563362][  T347] usb 1-1: config 0 has no interfaces?
[   59.570304][ T1362] bridge0: port 1(bridge_slave_0) entered forwarding state
[   59.586300][  T347] usb 1-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77
[   59.595881][  T347] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   59.608258][  T347] usb 1-1: config 0 descriptor??
[   59.615547][  T470] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   59.623838][  T470] bridge0: port 1(bridge_slave_0) entered disabled state
[   59.625524][ T1299] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   59.641981][  T470] bridge0: port 2(bridge_slave_1) entered disabled state
[   59.643752][ T1299] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   59.673823][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   59.682603][  T301] usbhid 2-1:0.0: can't add hid device: -71
[   59.689680][  T301] usbhid: probe of 2-1:0.0 failed with error -71
[   59.698421][   T40] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.705494][   T40] bridge0: port 1(bridge_slave_0) entered forwarding state
[   59.715000][  T301] usb 2-1: USB disconnect, device number 3
[   59.722766][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   59.733255][   T40] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.740674][   T40] bridge0: port 2(bridge_slave_1) entered forwarding state
[   59.754978][  T470] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   59.769428][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   59.781700][  T470] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   59.795001][ T1362] device veth0_vlan entered promiscuous mode
[   59.805470][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   59.813960][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   59.822254][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   59.833636][ T1362] device veth1_macvtap entered promiscuous mode
[   59.841580][  T349] device bridge_slave_1 left promiscuous mode
[   59.848188][  T349] bridge0: port 2(bridge_slave_1) entered disabled state
[   59.857900][  T349] device bridge_slave_0 left promiscuous mode
[   59.872562][  T349] bridge0: port 1(bridge_slave_0) entered disabled state
[   59.890145][  T349] device veth1_macvtap left promiscuous mode
[   59.896008][  T349] device veth0_vlan left promiscuous mode
[   59.929208][   T19] usb 4-1: USB disconnect, device number 3
[   59.966606][   T28] audit: type=1326 audit(1718292158.029:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1386 comm="syz-executor.2" exe="/root/syz-executor.2" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe0fa27cea9 code=0x0
[   60.071175][  T470] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   60.087706][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   60.096771][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   60.310756][ T1407] loop4: detected capacity change from 0 to 256
[   60.717160][ T1426] capability: warning: `syz-executor.3' uses deprecated v2 capabilities in a way that may be insecure
[   60.729676][   T28] audit: type=1400 audit(1718292158.799:256): avc:  denied  { bind } for  pid=1425 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   60.776288][   T28] audit: type=1400 audit(1718292158.839:257): avc:  denied  { ioctl } for  pid=1429 comm="syz-executor.3" path="/dev/input/event2" dev="devtmpfs" ino=182 ioctlcmd=0x4503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[   60.825195][   T28] audit: type=1400 audit(1718292158.889:258): avc:  denied  { name_bind } for  pid=1435 comm="syz-executor.2" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1
[   61.736502][  T470] usb 1-1: USB disconnect, device number 5
[   61.912849][ T1495] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
[   61.929728][ T1495] Zero length message leads to an empty skb
[   62.909188][ T1507] device veth0_vlan left promiscuous mode
[   62.915041][ T1507] device veth0_vlan entered promiscuous mode
[   62.923976][  T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   62.932490][  T301] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   62.939897][  T301] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   63.117202][ T1532] netlink: 45 bytes leftover after parsing attributes in process `syz-executor.0'.
[   63.194405][   T28] audit: type=1400 audit(1718292161.259:259): avc:  denied  { watch } for  pid=1544 comm="syz-executor.3" path="pipe:[20152]" dev="pipefs" ino=20152 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[   63.366659][ T1554] device veth0_vlan left promiscuous mode
[   63.374780][ T1554] device veth0_vlan entered promiscuous mode
[   63.621458][   T28] audit: type=1400 audit(1718292161.689:260): avc:  denied  { name_bind } for  pid=1565 comm="syz-executor.3" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[   64.128153][ T1596] loop2: detected capacity change from 0 to 512
[   64.173209][ T1603] loop4: detected capacity change from 0 to 1024
[   64.189816][ T1596] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz-executor.2: inode #1: comm syz-executor.2: iget: illegal inode #
[   64.222589][ T1603] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[   64.232921][ T1596] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor.2: error while reading EA inode 1 err=-117
[   64.247382][ T1603] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[   64.294806][ T1596] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz-executor.2: inode #1: comm syz-executor.2: iget: illegal inode #
[   64.329736][ T1362] EXT4-fs (loop4): unmounting filesystem.
[   64.359445][ T1596] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor.2: error while reading EA inode 1 err=-117
[   64.373607][ T1596] EXT4-fs (loop2): 1 orphan inode deleted
[   64.379296][ T1596] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[   64.394870][   T28] audit: type=1400 audit(1718292162.459:261): avc:  denied  { setattr } for  pid=1595 comm="syz-executor.2" name="file0" dev="loop2" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   64.425250][  T841] EXT4-fs (loop2): unmounting filesystem.
[   64.546607][ T1621] loop4: detected capacity change from 0 to 256
[   64.761888][ T1622] loop2: detected capacity change from 0 to 512
[   64.818236][ T1622] EXT4-fs (loop2): 1 orphan inode deleted
[   64.824522][ T1622] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[   64.833697][ T1622] ext4 filesystem being mounted at /root/syzkaller-testdir625305137/syzkaller.3Z4NfX/73/file1 supports timestamps until 2038 (0x7fffffff)
[   64.905480][   T28] audit: type=1400 audit(1718292162.969:262): avc:  denied  { unlink } for  pid=841 comm="syz-executor.2" name="file0" dev="loop2" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   64.929853][  T841] EXT4-fs warning (device loop2): __ext4_unlink:3289: inode #16: comm syz-executor.2: Deleting file 'file3' with no links
[   64.951595][   T28] audit: type=1400 audit(1718292162.969:263): avc:  denied  { unlink } for  pid=841 comm="syz-executor.2" name="file1" dev="loop2" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1
[   64.966489][  T841] EXT4-fs error (device loop2): ext4_ext_check_inode:520: inode #17: comm syz-executor.2: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0)
[   64.974704][   T28] audit: type=1400 audit(1718292162.999:264): avc:  denied  { unlink } for  pid=841 comm="syz-executor.2" name="file2" dev="loop2" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   65.025626][  T841] EXT4-fs (loop2): Remounting filesystem read-only
[   65.035920][  T841] EXT4-fs error (device loop2): ext4_ext_check_inode:520: inode #17: comm syz-executor.2: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0)
[   65.063686][ T1643] loop3: detected capacity change from 0 to 512
[   65.093657][ T1643] EXT4-fs: Ignoring removed mblk_io_submit option
[   65.109311][ T1643] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   65.130659][ T1643] EXT4-fs (loop3): 1 truncate cleaned up
[   65.136203][ T1643] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[   65.150505][  T841] EXT4-fs (loop2): unmounting filesystem.
[   65.168351][ T1643] EXT4-fs (loop3): unmounting filesystem.
[   65.218957][   T40] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[   65.239468][ T1647] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.246750][ T1647] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.254602][ T1647] device bridge_slave_0 entered promiscuous mode
[   65.271917][ T1647] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.280648][ T1647] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.293433][ T1647] device bridge_slave_1 entered promiscuous mode
[   65.403943][ T1647] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.410902][ T1647] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.417966][ T1647] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.424837][ T1647] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.723652][ T1655] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.731292][ T1655] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.738772][ T1655] device bridge_slave_0 entered promiscuous mode
[   65.746560][ T1655] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.753770][ T1655] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.767394][ T1655] device bridge_slave_1 entered promiscuous mode
[   65.799135][   T40] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   65.806260][ T1006] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   65.810002][   T40] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   65.827746][   T40] usb 1-1: New USB device found, idVendor=046d, idProduct=c29a, bcdDevice= 0.00
[   65.827862][ T1006] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.843710][   T40] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   65.852036][ T1006] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.852590][   T40] usb 1-1: config 0 descriptor??
[   65.886697][ T1006] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   65.894950][ T1006] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.901831][ T1006] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.909094][ T1006] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   65.918079][ T1006] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.925159][ T1006] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.946230][  T301] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   65.964587][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   65.977929][ T1671] loop3: detected capacity change from 0 to 512
[   65.993463][ T1671] EXT4-fs (loop3): 1 orphan inode deleted
[   65.995656][ T1006] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   65.999245][ T1671] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[   66.015937][ T1006] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   66.016029][ T1671] ext4 filesystem being mounted at /root/syzkaller-testdir768007717/syzkaller.eeeKrp/123/file1 supports timestamps until 2038 (0x7fffffff)
[   66.024421][ T1006] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   66.046013][ T1006] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   66.053838][ T1647] device veth0_vlan entered promiscuous mode
[   66.078142][  T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   66.087738][ T1647] device veth1_macvtap entered promiscuous mode
[   66.101312][   T10] device bridge_slave_1 left promiscuous mode
[   66.107639][   T10] bridge0: port 2(bridge_slave_1) entered disabled state
[   66.117546][   T10] device bridge_slave_0 left promiscuous mode
[   66.123627][   T10] bridge0: port 1(bridge_slave_0) entered disabled state
[   66.131979][   T10] device veth1_macvtap left promiscuous mode
[   66.137873][   T10] device veth0_vlan left promiscuous mode
[   66.154805][  T315] EXT4-fs warning (device loop3): __ext4_unlink:3289: inode #16: comm syz-executor.3: Deleting file 'file3' with no links
[   66.167910][  T315] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #17: comm syz-executor.3: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0)
[   66.191555][  T315] EXT4-fs (loop3): Remounting filesystem read-only
[   66.200019][  T315] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #17: comm syz-executor.3: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0)
[   66.339807][   T40] logitech 0003:046D:C29A.0006: unknown main item tag 0x0
[   66.347121][   T40] logitech 0003:046D:C29A.0006: item fetching failed at offset 5/7
[   66.356229][   T40] logitech 0003:046D:C29A.0006: parse failed
[   66.362900][   T40] logitech: probe of 0003:046D:C29A.0006 failed with error -22
[   66.400299][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   66.414793][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   66.425134][ T1686] loop1: detected capacity change from 0 to 512
[   66.432481][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   66.442200][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   66.450786][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   66.459409][ T1686] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz-executor.1: inode #1: comm syz-executor.1: iget: illegal inode #
[   66.474345][  T315] EXT4-fs (loop3): unmounting filesystem.
[   66.480793][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   66.488556][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   66.494912][ T1686] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz-executor.1: error while reading EA inode 1 err=-117
[   66.497191][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   66.517758][ T1686] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz-executor.1: inode #1: comm syz-executor.1: iget: illegal inode #
[   66.531808][   T40] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.532620][ T1686] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz-executor.1: error while reading EA inode 1 err=-117
[   66.538820][   T40] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.551919][ T1686] EXT4-fs (loop1): 1 orphan inode deleted
[   66.564269][ T1686] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[   66.573050][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   66.592813][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   66.603402][   T40] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.610275][   T40] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.617592][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   66.621488][ T1647] EXT4-fs (loop1): unmounting filesystem.
[   66.625562][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   66.648955][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   66.658685][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   66.666688][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   66.674743][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   66.683854][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   66.692802][   T40] usb 1-1: USB disconnect, device number 6
[   66.696848][ T1006] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   66.709202][ T1006] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   66.718593][ T1696] binder: BINDER_SET_CONTEXT_MGR already set
[   66.719465][ T1655] device veth0_vlan entered promiscuous mode
[   66.731623][ T1696] binder: 1695:1696 ioctl 4018620d 20000040 returned -16
[   66.747594][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   66.769257][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   66.772099][ T1699] loop1: detected capacity change from 0 to 256
[   66.776412][   T28] audit: type=1400 audit(1718292164.839:265): avc:  denied  { write } for  pid=1698 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   66.844137][  T347] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   66.857695][  T347] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   66.868322][ T1655] device veth1_macvtap entered promiscuous mode
[   66.894245][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   66.911267][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   66.924073][  T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   66.940680][ T1006] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   66.959483][ T1006] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   66.979297][   T10] tipc: Left network mode
[   67.309632][ T1733] loop1: detected capacity change from 0 to 1024
[   67.434408][ T1716] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.444475][ T1716] bridge0: port 1(bridge_slave_0) entered disabled state
[   67.452313][ T1733] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   67.454132][ T1716] device bridge_slave_0 entered promiscuous mode
[   67.569836][ T1716] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.576746][ T1716] bridge0: port 2(bridge_slave_1) entered disabled state
[   67.660659][ T1716] device bridge_slave_1 entered promiscuous mode
[   67.799144][  T470] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   67.816190][ T1745] loop0: detected capacity change from 0 to 512
[   67.880252][ T1745] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[   67.890681][ T1647] EXT4-fs (loop1): unmounting filesystem.
[   67.891180][ T1745] ext4 filesystem being mounted at /root/syzkaller-testdir3199718946/syzkaller.8VsPWr/79/file0 supports timestamps until 2038 (0x7fffffff)
[   67.942408][ T1006] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   67.943038][  T613] EXT4-fs (loop0): unmounting filesystem.
[   67.952258][ T1006] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   67.991962][  T347] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   68.009335][  T347] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   68.017811][  T347] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.025299][  T347] bridge0: port 1(bridge_slave_0) entered forwarding state
[   68.034009][  T347] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   68.049257][  T347] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   68.061055][  T347] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.067992][  T347] bridge0: port 2(bridge_slave_1) entered forwarding state
[   68.075708][  T347] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   68.083984][  T347] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   68.092444][  T301] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   68.129243][  T347] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   68.138488][   T28] audit: type=1400 audit(1718292166.199:266): avc:  denied  { create } for  pid=1765 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   68.144809][ T1716] device veth0_vlan entered promiscuous mode
[   68.162325][   T28] audit: type=1400 audit(1718292166.229:267): avc:  denied  { connect } for  pid=1765 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   68.167810][  T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   68.189892][   T28] audit: type=1400 audit(1718292166.229:268): avc:  denied  { read } for  pid=1765 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   68.213584][  T301] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   68.221396][  T301] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   68.228672][   T28] audit: type=1400 audit(1718292166.289:269): avc:  denied  { write } for  pid=1765 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   68.259161][  T470] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   68.259242][ T1716] device veth1_macvtap entered promiscuous mode
[   68.260011][  T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   68.268735][  T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   68.269138][  T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   68.313308][   T28] audit: type=1400 audit(1718292166.379:270): avc:  denied  { relabelfrom } for  pid=1775 comm="syz-executor.3" name="NETLINK" dev="sockfs" ino=22197 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   68.316798][   T28] audit: type=1400 audit(1718292166.379:271): avc:  denied  { relabelto } for  pid=1775 comm="syz-executor.3" name="NETLINK" dev="sockfs" ino=22197 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=netlink_netfilter_socket permissive=1
[   68.406740][   T10] device bridge_slave_1 left promiscuous mode
[   68.420927][   T10] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.431747][   T10] device bridge_slave_0 left promiscuous mode
[   68.438237][   T10] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.446824][   T10] device bridge_slave_1 left promiscuous mode
[   68.453326][   T10] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.460865][  T470] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   68.471109][   T10] device bridge_slave_0 left promiscuous mode
[   68.477552][  T470] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   68.485090][   T10] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.489037][  T470] usb 5-1: Product: syz
[   68.496541][  T470] usb 5-1: Manufacturer: syz
[   68.506615][  T470] usb 5-1: SerialNumber: syz
[   68.511247][   T10] device veth1_macvtap left promiscuous mode
[   68.522335][   T10] device veth0_vlan left promiscuous mode
[   68.531039][   T10] device veth1_macvtap left promiscuous mode
[   68.537513][   T10] device veth0_vlan left promiscuous mode
[   68.569412][  T470] usb 5-1: bad CDC descriptors
[   68.817052][ T1798] xt_TCPMSS: Only works on TCP SYN packets
[   68.870427][ T1808] syz-executor.3[1808] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   68.870474][ T1808] syz-executor.3[1808] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   68.883747][ T1808] syz-executor.3[1808] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   68.896435][ T1808] syz-executor.3[1808] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   68.950343][ T1812] netlink: 'syz-executor.1': attribute type 6 has an invalid length.
[   68.987134][ T1814] tmpfs: Unknown parameter 'no'
[   69.012841][ T1821] xt_TCPMSS: Only works on TCP SYN packets
[   69.201704][ T1841] netlink: 'syz-executor.0': attribute type 6 has an invalid length.
[   69.261217][ T1846] tmpfs: Unknown parameter 'no'
[   69.288983][  T347] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   69.308110][ T1852] xt_TCPMSS: Only works on TCP SYN packets
[   69.562351][ T1873] tmpfs: Unknown parameter 'no'
[   69.577838][ T1877] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.2'.
[   69.588589][ T1877] netlink: 172 bytes leftover after parsing attributes in process `syz-executor.2'.
[   69.689138][  T331] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[   69.709344][  T347] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   69.721162][  T347] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   69.735406][  T347] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   69.744555][  T347] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   69.753291][  T347] usb 2-1: config 0 descriptor??
[   69.780319][ T1886] loop2: detected capacity change from 0 to 40427
[   69.808496][ T1886] F2FS-fs (loop2): invalid crc value
[   69.815450][ T1886] F2FS-fs (loop2): Found nat_bits in checkpoint
[   69.838840][ T1886] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[   69.851276][ T1886] syz-executor.2: attempt to access beyond end of device
[   69.851276][ T1886] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   69.894922][ T1896] random: crng reseeded on system resumption
[   69.995319][   T28] kauditd_printk_skb: 4 callbacks suppressed
[   69.995334][   T28] audit: type=1400 audit(1718292168.059:276): avc:  denied  { mount } for  pid=1904 comm="syz-executor.0" name="/" dev="overlay" ino=1967 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   70.023264][  T470] usb 5-1: USB disconnect, device number 3
[   70.040863][ T1910] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.4'.
[   70.053520][ T1910] netlink: 172 bytes leftover after parsing attributes in process `syz-executor.4'.
[   70.069103][  T331] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   70.239067][  T331] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   70.240219][  T347] plantronics 0003:047F:FFFF.0007: No inputs registered, leaving
[   70.249325][  T331] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   70.266105][  T347] plantronics 0003:047F:FFFF.0007: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[   70.266319][  T331] usb 4-1: Product: syz
[   70.283167][  T331] usb 4-1: Manufacturer: syz
[   70.288134][  T331] usb 4-1: SerialNumber: syz
[   70.314484][ T1930] random: crng reseeded on system resumption
[   70.499014][ T1934] loop2: detected capacity change from 0 to 128
[   70.843533][   T28] audit: type=1400 audit(1718292168.909:277): avc:  denied  { unmount } for  pid=613 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   71.320194][  T470] usb 2-1: USB disconnect, device number 4
[   71.367525][ T1957] binder: BINDER_SET_CONTEXT_MGR already set
[   71.373833][ T1957] binder: 1953:1957 ioctl 4018620d 20000040 returned -16
[   71.389069][  T347] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[   71.549283][  T331] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42
[   71.557022][  T331] cdc_ncm 4-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[   71.564634][  T331] cdc_ncm 4-1:1.0: setting rx_max = 2048
[   71.590890][ T1964] loop2: detected capacity change from 0 to 40427
[   71.598330][ T1964] F2FS-fs (loop2): Invalid Fs Meta Ino: node(1) meta(2) root(0)
[   71.606108][ T1964] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[   71.615132][ T1964] F2FS-fs (loop2): invalid crc value
[   71.622127][ T1964] F2FS-fs (loop2): Found nat_bits in checkpoint
[   71.646914][ T1964] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[   71.654438][ T1964] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   71.666495][   T28] audit: type=1400 audit(1718292169.729:278): avc:  denied  { execute } for  pid=1963 comm="syz-executor.2" path="/root/syzkaller-testdir175576625/syzkaller.AReSNP/29/file0/cpu.stat" dev="loop2" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   71.697771][ T1655] syz-executor.2: attempt to access beyond end of device
[   71.697771][ T1655] loop2: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[   71.769053][  T331] cdc_ncm 4-1:1.0: setting tx_max = 184
[   71.776244][  T331] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[   71.859124][  T347] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   71.895846][   T28] audit: type=1400 audit(1718292169.959:279): avc:  denied  { setopt } for  pid=1984 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   71.922400][   T28] audit: type=1400 audit(1718292169.959:280): avc:  denied  { bind } for  pid=1984 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   72.968776][  T331] usb 4-1: USB disconnect, device number 4
[   72.992301][  T331] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM (NO ZLP)
[   73.022133][   T28] audit: type=1400 audit(1718292171.089:281): avc:  denied  { mounton } for  pid=1997 comm="syz-executor.3" path="/root/syzkaller-testdir2880976529/syzkaller.LhVyac/17/file0" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[   73.050291][  T347] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   73.060021][  T347] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   73.082220][  T347] usb 1-1: Product: syz
[   73.086329][  T347] usb 1-1: Manufacturer: syz
[   73.091126][  T347] usb 1-1: SerialNumber: syz
[   73.096570][   T28] audit: type=1400 audit(1718292171.099:282): avc:  denied  { lock } for  pid=1997 comm="syz-executor.3" path="socket:[23248]" dev="sockfs" ino=23248 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[   73.129328][ T2006] loop3: detected capacity change from 0 to 1024
[   73.136219][ T2006] EXT4-fs: Ignoring removed nomblk_io_submit option
[   73.144082][  T347] usb 1-1: bad CDC descriptors
[   73.201509][ T2011] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'.
[   73.284148][ T2006] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[   73.371593][ T1716] EXT4-fs (loop3): unmounting filesystem.
[   73.410703][ T2033] loop3: detected capacity change from 0 to 512
[   73.434629][ T2033] EXT4-fs error (device loop3): ext4_orphan_get:1396: inode #17: comm syz-executor.3: iget: bad i_size value: -2594073385365405596
[   73.448427][ T2033] EXT4-fs error (device loop3): ext4_orphan_get:1401: comm syz-executor.3: couldn't read orphan inode 17 (err -117)
[   73.460996][ T2033] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[   73.476177][ T2033] EXT4-fs error (device loop3): ext4_append:79: inode #2: comm syz-executor.3: Logical block already allocated
[   73.499750][ T1716] EXT4-fs (loop3): unmounting filesystem.
[   73.559047][   T19] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[   73.717349][ T2042] syz-executor.3 (pid 2042) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[   73.781965][   T28] audit: type=1326 audit(1718292171.809:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2039 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3621a7cea9 code=0x7ffc0000
[   73.806477][   T28] audit: type=1326 audit(1718292171.809:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2039 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3621a7cea9 code=0x7ffc0000
[   73.830812][   T28] audit: type=1326 audit(1718292171.819:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2039 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3621a7cea9 code=0x7ffc0000
[   73.939032][  T331] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[   74.029852][   T19] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   74.040732][   T19] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   74.054125][   T19] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   74.063479][   T19] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   74.074972][   T19] usb 5-1: config 0 descriptor??
[   74.420064][  T347] usb 1-1: USB disconnect, device number 7
[   74.497922][ T2055] binder: transaction release 26 bad object at offset 145, size 72
[   74.539027][  T331] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   74.812108][   T19] plantronics 0003:047F:FFFF.0008: No inputs registered, leaving
[   74.832230][   T19] plantronics 0003:047F:FFFF.0008: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[   74.919019][  T331] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   74.922585][ T2066] loop3: detected capacity change from 0 to 1024
[   74.929616][  T331] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   74.935687][ T2066] EXT4-fs: Ignoring removed nomblk_io_submit option
[   74.950152][  T331] usb 2-1: Product: syz
[   74.954233][  T331] usb 2-1: Manufacturer: syz
[   74.959679][  T331] usb 2-1: SerialNumber: syz
[   74.970462][ T2066] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[   74.991238][ T1716] EXT4-fs (loop3): unmounting filesystem.
[   75.022111][   T28] kauditd_printk_skb: 3 callbacks suppressed
[   75.022121][   T28] audit: type=1400 audit(1718292173.089:289): avc:  denied  { setopt } for  pid=2071 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   75.079711][ T2072] loop3: detected capacity change from 0 to 256
[   75.093265][ T2072] syz-executor.3 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[   75.147982][  T390] kworker/u4:4: attempt to access beyond end of device
[   75.147982][  T390] loop3: rw=1, sector=256, nr_sectors = 288 limit=256
[   75.162016][  T390] kworker/u4:4: attempt to access beyond end of device
[   75.162016][  T390] loop3: rw=1, sector=608, nr_sectors = 416 limit=256
[   75.177520][  T390] kworker/u4:4: attempt to access beyond end of device
[   75.177520][  T390] loop3: rw=1, sector=1056, nr_sectors = 6776 limit=256
[   75.194272][  T390] kworker/u4:4: attempt to access beyond end of device
[   75.194272][  T390] loop3: rw=1, sector=7832, nr_sectors = 6880 limit=256
[   75.210762][  T390] kworker/u4:4: attempt to access beyond end of device
[   75.210762][  T390] loop3: rw=1, sector=14712, nr_sectors = 4076 limit=256
[   75.432958][ T2078] loop3: detected capacity change from 0 to 1024
[   75.468850][ T2078] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[   75.539190][   T28] audit: type=1400 audit(1718292173.599:290): avc:  denied  { bind } for  pid=2075 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   75.920738][   T28] audit: type=1326 audit(1718292173.949:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2086 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe34287cea9 code=0x7ffc0000
[   75.946241][   T28] audit: type=1326 audit(1718292173.949:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2086 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe34287cea9 code=0x7ffc0000
[   75.970314][   T28] audit: type=1326 audit(1718292173.959:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2086 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe34287cea9 code=0x7ffc0000
[   75.994358][   T28] audit: type=1326 audit(1718292173.959:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2086 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe34287cea9 code=0x7ffc0000
[   76.018184][   T28] audit: type=1326 audit(1718292173.959:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2086 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe34287cea9 code=0x7ffc0000
[   76.105000][ T1716] EXT4-fs (loop3): unmounting filesystem.
[   76.119439][ T2093] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.3'.
[   76.129320][ T2093] netlink: 172 bytes leftover after parsing attributes in process `syz-executor.3'.
[   76.159034][  T331] cdc_ncm 2-1:1.0: MAC-Address: 42:42:42:42:42:42
[   76.165441][  T331] cdc_ncm 2-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[   76.172624][  T331] cdc_ncm 2-1:1.0: setting rx_max = 2048
[   76.369019][  T331] cdc_ncm 2-1:1.0: setting tx_max = 184
[   76.375825][  T331] cdc_ncm 2-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.1-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[   76.593401][  T331] usb 2-1: USB disconnect, device number 5
[   76.609980][  T331] cdc_ncm 2-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.1-1, CDC NCM (NO ZLP)
[   76.619272][   T19] usb 5-1: USB disconnect, device number 4
[   76.671229][   T28] audit: type=1400 audit(1718292174.739:296): avc:  denied  { create } for  pid=2126 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[   76.692952][   T28] audit: type=1400 audit(1718292174.769:297): avc:  denied  { mounton } for  pid=2126 comm="syz-executor.4" path="/root/syzkaller-testdir2901156414/syzkaller.CfJL0g/42/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=file permissive=1
[   76.707302][ T2128] loop2: detected capacity change from 0 to 4096
[   76.753639][ T2128] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[   76.874563][ T2150] loop4: detected capacity change from 0 to 1024
[   76.892547][ T2150] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[   77.292529][ T2159] loop3: detected capacity change from 0 to 512
[   77.326747][ T2159] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[   77.338670][   T28] audit: type=1326 audit(1718292175.409:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2164 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39bf87cea9 code=0x7fc00000
[   77.340783][ T2159] ext4 filesystem being mounted at /root/syzkaller-testdir2880976529/syzkaller.LhVyac/33/file0 supports timestamps until 2038 (0x7fffffff)
[   77.403135][ T2159] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #2: comm syz-executor.3: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0)
[   77.426972][ T1655] EXT4-fs (loop2): unmounting filesystem.
[   77.449459][ T1716] EXT4-fs (loop3): unmounting filesystem.
[   77.537644][ T2182] loop1: detected capacity change from 0 to 256
[   77.555920][ T2182] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d)
[   77.568536][ T2182] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186)
[   77.593474][ T2182] exFAT-fs (loop1): hint_cluster is invalid (17)
[   77.626466][ T1362] EXT4-fs (loop4): unmounting filesystem.
[   77.928925][   T19] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[   77.956359][ T2204] loop2: detected capacity change from 0 to 4096
[   77.975256][ T2204] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[   78.309023][   T19] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   78.318862][ T2216] binder: transaction release 34 bad object at offset 145, size 72
[   78.360859][ T2222] syz-executor.3[2222] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   78.360931][ T2222] syz-executor.3[2222] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   78.416234][ T2227] overlayfs: failed to verify origin (/, ino=1, err=-1)
[   78.435163][ T2227] overlayfs: failed to verify upper root origin
[   78.472783][ T2229] loop3: detected capacity change from 0 to 256
[   78.479186][   T19] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   78.522610][ T2229] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fe7f, chksum : 0xb0200e68, utbl_chksum : 0xe619d30d)
[   78.536792][   T19] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   78.551891][   T19] usb 5-1: Product: syz
[   78.559781][   T19] usb 5-1: Manufacturer: syz
[   78.565522][ T2229] exFAT-fs (loop3): error, invalid access to FAT (entry 0x00000005) bogus content (0xffffff00)
[   78.586047][   T19] usb 5-1: SerialNumber: syz
[   78.596587][ T2229] exFAT-fs (loop3): failed to initialize root inode
[   78.672542][ T1655] EXT4-fs (loop2): unmounting filesystem.
[   79.189006][  T301] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[   79.238674][ T2254] syz-executor.0[2254] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   79.238721][ T2254] syz-executor.0[2254] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   79.309766][ T2262] loop0: detected capacity change from 0 to 256
[   79.345238][ T2262] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00006005)
[   79.357179][ T2262] FAT-fs (loop0): error, invalid access to FAT (entry 0x00006005)
[   79.440244][ T2277] bridge0: port 3(veth1_macvtap) entered blocking state
[   79.447284][ T2277] bridge0: port 3(veth1_macvtap) entered disabled state
[   79.549034][  T301] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   79.565258][ T2287] loop3: detected capacity change from 0 to 256
[   79.577339][ T2287] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fe7f, chksum : 0xb0200e68, utbl_chksum : 0xe619d30d)
[   79.592360][ T2287] exFAT-fs (loop3): error, invalid access to FAT (entry 0x00000005) bogus content (0xffffff00)
[   79.603344][ T2287] exFAT-fs (loop3): failed to initialize root inode
[   79.689445][   T19] cdc_ncm 5-1:1.0: MAC-Address: 42:42:42:42:42:42
[   79.698547][   T19] cdc_ncm 5-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[   79.706823][   T19] cdc_ncm 5-1:1.0: setting rx_max = 2048
[   79.719114][  T301] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   79.730024][  T301] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   79.738388][  T301] usb 2-1: Product: syz
[   79.742986][  T301] usb 2-1: Manufacturer: syz
[   79.748040][  T301] usb 2-1: SerialNumber: syz
[   79.789438][  T301] usb 2-1: bad CDC descriptors
[   79.899040][   T19] cdc_ncm 5-1:1.0: setting tx_max = 184
[   79.907866][   T19] cdc_ncm 5-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.4-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[   79.968932][  T470] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[   80.102717][  T347] usb 5-1: USB disconnect, device number 5
[   80.109031][  T347] cdc_ncm 5-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.4-1, CDC NCM (NO ZLP)
[   80.175828][ T2321] loop2: detected capacity change from 0 to 256
[   80.191296][ T2321] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00006005)
[   80.202186][ T2321] FAT-fs (loop2): error, invalid access to FAT (entry 0x00006005)
[   80.208948][  T470] usb 1-1: Using ep0 maxpacket: 8
[   80.348129][ T2332] loop2: detected capacity change from 0 to 128
[   80.509170][  T470] usb 1-1: New USB device found, idVendor=061c, idProduct=c084, bcdDevice=91.db
[   80.530465][  T470] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   80.543078][  T470] usb 1-1: Product: syz
[   80.547210][  T470] usb 1-1: Manufacturer: syz
[   80.553413][  T470] usb 1-1: SerialNumber: syz
[   80.561502][  T470] usb 1-1: config 0 descriptor??
[   80.599344][  T470] usb-storage 1-1:0.0: USB Mass Storage device detected
[   80.601849][ T2336] bridge0: port 3(veth1_macvtap) entered blocking state
[   80.613049][ T2336] bridge0: port 3(veth1_macvtap) entered disabled state
[   80.691787][ T2342] overlayfs: failed to verify origin (/, ino=1, err=-1)
[   80.702947][ T2342] overlayfs: failed to verify upper root origin
[   80.802322][  T641] usb 1-1: USB disconnect, device number 8
[   80.829526][ T2351] capability: warning: `syz-executor.3' uses 32-bit capabilities (legacy support in use)
[   80.970747][ T2357] syz-executor.3[2357] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   80.970832][ T2357] syz-executor.3[2357] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   81.003182][ T1006] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[   81.017980][ T2361] sock: sock_timestamping_bind_phc: sock not bind to device
[   81.022517][ T1006] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[   81.037220][ T1006] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[   81.044797][ T1006] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[   81.052402][ T1006] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[   81.060098][ T1006] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[   81.067730][ T1006] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[   81.087627][ T1006] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[   81.095130][ T1006] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[   81.102979][ T1006] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[   81.110593][ T1006] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[   81.118039][ T1006] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[   81.125780][ T1006] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[   81.133570][ T1006] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[   81.140330][ T2368] overlayfs: missing 'lowerdir'
[   81.141653][ T1006] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[   81.154026][ T1006] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[   81.161632][ T1006] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[   81.169667][ T1006] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[   81.176930][ T1006] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[   81.184946][ T1006] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[   81.192623][ T1006] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[   81.200411][ T1006] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[   81.207967][ T1006] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[   81.215661][ T1006] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[   81.223442][ T1006] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[   81.231342][ T1006] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[   81.238609][ T1006] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[   81.246545][ T1006] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[   81.254275][ T1006] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[   81.261748][ T1006] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[   81.269165][ T1006] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[   81.276526][ T1006] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[   81.284907][ T1006] hid-generic 0000:0000:0000.0009: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[   81.288367][ T2368] loop2: detected capacity change from 0 to 40427
[   81.302760][ T2368] F2FS-fs (loop2): Invalid segment/section count (458776 != 24 * 1)
[   81.310880][  T470] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[   81.312436][ T2368] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[   81.326827][ T2368] F2FS-fs (loop2): invalid crc value
[   81.333581][ T2368] F2FS-fs (loop2): Found nat_bits in checkpoint
[   81.339894][  T347] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[   81.372325][ T2368] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[   81.379576][ T2368] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[   81.451361][   T28] kauditd_printk_skb: 15 callbacks suppressed
[   81.451378][   T28] audit: type=1400 audit(1718292179.519:314): avc:  denied  { bind } for  pid=2367 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[   81.479427][   T28] audit: type=1400 audit(1718292179.519:315): avc:  denied  { node_bind } for  pid=2367 comm="syz-executor.2" saddr=224.0.0.1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1
[   81.645222][ T2392] sock: sock_timestamping_bind_phc: sock not bind to device
[   81.662243][  T301] usb 2-1: USB disconnect, device number 6
[   81.699039][  T470] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[   81.699309][ T2399] input: syz1 as /devices/virtual/input/input8
[   81.712190][  T347] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   81.739044][  T470] usb 5-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00
[   81.767434][  T470] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   81.774331][   T28] audit: type=1400 audit(1718292179.829:316): avc:  denied  { read } for  pid=86 comm="acpid" name="event3" dev="devtmpfs" ino=527 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   81.786363][  T470] usb 5-1: config 0 descriptor??
[   81.835553][   T28] audit: type=1400 audit(1718292179.829:317): avc:  denied  { open } for  pid=86 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=527 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   81.862745][ T2407] overlayfs: failed to verify origin (/, ino=1, err=-1)
[   81.865489][   T28] audit: type=1400 audit(1718292179.829:318): avc:  denied  { ioctl } for  pid=86 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=527 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   81.879420][  T470] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[   81.895916][   T28] audit: type=1400 audit(1718292179.909:319): avc:  denied  { read } for  pid=2408 comm="syz-executor.0" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   81.924967][ T2407] overlayfs: failed to verify upper root origin
[   81.938662][   T28] audit: type=1400 audit(1718292179.909:320): avc:  denied  { open } for  pid=2408 comm="syz-executor.0" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   81.963674][  T347] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   81.968864][   T28] audit: type=1400 audit(1718292180.009:321): avc:  denied  { bind } for  pid=2409 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   81.976771][  T347] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   81.992549][   T28] audit: type=1400 audit(1718292180.009:322): avc:  denied  { write } for  pid=2409 comm="syz-executor.2" path="socket:[25075]" dev="sockfs" ino=25075 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   82.000464][  T347] usb 4-1: Product: syz
[   82.028574][  T347] usb 4-1: Manufacturer: syz
[   82.033559][  T347] usb 4-1: SerialNumber: syz
[   82.059116][ T2408] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.066135][ T2408] bridge0: port 1(bridge_slave_0) entered disabled state
[   82.075963][ T2408] device bridge_slave_0 entered promiscuous mode
[   82.084353][ T2408] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.091523][ T2408] bridge0: port 2(bridge_slave_1) entered disabled state
[   82.099328][ T2408] device bridge_slave_1 entered promiscuous mode
[   82.107450][   T28] audit: type=1400 audit(1718292180.169:323): avc:  denied  { read } for  pid=2358 comm="syz-executor.4" path="socket:[24517]" dev="sockfs" ino=24517 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   82.171599][ T2408] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.178526][ T2408] bridge0: port 2(bridge_slave_1) entered forwarding state
[   82.185678][ T2408] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.192649][ T2408] bridge0: port 1(bridge_slave_0) entered forwarding state
[   82.214591][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   82.222191][   T24] bridge0: port 1(bridge_slave_0) entered disabled state
[   82.229933][   T24] bridge0: port 2(bridge_slave_1) entered disabled state
[   82.238739][ T1006] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   82.247387][ T1006] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.254364][ T1006] bridge0: port 1(bridge_slave_0) entered forwarding state
[   82.266930][ T1006] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   82.276134][   T24] usb 5-1: USB disconnect, device number 6
[   82.281928][ T1006] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.288970][ T1006] bridge0: port 2(bridge_slave_1) entered forwarding state
[   82.310671][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   82.320239][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   82.344267][  T470] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   82.357127][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   82.365675][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   82.374059][   T40] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   82.385687][ T2408] device veth0_vlan entered promiscuous mode
[   82.400103][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   82.414294][ T2408] device veth1_macvtap entered promiscuous mode
[   82.427364][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   82.440348][  T470] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   82.440945][ T2429] loop1: detected capacity change from 0 to 2048
[   82.457609][ T2429] EXT4-fs: Ignoring removed nobh option
[   82.465099][ T2429] EXT4-fs: Ignoring removed mblk_io_submit option
[   82.482273][ T2429] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   82.493954][ T2429] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[   82.504719][ T2429] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor.1: bg 0: block 234: padding at end of block bitmap is not set
[   82.520093][ T2429] EXT4-fs (loop1): Remounting filesystem read-only
[   82.526730][ T2429] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6157: Corrupt filesystem
[   82.539132][ T1647] EXT4-fs (loop1): unmounting filesystem.
[   82.649729][  T349] device bridge_slave_1 left promiscuous mode
[   82.656839][  T349] bridge0: port 2(bridge_slave_1) entered disabled state
[   82.664634][  T349] device bridge_slave_0 left promiscuous mode
[   82.670693][  T349] bridge0: port 1(bridge_slave_0) entered disabled state
[   82.678368][  T349] device veth1_macvtap left promiscuous mode
[   82.684515][  T349] device veth0_vlan left promiscuous mode
[   83.036349][ T2443] bridge0: port 3(veth1_macvtap) entered blocking state
[   83.043450][ T2443] bridge0: port 3(veth1_macvtap) entered disabled state
[   83.059219][   T24] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[   83.319058][  T347] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42
[   83.326509][  T347] cdc_ncm 4-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[   83.334967][  T347] cdc_ncm 4-1:1.0: setting rx_max = 2048
[   83.371897][ T2461] device pim6reg1 entered promiscuous mode
[   83.455165][   T40] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[   83.464535][   T40] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[   83.466718][ T2454] kvm [2453]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc1 data 0x34500000800
[   83.472291][   T40] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[   83.483032][ T2454] kvm [2453]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0x34600000000
[   83.489202][   T40] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[   83.502860][ T2454] kvm [2453]: vcpu0, guest rIP: 0x18e ignored wrmsr: 0x11e data 0x47e00000000
[   83.506037][   T40] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[   83.518703][ T2454] kvm [2453]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0x186 data 0x64e00000000
[   83.522176][   T40] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[   83.532287][ T2454] kvm [2453]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0x187 data 0x64f00000800
[   83.538819][   T40] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[   83.555961][  T347] cdc_ncm 4-1:1.0: setting tx_max = 184
[   83.561457][   T24] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   83.573285][  T347] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[   83.584184][   T40] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[   83.595930][   T40] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[   83.603384][   T40] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[   83.610769][   T40] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[   83.622268][   T40] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[   83.636967][   T40] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[   83.649002][   T40] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[   83.663615][   T40] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[   83.671717][   T40] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[   83.680364][   T40] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[   83.687919][   T40] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[   83.698338][   T40] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[   83.712388][   T40] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[   83.721006][   T40] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[   83.729189][   T40] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[   83.739011][   T24] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   83.748249][   T40] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[   83.759846][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   83.761955][  T331] usb 4-1: USB disconnect, device number 5
[   83.771120][   T40] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[   83.782169][   T24] usb 2-1: Product: syz
[   83.785372][  T331] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM (NO ZLP)
[   83.787918][   T24] usb 2-1: Manufacturer: syz
[   83.801228][   T40] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[   83.808505][   T40] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[   83.815907][   T24] usb 2-1: SerialNumber: syz
[   83.838199][   T40] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[   83.873443][   T24] usb 2-1: bad CDC descriptors
[   83.888416][   T40] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[   83.899274][   T40] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[   83.906615][   T40] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[   83.914916][   T40] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[   83.923838][   T40] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[   83.937961][   T40] hid-generic 0000:0000:0000.000A: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[   83.962535][   T24] ==================================================================
[   83.970611][   T24] BUG: KASAN: use-after-free in __list_del_entry_valid+0xa6/0x130
[   83.978429][   T24] Read of size 8 at addr ffff888112c9acf0 by task kworker/1:0/24
[   83.985996][   T24] 
[   83.988326][   T24] CPU: 1 PID: 24 Comm: kworker/1:0 Not tainted 6.1.78-syzkaller-00007-g7c734edeaafd #0
[   83.997892][   T24] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[   84.007857][   T24] Workqueue: wg-crypt-wg0 wg_packet_tx_worker
[   84.013850][   T24] Call Trace:
[   84.016969][   T24]  <TASK>
2024/06/13 15:23:02 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF
[   84.019775][   T24]  dump_stack_lvl+0x151/0x1b7
[   84.024609][   T24]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   84.029988][   T24]  ? _printk+0xd1/0x111
[   84.033979][   T24]  ? __virt_addr_valid+0x242/0x2f0
[   84.038925][   T24]  print_report+0x158/0x4e0
[   84.043350][   T24]  ? __virt_addr_valid+0x242/0x2f0
[   84.048472][   T24]  ? kasan_complete_mode_report_info+0x90/0x1b0
[   84.054650][   T24]  ? __list_del_entry_valid+0xa6/0x130
[   84.059931][   T24]  kasan_report+0x13c/0x170
[   84.064269][   T24]  ? __list_del_entry_valid+0xa6/0x130
[   84.069565][   T24]  __asan_report_load8_noabort+0x14/0x20
[   84.075038][   T24]  __list_del_entry_valid+0xa6/0x130
[   84.080161][   T24]  process_one_work+0x4d7/0xcb0
[   84.084842][   T24]  worker_thread+0xa60/0x1260
[   84.089359][   T24]  kthread+0x26d/0x300
[   84.093268][   T24]  ? worker_clr_flags+0x1a0/0x1a0
[   84.098206][   T24]  ? kthread_blkcg+0xd0/0xd0
[   84.102654][   T24]  ret_from_fork+0x1f/0x30
[   84.106974][   T24]  </TASK>
[   84.109920][   T24] 
[   84.112088][   T24] Allocated by task 347:
[   84.116172][   T24]  kasan_set_track+0x4b/0x70
[   84.120593][   T24]  kasan_save_alloc_info+0x1f/0x30
[   84.125599][   T24]  __kasan_kmalloc+0x9c/0xb0
[   84.129963][   T24]  __kmalloc_node+0xb4/0x1e0
[   84.134398][   T24]  kvmalloc_node+0x221/0x640
[   84.138828][   T24]  alloc_netdev_mqs+0x8c/0xf90
[   84.143417][   T24]  alloc_etherdev_mqs+0x36/0x40
[   84.148198][   T24]  usbnet_probe+0x207/0x27c0
[   84.152629][   T24]  usb_probe_interface+0x5b6/0xa90
[   84.157652][   T24]  really_probe+0x2b8/0x920
[   84.161992][   T24]  __driver_probe_device+0x1a0/0x310
[   84.167484][   T24]  driver_probe_device+0x54/0x3d0
[   84.172437][   T24]  __device_attach_driver+0x2e3/0x490
[   84.177647][   T24]  bus_for_each_drv+0x183/0x200
[   84.182517][   T24]  __device_attach+0x312/0x510
[   84.187106][   T24]  device_initial_probe+0x1a/0x20
[   84.191980][   T24]  bus_probe_device+0xbe/0x1e0
[   84.196566][   T24]  device_add+0xb60/0xf10
[   84.200816][   T24]  usb_set_configuration+0x190f/0x1e80
[   84.206111][   T24]  usb_generic_driver_probe+0x8b/0x150
[   84.211406][   T24]  usb_probe_device+0x144/0x260
[   84.216104][   T24]  really_probe+0x2b8/0x920
[   84.220458][   T24]  __driver_probe_device+0x1a0/0x310
[   84.225560][   T24]  driver_probe_device+0x54/0x3d0
[   84.230418][   T24]  __device_attach_driver+0x2e3/0x490
[   84.235708][   T24]  bus_for_each_drv+0x183/0x200
[   84.240727][   T24]  __device_attach+0x312/0x510
[   84.245296][   T24]  device_initial_probe+0x1a/0x20
[   84.250119][   T24]  bus_probe_device+0xbe/0x1e0
[   84.254814][   T24]  device_add+0xb60/0xf10
[   84.259065][   T24]  usb_new_device+0xf32/0x1810
[   84.263666][   T24]  hub_event+0x2db1/0x4830
[   84.267915][   T24]  process_one_work+0x73d/0xcb0
[   84.272599][   T24]  worker_thread+0xa60/0x1260
[   84.277219][   T24]  kthread+0x26d/0x300
[   84.281127][   T24]  ret_from_fork+0x1f/0x30
[   84.285412][   T24] 
[   84.287851][   T24] Freed by task 331:
[   84.291757][   T24]  kasan_set_track+0x4b/0x70
[   84.296287][   T24]  kasan_save_free_info+0x2b/0x40
[   84.301237][   T24]  ____kasan_slab_free+0x131/0x180
[   84.306177][   T24]  __kasan_slab_free+0x11/0x20
[   84.310778][   T24]  __kmem_cache_free+0x218/0x3b0
[   84.315604][   T24]  kfree+0x7a/0xf0
[   84.319123][   T24]  kvfree+0x35/0x40
[   84.322760][   T24]  netdev_freemem+0x3f/0x60
[   84.327107][   T24]  netdev_release+0x7f/0xb0
[   84.331436][   T24]  device_release+0x95/0x1c0
[   84.336070][   T24]  kobject_put+0x178/0x260
[   84.340477][   T24]  put_device+0x1f/0x30
[   84.344480][   T24]  free_netdev+0x393/0x480
[   84.349454][   T24]  usbnet_disconnect+0x245/0x390
[   84.354428][   T24]  usb_unbind_interface+0x1fa/0x8c0
[   84.359527][   T24]  device_release_driver_internal+0x53e/0x870
[   84.365578][   T24]  device_release_driver+0x19/0x20
[   84.370496][   T24]  bus_remove_device+0x2fa/0x360
[   84.375443][   T24]  device_del+0x663/0xe90
[   84.379645][   T24]  usb_disable_device+0x380/0x720
[   84.384562][   T24]  usb_disconnect+0x32a/0x890
[   84.389678][   T24]  hub_event+0x1ed8/0x4830
[   84.394013][   T24]  process_one_work+0x73d/0xcb0
[   84.398794][   T24]  worker_thread+0xa60/0x1260
[   84.403292][   T24]  kthread+0x26d/0x300
[   84.407212][   T24]  ret_from_fork+0x1f/0x30
[   84.411459][   T24] 
[   84.413624][   T24] Last potentially related work creation:
[   84.419183][   T24]  kasan_save_stack+0x3b/0x60
[   84.423777][   T24]  __kasan_record_aux_stack+0xb4/0xc0
[   84.429343][   T24]  kasan_record_aux_stack_noalloc+0xb/0x10
[   84.434976][   T24]  insert_work+0x56/0x310
[   84.439138][   T24]  __queue_work+0x9b6/0xd70
[   84.443480][   T24]  queue_work_on+0x105/0x170
[   84.447911][   T24]  usbnet_link_change+0xeb/0x100
[   84.453223][   T24]  usbnet_probe+0x1dbe/0x27c0
[   84.458082][   T24]  usb_probe_interface+0x5b6/0xa90
[   84.463143][   T24]  really_probe+0x2b8/0x920
[   84.467838][   T24]  __driver_probe_device+0x1a0/0x310
[   84.473392][   T24]  driver_probe_device+0x54/0x3d0
[   84.478775][   T24]  __device_attach_driver+0x2e3/0x490
[   84.484359][   T24]  bus_for_each_drv+0x183/0x200
[   84.489878][   T24]  __device_attach+0x312/0x510
[   84.494456][   T24]  device_initial_probe+0x1a/0x20
[   84.499316][   T24]  bus_probe_device+0xbe/0x1e0
[   84.504006][   T24]  device_add+0xb60/0xf10
[   84.508170][   T24]  usb_set_configuration+0x190f/0x1e80
[   84.513546][   T24]  usb_generic_driver_probe+0x8b/0x150
[   84.518850][   T24]  usb_probe_device+0x144/0x260
[   84.523540][   T24]  really_probe+0x2b8/0x920
[   84.527881][   T24]  __driver_probe_device+0x1a0/0x310
[   84.533056][   T24]  driver_probe_device+0x54/0x3d0
[   84.537851][   T24]  __device_attach_driver+0x2e3/0x490
[   84.543061][   T24]  bus_for_each_drv+0x183/0x200
[   84.547928][   T24]  __device_attach+0x312/0x510
[   84.553216][   T24]  device_initial_probe+0x1a/0x20
[   84.558369][   T24]  bus_probe_device+0xbe/0x1e0
[   84.563141][   T24]  device_add+0xb60/0xf10
[   84.567830][   T24]  usb_new_device+0xf32/0x1810
[   84.572614][   T24]  hub_event+0x2db1/0x4830
[   84.577315][   T24]  process_one_work+0x73d/0xcb0
[   84.582146][   T24]  worker_thread+0xa60/0x1260
[   84.586659][   T24]  kthread+0x26d/0x300
[   84.590827][   T24]  ret_from_fork+0x1f/0x30
[   84.596440][   T24] 
[   84.598795][   T24] The buggy address belongs to the object at ffff888112c9a000
[   84.598795][   T24]  which belongs to the cache kmalloc-4k of size 4096
[   84.613486][   T24] The buggy address is located 3312 bytes inside of
[   84.613486][   T24]  4096-byte region [ffff888112c9a000, ffff888112c9b000)
[   84.627678][   T24] 
[   84.629827][   T24] The buggy address belongs to the physical page:
[   84.636061][   T24] page:ffffea00044b2600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x112c98
[   84.646545][   T24] head:ffffea00044b2600 order:3 compound_mapcount:0 compound_pincount:0
[   84.654882][   T24] flags: 0x4000000000010200(slab|head|zone=1)
[   84.661131][   T24] raw: 4000000000010200 dead000000000100 dead000000000122 ffff888100043380
[   84.669763][   T24] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
[   84.678666][   T24] page dumped because: kasan: bad access detected
[   84.685490][   T24] page_owner tracks the page as allocated
[   84.691346][   T24] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 101, tgid 101 (udevd), ts 42811499443, free_ts 42785162011
[   84.713855][   T24]  post_alloc_hook+0x213/0x220
[   84.718549][   T24]  prep_new_page+0x1b/0x110
[   84.723311][   T24]  get_page_from_freelist+0x27ea/0x2870
[   84.728903][   T24]  __alloc_pages+0x3a1/0x780
[   84.733518][   T24]  alloc_slab_page+0x6c/0xf0
[   84.738135][   T24]  new_slab+0x90/0x3e0
[   84.742199][   T24]  ___slab_alloc+0x6f9/0xb80
[   84.746654][   T24]  __slab_alloc+0x5d/0xa0
[   84.750888][   T24]  __kmem_cache_alloc_node+0x1af/0x250
[   84.756360][   T24]  __kmalloc_node+0xa3/0x1e0
[   84.760873][   T24]  kvmalloc_node+0x221/0x640
[   84.765312][   T24]  seq_read_iter+0x1ff/0xd00
[   84.769729][   T24]  kernfs_fop_read_iter+0x145/0x470
[   84.774965][   T24]  vfs_read+0x771/0xad0
[   84.779215][   T24]  ksys_read+0x199/0x2c0
[   84.783285][   T24]  __x64_sys_read+0x7b/0x90
[   84.787812][   T24] page last free stack trace:
[   84.792308][   T24]  free_unref_page_prepare+0x83d/0x850
[   84.797602][   T24]  free_unref_page+0xb2/0x5c0
[   84.802118][   T24]  __free_pages+0x61/0xf0
[   84.806380][   T24]  __free_slab+0xce/0x1a0
[   84.810547][   T24]  __unfreeze_partials+0x165/0x1a0
[   84.815502][   T24]  put_cpu_partial+0xa9/0x100
[   84.820012][   T24]  __slab_free+0x1c8/0x280
[   84.824261][   T24]  ___cache_free+0xc6/0xd0
[   84.828876][   T24]  qlist_free_all+0xc5/0x140
[   84.833585][   T24]  kasan_quarantine_reduce+0x15a/0x180
[   84.839046][   T24]  __kasan_slab_alloc+0x24/0x80
[   84.843746][   T24]  slab_post_alloc_hook+0x53/0x2c0
[   84.849227][   T24]  __kmem_cache_alloc_node+0x191/0x250
[   84.854614][   T24]  __kmalloc_node+0xa3/0x1e0
[   84.859631][   T24]  kvmalloc_node+0x221/0x640
[   84.864042][   T24]  seq_read_iter+0x1ff/0xd00
[   84.868471][   T24] 
[   84.870626][   T24] Memory state around the buggy address:
[   84.876577][   T24]  ffff888112c9ab80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   84.885246][   T24]  ffff888112c9ac00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   84.893250][   T24] >ffff888112c9ac80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   84.902125][   T24]                                                              ^
[   84.909665][   T24]  ffff888112c9ad00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   84.917566][   T24]  ffff888112c9ad80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   84.925556][   T24] ==================================================================
[   84.934338][   T24] Disabling lock debugging due to kernel taint