last executing test programs:

4.682235543s ago: executing program 3:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da070000000000010902240001000000000904000009030000000921000000012222000905810308"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x22, {[@global=@item_012={0x2, 0x1, 0x9, "2313"}, @global=@item_012={0x2, 0x1, 0x0, "e53f"}, @global=@item_4={0x3, 0x1, 0x7, '\f\x00'}, @local=@item_012={0x2, 0x2, 0x2, "9000"}, @global=@item_4={0x3, 0x1, 0x0, "0900be00"}, @main=@item_4={0x3, 0x0, 0x8}, @local=@item_4={0x3, 0x2, 0x0, "09007a15"}, @local=@item_4={0x3, 0x2, 0x0, "5d8c3dda"}]}}, 0x0}, 0x0)
renameat(0xffffffffffffff9c, 0x0, 0xffffffffffffffff, 0x0)
syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000400)="e4")

2.924635486s ago: executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = dup(r0)
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r2, 0x107, 0x16, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
dup3(r1, r2, 0x0)

2.883135532s ago: executing program 0:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
close(0xffffffffffffffff)
execve(0x0, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, &(0x7f0000000240)={'wg0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@ipv4_newroute={0x2c, 0x18, 0x811, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0xfd, 0x0, 0xfe, 0x2}, [@RTA_OIF={0x8, 0x4, r2}, @RTA_PREFSRC={0x8, 0x7, @multicast2}]}, 0x2c}}, 0x0)

2.847979577s ago: executing program 0:
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f0000000240), 0x21, 0x4a6, &(0x7f0000000a40)="$eJzs3cFPG9kZAPBvBgiEkEDaHNqqbdI0bVpFscFJUJRTemlVRZGqRj31kFBwEMLGCJs00BzI/1CpkXpq/4QeKvVQKae97233tpfsYaXsbrSrsNIevJqxIYRgYDcES/j3k55m3jzj7z2sec98gF8APetcRKxFxLGIuBcRo+3rSbvEzVbJHvfyxaPp9RePppNoNu98luTt2bXY8jWZE+3nHIqIP/4u4i/Jm3HrK6vzU5VKealdLzaqi8X6yurluerUbHm2vFAqTU5Mjl+/cq10YGM9W/3P89/O3frT///3k2fvr/36b1m3RtptW8dxkFpDH9iMk+mPiFvvIlgX9LXHc6zbHeE7SSPiexFxPr//R6MvfzUBgKOs2RyN5ujWOgBw1KV5DixJC+1cwEikaaHQyuGdieG0Uqs3Lt2vLS/MtHJlYzGQ3p+rlMfbucKxGEiy+kR+/qpe2la/EhGnI+Lvg8fzemG6Vpnp5hsfAOhhJ7at/18OttZ/AOCIG+p2BwCAQ2f9B4DeY/0HgN5j/QeA3mP9B4DeY/0HgN5j/QeAnvKH27ez0lxvf/71zIOV5fnag8sz5fp8obo8XZiuLS0WZmu12fwze6p7PV+lVlucuBrLD4uNcr1RrK+s3q3Wlhcad/PP9b5bHjiUUQEAuzl99umHSUSs3Tiel9iyl4O1Go62tNsdALqmr9sdALrGbl/Qu/yMD+ywRe9rOv6J0JOD7wtwOC7+UP4fepX8P/Qu+X/oXfL/0LuazcSe/wDQY+T4Ab//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgG9vJC9JWmjvBT4SaVooRJyMiLEYSO7PVcrjEXEqIj4YHBjM6hPd7jQA8JbST5L2/l8XRy+MbG89lnw1mB8j4q//vPOPh1ONxtJEdv3zzeuNJ+3rpW70HwDYy8Y6vbGOb3j54tH0RjnM/jz/TWtz0Szueru0WvqjPz8OxUBEDH+RtOst2fuVvgOIv/Y4In6w0/iTPDcy1t75dHv8LPbJQ42fvhY/zdtax+x78f0D6Av0mqfZ/HNzp/svjXP5cef7fyifod7exvy3/sb8l27Of30d5r9z+41x9b3fd2x7HPGj/p3iJ5vxkw7xL+wz/kc//un5Tm3Nf0VcjJ3jb41VbFQXi/WV1ctz1anZ8mx5oVSanJgcv37lWqmY56iLG5nqN31649Kp3cY/3CH+0B7j/8U+x//vr+/9+We7xP/Vz3d+/c/sEj9bE3+5z/hTw//tuH13Fn+mw/j3ev0v7TP+s49XZ/b5UADgENRXVuenKpXykhMnTpxsnnR7ZgLetVc3fbd7AgAAAAAAAAAAAAAAdHIY/07U7TECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwdH0TAAD//yyP2UE=")
syz_pidfd_open(0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
r1 = socket(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000f1000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r2, @ANYBLOB='\x00\x00\x00\x00'], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="240000006800b9f900000000000000000a000000000000000805ffffff00000004000b00"], 0x24}}, 0x0)
sendmsg$nl_route(r1, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x2)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./bus\x00', 0x0, &(0x7f0000000240), 0x21, 0x4a6, &(0x7f0000000a40)="$eJzs3cFPG9kZAPBvBgiEkEDaHNqqbdI0bVpFscFJUJRTemlVRZGqRj31kFBwEMLGCJs00BzI/1CpkXpq/4QeKvVQKae97233tpfsYaXsbrSrsNIevJqxIYRgYDcES/j3k55m3jzj7z2sec98gF8APetcRKxFxLGIuBcRo+3rSbvEzVbJHvfyxaPp9RePppNoNu98luTt2bXY8jWZE+3nHIqIP/4u4i/Jm3HrK6vzU5VKealdLzaqi8X6yurluerUbHm2vFAqTU5Mjl+/cq10YGM9W/3P89/O3frT///3k2fvr/36b1m3RtptW8dxkFpDH9iMk+mPiFvvIlgX9LXHc6zbHeE7SSPiexFxPr//R6MvfzUBgKOs2RyN5ujWOgBw1KV5DixJC+1cwEikaaHQyuGdieG0Uqs3Lt2vLS/MtHJlYzGQ3p+rlMfbucKxGEiy+kR+/qpe2la/EhGnI+Lvg8fzemG6Vpnp5hsfAOhhJ7at/18OttZ/AOCIG+p2BwCAQ2f9B4DeY/0HgN5j/QeA3mP9B4DeY/0HgN5j/QeAnvKH27ez0lxvf/71zIOV5fnag8sz5fp8obo8XZiuLS0WZmu12fwze6p7PV+lVlucuBrLD4uNcr1RrK+s3q3Wlhcad/PP9b5bHjiUUQEAuzl99umHSUSs3Tiel9iyl4O1Go62tNsdALqmr9sdALrGbl/Qu/yMD+ywRe9rOv6J0JOD7wtwOC7+UP4fepX8P/Qu+X/oXfL/0LuazcSe/wDQY+T4Ab//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgG9vJC9JWmjvBT4SaVooRJyMiLEYSO7PVcrjEXEqIj4YHBjM6hPd7jQA8JbST5L2/l8XRy+MbG89lnw1mB8j4q//vPOPh1ONxtJEdv3zzeuNJ+3rpW70HwDYy8Y6vbGOb3j54tH0RjnM/jz/TWtz0Szueru0WvqjPz8OxUBEDH+RtOst2fuVvgOIv/Y4In6w0/iTPDcy1t75dHv8LPbJQ42fvhY/zdtax+x78f0D6Av0mqfZ/HNzp/svjXP5cef7fyifod7exvy3/sb8l27Of30d5r9z+41x9b3fd2x7HPGj/p3iJ5vxkw7xL+wz/kc//un5Tm3Nf0VcjJ3jb41VbFQXi/WV1ctz1anZ8mx5oVSanJgcv37lWqmY56iLG5nqN31649Kp3cY/3CH+0B7j/8U+x//vr+/9+We7xP/Vz3d+/c/sEj9bE3+5z/hTw//tuH13Fn+mw/j3ev0v7TP+s49XZ/b5UADgENRXVuenKpXykhMnTpxsnnR7ZgLetVc3fbd7AgAAAAAAAAAAAAAAdHIY/07U7TECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwdH0TAAD//yyP2UE=")
sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_mount_image$fuse(0x0, &(0x7f00000016c0)='./bus\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./bus/file0\x00', 0x0)
setxattr(&(0x7f0000000340)='./bus/file0\x00', &(0x7f0000000400)=@known='security.apparmor\x00', &(0x7f00000003c0)='overlay\x00', 0xe407, 0x0)
rmdir(&(0x7f0000000000)='./bus/file0\x00')
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)

2.50798974s ago: executing program 2:
prlimit64(0x0, 0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
capset(0x0, 0x0)

2.162600724s ago: executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='ext4_request_blocks\x00', r1}, 0x10)
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)

2.141145617s ago: executing program 2:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
openat$tun(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mount$cgroup(0x0, &(0x7f0000000180)='./bus\x00', &(0x7f0000000040), 0x0, &(0x7f0000000000))
mmap(&(0x7f0000000000/0xb36000)=nil, 0x7000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdirat(r4, &(0x7f0000000040)='./file0\x00', 0x0)
unshare(0x60600)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0, 0x0)
openat(r4, &(0x7f0000000140)='./file0/file0\x00', 0xa4b40, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r5}, 0x10)
openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x0)

2.111824792s ago: executing program 1:
r0 = socket(0x80000000000000a, 0x2, 0x0)
ioctl$sock_inet6_SIOCADDRT(r0, 0x80108906, 0x0)

2.103103603s ago: executing program 1:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$USBDEVFS_SUBMITURB(r3, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x7995}, 0xfcb5, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0})

2.090997825s ago: executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b7000000000000"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
pipe2(0x0, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r3}, 0x4)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r4}, 0x10)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000140)=@raw={'raw\x00', 0x8, 0x3, 0x650, 0x368, 0x25, 0x148, 0x0, 0x60, 0x5b8, 0x2a8, 0x2a8, 0x5b8, 0x2a8, 0x3, 0x0, {[{{@ip={@multicast2, @multicast2, 0x0, 0x0, 'bridge0\x00', 'rose0\x00'}, 0x0, 0x2f8, 0x368, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'veth1_to_team\x00', {0x0, 0x0, 0x9, 0x0, 0x0, 0xffffffff, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x0, 0x6, './file0\x00'}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "f2f7b9f28413d9d8ad470ad2b60c45cb4ea6e7bf902bdc2ff8a9304d9f655c746adc0bdc773506378bc2d27efd6abb05175089830cc46186074d7de46d5af300"}}}, {{@ip={@empty, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth0_to_team\x00'}, 0x0, 0x1f0, 0x250, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'geneve0\x00'}}, @inet=@rpfilter={{0x28}}]}, @common=@SET={0x60}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x6b0)
gettid()
kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, 0xffffffffffffffff, &(0x7f0000000200))
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0xfff, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0xfffffffffffffde9, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bind$netlink(0xffffffffffffffff, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbfb, 0x2000}, 0xc)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)

1.460338373s ago: executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0x4002})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0}, 0x90)
writev(r0, &(0x7f00000002c0)=[{&(0x7f0000000080)="00c3ff", 0x1}, {&(0x7f0000000000)='G', 0x1}, {&(0x7f0000000240)="d336bd75243cb9a6418e", 0xa}], 0x1000000000000041)

1.379596005s ago: executing program 4:
r0 = socket$netlink(0x10, 0x3, 0x0)
unshare(0x22020600)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f0000000440)={[{@noload}, {@resuid={'resuid', 0x3d, 0xee01}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@lazytime}, {@block_validity}, {@quota}]}, 0x3, 0x431, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0)
r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00')
setns(r1, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

1.346984771s ago: executing program 0:
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = timerfd_create(0x0, 0x0)
timerfd_settime(r0, 0x0, &(0x7f0000000340)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={@multicast2, @local, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0xc)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = getpid()
sched_setscheduler(r3, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
unshare(0x40020000)

1.22610523s ago: executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='kmem_cache_free\x00', r1}, 0x10)
link(&(0x7f0000000040)='./file0\x00', 0x0)

1.219258031s ago: executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='ext4_request_blocks\x00', r1}, 0x10)
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)

1.211980702s ago: executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffff7a, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000007b"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='jbd2_checkpoint\x00', r2}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='jbd2_checkpoint\x00', r4}, 0x10)
ioctl$TUNSETOFFLOAD(r0, 0x40086607, 0x20001412)

518.930549ms ago: executing program 4:
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000dc0)=ANY=[@ANYBLOB="b7000000a5517f5fbfa30000000000000703000028feffff720af0fff8ffffff71a4f0ff00000000b7060000000000012e400300000000006506020001cd00007118540000000000c3640000000000006b0a00fe00000000850000002e000000b7000000000000009500000000000000023bc065b7a379d179fc9e94af69912435f1b6a693172e6191a12bebf9f9804ea033388cd15b65877ad4b200000000000000000beca090f32050e436fe275daf51efd601b6bf01c8e8b1abe4fef3bef7074815ae98743d1ace4c46631256dd19aed0d600c0b6199fe3ff3128e599b0eaebbdbd7359a48f5b0afc3996792043a6787bac46aa7aa400000000000069669622208266f896ba2c9e73c2efeec2dc565fbafb2cb63f5fef9ab79ff8abaa8a08f54a062107e9bb3e980fff675c8d3e91df6648a7a6aebcb63e0867b75690152af27711f0cbb9c06018d21bf3f87b8eb65323b4267a526d53442db8e48dbc5ce47d67d07441a7975d5e41b14fd0154a8246249952a8b61633ce068220defe09d3b1136af6d03e9cf996c13d1bfcdc54567a9ca80dec2e943fe4ae7c617cc071f7add70cfbd48f8f6b50fe6a8297d88efa73e7e601040000b4a685969f28902bdecf66ef39755de79ed2c711477febc96231a53984d00877301d0ec62427a8e38618fdd1ce9aaed569ebc5f2e58d6028e66139a737cc7146a131d47dcebb32ed67021d76e983223c998aec22242ae54e87f438d26982876b58f9134366952f7399a733f07138a736924f3709000000e97f0c117ec439c6b7b965752bbc06eced08d97a32ae4b1ad4d11c5b6f68ee841975233e4cea13f3ef04b2cab9cc256d4539dbafd888c7097c1169e0bebcc81ca3da40bf34b6c9c1da2d6ed8acaf2a8091820ff4cf6be74ddca8bf2eed0e11b2139e8c3ec95436af5269d5792decda7d8b5dcf8640b504ba23c6d0a7f67cdfd27328100ebf9319a56f0f9cee17deecf747f3493f1dc39551f4c9a40b3e93fa80b8234ccbf39a9ef09bd97321f0dc20956f44ba2c5ec2e7569b05cf4690ddc189f174046a8b214acf23f42fb51ed4819e6b4cb5a8bf2b559d0c198fe0315483b8beb9801d06c58b22dd713fe3b7ef18e21081aacfd091b754125a488cea18255f79bebcb3051f622f8a1d9af1908e88a58774a24f35a4ccdbedea6212286c23dd89c2b4b90647f17231472af8dda7f3ab20f093aad3ce875f7458039ee6d0a50deb7bc8eb393f056a5e7725531c5485278e0362338e2e2710fe00465e0d182a322091022cf5b814eeb9b3cab21196581e4d92d0b6fe5525285eea359274f1f21d69233bbe94941f10ba292100000000000000000000000000000000c18e93a0c5231779f2ee201e9fe7e63e84b57b5f05ecd278919bad330ffcb594b8255b3085b352ca9533d6c31c1a30158c30352f8a126a65cb6582e58aa641007418611df53a601c3a8fb8d2286e86abf98136f345446730f68f5d6d1817a9e1b09e5650d2599fbe719a45337d29eb3fef5f7f565457660dec6fe903a1c2ea4f40a8ea1c179892afa219fc69a44163f0d731de418e9fd82a8c4661caea674b19242d1840d047882f640ea248457288c5ffb63e857da03ff5c0475c3cfff41c4806f1dc750eb1c45ec3a2a0b064834010604d6f88a29e8e9bda2bc9c18d1b53a08f25d62ccaa46bc0235c830a7b3fe64bc6031b431bcad6b698a1ba6027870ea9e55fafbbf140c5f82a33ee4ac793b989c12a5827a7957f4d8136cf918b7cbf5bc5fc64c8001992536584586edded6f65bdd371ac84fd5cc60ab79b84e9e85a1c54d5666a5d133e95eff121621dff14b9de7a188b8c5387f9da63c2cce405bc44079e34e2db2b275bfbb54841d647338cad74be91144b780cf381a6860f641446ef73bd11d45f5e4df8f3c6440d8425fd7382225cf8c2cada01bf3cd5cbc6a403173e0c89a491c75efc3c21b7825a521c6011945eef94abc3000000000000000000000000000000d71b794e9b4c145caf050429937eef4364d9e1cbe9150bccd9b2e73757f1f5e8ac50736cd3cbc029ede2869642841371bb4b9c1aaa8826889a909e6716b60e4b568b6761f8ccc7d35b0e66357746b10fc481b47e67f1e14408c1ef3e018a5e647e3f607654f3bf82bcfb42be038a272d82f8362944f608b3810000000019fda0b1b607f1ab34194ed954973f7a5accc0938d3364ab07574d0b32fc30f3ab73d012b63ee905e98ab6989ec2c840cd216eb18fedfb3b204e94e170bae930660368d3799c9b1bf7556ac57164966791626f06ad2e332341965f72141ec140b80efd7720ccdaa890b79bc4523386bd66553121543c9a35b7adcf2f6b257fefef1d6e1da2ee94d3f822bf45aad21e5b5a3788ab584090664065af39b0f43968dcd7c5f8e5a8dc6298691423fbf7e8e012260bc62f9422434a547ef7ca37953d435098d9b71edd1a03e46d0ade465d0c0db0a51f9e29cac05e5a04f94e"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x45}, 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000040)={r1, 0xe0, &(0x7f0000000680)={0x0, <r2=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10)
r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000a00)={r2}, 0x4)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000040)=r3, 0x4)
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a37f2", 0x14, 0x2c, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)

496.112363ms ago: executing program 3:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = dup(r0)
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r2, 0x107, 0x16, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
dup3(r1, r2, 0x0)

483.435105ms ago: executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x42, 0x40, 0x0, 0x1}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@bloom_filter={0x1e, 0x0, 0x1, 0x0, 0x2a21, 0xffffffffffffffff, 0x1f, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x4, 0x1}, 0x48)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8000002b)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000016c0)={0xffffffffffffffff, 0x20, &(0x7f0000001880)={0x0, 0x0, <r1=>0x0, &(0x7f0000000680)=""/4096, 0x1000}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x14, 0x2, &(0x7f0000000100)=@raw=[@map_val={0x18, 0x1, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x401}], &(0x7f0000000140)='syzkaller\x00', 0xff, 0x63, &(0x7f0000000180)=""/99, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x8, 0x1}, 0x8, 0x10, 0x0, 0x0, r1, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[0xffffffffffffffff]}, 0x90)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000140), 0x3af47044)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28012, r2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x1, 0x2, 0x7, 0x4, 0x0, 0x1}, 0x17)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000000c0)={&(0x7f0000000200)="f1", 0x0, 0x0, 0x0, 0x36, r3}, 0x38)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000880), 0xff6b)
r4 = socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000640)={r2, 0x20, &(0x7f0000000600)={&(0x7f00000005c0), 0x0, 0x0, &(0x7f0000009a40)=""/4096, 0x1000}}, 0x10)
r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r6=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000a40)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0x10}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x3c}, 0x1, 0xba01}, 0x0)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000080)={0x0, @loopback, @local}, &(0x7f00000000c0)=0xc)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@bloom_filter={0x1e, 0xeb21, 0x8, 0x5, 0x800, 0x1, 0x100, '\x00', r6, 0xffffffffffffffff, 0x3, 0x2, 0x2, 0x4}, 0x48)
r7 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r7, 0x8922, &(0x7f0000000180)={'team0\x00', 0x44})
connect$pppl2tp(r7, &(0x7f00000002c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, r2, 0x0, 0x1, 0x4, 0x1, {0xa, 0x4e23, 0x9, @local, 0x9}}}, 0x3a)
ioctl$SIOCSIFMTU(r7, 0x8923, &(0x7f0000000000)={'team0\x00', 0x18a1})
sendto(r7, &(0x7f00000001c0)="3a5012944f6a89c8f737a6d300a1542b03e9f6044835f9169af64495c16e439417682c0df38fc607c967567b986bfe931e4e57ebd05a6a79d890545331de56691a41dfd3fbce1c21c39a0052840018b5889c7ec85eeadc51c5a16f1e4c6d7b627350504e03519717c7f0142aebc339e77ecd073666d9a20da5cb24395fb8c2ef47c0528b4ed80fd16016a90af4fbeaf55c4c80e1827dbce88c1d52b8b618a2b0fe3e914b071cee39828d175df9af5befaf165f26eafeafbf4fbc5d164da90af9c0df1e678a40644b8762b297230a73cea8c03f48653bd17ff5aaf1ec47c972d0fd867b10f8204a8ed3decfde319f", 0xee, 0x20000010, 0x0, 0x0)
ioctl$SIOCSIFMTU(r7, 0x8922, &(0x7f0000000540)={'tunl0\x00', 0x9})
ioctl$SIOCSIFMTU(r7, 0x8922, &(0x7f00000000c0)={'nr0\x00', 0x3ff})
writev(r7, &(0x7f000000acc0)=[{&(0x7f0000000380)="b28d34da395c5769f5745bb2211c9925190e37196558a67eaefd8f3e520ccf51efc17daa10ffe0f9d85bbaf9b0ab563a0056642eb132608d96fd7d9efa8c8a0de59f717136fdf26b98f2bd8a5498be3421df0386b11357", 0x57}, {&(0x7f0000000400)="cc8c10b02875f308344b9fe932536a915017c303083ad7548ebf20d323f6666771c4fe3f51d50e111214f8578ce856f0344e809f6a488bb73b6676ec4d8b5fbd95b71b3ef12bb84e5eabf247df32f5f475", 0x51}, {&(0x7f000000aa40)="77619f0844f43272438626c011da24a0460de3de3521a43efab69fe0fba61f966350db2c51fb546e294b0bd9877aa38f71ca9d7f04b74c0e173406231cf0f6f8e3cafb9fd21ffd17bd879c8167398da50ff2f3d853a34e9f15b6e92f35f008c82ab02bb02279130ff16e3f6f7b721005eda02c849f4312ea28459c9853e6fc860bb53a739fbdbbf45b5b8890466cbe8e0d666b793d9514f9e08808d6a452bc4dd58906a7afc2fe595886fca0b69bba59a6f9507abf938abcc1bcc74541589a5c9b0a9b27e2f201", 0xc7}, {&(0x7f000000ab40)="930d0ba974e3c7b20542f25ece62e36d903dfe3f41e564093dfd343c8065c469feee6feccb150d6f44ddfca135879c2127dc192a5db747f3458c2ad68e2496afa1b0315549028c743f158c2d23f101d265525a22be06757905e28936979cd23c62ba4c62bcb8189517fbdd3f2111f7932fb6f87ea54062862b5da36c5998c2d33e91afca5e5001fcc3196f7ed86927c2fa6c64d2f6bb27", 0x97}], 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x0, 0x10, &(0x7f0000009940)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1ff}, {}, {}, [@exit], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r6}, 0x90)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="280055e21ee7ad7e83e2", @ANYRES32=r6, @ANYBLOB="08008100010000000800010001000000"], 0x28}, 0x1, 0x0, 0x0, 0x4001}, 0x20040000)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100), &(0x7f00000005c0)="69798f5c7d4865052a05723c1f3bb61a8727716b874a8fb964661238474faa59f72093276a4ab32a652c0225ab041f7f7c2e715c6a1f017c", 0x3080, r0}, 0x38)

477.363066ms ago: executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r2, &(0x7f0000000200), 0x42400)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r3, &(0x7f0000000180), 0x40001)

392.442849ms ago: executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000200000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10)
mount$incfs(0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000090003206d0414c34000ffff000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0)
syz_usb_control_io$hid(r2, &(0x7f00000001c0)={0x24, &(0x7f0000000dc0)=ANY=[@ANYBLOB="00020c0000000c0002"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r2, 0x0, &(0x7f0000000080)={0x2c, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io(r2, 0x0, &(0x7f0000000900)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20, 0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r2, 0x0, &(0x7f00000009c0)={0x84, 0x0, 0x0, 0x0, &(0x7f00000005c0)={0x20, 0x0, 0x4, {0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)

389.84668ms ago: executing program 3:
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x40, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
write$FUSE_NOTIFY_POLL(r0, &(0x7f0000000080)={0x18, 0x3}, 0x18)

376.227071ms ago: executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x2, 0x7fe2, 0x1}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000004080)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32=r2], 0x18}}], 0x1, 0x0)
sendmmsg$unix(r3, &(0x7f0000001980)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=[@rights={{0x14, 0x1, 0x1, [r2]}}], 0x18}}], 0x1, 0x0)
r4 = dup3(r3, r2, 0x0)
connect$unix(r4, &(0x7f0000000100)=@abs={0x1}, 0x6e)

369.255203ms ago: executing program 3:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0x4002})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0}, 0x90)
writev(r0, &(0x7f00000002c0)=[{&(0x7f0000000080)="00c3ff", 0x1}, {&(0x7f0000000000)='G', 0x1}, {&(0x7f0000000240)="d336bd75243cb9a6418e", 0xa}], 0x1000000000000041)

332.273128ms ago: executing program 4:
r0 = socket$netlink(0x10, 0x3, 0x0)
unshare(0x22020600)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f0000000440)={[{@noload}, {@resuid={'resuid', 0x3d, 0xee01}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@lazytime}, {@block_validity}, {@quota}]}, 0x3, 0x431, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0)
r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00')
setns(r1, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

198.481189ms ago: executing program 3:
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
chdir(&(0x7f0000000000)='./file0\x00')
creat(&(0x7f0000000040)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0)
readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)

184.210042ms ago: executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='ext4_request_blocks\x00', r1}, 0x10)
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)

142.625478ms ago: executing program 4:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da070000000000010902240001000000000904000009030000000921000000012222000905810308"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x22, {[@global=@item_012={0x2, 0x1, 0x9, "2313"}, @global=@item_012={0x2, 0x1, 0x0, "e53f"}, @global=@item_4={0x3, 0x1, 0x7, '\f\x00'}, @local=@item_012={0x2, 0x2, 0x2, "9000"}, @global=@item_4={0x3, 0x1, 0x0, "0900be00"}, @main=@item_4={0x3, 0x0, 0x8}, @local=@item_4={0x3, 0x2, 0x0, "09007a15"}, @local=@item_4={0x3, 0x2, 0x0, "5d8c3dda"}]}}, 0x0}, 0x0)
renameat(0xffffffffffffff9c, 0x0, 0xffffffffffffffff, 0x0)
syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000400)="e4")

118.200182ms ago: executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b7000000000000"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
pipe2(0x0, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r3}, 0x4)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r4}, 0x10)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000140)=@raw={'raw\x00', 0x8, 0x3, 0x650, 0x368, 0x25, 0x148, 0x0, 0x60, 0x5b8, 0x2a8, 0x2a8, 0x5b8, 0x2a8, 0x3, 0x0, {[{{@ip={@multicast2, @multicast2, 0x0, 0x0, 'bridge0\x00', 'rose0\x00'}, 0x0, 0x2f8, 0x368, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'veth1_to_team\x00', {0x0, 0x0, 0x9, 0x0, 0x0, 0xffffffff, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x0, 0x6, './file0\x00'}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "f2f7b9f28413d9d8ad470ad2b60c45cb4ea6e7bf902bdc2ff8a9304d9f655c746adc0bdc773506378bc2d27efd6abb05175089830cc46186074d7de46d5af300"}}}, {{@ip={@empty, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth0_to_team\x00'}, 0x0, 0x1f0, 0x250, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'geneve0\x00'}}, @inet=@rpfilter={{0x28}}]}, @common=@SET={0x60}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x6b0)
gettid()
kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, 0xffffffffffffffff, &(0x7f0000000200))
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0xfff, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0xfffffffffffffde9, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bind$netlink(0xffffffffffffffff, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbfb, 0x2000}, 0xc)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)

0s ago: executing program 3:
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000dc0)=ANY=[@ANYBLOB="b7000000a5517f5fbfa30000000000000703000028feffff720af0fff8ffffff71a4f0ff00000000b7060000000000012e400300000000006506020001cd00007118540000000000c3640000000000006b0a00fe00000000850000002e000000b7000000000000009500000000000000023bc065b7a379d179fc9e94af69912435f1b6a693172e6191a12bebf9f9804ea033388cd15b65877ad4b200000000000000000beca090f32050e436fe275daf51efd601b6bf01c8e8b1abe4fef3bef7074815ae98743d1ace4c46631256dd19aed0d600c0b6199fe3ff3128e599b0eaebbdbd7359a48f5b0afc3996792043a6787bac46aa7aa400000000000069669622208266f896ba2c9e73c2efeec2dc565fbafb2cb63f5fef9ab79ff8abaa8a08f54a062107e9bb3e980fff675c8d3e91df6648a7a6aebcb63e0867b75690152af27711f0cbb9c06018d21bf3f87b8eb65323b4267a526d53442db8e48dbc5ce47d67d07441a7975d5e41b14fd0154a8246249952a8b61633ce068220defe09d3b1136af6d03e9cf996c13d1bfcdc54567a9ca80dec2e943fe4ae7c617cc071f7add70cfbd48f8f6b50fe6a8297d88efa73e7e601040000b4a685969f28902bdecf66ef39755de79ed2c711477febc96231a53984d00877301d0ec62427a8e38618fdd1ce9aaed569ebc5f2e58d6028e66139a737cc7146a131d47dcebb32ed67021d76e983223c998aec22242ae54e87f438d26982876b58f9134366952f7399a733f07138a736924f3709000000e97f0c117ec439c6b7b965752bbc06eced08d97a32ae4b1ad4d11c5b6f68ee841975233e4cea13f3ef04b2cab9cc256d4539dbafd888c7097c1169e0bebcc81ca3da40bf34b6c9c1da2d6ed8acaf2a8091820ff4cf6be74ddca8bf2eed0e11b2139e8c3ec95436af5269d5792decda7d8b5dcf8640b504ba23c6d0a7f67cdfd27328100ebf9319a56f0f9cee17deecf747f3493f1dc39551f4c9a40b3e93fa80b8234ccbf39a9ef09bd97321f0dc20956f44ba2c5ec2e7569b05cf4690ddc189f174046a8b214acf23f42fb51ed4819e6b4cb5a8bf2b559d0c198fe0315483b8beb9801d06c58b22dd713fe3b7ef18e21081aacfd091b754125a488cea18255f79bebcb3051f622f8a1d9af1908e88a58774a24f35a4ccdbedea6212286c23dd89c2b4b90647f17231472af8dda7f3ab20f093aad3ce875f7458039ee6d0a50deb7bc8eb393f056a5e7725531c5485278e0362338e2e2710fe00465e0d182a322091022cf5b814eeb9b3cab21196581e4d92d0b6fe5525285eea359274f1f21d69233bbe94941f10ba292100000000000000000000000000000000c18e93a0c5231779f2ee201e9fe7e63e84b57b5f05ecd278919bad330ffcb594b8255b3085b352ca9533d6c31c1a30158c30352f8a126a65cb6582e58aa641007418611df53a601c3a8fb8d2286e86abf98136f345446730f68f5d6d1817a9e1b09e5650d2599fbe719a45337d29eb3fef5f7f565457660dec6fe903a1c2ea4f40a8ea1c179892afa219fc69a44163f0d731de418e9fd82a8c4661caea674b19242d1840d047882f640ea248457288c5ffb63e857da03ff5c0475c3cfff41c4806f1dc750eb1c45ec3a2a0b064834010604d6f88a29e8e9bda2bc9c18d1b53a08f25d62ccaa46bc0235c830a7b3fe64bc6031b431bcad6b698a1ba6027870ea9e55fafbbf140c5f82a33ee4ac793b989c12a5827a7957f4d8136cf918b7cbf5bc5fc64c8001992536584586edded6f65bdd371ac84fd5cc60ab79b84e9e85a1c54d5666a5d133e95eff121621dff14b9de7a188b8c5387f9da63c2cce405bc44079e34e2db2b275bfbb54841d647338cad74be91144b780cf381a6860f641446ef73bd11d45f5e4df8f3c6440d8425fd7382225cf8c2cada01bf3cd5cbc6a403173e0c89a491c75efc3c21b7825a521c6011945eef94abc3000000000000000000000000000000d71b794e9b4c145caf050429937eef4364d9e1cbe9150bccd9b2e73757f1f5e8ac50736cd3cbc029ede2869642841371bb4b9c1aaa8826889a909e6716b60e4b568b6761f8ccc7d35b0e66357746b10fc481b47e67f1e14408c1ef3e018a5e647e3f607654f3bf82bcfb42be038a272d82f8362944f608b3810000000019fda0b1b607f1ab34194ed954973f7a5accc0938d3364ab07574d0b32fc30f3ab73d012b63ee905e98ab6989ec2c840cd216eb18fedfb3b204e94e170bae930660368d3799c9b1bf7556ac57164966791626f06ad2e332341965f72141ec140b80efd7720ccdaa890b79bc4523386bd66553121543c9a35b7adcf2f6b257fefef1d6e1da2ee94d3f822bf45aad21e5b5a3788ab584090664065af39b0f43968dcd7c5f8e5a8dc6298691423fbf7e8e012260bc62f9422434a547ef7ca37953d435098d9b71edd1a03e46d0ade465d0c0db0a51f9e29cac05e5a04f94e"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x45}, 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000040)={r1, 0xe0, &(0x7f0000000680)={0x0, <r2=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10)
r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000a00)={r2}, 0x4)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000040)=r3, 0x4)
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a37f2", 0x14, 0x2c, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)

kernel console output (not intermixed with test programs):

eth0_macvtap: link becomes ready
[  457.019663][T10688] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  457.060040][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  457.068482][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  457.077062][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  457.085303][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  457.124330][T12507] bridge0: port 1(bridge_slave_0) entered blocking state
[  457.131288][T12507] bridge0: port 1(bridge_slave_0) entered disabled state
[  457.138695][T12507] device bridge_slave_0 entered promiscuous mode
[  457.149279][T12507] bridge0: port 2(bridge_slave_1) entered blocking state
[  457.156335][T12507] bridge0: port 2(bridge_slave_1) entered disabled state
[  457.164424][T12507] device bridge_slave_1 entered promiscuous mode
[  457.209244][   T30] audit: type=1326 audit(2000001208.768:52924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12523 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd48d88ef29 code=0x7ffc0000
[  457.233861][   T30] audit: type=1326 audit(2000001208.777:52925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12523 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd48d88ef29 code=0x7ffc0000
[  457.262938][   T30] audit: type=1326 audit(2000001208.786:52926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12523 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7fd48d88ef29 code=0x7ffc0000
[  457.280228][T12529] loop1: detected capacity change from 0 to 256
[  457.296721][   T30] audit: type=1326 audit(2000001208.786:52927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12523 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd48d88ef29 code=0x7ffc0000
[  457.332414][T12532] loop0: detected capacity change from 0 to 512
[  457.332703][   T30] audit: type=1326 audit(2000001208.786:52928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12523 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd48d88ef29 code=0x7ffc0000
[  457.362676][   T30] audit: type=1326 audit(2000001208.796:52929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12523 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7fd48d88ef29 code=0x7ffc0000
[  457.386981][   T30] audit: type=1326 audit(2000001208.796:52930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12523 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd48d88ef29 code=0x7ffc0000
[  457.411265][   T30] audit: type=1326 audit(2000001208.814:52931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12523 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd48d88ef29 code=0x7ffc0000
[  457.440031][T12532] EXT4-fs (loop0): Ignoring removed mblk_io_submit option
[  457.447774][T12532] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
[  457.459147][T12532] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  457.467646][T12532] EXT4-fs (loop0): orphan cleanup on readonly fs
[  457.474602][T12532] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:476: comm syz-executor.0: Invalid block bitmap block 0 in block_group 0
[  457.488458][T12532] EXT4-fs (loop0): Remounting filesystem read-only
[  457.495119][T12532] Quota error (device loop0): write_blk: dquota write failed
[  457.502369][T12532] Quota error (device loop0): qtree_write_dquot: Error -28 occurred while creating quota
[  457.512091][T12532] EXT4-fs (loop0): 1 orphan inode deleted
[  457.518681][T12512] bridge0: port 1(bridge_slave_0) entered blocking state
[  457.524396][T12532] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,noload,noinit_itable,noquota,noblock_validity,data_err=ignore,mblk_io_submit,acl,usrquota,. Quota mode: writeback.
[  457.544342][T12512] bridge0: port 1(bridge_slave_0) entered disabled state
[  457.544934][T12512] device bridge_slave_0 entered promiscuous mode
[  457.555616][T12532] EXT4-fs error (device loop0): ext4_remount:5845: comm syz-executor.0: Abort forced by user
[  457.568595][T12512] bridge0: port 2(bridge_slave_1) entered blocking state
[  457.575503][T12512] bridge0: port 2(bridge_slave_1) entered disabled state
[  457.583000][T12512] device bridge_slave_1 entered promiscuous mode
[  457.645141][ T1409] device bridge_slave_1 left promiscuous mode
[  457.651172][ T1409] bridge0: port 2(bridge_slave_1) entered disabled state
[  457.658953][ T1409] device bridge_slave_0 left promiscuous mode
[  457.665182][ T1409] bridge0: port 1(bridge_slave_0) entered disabled state
[  457.673365][ T1409] device bridge_slave_1 left promiscuous mode
[  457.679653][ T1409] bridge0: port 2(bridge_slave_1) entered disabled state
[  457.687182][ T1409] bridge0: port 1(bridge_slave_0) entered disabled state
[  457.695465][ T1409] device veth1_macvtap left promiscuous mode
[  457.701574][ T1409] device veth0_vlan left promiscuous mode
[  457.707574][ T1409] device veth1_macvtap left promiscuous mode
[  457.977388][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  457.984915][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  458.008563][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  458.019853][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  458.027968][T11569] bridge0: port 1(bridge_slave_0) entered blocking state
[  458.034836][T11569] bridge0: port 1(bridge_slave_0) entered forwarding state
[  458.042372][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  458.050784][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  458.059251][T11569] bridge0: port 2(bridge_slave_1) entered blocking state
[  458.066109][T11569] bridge0: port 2(bridge_slave_1) entered forwarding state
[  458.088187][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  458.096054][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  458.104205][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  458.112210][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  458.120354][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  458.153360][T12507] device veth0_vlan entered promiscuous mode
[  458.162883][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  458.171704][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  458.180861][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  458.189963][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  458.216637][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  458.224317][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  458.232143][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  458.240359][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  458.251582][T12507] device veth1_macvtap entered promiscuous mode
[  458.254383][T12549] loop1: detected capacity change from 0 to 128
[  458.266925][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  458.275051][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  458.282522][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  458.290072][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  458.298491][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  458.306661][T11569] bridge0: port 1(bridge_slave_0) entered blocking state
[  458.313513][T11569] bridge0: port 1(bridge_slave_0) entered forwarding state
[  458.321272][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  458.330050][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  458.338240][T11569] bridge0: port 2(bridge_slave_1) entered blocking state
[  458.345090][T11569] bridge0: port 2(bridge_slave_1) entered forwarding state
[  458.368261][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  458.375883][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  458.384246][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  458.393241][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  458.401489][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  458.422433][T10688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  458.430556][T10688] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  458.438896][T10688] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  458.460697][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  458.482676][T12512] device veth0_vlan entered promiscuous mode
[  458.491591][T10688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  458.510511][T10688] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  458.517915][T10688] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  458.543147][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  458.554732][T12512] device veth1_macvtap entered promiscuous mode
[  458.583612][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  458.602756][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  458.623014][T12556] loop2: detected capacity change from 0 to 1024
[  458.641698][T10688] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  458.655805][T10688] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  458.752594][T12556] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  458.768105][T12556] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e800e018, mo2=0000]
[  458.777485][T12556] System zones: 0-1, 3-12
[  458.782254][T12556] EXT4-fs (loop2): orphan cleanup on readonly fs
[  458.790255][T12556] EXT4-fs error (device loop2): ext4_free_blocks:6193: comm syz-executor.2: Freeing blocks not in datazone - block = 0, count = 4096
[  458.804166][T12556] EXT4-fs (loop2): 1 orphan inode deleted
[  458.817935][T12556] EXT4-fs (loop2): mounted filesystem without journal. Opts: debug,,errors=continue. Quota mode: writeback.
[  458.876963][T12559] bridge0: port 1(bridge_slave_0) entered blocking state
[  458.884832][T12559] bridge0: port 1(bridge_slave_0) entered disabled state
[  458.894331][T12559] device bridge_slave_0 entered promiscuous mode
[  458.908021][T12559] bridge0: port 2(bridge_slave_1) entered blocking state
[  458.915299][T12559] bridge0: port 2(bridge_slave_1) entered disabled state
[  458.922771][T12559] device bridge_slave_1 entered promiscuous mode
[  458.956774][  T621] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  458.994602][T12567] loop0: detected capacity change from 0 to 1024
[  459.032710][T12567] EXT4-fs (loop0): Ignoring removed orlov option
[  459.044691][T12567] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000001000,data_err=abort,barrier=0x0000000000000002,jqfmt=vfsv1,block_validity,max_dir_size_kb=0x00000000000007b1,orlov,bsdgroups,max_batch_time=0x0000000000000400,user_xattr,quota,,errors=continue. Quota mode: writeback.
[  459.105432][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  459.113099][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  459.129140][T12299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  459.142225][T12299] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  459.150194][T10688] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  459.158435][T12299] bridge0: port 1(bridge_slave_0) entered blocking state
[  459.165324][T12299] bridge0: port 1(bridge_slave_0) entered forwarding state
[  459.172825][T12299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  459.181936][T12299] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  459.190255][T12299] bridge0: port 2(bridge_slave_1) entered blocking state
[  459.197131][T12299] bridge0: port 2(bridge_slave_1) entered forwarding state
[  459.213468][  T621] usb 4-1: Using ep0 maxpacket: 8
[  459.222204][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  459.229980][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  459.238735][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  459.246636][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  459.254473][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  459.277876][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  459.286130][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  459.294183][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  459.301470][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  459.308845][T12559] device veth0_vlan entered promiscuous mode
[  459.324433][T12299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  459.334442][T12559] device veth1_macvtap entered promiscuous mode
[  459.341743][  T621] usb 4-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  459.350265][  T621] usb 4-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  459.362794][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  459.376537][  T621] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  459.379659][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  459.398560][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  459.407432][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  459.416188][ T1409] device bridge_slave_1 left promiscuous mode
[  459.424378][ T1409] bridge0: port 2(bridge_slave_1) entered disabled state
[  459.431662][T10688] usb 3-1: Using ep0 maxpacket: 16
[  459.437083][ T1409] device bridge_slave_0 left promiscuous mode
[  459.443911][ T1409] bridge0: port 1(bridge_slave_0) entered disabled state
[  459.452223][ T1409] device bridge_slave_1 left promiscuous mode
[  459.458181][ T1409] bridge0: port 2(bridge_slave_1) entered disabled state
[  459.467730][ T1409] device bridge_slave_0 left promiscuous mode
[  459.474088][ T1409] bridge0: port 1(bridge_slave_0) entered disabled state
[  459.482624][ T1409] device veth1_macvtap left promiscuous mode
[  459.488440][ T1409] device veth0_vlan left promiscuous mode
[  459.494634][ T1409] device veth1_macvtap left promiscuous mode
[  459.500465][ T1409] device veth0_vlan left promiscuous mode
[  459.651793][  T621] usb 4-1: string descriptor 0 read error: -22
[  459.657872][  T621] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  459.666689][  T621] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  459.716834][  T621] usb 4-1: 0:2 : does not exist
[  459.769542][T10688] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  459.783632][T10688] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  459.793579][T10688] usb 3-1: Product: syz
[  459.797562][T10688] usb 3-1: Manufacturer: syz
[  459.803777][T12574] bridge0: port 1(bridge_slave_0) entered blocking state
[  459.810622][T12574] bridge0: port 1(bridge_slave_0) entered disabled state
[  459.817595][T10688] usb 3-1: SerialNumber: syz
[  459.823745][T12574] device bridge_slave_0 entered promiscuous mode
[  459.830201][T10688] r8152-cfgselector 3-1: config 0 descriptor??
[  459.847892][T12574] bridge0: port 2(bridge_slave_1) entered blocking state
[  459.855325][T12574] bridge0: port 2(bridge_slave_1) entered disabled state
[  459.862704][T12574] device bridge_slave_1 entered promiscuous mode
[  459.876551][T12573] bridge0: port 1(bridge_slave_0) entered blocking state
[  459.883471][T12573] bridge0: port 1(bridge_slave_0) entered disabled state
[  459.891443][T12573] device bridge_slave_0 entered promiscuous mode
[  459.905413][T12578] loop1: detected capacity change from 0 to 40427
[  459.912009][T12573] bridge0: port 2(bridge_slave_1) entered blocking state
[  459.919215][T12573] bridge0: port 2(bridge_slave_1) entered disabled state
[  459.926514][T12573] device bridge_slave_1 entered promiscuous mode
[  459.934225][T11052] usb 4-1: USB disconnect, device number 41
[  459.952208][T12578] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  459.959797][T12578] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  459.969560][T12578] F2FS-fs (loop1): invalid crc value
[  459.976328][T12578] F2FS-fs (loop1): Found nat_bits in checkpoint
[  460.019192][T12578] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  460.026121][T12578] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  460.046008][T12578] attempt to access beyond end of device
[  460.046008][T12578] loop1: rw=2049, want=45104, limit=40427
[  460.068880][T12578] attempt to access beyond end of device
[  460.068880][T12578] loop1: rw=2049, want=45104, limit=40427
[  460.166400][  T621] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  460.174326][  T621] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  460.187754][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  460.196031][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  460.204033][T11569] bridge0: port 1(bridge_slave_0) entered blocking state
[  460.210871][T11569] bridge0: port 1(bridge_slave_0) entered forwarding state
[  460.218394][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  460.227182][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  460.251154][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  460.259229][T11569] bridge0: port 2(bridge_slave_1) entered blocking state
[  460.266088][T11569] bridge0: port 2(bridge_slave_1) entered forwarding state
[  460.318622][T11052] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  460.330000][T11052] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  460.337963][T11052] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  460.345814][T11052] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  460.347946][T10688] r8152-cfgselector 3-1: Unknown version 0x0000
[  460.354523][T11052] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  460.362422][T10688] r8152-cfgselector 3-1: USB disconnect, device number 37
[  460.369942][T11052] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  460.381023][T11052] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  460.389354][T11052] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  460.397681][T11052] bridge0: port 1(bridge_slave_0) entered blocking state
[  460.404565][T11052] bridge0: port 1(bridge_slave_0) entered forwarding state
[  460.411950][T11052] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  460.420378][T11052] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  460.428550][T11052] bridge0: port 2(bridge_slave_1) entered blocking state
[  460.435431][T11052] bridge0: port 2(bridge_slave_1) entered forwarding state
[  460.453981][T11052] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  460.469777][T12299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  460.477991][T12299] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  460.494554][T12299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  460.503870][T12299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  460.519433][T12574] device veth0_vlan entered promiscuous mode
[  460.534589][T12574] device veth1_macvtap entered promiscuous mode
[  460.546312][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  460.557937][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  460.566337][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  460.574447][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  460.582522][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  460.591405][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  460.606685][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  460.614551][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  460.628767][  T621] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  460.638798][  T621] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  460.656911][  T621] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  460.668953][  T621] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  460.696051][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  460.705143][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  460.725746][T12573] device veth0_vlan entered promiscuous mode
[  460.735264][T10688] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  460.743946][T10688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  460.770055][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  460.778275][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  460.793665][T12573] device veth1_macvtap entered promiscuous mode
[  460.805992][T12299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  460.815249][T12299] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  460.829033][T12299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  460.849909][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  460.860528][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  461.201125][T12622] loop0: detected capacity change from 0 to 256
[  461.264477][T12622] attempt to access beyond end of device
[  461.264477][T12622] loop0: rw=2049, want=268, limit=256
[  461.406129][ T1409] device bridge_slave_1 left promiscuous mode
[  461.416123][ T1409] bridge0: port 2(bridge_slave_1) entered disabled state
[  461.426789][ T1409] device bridge_slave_0 left promiscuous mode
[  461.435552][ T1409] bridge0: port 1(bridge_slave_0) entered disabled state
[  461.449709][ T1409] device bridge_slave_1 left promiscuous mode
[  461.463617][T12657] loop4: detected capacity change from 0 to 256
[  461.464347][ T1409] bridge0: port 2(bridge_slave_1) entered disabled state
[  461.481202][ T1409] device bridge_slave_0 left promiscuous mode
[  461.487989][ T1409] bridge0: port 1(bridge_slave_0) entered disabled state
[  461.498446][ T1409] device veth1_macvtap left promiscuous mode
[  461.504483][ T1409] device veth0_vlan left promiscuous mode
[  461.510738][ T1409] device veth1_macvtap left promiscuous mode
[  461.516978][ T1409] device veth0_vlan left promiscuous mode
[  461.542674][T12657] attempt to access beyond end of device
[  461.542674][T12657] loop4: rw=2049, want=268, limit=256
[  461.741020][T12655] loop1: detected capacity change from 0 to 40427
[  461.792281][T12655] F2FS-fs (loop1): invalid crc value
[  461.810091][T12655] F2FS-fs (loop1): Found nat_bits in checkpoint
[  461.875408][T12655] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  462.007426][T12689] loop3: detected capacity change from 0 to 1024
[  462.017565][T12689] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option
[  462.037717][T12689] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,bsddf,barrier=0x0000000000000000,jqfmt=vfsv1,debug_want_extra_isize=0x0000000000000042,lazytime,nodelalloc,noblock_validity,nomblk_io_submit,,errors=continue. Quota mode: none.
[  462.351877][T12689] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  462.409786][T12559] attempt to access beyond end of device
[  462.409786][T12559] loop1: rw=2049, want=45112, limit=40427
[  462.483035][T12701] loop4: detected capacity change from 0 to 512
[  462.593366][T12701] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  462.630611][T12701] EXT4-fs (loop4): 1 orphan inode deleted
[  462.643938][T12715] loop3: detected capacity change from 0 to 2048
[  462.650317][T12701] EXT4-fs (loop4): 1 truncate cleaned up
[  462.656239][T12701] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,nodelalloc,debug_want_extra_isize=0x000000000000002e,inode_readahead_blks=0x0000000000010000,block_validity,quota,. Quota mode: writeback.
[  462.730489][T12715] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  462.757722][T12719] loop2: detected capacity change from 0 to 128
[  462.774119][T12715] ext4 filesystem being mounted at /root/syzkaller-testdir3215151784/syzkaller.70Y0Y4/15/file0 supports timestamps until 2038 (0x7fffffff)
[  462.825816][T12719] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  462.862612][T12719] ext4 filesystem being mounted at /root/syzkaller-testdir3321670252/syzkaller.EQZ0Qa/11/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff)
[  462.866025][T12715] kvm: pic: non byte write
[  462.905401][T12715] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (122629963744 ns) > initial count (67108864 ns). Using initial count to start timer.
[  462.943823][T12725] loop0: detected capacity change from 0 to 256
[  463.025803][T12725] attempt to access beyond end of device
[  463.025803][T12725] loop0: rw=2049, want=268, limit=256
[  463.383385][T12742] syz-executor.0[12742] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  463.383775][T12742] syz-executor.0[12742] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  463.769685][T12744] kvm: pic: level sensitive irq not supported
[  463.779683][T12737] loop4: detected capacity change from 0 to 40427
[  463.783277][T12734] loop1: detected capacity change from 0 to 40427
[  463.800301][T12744] kvm: pic: non byte read
[  463.824770][T12737] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  463.832904][T12737] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  463.842675][T12734] F2FS-fs (loop1): invalid crc value
[  463.854075][T12737] F2FS-fs (loop4): invalid crc value
[  463.859315][T12734] F2FS-fs (loop1): Found nat_bits in checkpoint
[  463.879859][T12737] F2FS-fs (loop4): Found nat_bits in checkpoint
[  463.956077][T12734] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  463.984238][T12763] loop2: detected capacity change from 0 to 512
[  464.055620][T12765] bridge0: port 1(bridge_slave_0) entered blocking state
[  464.056201][T12737] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  464.079743][T12737] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  464.084839][T12765] bridge0: port 1(bridge_slave_0) entered disabled state
[  464.088918][T12763] EXT4-fs warning (device loop2): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  464.100168][T12765] device bridge_slave_0 entered promiscuous mode
[  464.105712][T12763] EXT4-fs warning (device loop2): dx_probe:880: Enable large directory feature to access it
[  464.121775][T12763] EXT4-fs warning (device loop2): dx_probe:965: inode #2: comm syz-executor.2: Corrupt directory, running e2fsck is recommended
[  464.273892][T12765] bridge0: port 2(bridge_slave_1) entered blocking state
[  464.310836][T12774] loop0: detected capacity change from 0 to 128
[  464.321841][T12765] bridge0: port 2(bridge_slave_1) entered disabled state
[  464.334950][T12763] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2
[  464.343546][T12765] device bridge_slave_1 entered promiscuous mode
[  464.398726][T12763] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.2: corrupted in-inode xattr
[  464.421765][T12763] EXT4-fs (loop2): Remounting filesystem read-only
[  464.430586][T12763] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz-executor.2: couldn't read orphan inode 15 (err -117)
[  464.432429][T12559] attempt to access beyond end of device
[  464.432429][T12559] loop1: rw=2049, want=45112, limit=40427
[  464.453681][T12763] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,abort,init_itable,auto_da_alloc,grpjquota=.nouid32,errors=remount-ro,jqfmt=vfsv1,grpid,,. Quota mode: writeback.
[  464.483390][T12763] EXT4-fs warning (device loop2): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  464.494513][T12737] loop4: detected capacity change from 40427 to 0
[  464.505371][T12763] EXT4-fs warning (device loop2): dx_probe:880: Enable large directory feature to access it
[  464.515284][T12763] EXT4-fs warning (device loop2): dx_probe:965: inode #2: comm syz-executor.2: Corrupt directory, running e2fsck is recommended
[  464.515625][T12765] bridge0: port 2(bridge_slave_1) entered blocking state
[  464.535152][T12765] bridge0: port 2(bridge_slave_1) entered forwarding state
[  464.542319][T12765] bridge0: port 1(bridge_slave_0) entered blocking state
[  464.549281][T12765] bridge0: port 1(bridge_slave_0) entered forwarding state
[  464.554439][T12774] attempt to access beyond end of device
[  464.554439][T12774] loop0: rw=0, want=241, limit=128
[  464.568053][    T8] loop: Write error at byte offset 9223372036871585791, length 4096.
[  464.568600][T12763] EXT4-fs warning (device loop2): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  464.580273][    C1] blk_update_request: I/O error, dev loop4, sector 32832 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0
[  464.599037][    T8] loop: Write error at byte offset 9223372036873678847, length 4096.
[  464.601761][T12573] F2FS-fs (loop4): do_checkpoint failed err:-5, stop checkpoint
[  464.606679][T12763] EXT4-fs warning (device loop2): dx_probe:880: Enable large directory feature to access it
[  464.627237][T12763] EXT4-fs warning (device loop2): dx_probe:965: inode #2: comm syz-executor.2: Corrupt directory, running e2fsck is recommended
[  464.627305][T12763] EXT4-fs error (device loop2): ext4_find_dest_de:2112: inode #2: block 3: comm syz-executor.2: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4294967295, rec_len=17, size=1024 fake=0
[  464.662261][   T10] attempt to access beyond end of device
[  464.662261][   T10] loop0: rw=1, want=1041, limit=128
[  464.672928][    C0] blk_update_request: I/O error, dev loop4, sector 36920 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0
[  464.686025][    T8] loop: Write error at byte offset 9223372036856872959, length 4096.
[  464.694312][    C0] blk_update_request: I/O error, dev loop4, sector 4096 op 0x1:(WRITE) flags 0x3800 phys_seg 6 prio class 0
[  464.706055][T12763] EXT4-fs (loop2): Remounting filesystem read-only
[  464.724319][T11052] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  464.735286][T11052] bridge0: port 1(bridge_slave_0) entered disabled state
[  464.748201][T11052] bridge0: port 2(bridge_slave_1) entered disabled state
[  464.756998][T12777] loop0: detected capacity change from 0 to 256
[  464.774399][T12299] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  464.780047][   T10] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  464.782564][T12299] bridge0: port 1(bridge_slave_0) entered blocking state
[  464.797952][T12299] bridge0: port 1(bridge_slave_0) entered forwarding state
[  464.801969][   T10] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  464.816930][T10688] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  464.832591][T10688] bridge0: port 2(bridge_slave_1) entered blocking state
[  464.839477][T10688] bridge0: port 2(bridge_slave_1) entered forwarding state
[  464.888302][T12785] : Can't open blockdev
[  464.901384][T10688] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  464.909466][T10688] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  464.935681][T12788] syz-executor.1[12788] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  464.935766][T12788] syz-executor.1[12788] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  464.936982][T12765] device veth0_vlan entered promiscuous mode
[  464.982265][T10688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  464.990838][T10688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  464.998991][T10688] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  465.006333][T10688] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  465.028935][T12765] device veth1_macvtap entered promiscuous mode
[  465.041307][T12299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  465.049427][T12299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  465.058513][T12299] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  465.094016][ T1797] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  465.102302][ T1797] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  465.111124][ T1797] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  465.119265][ T1797] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  465.167099][T12796] loop3: detected capacity change from 0 to 1024
[  465.207712][T12796] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option
[  465.216756][T12789] bridge0: port 1(bridge_slave_0) entered blocking state
[  465.223940][T12789] bridge0: port 1(bridge_slave_0) entered disabled state
[  465.231429][T12789] device bridge_slave_0 entered promiscuous mode
[  465.243763][T12789] bridge0: port 2(bridge_slave_1) entered blocking state
[  465.250820][T12789] bridge0: port 2(bridge_slave_1) entered disabled state
[  465.258276][T12789] device bridge_slave_1 entered promiscuous mode
[  465.266302][T12796] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,bsddf,barrier=0x0000000000000000,jqfmt=vfsv1,debug_want_extra_isize=0x0000000000000042,lazytime,nodelalloc,noblock_validity,nomblk_io_submit,,errors=continue. Quota mode: none.
[  465.305398][T12805] loop1: detected capacity change from 0 to 256
[  465.317056][T12796] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  465.374871][T12793] bridge0: port 1(bridge_slave_0) entered blocking state
[  465.381872][T12793] bridge0: port 1(bridge_slave_0) entered disabled state
[  465.389310][T12793] device bridge_slave_0 entered promiscuous mode
[  465.414666][T12793] bridge0: port 2(bridge_slave_1) entered blocking state
[  465.421546][T12793] bridge0: port 2(bridge_slave_1) entered disabled state
[  465.429367][T12793] device bridge_slave_1 entered promiscuous mode
[  465.497031][T12789] bridge0: port 2(bridge_slave_1) entered blocking state
[  465.504056][T12789] bridge0: port 2(bridge_slave_1) entered forwarding state
[  465.511371][T12789] bridge0: port 1(bridge_slave_0) entered blocking state
[  465.518221][T12789] bridge0: port 1(bridge_slave_0) entered forwarding state
[  465.582650][T12812] loop3: detected capacity change from 0 to 40427
[  465.605606][T11052] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  465.612002][T12812] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  465.620458][T11052] bridge0: port 1(bridge_slave_0) entered disabled state
[  465.627538][T12812] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  465.635721][T11052] bridge0: port 2(bridge_slave_1) entered disabled state
[  465.637042][T12812] F2FS-fs (loop3): invalid crc value
[  465.649186][ T6632] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  465.650286][T12812] F2FS-fs (loop3): Found nat_bits in checkpoint
[  465.689649][T11052] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  465.697947][T11052] bridge0: port 1(bridge_slave_0) entered blocking state
[  465.704921][T11052] bridge0: port 1(bridge_slave_0) entered forwarding state
[  465.713334][T11052] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  465.714869][T12812] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  465.728074][T12812] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  465.735570][T11052] bridge0: port 2(bridge_slave_1) entered blocking state
[  465.742487][T11052] bridge0: port 2(bridge_slave_1) entered forwarding state
[  465.779180][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  465.788104][T12812] loop3: detected capacity change from 40427 to 0
[  465.795515][    T8] loop: Write error at byte offset 9223372036871577599, length 4096.
[  465.805217][   T30] kauditd_printk_skb: 519 callbacks suppressed
[  465.805233][   T30] audit: type=1326 audit(2000001216.812:53451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12819 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f957c75bf29 code=0x7ffc0000
[  465.812941][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  465.847085][    C0] blk_update_request: I/O error, dev loop3, sector 32816 op 0x1:(WRITE) flags 0x800 phys_seg 2 prio class 0
[  465.852160][T12789] device veth0_vlan entered promiscuous mode
[  465.858555][    T8] loop: Write error at byte offset 9223372036858970111, length 4096.
[  465.874823][ T6346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  465.882861][    C0] blk_update_request: I/O error, dev loop3, sector 8192 op 0x1:(WRITE) flags 0x3800 phys_seg 5 prio class 0
[  465.883593][T12812] F2FS-fs (loop3): do_checkpoint failed err:-5, stop checkpoint
[  465.903679][ T6346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  465.912023][ T6346] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  465.919710][ T6346] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  465.926891][T12822] loop0: detected capacity change from 0 to 2048
[  465.927139][ T6632] usb 2-1: Using ep0 maxpacket: 8
[  465.933185][   T30] audit: type=1326 audit(2000001216.849:53452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12819 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=98 compat=0 ip=0x7f957c75bf29 code=0x7ffc0000
[  465.948569][T12789] device veth1_macvtap entered promiscuous mode
[  465.965481][   T30] audit: type=1326 audit(2000001216.849:53453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12819 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f957c75bf29 code=0x7ffc0000
[  466.001249][T11052] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  466.009243][T11052] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  466.018170][T11052] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  466.027537][T11052] bridge0: port 1(bridge_slave_0) entered blocking state
[  466.034577][T11052] bridge0: port 1(bridge_slave_0) entered forwarding state
[  466.042066][T11052] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  466.046789][T12822] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  466.050239][T11052] bridge0: port 2(bridge_slave_1) entered blocking state
[  466.060615][T12822] ext4 filesystem being mounted at /root/syzkaller-testdir2198099777/syzkaller.195v4x/19/file0 supports timestamps until 2038 (0x7fffffff)
[  466.067174][T11052] bridge0: port 2(bridge_slave_1) entered forwarding state
[  466.067598][T11052] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  466.096827][T11052] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  466.125612][ T6346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  466.135386][ T6346] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  466.148957][    T8] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  466.151721][ T6632] usb 2-1: unable to get BOS descriptor or descriptor too short
[  466.157981][    T8] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  466.187807][ T6346] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  466.196407][T12822] kvm: pic: non byte write
[  466.201040][T12829] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (122629963744 ns) > initial count (67108864 ns). Using initial count to start timer.
[  466.202379][ T6346] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  466.236740][T12793] device veth0_vlan entered promiscuous mode
[  466.264314][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  466.272670][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  466.280762][ T6632] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  466.290778][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  466.298360][ T6632] usb 2-1: config 1 has an invalid descriptor of length 53, skipping remainder of the config
[  466.308832][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  466.316425][ T6632] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  466.325739][ T6632] usb 2-1: config 1 has no interface number 1
[  466.329661][T12793] device veth1_macvtap entered promiscuous mode
[  466.331646][ T6632] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  466.352818][ T6632] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x2 has an invalid bInterval 52, changing to 7
[  466.363639][ T6632] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x2 has invalid maxpacket 9272, setting to 1024
[  466.398429][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  466.405864][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  466.413982][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  466.422594][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  466.440539][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  466.448126][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  466.456453][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  466.464918][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  466.473452][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  466.494312][T12835] loop4: detected capacity change from 0 to 512
[  466.508950][ T1409] device bridge_slave_1 left promiscuous mode
[  466.515775][ T1409] bridge0: port 2(bridge_slave_1) entered disabled state
[  466.523357][ T1409] device bridge_slave_0 left promiscuous mode
[  466.524249][T12835] EXT4-fs (loop4): orphan cleanup on readonly fs
[  466.529641][ T1409] bridge0: port 1(bridge_slave_0) entered disabled state
[  466.536688][T12835] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor.4: bg 0: block 97: padding at end of block bitmap is not set
[  466.547192][ T6346] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  466.557544][T12835] Quota error (device loop4): write_blk: dquota write failed
[  466.564666][ T6632] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  466.571808][T12835] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  466.581567][ T6632] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  466.598947][ T1409] device bridge_slave_1 left promiscuous mode
[  466.599160][T12835] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2925: inode #15: comm syz-executor.4: corrupted xattr block 19
[  466.605062][ T1409] bridge0: port 2(bridge_slave_1) entered disabled state
[  466.617491][T12835] EXT4-fs warning (device loop4): ext4_evict_inode:303: xattr delete (err -117)
[  466.624421][ T6632] usb 2-1: Product: syz
[  466.637558][T12835] EXT4-fs (loop4): 1 orphan inode deleted
[  466.638036][ T6632] usb 2-1: Manufacturer: syz
[  466.647785][ T6632] usb 2-1: SerialNumber: syz
[  466.647993][ T1409] device bridge_slave_0 left promiscuous mode
[  466.658446][    T8] Quota error (device loop4): remove_tree: Getting block too big (0 >= 6)
[  466.658619][ T1409] bridge0: port 1(bridge_slave_0) entered disabled state
[  466.667892][T12835] EXT4-fs (loop4): mounted filesystem without journal. Opts: noload,,errors=continue. Quota mode: writeback.
[  466.686917][ T1409] device bridge_slave_1 left promiscuous mode
[  466.692972][ T1409] bridge0: port 2(bridge_slave_1) entered disabled state
[  466.699360][T12835] fuse: Bad value for 'fd'
[  466.704329][ T1409] device bridge_slave_0 left promiscuous mode
[  466.710516][ T1409] bridge0: port 1(bridge_slave_0) entered disabled state
[  466.720327][ T1409] device veth1_macvtap left promiscuous mode
[  466.726199][ T1409] device veth0_vlan left promiscuous mode
[  466.732563][ T1409] device veth1_macvtap left promiscuous mode
[  466.738380][ T1409] device veth0_vlan left promiscuous mode
[  466.744494][ T1409] device veth1_macvtap left promiscuous mode
[  466.750454][ T1409] device veth0_vlan left promiscuous mode
[  466.852851][T12842] loop0: detected capacity change from 0 to 512
[  466.884668][T12842] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000079f)
[  466.892422][T12842] FAT-fs (loop0): Filesystem has been set read-only
[  466.985819][ T6632] usb 2-1: 2:1 : no or invalid class specific endpoint descriptor
[  466.993593][ T6346] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  467.004370][ T6632] usb 2-1: 2:1 : unknown format tag 0x5 is detected.  processed as MPEG.
[  467.012601][ T6346] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  467.022179][ T6632] usb 2-1: found format II with max.bitrate = 0, frame size=39301
[  467.029974][ T6346] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  467.039028][ T6632] usb 2-1: 2:1 : no or invalid class specific endpoint descriptor
[  467.046690][ T6632] usb 2-1: 2:1 : unknown format tag 0x5 is detected.  processed as MPEG.
[  467.055007][ T6346] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  467.063004][ T6632] usb 2-1: found format II with max.bitrate = 0, frame size=39301
[  467.072242][ T6346] usb 3-1: config 0 descriptor??
[  467.138073][ T6632] usb 2-1: USB disconnect, device number 34
[  467.171408][   T30] audit: type=1326 audit(2000001218.084:53454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12845 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8cff252f29 code=0x0
[  467.216211][T12833] bridge0: port 1(bridge_slave_0) entered blocking state
[  467.223526][T12833] bridge0: port 1(bridge_slave_0) entered disabled state
[  467.224885][   T30] audit: type=1326 audit(2000001218.140:53455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12852 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f957c75bf29 code=0x0
[  467.230983][T12833] device bridge_slave_0 entered promiscuous mode
[  467.261172][T12833] bridge0: port 2(bridge_slave_1) entered blocking state
[  467.268120][T12833] bridge0: port 2(bridge_slave_1) entered disabled state
[  467.275736][T12833] device bridge_slave_1 entered promiscuous mode
[  467.335404][T12833] bridge0: port 2(bridge_slave_1) entered blocking state
[  467.342397][T12833] bridge0: port 2(bridge_slave_1) entered forwarding state
[  467.349534][T12833] bridge0: port 1(bridge_slave_0) entered blocking state
[  467.356342][T12833] bridge0: port 1(bridge_slave_0) entered forwarding state
[  467.392745][ T6632] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  467.400926][ T6632] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  467.409962][ T6632] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  467.418719][ T6632] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  467.426573][ T6632] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  467.433953][ T6632] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  467.454925][T12833] device veth0_vlan entered promiscuous mode
[  467.463708][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  467.472041][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  467.480329][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  467.487820][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  467.502766][T12833] device veth1_macvtap entered promiscuous mode
[  467.510138][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  467.530759][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  467.539444][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  467.573652][ T6346] hid (null): bogus close delimiter
[  467.745541][T12870] : Can't open blockdev
[  468.066095][T11052] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  468.077625][T12897] : Can't open blockdev
[  468.100995][T12901] netem: change failed
[  468.108017][ T6346] uclogic 0003:256C:006D.0048: failed retrieving Huion firmware version: -71
[  468.118343][ T6346] uclogic 0003:256C:006D.0048: failed probing parameters: -71
[  468.127464][ T6346] uclogic: probe of 0003:256C:006D.0048 failed with error -71
[  468.136810][ T6346] usb 3-1: USB disconnect, device number 38
[  468.148400][T12905] fscrypt: AES-128-CBC-ESSIV using implementation "essiv(cbc-aes-aesni,sha256-avx2)"
[  468.248699][T12923] syz-executor.0[12923] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  468.248792][T12923] syz-executor.0[12923] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  468.305056][ T1409] device bridge_slave_1 left promiscuous mode
[  468.322799][ T1409] bridge0: port 2(bridge_slave_1) entered disabled state
[  468.331606][ T1409] device bridge_slave_0 left promiscuous mode
[  468.338087][ T1409] bridge0: port 1(bridge_slave_0) entered disabled state
[  468.346655][ T1409] device veth1_macvtap left promiscuous mode
[  468.352507][ T1409] device veth0_vlan left promiscuous mode
[  468.399922][   T30] audit: type=1326 audit(2000001219.235:53456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12934 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cff252f29 code=0x7ffc0000
[  468.427755][   T30] audit: type=1326 audit(2000001219.235:53457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12934 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cff252f29 code=0x7ffc0000
[  468.472107][T11052] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  468.483055][T11052] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  468.493027][T11052] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  468.501963][T11052] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  468.510491][T11052] usb 2-1: config 0 descriptor??
[  468.567684][ T1797] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  468.592581][T12944] IPv4: Oversized IP packet from 127.202.26.0
[  468.630908][T12952] syz-executor.4[12952] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  468.630993][T12952] syz-executor.4[12952] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  468.745416][T12971] IPv4: Oversized IP packet from 127.202.26.0
[  468.880769][T12984] netlink: 'syz-executor.4': attribute type 12 has an invalid length.
[  468.963286][ T1797] usb 1-1: New USB device found, idVendor=054c, idProduct=002e, bcdDevice= 5.00
[  468.989928][T12986] syz-executor.3[12986] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  468.990028][T12986] syz-executor.3[12986] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  469.003429][ T1797] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  469.027715][T11052] hid (null): bogus close delimiter
[  469.091476][T10688] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  469.166498][ T1797] usb 1-1: config 0 descriptor??
[  469.209115][ T1278] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  469.225534][ T1797] usb-storage 1-1:0.0: USB Mass Storage device detected
[  469.262704][T11052] usb 2-1: language id specifier not provided by device, defaulting to English
[  469.304232][ T1797] usb-storage 1-1:0.0: Quirks match for vid 054c pid 002e: 1
[  469.434814][ T6632] usb 1-1: USB disconnect, device number 36
[  469.487162][T10688] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  469.521698][T10688] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  469.590147][T10688] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  469.594073][ T1278] usb 5-1: config index 0 descriptor too short (expected 55076, got 36)
[  469.653097][ T1278] usb 5-1: config 0 has an invalid interface number: 0 but max is -1
[  469.670383][T10688] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  469.711424][ T1278] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 0
[  469.724076][T11052] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0049/input/input60
[  469.739834][T10688] usb 3-1: config 0 descriptor??
[  469.807750][ T1278] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  469.818860][T11052] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0049/input/input61
[  469.893262][ T1278] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 227, changing to 7
[  469.926407][T11052] uclogic 0003:256C:006D.0049: input,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.1-1/input0
[  469.978861][ T1278] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 58544, setting to 1024
[  470.018822][T11052] usb 2-1: USB disconnect, device number 35
[  470.071198][T13001] IPv4: Oversized IP packet from 127.202.26.0
[  470.175740][T13005] loop3: detected capacity change from 0 to 1024
[  470.224852][ T1278] usb 5-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  470.249620][ T1278] usb 5-1: New USB device strings: Mfr=1, Product=16, SerialNumber=3
[  470.268325][T10688] hid (null): bogus close delimiter
[  470.300771][ T1278] usb 5-1: Product: syz
[  470.304774][ T1278] usb 5-1: Manufacturer: syz
[  470.309219][ T1278] usb 5-1: SerialNumber: syz
[  470.317970][T13003] loop0: detected capacity change from 0 to 8192
[  470.343788][T13005] EXT4-fs (loop3): Test dummy encryption mode enabled
[  470.363726][T13005] EXT4-fs (loop3): Ignoring removed orlov option
[  470.394246][ T1278] usb 5-1: config 0 descriptor??
[  470.418698][T13003] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  470.453452][T13005] EXT4-fs (loop3): mounted filesystem without journal. Opts: test_dummy_encryption,debug_want_extra_isize=0x0000000000000084,stripe=0x0000000000000007,commit=0x0000000000000005,orlov,barrier=0x0000000000000005,max_batch_time=0x0000000000000000,data_err=abort,,errors=continue. Quota mode: writeback.
[  470.486240][T12984] raw-gadget.3 gadget: fail, usb_ep_enable returned -22
[  470.496867][T13003] syz-executor.0 (13003): attempted to duplicate a private mapping with mremap.  This is not supported.
[  470.503279][ T1278] dm9601: probe of 5-1:0.0 failed with error -22
[  470.668516][T12574] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF
[  470.749158][T12574] FAT-fs (loop0): Filesystem has been set read-only
[  470.769959][T10688] uclogic 0003:256C:006D.004A: failed retrieving Huion firmware version: -71
[  470.810902][T10688] uclogic 0003:256C:006D.004A: failed probing parameters: -71
[  470.843625][T13014] syz-executor.3[13014] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  470.843718][T13014] syz-executor.3[13014] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  470.861361][T10688] uclogic: probe of 0003:256C:006D.004A failed with error -71
[  471.012169][T10688] usb 3-1: USB disconnect, device number 39
[  471.303314][ T6346] usb 5-1: USB disconnect, device number 38
[  471.477077][   T30] kauditd_printk_skb: 17 callbacks suppressed
[  471.477093][   T30] audit: type=1326 audit(2000001222.116:53475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13048 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f29ae7c1f29 code=0x0
[  471.543648][T13051] loop2: detected capacity change from 0 to 2048
[  471.564592][T13034] loop3: detected capacity change from 0 to 40427
[  471.584564][T13034] F2FS-fs (loop3): invalid crc value
[  471.591038][T13034] F2FS-fs (loop3): Found nat_bits in checkpoint
[  471.604284][T13051] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  471.665574][T13051] ext4 filesystem being mounted at /root/syzkaller-testdir3240691103/syzkaller.0AXftP/10/file0 supports timestamps until 2038 (0x7fffffff)
[  471.695321][T13053] netlink: 'syz-executor.4': attribute type 12 has an invalid length.
[  471.768494][T13034] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  471.790541][   T30] audit: type=1326 audit(2000001222.406:53476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13064 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f957c75bf29 code=0x7ffc0000
[  472.161240][   T30] audit: type=1326 audit(2000001222.406:53477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13064 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f957c75bf29 code=0x7ffc0000
[  472.203819][T11569] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  472.263432][T12833] attempt to access beyond end of device
[  472.263432][T12833] loop3: rw=2049, want=45112, limit=40427
[  472.451768][   T30] audit: type=1326 audit(2000001222.406:53478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13064 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=232 compat=0 ip=0x7f957c75bf29 code=0x7ffc0000
[  472.630154][T11569] usb 5-1: config index 0 descriptor too short (expected 55076, got 36)
[  472.649330][   T30] audit: type=1326 audit(2000001222.406:53479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13064 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f957c75bf29 code=0x7ffc0000
[  472.660181][T11569] usb 5-1: config 0 has an invalid interface number: 0 but max is -1
[  472.790905][T11569] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 0
[  472.799754][T11569] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  472.863024][   T30] audit: type=1326 audit(2000001222.406:53480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13064 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f957c75bf29 code=0x7ffc0000
[  472.968253][T11569] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 227, changing to 7
[  473.071556][T11569] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 58544, setting to 1024
[  473.247555][T13069] loop2: detected capacity change from 0 to 512
[  473.347022][T11569] usb 5-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  473.356054][T11569] usb 5-1: New USB device strings: Mfr=1, Product=16, SerialNumber=3
[  473.368513][T13069] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  473.433426][T11569] usb 5-1: Product: syz
[  473.437428][T11569] usb 5-1: Manufacturer: syz
[  473.442050][T11569] usb 5-1: SerialNumber: syz
[  473.478629][    T8] device bridge_slave_1 left promiscuous mode
[  473.484619][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[  473.551234][    T8] device bridge_slave_0 left promiscuous mode
[  473.557347][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[  473.576172][T11569] usb 5-1: config 0 descriptor??
[  473.592318][T13053] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  473.646188][T11569] dm9601: probe of 5-1:0.0 failed with error -22
[  473.690391][T13069] EXT4-fs (loop2): 1 orphan inode deleted
[  473.707751][    T8] device veth1_macvtap left promiscuous mode
[  473.726946][    T8] device veth0_vlan left promiscuous mode
[  473.753440][T13069] EXT4-fs (loop2): 1 truncate cleaned up
[  473.839119][T13069] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,nodelalloc,debug_want_extra_isize=0x000000000000002e,inode_readahead_blks=0x0000000000010000,block_validity,quota,. Quota mode: writeback.
[  474.019845][ T1278] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  474.404925][ T1278] usb 2-1: New USB device found, idVendor=054c, idProduct=002e, bcdDevice= 5.00
[  474.452602][ T1278] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  474.513734][ T1278] usb 2-1: config 0 descriptor??
[  474.587006][ T1278] usb-storage 2-1:0.0: USB Mass Storage device detected
[  474.634553][ T1278] usb-storage 2-1:0.0: Quirks match for vid 054c pid 002e: 1
[  474.651187][T13087] bridge0: port 1(bridge_slave_0) entered blocking state
[  474.658167][T13087] bridge0: port 1(bridge_slave_0) entered disabled state
[  474.693982][T13087] device bridge_slave_0 entered promiscuous mode
[  474.739925][   T30] audit: type=1326 audit(2000001225.165:53481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13107 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f5651bf29 code=0x7ffc0000
[  474.803731][T11052] usb 2-1: USB disconnect, device number 36
[  474.811371][T13087] bridge0: port 2(bridge_slave_1) entered blocking state
[  474.818229][T13087] bridge0: port 2(bridge_slave_1) entered disabled state
[  474.882313][   T30] audit: type=1326 audit(2000001225.165:53482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13107 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=232 compat=0 ip=0x7f1f5651bf29 code=0x7ffc0000
[  474.925787][T13087] device bridge_slave_1 entered promiscuous mode
[  474.978473][ T1278] usb 5-1: USB disconnect, device number 39
[  474.984447][   T30] audit: type=1326 audit(2000001225.165:53483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13107 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f5651bf29 code=0x7ffc0000
[  475.012339][   T30] audit: type=1326 audit(2000001225.268:53484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13107 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f5651bf29 code=0x7ffc0000
[  475.101480][T13115] futex_wake_op: syz-executor.4 tries to shift op by 32; fix this program
[  475.178165][T13087] bridge0: port 2(bridge_slave_1) entered blocking state
[  475.185096][T13087] bridge0: port 2(bridge_slave_1) entered forwarding state
[  475.192272][T13087] bridge0: port 1(bridge_slave_0) entered blocking state
[  475.199153][T13087] bridge0: port 1(bridge_slave_0) entered forwarding state
[  475.250352][T10688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  475.258292][T10688] bridge0: port 1(bridge_slave_0) entered disabled state
[  475.266651][T10688] bridge0: port 2(bridge_slave_1) entered disabled state
[  475.304261][T10688] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  475.312350][T10688] bridge0: port 1(bridge_slave_0) entered blocking state
[  475.319226][T10688] bridge0: port 1(bridge_slave_0) entered forwarding state
[  475.335698][T10688] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  475.343884][T10688] bridge0: port 2(bridge_slave_1) entered blocking state
[  475.350755][T10688] bridge0: port 2(bridge_slave_1) entered forwarding state
[  475.361437][T10688] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  475.374893][T10688] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  475.411532][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  475.436600][T13087] device veth0_vlan entered promiscuous mode
[  475.447557][ T6346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  475.456074][ T6346] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  475.468106][ T6346] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  475.500507][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  475.514539][T13087] device veth1_macvtap entered promiscuous mode
[  475.534425][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  475.543702][T11569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  475.563959][T10688] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  475.579876][T10688] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  475.885664][T13162] loop2: detected capacity change from 0 to 40427
[  475.934433][T13162] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  475.944385][T13162] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  475.956270][T13162] F2FS-fs (loop2): Found nat_bits in checkpoint
[  475.997973][T11052] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  476.008072][T13162] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  476.015628][T13162] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  476.055636][T13185] loop1: detected capacity change from 0 to 512
[  476.061033][ T1409] attempt to access beyond end of device
[  476.061033][ T1409] loop2: rw=1, want=45104, limit=40427
[  476.116815][T13185] EXT4-fs error (device loop1): ext4_fill_super:4831: inode #2: comm syz-executor.1: casefold flag without casefold feature
[  476.129944][T13185] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended
[  476.140165][T13185] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  476.151377][T13185] ext4 filesystem being mounted at /root/syzkaller-testdir1955195307/syzkaller.ytxtFf/39/file0 supports timestamps until 2038 (0x7fffffff)
[  476.182789][T10688] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[  476.191029][T10688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  476.199169][T10688] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[  476.207392][T10688] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  476.215730][T10688] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  476.224115][T10688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  476.232364][T10688] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  476.240735][T10688] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  476.248783][T13185] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 206 vs 63 free clusters
[  476.294669][T13195] loop1: detected capacity change from 0 to 16
[  476.341141][T13195] erofs: (device loop1): check_layout_compatibility: unidentified incompatible feature 30, please upgrade kernel version
[  476.382662][T11052] usb 5-1: New USB device found, idVendor=054c, idProduct=002e, bcdDevice= 5.00
[  476.391630][ T1278] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  476.399185][T11052] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  476.408423][T11052] usb 5-1: config 0 descriptor??
[  476.448969][T11052] usb-storage 5-1:0.0: USB Mass Storage device detected
[  476.457613][T11052] usb-storage 5-1:0.0: Quirks match for vid 054c pid 002e: 1
[  476.472692][T13195] loop1: detected capacity change from 0 to 512
[  476.512564][T13195] EXT4-fs (loop1): corrupt root inode, run e2fsck
[  476.518919][T13195] EXT4-fs (loop1): mount failed
[  476.664606][ T6632] usb 5-1: USB disconnect, device number 40
[  476.778135][ T1278] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  476.789146][ T1278] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  476.798954][ T1278] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  476.808031][ T1278] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  476.818919][ T1278] usb 1-1: config 0 descriptor??
[  476.970064][T13209] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[  477.003653][T13213] syz-executor.1[13213] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  477.003719][T13213] syz-executor.1[13213] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  477.017039][T13213] syz-executor.1[13213] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  477.029239][T13213] syz-executor.1[13213] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  477.152049][T13215] loop1: detected capacity change from 0 to 40427
[  477.196777][T13215] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  477.204458][T13215] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  477.243836][T13215] F2FS-fs (loop1): Found nat_bits in checkpoint
[  477.263066][T13224] loop4: detected capacity change from 0 to 512
[  477.286990][T13215] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  477.293903][T13215] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  477.334292][ T1278] hid (null): bogus close delimiter
[  477.366160][ T6346] Bluetooth: hci0: command 0x1003 tx timeout
[  477.372093][   T47] Bluetooth: hci0: sending frame failed (-49)
[  477.483805][T13224] EXT4-fs error (device loop4): ext4_fill_super:4831: inode #2: comm syz-executor.4: casefold flag without casefold feature
[  477.489581][ T1409] attempt to access beyond end of device
[  477.489581][ T1409] loop1: rw=1, want=45104, limit=40427
[  477.497008][T13224] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended
[  477.517981][T13224] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  477.529728][T13224] ext4 filesystem being mounted at /root/syzkaller-testdir2855158304/syzkaller.jEONzX/33/file0 supports timestamps until 2038 (0x7fffffff)
[  477.569439][ T1278] usb 1-1: string descriptor 0 read error: -22
[  477.571474][T10688] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[  477.591103][T10688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  477.604242][T10688] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[  477.612929][T10688] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  477.613585][T13224] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 206 vs 63 free clusters
[  477.621400][T10688] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  477.642999][T10688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  477.651318][T10688] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  477.659448][T10688] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  477.671225][T13224] __quota_error: 3 callbacks suppressed
[  477.671245][T13224] Quota error (device loop4): write_blk: dquota write failed
[  477.683912][T13224] Quota error (device loop4): qtree_write_dquot: Error -28 occurred while creating quota
[  477.721443][T13236] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[  477.749305][   T30] audit: type=1400 audit(2000001227.981:53486): avc:  denied  { mount } for  pid=13239 comm="syz-executor.4" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  477.779030][   T30] audit: type=1400 audit(2000001228.009:53487): avc:  denied  { unmount } for  pid=12793 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  477.891034][ T1278] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.004B/input/input62
[  477.926759][T13266] loop4: detected capacity change from 0 to 1024
[  477.932848][ T1278] uclogic 0003:256C:006D.004B: input,hidraw0: USB HID v0.00 Device [HID 256c:006d] on usb-dummy_hcd.0-1/input0
[  477.946502][T13264] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[  477.976767][T13266] EXT4-fs (loop4): Test dummy encryption mode enabled
[  477.983826][T13266] EXT4-fs (loop4): Ignoring removed orlov option
[  478.004326][T13266] EXT4-fs (loop4): mounted filesystem without journal. Opts: test_dummy_encryption,debug_want_extra_isize=0x0000000000000084,stripe=0x0000000000000007,commit=0x0000000000000005,orlov,barrier=0x0000000000000005,max_batch_time=0x0000000000000000,data_err=abort,,errors=continue. Quota mode: writeback.
[  478.079090][T13287] syz-executor.1[13287] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  478.079182][T13287] syz-executor.1[13287] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  478.093642][T13289] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[  478.118808][T10688] usb 1-1: USB disconnect, device number 37
[  478.255936][T13307] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  478.263677][T13307] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  478.322663][T13317] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[  478.343181][T13320] syz-executor.2[13320] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  478.343269][T13320] syz-executor.2[13320] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  478.343996][T13321] syz-executor.1[13321] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  478.366738][T13321] syz-executor.1[13321] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  478.404327][   T30] audit: type=1400 audit(2000001228.598:53488): avc:  denied  { mounton } for  pid=13322 comm="syz-executor.2" path="/proc/13322/task" dev="proc" ino=77660 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  478.439221][ T6346] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  478.724344][T13365] x_tables: duplicate underflow at hook 4
[  478.820289][ T6346] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  478.836326][ T6346] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  478.847302][ T6346] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  478.857266][ T6346] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  478.869895][ T6346] usb 5-1: config 0 descriptor??
[  478.987918][T13375] loop0: detected capacity change from 0 to 40427
[  479.013414][T13375] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  479.021673][T13375] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  479.038353][T13375] F2FS-fs (loop0): Found nat_bits in checkpoint
[  479.081631][T13375] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  479.088663][T13375] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  479.130826][    T8] attempt to access beyond end of device
[  479.130826][    T8] loop0: rw=1, want=45104, limit=40427
[  479.335117][T13410] incfs: Options parsing error. -22
[  479.340693][T13410] incfs: mount failed -22
[  479.386902][ T6346] hid (null): bogus close delimiter
[  479.511352][T13422] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  479.519356][T13422] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  479.559681][T13420] loop0: detected capacity change from 0 to 40427
[  479.589784][T11052] Bluetooth: hci0: command 0x1001 tx timeout
[  479.595674][   T47] Bluetooth: hci0: sending frame failed (-49)
[  479.622690][T13420] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  479.630531][T13420] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  479.642613][T13420] F2FS-fs (loop0): Found nat_bits in checkpoint
[  479.698074][T13420] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  479.710548][T13420] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  479.747525][ T1409] attempt to access beyond end of device
[  479.747525][ T1409] loop0: rw=1, want=45104, limit=40427
[  479.783913][   T30] audit: type=1400 audit(2000001229.889:53489): avc:  denied  { search } for  pid=13446 comm="syz-executor.2" name="/" dev="configfs" ino=12141 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  479.867834][T13455] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[  479.892572][T13459] incfs: iterate_incfs_dir / -22
[  479.910529][ T6346] uclogic 0003:256C:006D.004C: failed retrieving Huion firmware version: -71
[  479.919151][ T6346] uclogic 0003:256C:006D.004C: failed probing parameters: -71
[  479.931562][ T6346] uclogic: probe of 0003:256C:006D.004C failed with error -71
[  479.940810][ T6346] usb 5-1: USB disconnect, device number 41
[  479.978425][T13471] loop1: detected capacity change from 0 to 512
[  480.154764][   T30] audit: type=1400 audit(2000001230.226:53490): avc:  denied  { map } for  pid=13470 comm="syz-executor.1" path="socket:[80151]" dev="sockfs" ino=80151 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  480.754581][   T30] audit: type=1400 audit(2000001230.787:53491): avc:  denied  { read } for  pid=13523 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  481.221431][T13539] loop2: detected capacity change from 0 to 512
[  481.333514][ T1409] device bridge_slave_1 left promiscuous mode
[  481.341505][ T1409] bridge0: port 2(bridge_slave_1) entered disabled state
[  481.353427][ T1409] device bridge_slave_0 left promiscuous mode
[  481.359544][ T1409] bridge0: port 1(bridge_slave_0) entered disabled state
[  481.368108][ T1409] device veth1_macvtap left promiscuous mode
[  481.373996][ T1409] device veth0_vlan left promiscuous mode
[  481.820209][ T6346] Bluetooth: hci0: command 0x1009 tx timeout
[  481.994455][T13570] x_tables: duplicate underflow at hook 4
[  482.135080][T13573] loop0: detected capacity change from 0 to 512
[  482.166088][    T6] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  482.177490][T13573] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  482.201030][T13573] EXT4-fs (loop0): 1 orphan inode deleted
[  482.208685][T13573] EXT4-fs (loop0): 1 truncate cleaned up
[  482.214515][T13573] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,nodelalloc,debug_want_extra_isize=0x000000000000002e,inode_readahead_blks=0x0000000000010000,block_validity,quota,. Quota mode: writeback.
[  482.433367][    T6] usb 2-1: Using ep0 maxpacket: 32
[  482.496544][T13584] loop2: detected capacity change from 0 to 40427
[  482.552983][T13584] F2FS-fs (loop2): invalid crc value
[  482.559362][T13584] F2FS-fs (loop2): Found nat_bits in checkpoint
[  482.593847][    T6] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  482.604748][    T6] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  482.606221][T13584] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  482.614561][    T6] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  482.631152][    T6] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  482.639927][    T6] usb 2-1: config 0 descriptor??
[  482.680070][    T6] hub 2-1:0.0: USB hub found
[  483.102833][    T6] hub 2-1:0.0: 1 port detected
[  483.177208][T13594] netlink: 'syz-executor.0': attribute type 12 has an invalid length.
[  483.320676][T12789] attempt to access beyond end of device
[  483.320676][T12789] loop2: rw=2049, want=45112, limit=40427
[  483.534545][T11569] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[  483.630871][    T6] hub 2-1:0.0: activate --> -90
[  483.919451][T11569] usb 1-1: config index 0 descriptor too short (expected 55076, got 36)
[  483.927630][T11569] usb 1-1: config 0 has an invalid interface number: 0 but max is -1
[  483.936753][ T1278] usb 2-1: USB disconnect, device number 37
[  483.951471][    T6] hub 2-1:0.0: hub_ext_port_status failed (err = -71)
[  484.007604][T11569] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 0
[  484.081094][T13607] loop4: detected capacity change from 0 to 1024
[  484.087440][T11569] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  484.140030][T11569] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 227, changing to 7
[  484.187757][T13607] EXT4-fs error (device loop4): __ext4_get_inode_loc:4340: comm syz-executor.4: Invalid inode table block 0 in block_group 0
[  484.229663][T11569] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 58544, setting to 1024
[  484.233476][T13607] EXT4-fs (loop4): Remounting filesystem read-only
[  484.324041][T13607] EXT4-fs (loop4): get root inode failed
[  484.379262][T13607] EXT4-fs (loop4): mount failed
[  484.421947][T11569] usb 1-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  484.430942][T11569] usb 1-1: New USB device strings: Mfr=1, Product=16, SerialNumber=3
[  484.520268][T11569] usb 1-1: Product: syz
[  484.524365][T11569] usb 1-1: Manufacturer: syz
[  484.582260][T11569] usb 1-1: SerialNumber: syz
[  484.613421][T11569] usb 1-1: config 0 descriptor??
[  484.667818][T13594] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[  484.689756][T11569] dm9601: probe of 1-1:0.0 failed with error -22
[  484.935096][T12299] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  485.191577][T12299] usb 5-1: Using ep0 maxpacket: 16
[  485.319975][T12299] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 11380, setting to 1024
[  485.471054][ T1278] usb 1-1: USB disconnect, device number 38
[  485.507883][T13642] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  485.512952][T12299] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 1024
[  485.525082][T12299] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  485.537723][T12299] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  485.595306][T12299] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  485.604883][T12299] usb 5-1: config 0 descriptor??
[  485.629958][T13607] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  485.651778][T12299] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  485.752820][T13664] netlink: 'syz-executor.1': attribute type 12 has an invalid length.
[  485.864546][T13667] x_tables: duplicate underflow at hook 4
[  485.871734][ T1797] usb 5-1: USB disconnect, device number 42
[  486.110937][ T6632] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  486.517254][ T6632] usb 2-1: config index 0 descriptor too short (expected 55076, got 36)
[  486.526265][ T6632] usb 2-1: config 0 has an invalid interface number: 0 but max is -1
[  486.668402][ T6632] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 0
[  486.779153][ T6632] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  486.968596][ T6632] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 227, changing to 7
[  487.030629][ T6632] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 58544, setting to 1024
[  487.104742][T13685] loop4: detected capacity change from 0 to 512
[  487.112277][   T10] device bridge_slave_1 left promiscuous mode
[  487.126651][   T10] bridge0: port 2(bridge_slave_1) entered disabled state
[  487.191325][   T10] device bridge_slave_0 left promiscuous mode
[  487.197313][   T10] bridge0: port 1(bridge_slave_0) entered disabled state
[  487.315735][T13695] loop0: detected capacity change from 0 to 1024
[  487.322475][ T6632] usb 2-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  487.337316][   T10] device veth1_macvtap left promiscuous mode
[  487.343180][ T6632] usb 2-1: New USB device strings: Mfr=1, Product=16, SerialNumber=3
[  487.393836][   T10] device veth0_vlan left promiscuous mode
[  487.406130][ T6632] usb 2-1: Product: syz
[  487.410132][ T6632] usb 2-1: Manufacturer: syz
[  487.414558][ T6632] usb 2-1: SerialNumber: syz
[  487.502740][ T6632] usb 2-1: config 0 descriptor??
[  487.518942][T13695] EXT4-fs error (device loop0): __ext4_get_inode_loc:4340: comm syz-executor.0: Invalid inode table block 0 in block_group 0
[  487.532123][T13664] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[  487.620303][T13695] EXT4-fs (loop0): Remounting filesystem read-only
[  487.629531][ T6632] dm9601: probe of 2-1:0.0 failed with error -22
[  487.636431][T13695] EXT4-fs (loop0): get root inode failed
[  487.657838][T13695] EXT4-fs (loop0): mount failed
[  487.778409][T13706] loop2: detected capacity change from 0 to 512
[  487.928861][T13706] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  487.949835][T13706] ext4 filesystem being mounted at /root/syzkaller-testdir3240691103/syzkaller.0AXftP/92/file0 supports timestamps until 2038 (0x7fffffff)
[  488.116519][ T1797] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[  488.484403][ T1797] usb 1-1: Using ep0 maxpacket: 16
[  488.549191][T13715] loop2: detected capacity change from 0 to 512
[  488.612712][ T1797] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 11380, setting to 1024
[  488.653829][ T1797] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 1024
[  488.699059][T13715] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  488.748411][ T1797] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  488.825210][T13715] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #17: comm syz-executor.2: iget: bad i_size value: -6917529027641081756
[  488.858825][ T1797] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  488.867702][ T1797] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  488.897407][ T1797] usb 1-1: config 0 descriptor??
[  488.922655][T13695] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  488.934992][T13715] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz-executor.2: couldn't read orphan inode 17 (err -117)
[  488.944626][ T1797] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  489.029795][T13715] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  489.044894][T12299] usb 2-1: USB disconnect, device number 38
[  489.065483][T13715] EXT4-fs error (device loop2): ext4_readdir:260: inode #12: block 13: comm syz-executor.2: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=12, rec_len=0, size=4096 fake=0
[  489.124164][T13725] x_tables: duplicate underflow at hook 4
[  489.169814][ T6632] usb 1-1: USB disconnect, device number 39
[  489.178356][T13733] bpf_get_probe_write_proto: 14 callbacks suppressed
[  489.178376][T13733] syz-executor.3[13733] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  489.185121][T13733] syz-executor.3[13733] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  489.198007][T13733] syz-executor.3[13733] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  489.210141][T13733] syz-executor.3[13733] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  489.308325][T13737] tmpfs: Unknown parameter 'nolazytime˙˙'
[  489.509460][T13741] loop2: detected capacity change from 0 to 256
[  489.605064][T13743] loop2: detected capacity change from 0 to 512
[  489.617513][ T1797] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  489.662908][T13743] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  489.673992][T13743] ext4 filesystem being mounted at /root/syzkaller-testdir3240691103/syzkaller.0AXftP/96/file0 supports timestamps until 2038 (0x7fffffff)
[  490.152006][ T1797] usb 4-1: Using ep0 maxpacket: 32
[  490.193699][T13757] loop1: detected capacity change from 0 to 512
[  490.238564][T13757] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  490.261288][T13757] EXT4-fs error (device loop1): ext4_orphan_get:1397: inode #17: comm syz-executor.1: iget: bad i_size value: -6917529027641081756
[  490.275131][T13757] EXT4-fs error (device loop1): ext4_orphan_get:1402: comm syz-executor.1: couldn't read orphan inode 17 (err -117)
[  490.280408][ T1797] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  490.287457][T13757] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  490.313513][ T1797] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  490.327681][ T1797] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  490.337191][ T1797] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  490.345079][T13757] EXT4-fs error (device loop1): ext4_readdir:260: inode #12: block 13: comm syz-executor.1: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=12, rec_len=0, size=4096 fake=0
[  490.367972][ T1797] usb 4-1: config 0 descriptor??
[  490.409338][ T1797] hub 4-1:0.0: USB hub found
[  490.441333][T13762] loop1: detected capacity change from 0 to 512
[  490.555472][T13762] EXT4-fs (loop1): 1 orphan inode deleted
[  490.561274][T13762] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,sysvgroups,resuid=0x000000000000ee00,grpquota,resgid=0x0000000000000000,grpquota,delalloc,usrquota,. Quota mode: writeback.
[  490.582020][T13762] ext4 filesystem being mounted at /root/syzkaller-testdir1955195307/syzkaller.ytxtFf/119/file1 supports timestamps until 2038 (0x7fffffff)
[  490.603368][   T30] audit: type=1326 audit(2000001240.008:53492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13761 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f29ae7c1f29 code=0x0
[  490.644002][ T1797] hub 4-1:0.0: 1 port detected
[  490.657652][   T30] audit: type=1326 audit(2000001240.055:53493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13761 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=436 compat=0 ip=0x7f29ae7c1f29 code=0x0
[  490.826370][T13788] loop2: detected capacity change from 0 to 512
[  490.869681][T13788] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  490.902706][T13788] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #17: comm syz-executor.2: iget: bad i_size value: -6917529027641081756
[  490.916414][T13788] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz-executor.2: couldn't read orphan inode 17 (err -117)
[  490.929163][T13788] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  490.944654][T13788] EXT4-fs error (device loop2): ext4_readdir:260: inode #12: block 13: comm syz-executor.2: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=12, rec_len=0, size=4096 fake=0
[  491.000604][   T30] audit: type=1400 audit(2000001240.373:53494): avc:  denied  { unlink } for  pid=13790 comm="syz-executor.1" name="file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  491.118300][T13814] loop1: detected capacity change from 0 to 8192
[  491.153431][T13817] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  491.162584][T13817] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  491.244062][   T30] audit: type=1400 audit(2000001240.607:53495): avc:  denied  { getopt } for  pid=13813 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  491.349458][ T1797] hub 4-1:0.0: activate --> -90
[  491.787668][ T1278] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  491.830961][ T6632] usb 4-1: USB disconnect, device number 42
[  491.852147][ T1797] hub 4-1:0.0: hub_ext_port_status failed (err = -71)
[  492.183472][ T1278] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  492.194852][ T1278] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  492.339768][ T1278] usb 3-1: New USB device found, idVendor=056a, idProduct=0084, bcdDevice= 0.00
[  492.348742][ T1278] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  492.357185][ T1278] usb 3-1: config 0 descriptor??
[  492.910564][ T1278] usbhid 3-1:0.0: can't add hid device: -71
[  492.916348][ T1278] usbhid: probe of 3-1:0.0 failed with error -71
[  492.923494][ T1278] usb 3-1: USB disconnect, device number 40
[  493.288566][T13888] loop4: detected capacity change from 0 to 512
[  493.322714][T13888] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  493.356217][T13888] EXT4-fs error (device loop4): ext4_orphan_get:1397: inode #17: comm syz-executor.4: iget: bad i_size value: -6917529027641081756
[  493.370442][T13888] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz-executor.4: couldn't read orphan inode 17 (err -117)
[  493.382958][T13888] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  493.386339][T13896] loop0: detected capacity change from 0 to 512
[  493.407017][T13888] EXT4-fs error (device loop4): ext4_readdir:260: inode #12: block 13: comm syz-executor.4: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=12, rec_len=0, size=4096 fake=0
[  493.480679][T13896] EXT4-fs (loop0): orphan cleanup on readonly fs
[  493.505255][T13896] EXT4-fs error (device loop0): ext4_do_update_inode:5191: inode #3: comm syz-executor.0: corrupted inode contents
[  493.521614][T13906] syz-executor.2[13906] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  493.521715][T13906] syz-executor.2[13906] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  493.541971][T13896] EXT4-fs error (device loop0): ext4_dirty_inode:6024: inode #3: comm syz-executor.0: mark_inode_dirty error
[  493.574694][T13906] syz-executor.2[13906] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  493.574782][T13906] syz-executor.2[13906] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  493.587857][T13896] EXT4-fs error (device loop0): ext4_do_update_inode:5191: inode #3: comm syz-executor.0: corrupted inode contents
[  493.619959][T13896] EXT4-fs error (device loop0): __ext4_ext_dirty:183: inode #3: comm syz-executor.0: mark_inode_dirty error
[  493.633979][T13896] Quota error (device loop0): write_blk: dquota write failed
[  493.648878][T13896] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  493.666777][T13896] EXT4-fs (loop0): 1 orphan inode deleted
[  493.694835][T13896] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  493.966821][T13929] loop2: detected capacity change from 0 to 512
[  493.989979][    T6] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  494.022856][T13929] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  494.034926][T13929] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #17: comm syz-executor.2: iget: bad i_size value: -6917529027641081756
[  494.048749][T13929] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz-executor.2: couldn't read orphan inode 17 (err -117)
[  494.061084][T13929] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  494.076825][T13929] EXT4-fs error (device loop2): ext4_readdir:260: inode #12: block 13: comm syz-executor.2: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=12, rec_len=0, size=4096 fake=0
[  494.158111][T13934] loop2: detected capacity change from 0 to 512
[  494.227581][T13934] EXT4-fs (loop2): 1 orphan inode deleted
[  494.233306][T13934] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,sysvgroups,resuid=0x000000000000ee00,grpquota,resgid=0x0000000000000000,grpquota,delalloc,usrquota,. Quota mode: writeback.
[  494.254149][T13934] ext4 filesystem being mounted at /root/syzkaller-testdir3240691103/syzkaller.0AXftP/116/file1 supports timestamps until 2038 (0x7fffffff)
[  494.268928][T12299] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[  494.285303][   T30] audit: type=1326 audit(2000001243.451:53496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13933 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbe56f7df29 code=0x0
[  494.341050][   T30] audit: type=1326 audit(2000001243.497:53497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13933 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=436 compat=0 ip=0x7fbe56f7df29 code=0x0
[  494.395509][T13947] loop0: detected capacity change from 0 to 512
[  494.406998][    T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  494.418178][    T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  494.427754][    T6] usb 5-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00
[  494.436788][    T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  494.445828][    T6] usb 5-1: config 0 descriptor??
[  494.452947][T13947] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  494.464083][T13947] ext4 filesystem being mounted at /root/syzkaller-testdir3163852438/syzkaller.EEvKBX/59/file0 supports timestamps until 2038 (0x7fffffff)
[  495.028282][T12299] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  495.039818][T12299] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  495.049476][T12299] usb 4-1: New USB device found, idVendor=056a, idProduct=0084, bcdDevice= 0.00
[  495.058404][T12299] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  495.075564][T12299] usb 4-1: config 0 descriptor??
[  495.143977][    T6] sony 0003:054C:0268.004D: unknown main item tag 0x0
[  495.152955][    T6] sony 0003:054C:0268.004D: hiddev96,hidraw0: USB HID v80.00 Device [HID 054c:0268] on usb-dummy_hcd.4-1/input0
[  495.165094][    T6] sony 0003:054C:0268.004D: failed to claim input
[  495.540459][ T1278] usb 5-1: USB disconnect, device number 43
[  495.647898][T13963] loop0: detected capacity change from 0 to 8192
[  495.735212][T13970] loop2: detected capacity change from 0 to 512
[  495.756671][T13970] EXT4-fs (loop2): orphan cleanup on readonly fs
[  495.763841][T13970] EXT4-fs error (device loop2): ext4_do_update_inode:5191: inode #3: comm syz-executor.2: corrupted inode contents
[  495.776362][T13970] EXT4-fs error (device loop2): ext4_dirty_inode:6024: inode #3: comm syz-executor.2: mark_inode_dirty error
[  495.788420][T13970] EXT4-fs error (device loop2): ext4_do_update_inode:5191: inode #3: comm syz-executor.2: corrupted inode contents
[  495.800605][T13970] EXT4-fs error (device loop2): __ext4_ext_dirty:183: inode #3: comm syz-executor.2: mark_inode_dirty error
[  495.812481][T13970] Quota error (device loop2): write_blk: dquota write failed
[  495.819734][T13970] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[  495.830645][T13970] EXT4-fs (loop2): 1 orphan inode deleted
[  495.839579][T13970] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  495.850522][T12299] usbhid 4-1:0.0: can't add hid device: -71
[  495.856288][T12299] usbhid: probe of 4-1:0.0 failed with error -71
[  495.863103][T12299] usb 4-1: USB disconnect, device number 43
[  496.036090][T13985] x_tables: duplicate underflow at hook 4
[  496.118128][T13988] loop4: detected capacity change from 0 to 512
[  496.194663][T13988] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  496.205652][T13988] ext4 filesystem being mounted at /root/syzkaller-testdir2855158304/syzkaller.jEONzX/76/file0 supports timestamps until 2038 (0x7fffffff)
[  496.844851][T14019] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[  497.134663][T14035] syz-executor.1[14035] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  497.134750][T14035] syz-executor.1[14035] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  497.166708][T14035] syz-executor.1[14035] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  497.187793][T14035] syz-executor.1[14035] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  497.412815][T14050] loop1: detected capacity change from 0 to 512
[  497.475924][T14058] loop4: detected capacity change from 0 to 512
[  497.482869][T14050] EXT4-fs (loop1): Ignoring removed mblk_io_submit option
[  497.491571][T14050] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b816c118, mo2=0002]
[  497.499659][T14050] System zones: 1-12
[  497.504247][T14050] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.1: corrupted in-inode xattr
[  497.517063][T14050] EXT4-fs error (device loop1): ext4_orphan_get:1402: comm syz-executor.1: couldn't read orphan inode 15 (err -117)
[  497.529580][T14050] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsold,data_err=abort,debug,noload,mblk_io_submit,commit=0x0000000000000005,init_itable=0x0000000000000601,grpquota,,errors=continue. Quota mode: writeback.
[  497.555285][T14058] EXT4-fs (loop4): 1 truncate cleaned up
[  497.561051][T14058] EXT4-fs (loop4): mounted filesystem without journal. Opts: noauto_da_alloc,auto_da_alloc=0x0000000000010001,noload,jqfmt=vfsold,,errors=continue. Quota mode: none.
[  497.650694][   T30] audit: type=1400 audit(2000001246.594:53498): avc:  denied  { accept } for  pid=14049 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  497.671276][   T30] audit: type=1326 audit(2000001246.622:53499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14049 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f29ae7c1f29 code=0x0
[  497.731661][T11569] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[  497.793579][T14065] loop0: detected capacity change from 0 to 512
[  497.851462][T14065] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  497.862530][T14065] ext4 filesystem being mounted at /root/syzkaller-testdir3163852438/syzkaller.EEvKBX/68/file0 supports timestamps until 2038 (0x7fffffff)
[  498.322883][   T30] audit: type=1400 audit(2000001247.230:53500): avc:  denied  { name_bind } for  pid=14074 comm="syz-executor.1" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1
[  498.348276][T11569] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  498.369199][T11569] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  498.379134][T11569] usb 4-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00
[  498.388435][T11569] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  498.398248][T11569] usb 4-1: config 0 descriptor??
[  498.938403][T14098] loop0: detected capacity change from 0 to 256
[  498.950830][ T1278] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  498.972777][T14098] exfat: Deprecated parameter 'utf8'
[  498.981632][T14098] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe3865569, utbl_chksum : 0xe619d30d)
[  499.054798][T14100] loop0: detected capacity change from 0 to 512
[  499.112511][T11569] hid-rmi 0003:06CB:81A7.004E: item fetching failed at offset 3/5
[  499.114455][T14100] EXT4-fs (loop0): 1 truncate cleaned up
[  499.120484][T11569] hid-rmi 0003:06CB:81A7.004E: parse failed
[  499.125892][T14100] EXT4-fs (loop0): mounted filesystem without journal. Opts: noauto_da_alloc,auto_da_alloc=0x0000000000010001,noload,jqfmt=vfsold,,errors=continue. Quota mode: none.
[  499.131466][T11569] hid-rmi: probe of 0003:06CB:81A7.004E failed with error -22
[  499.261728][ T1278] usb 3-1: Using ep0 maxpacket: 16
[  499.336546][T11569] usb 4-1: USB disconnect, device number 44
[  499.485003][ T1278] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  499.499157][ T1278] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  499.512711][ T1278] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  499.521839][ T1278] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  499.567776][ T1278] usb 3-1: config 0 descriptor??
[  499.927428][T14127] loop0: detected capacity change from 0 to 512
[  499.929425][T14128] loop3: detected capacity change from 0 to 512
[  499.957483][T14128] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option
[  499.966406][T14128] EXT4-fs (loop3): orphan cleanup on readonly fs
[  499.975582][T14128] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor.3: bg 0: block 248: padding at end of block bitmap is not set
[  499.984380][   T30] audit: type=1400 audit(2000001248.764:53501): avc:  denied  { write } for  pid=14125 comm="syz-executor.0" name=".pending_reads" dev="overlay" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  499.990589][T14128] Quota error (device loop3): write_blk: dquota write failed
[  500.018635][   T30] audit: type=1400 audit(2000001248.810:53502): avc:  denied  { open } for  pid=14125 comm="syz-executor.0" path="/root/syzkaller-testdir3163852438/syzkaller.EEvKBX/81/bus/.pending_reads" dev="overlay" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  500.023234][T14128] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  500.059597][T14128] EXT4-fs (loop3): 1 truncate cleaned up
[  500.065964][T14128] EXT4-fs (loop3): mounted filesystem without journal. Opts: nombcache,grpquota,quota,noblock_validity,nodiscard,nomblk_io_submit,,errors=continue. Quota mode: writeback.
[  500.084911][ T1278] HID 045e:07da: Invalid code 65791 type 1
[  500.096588][ T1278] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.004F/input/input63
[  500.109251][ T1278] microsoft 0003:045E:07DA.004F: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0
[  500.225532][T14137] x_tables: duplicate underflow at hook 4
[  500.260891][T14141] loop4: detected capacity change from 0 to 1024
[  500.330893][T14141] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a803c118, mo2=0002]
[  500.338941][T14141] System zones: 0-1, 3-12
[  500.344850][T14141] EXT4-fs (loop4): mounted filesystem without journal. Opts: nodiscard,bsddf,auto_da_alloc=0x0000000000000000,lazytime,debug_want_extra_isize=0x0000000000000080,lazytime,norecovery,acl,debug,,errors=continue. Quota mode: none.
[  500.370522][T14141] EXT4-fs (loop4): re-mounted. Opts: (null). Quota mode: none.
[  500.379465][T14141] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a803c118, mo2=0002]
[  500.392481][T14151] device pim6reg1 entered promiscuous mode
[  500.398971][T14141] EXT4-fs (loop4): re-mounted. Opts: (null). Quota mode: none.
[  500.408078][T14141] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2809: Unable to expand inode 12. Delete some EAs or run e2fsck.
[  500.521434][ T1278] usb 3-1: USB disconnect, device number 41
[  500.584914][   T30] audit: type=1400 audit(2000001249.334:53503): avc:  denied  { append } for  pid=14165 comm="syz-executor.4" name="loop9" dev="devtmpfs" ino=121 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  501.205882][T14170] loop4: detected capacity change from 0 to 40427
[  501.265008][T14170] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  501.272646][T14170] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  501.376782][T14170] F2FS-fs (loop4): Found nat_bits in checkpoint
[  501.429574][T14170] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  501.436602][T14170] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  501.450037][T14169] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  501.458934][T14169] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  501.494151][T14180] netlink: 492 bytes leftover after parsing attributes in process `syz-executor.0'.
[  501.528359][T14184] device pim6reg1 entered promiscuous mode
[  501.564298][T14188] loop1: detected capacity change from 0 to 1024
[  501.668345][T14188] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a803c118, mo2=0002]
[  501.676332][T14188] System zones: 0-1, 3-12
[  501.682397][T14188] EXT4-fs (loop1): mounted filesystem without journal. Opts: nodiscard,bsddf,auto_da_alloc=0x0000000000000000,lazytime,debug_want_extra_isize=0x0000000000000080,lazytime,norecovery,acl,debug,,errors=continue. Quota mode: none.
[  502.022034][T14188] EXT4-fs (loop1): re-mounted. Opts: (null). Quota mode: none.
[  502.040957][T14188] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a803c118, mo2=0002]
[  502.066003][T14188] EXT4-fs (loop1): re-mounted. Opts: (null). Quota mode: none.
[  502.078569][T14210] loop4: detected capacity change from 0 to 512
[  502.099240][T14210] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option
[  502.108057][T14210] EXT4-fs (loop4): orphan cleanup on readonly fs
[  502.136230][T14210] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor.4: bg 0: block 248: padding at end of block bitmap is not set
[  502.161461][T14210] Quota error (device loop4): write_blk: dquota write failed
[  502.169164][T14210] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  502.298068][T14210] EXT4-fs (loop4): 1 truncate cleaned up
[  502.325280][T14210] EXT4-fs (loop4): mounted filesystem without journal. Opts: nombcache,grpquota,quota,noblock_validity,nodiscard,nomblk_io_submit,,errors=continue. Quota mode: writeback.
[  502.432560][T14222] loop1: detected capacity change from 0 to 512
[  502.463875][T14224] loop4: detected capacity change from 0 to 512
[  502.501436][T14226] device pim6reg1 entered promiscuous mode
[  502.514458][T14222] EXT4-fs (loop1): 1 truncate cleaned up
[  502.519949][T14222] EXT4-fs (loop1): mounted filesystem without journal. Opts: noauto_da_alloc,auto_da_alloc=0x0000000000010001,noload,jqfmt=vfsold,,errors=continue. Quota mode: none.
[  502.646146][T14240] loop2: detected capacity change from 0 to 1024
[  502.690539][T14244] loop3: detected capacity change from 0 to 512
[  502.699199][T14240] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a803c118, mo2=0002]
[  502.707549][T14240] System zones: 0-1, 3-12
[  502.712478][T14240] EXT4-fs (loop2): mounted filesystem without journal. Opts: nodiscard,bsddf,auto_da_alloc=0x0000000000000000,lazytime,debug_want_extra_isize=0x0000000000000080,lazytime,norecovery,acl,debug,,errors=continue. Quota mode: none.
[  502.736095][T14244] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option
[  502.747981][T14244] EXT4-fs (loop3): orphan cleanup on readonly fs
[  502.754306][T14240] EXT4-fs (loop2): re-mounted. Opts: (null). Quota mode: none.
[  502.756038][T14244] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor.3: bg 0: block 248: padding at end of block bitmap is not set
[  502.778442][T14240] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a803c118, mo2=0002]
[  502.786766][T14244] EXT4-fs (loop3): 1 truncate cleaned up
[  502.866251][T14240] EXT4-fs (loop2): re-mounted. Opts: (null). Quota mode: none.
[  502.874505][T14244] EXT4-fs (loop3): mounted filesystem without journal. Opts: nombcache,grpquota,quota,noblock_validity,nodiscard,nomblk_io_submit,,errors=continue. Quota mode: writeback.
[  503.262842][T14268] device pim6reg1 entered promiscuous mode
[  503.305486][T14271] loop2: detected capacity change from 0 to 512
[  503.351123][T14271] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  503.362327][T14271] ext4 filesystem being mounted at /root/syzkaller-testdir3240691103/syzkaller.0AXftP/142/file0 supports timestamps until 2038 (0x7fffffff)
[  503.365289][T14279] loop3: detected capacity change from 0 to 512
[  503.397770][T14279] EXT4-fs warning (device loop3): ext4_block_to_path:107: block 3279945729 > max in inode 13
[  503.411193][T14279] EXT4-fs warning (device loop3): ext4_block_to_path:107: block 3279945730 > max in inode 13
[  503.431677][T14279] EXT4-fs (loop3): 1 truncate cleaned up
[  503.437212][T14279] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  503.517964][T14287] loop3: detected capacity change from 0 to 1024
[  503.586887][T14287] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a803c118, mo2=0002]
[  503.668113][T14287] System zones: 0-1, 3-12
[  503.677222][T14287] EXT4-fs (loop3): mounted filesystem without journal. Opts: nodiscard,bsddf,auto_da_alloc=0x0000000000000000,lazytime,debug_want_extra_isize=0x0000000000000080,lazytime,norecovery,acl,debug,,errors=continue. Quota mode: none.
[  503.786969][ T6632] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  503.906357][T14287] EXT4-fs (loop3): re-mounted. Opts: (null). Quota mode: none.
[  503.921498][T14287] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a803c118, mo2=0002]
[  503.932473][T14287] EXT4-fs (loop3): re-mounted. Opts: (null). Quota mode: none.
[  503.977086][T14297] loop3: detected capacity change from 0 to 512
[  504.124767][ T6632] usb 2-1: Using ep0 maxpacket: 32
[  504.177505][T14311] loop3: detected capacity change from 0 to 512
[  504.251922][   T30] kauditd_printk_skb: 10 callbacks suppressed
[  504.251939][   T30] audit: type=1326 audit(2000001252.767:53512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14316 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc702d5f29 code=0x7ffc0000
[  504.300269][T14311] EXT4-fs (loop3): 1 truncate cleaned up
[  504.306457][ T6632] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  504.316664][T14311] EXT4-fs (loop3): mounted filesystem without journal. Opts: noauto_da_alloc,auto_da_alloc=0x0000000000010001,noload,jqfmt=vfsold,,errors=continue. Quota mode: none.
[  504.327724][ T6632] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  504.343392][ T6632] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  504.352208][ T6632] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  504.360905][ T6632] usb 2-1: config 0 descriptor??
[  504.372545][   T30] audit: type=1326 audit(2000001252.767:53513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14316 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fdc702d5f29 code=0x7ffc0000
[  504.397958][   T30] audit: type=1326 audit(2000001252.767:53514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14316 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc702d5f29 code=0x7ffc0000
[  504.435144][ T6632] hub 2-1:0.0: USB hub found
[  504.479457][   T30] audit: type=1326 audit(2000001252.767:53515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14316 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fdc702d5f29 code=0x7ffc0000
[  504.505297][   T30] audit: type=1326 audit(2000001252.889:53516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14316 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc702d5f29 code=0x7ffc0000
[  504.532021][   T30] audit: type=1326 audit(2000001252.889:53517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14316 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc702d5f29 code=0x7ffc0000
[  504.556073][   T30] audit: type=1326 audit(2000001252.936:53518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14316 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=131 compat=0 ip=0x7fdc702d5f29 code=0x7ffc0000
[  504.580362][   T30] audit: type=1326 audit(2000001252.936:53519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14316 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc702d5f29 code=0x7ffc0000
[  504.659415][ T6632] hub 2-1:0.0: 1 port detected
[  504.679799][T14341] loop0: detected capacity change from 0 to 512
[  504.692786][T14341] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  504.705013][T14341] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2809: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  504.718158][T14341] EXT4-fs (loop0): 1 truncate cleaned up
[  504.723706][T14341] EXT4-fs (loop0): mounted filesystem without journal. Opts: noload,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,lazytime,block_validity,quota,,errors=continue. Quota mode: writeback.
[  504.745877][T14346] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  504.768025][   T30] audit: type=1326 audit(2000001253.254:53520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14349 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe56f7df29 code=0x7ffc0000
[  504.795515][   T30] audit: type=1326 audit(2000001253.254:53521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14349 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=127 compat=0 ip=0x7fbe56f7df29 code=0x7ffc0000
[  505.360826][T14380] loop0: detected capacity change from 0 to 1024
[  505.386161][ T6632] hub 2-1:0.0: activate --> -90
[  505.413125][T14380] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a803c118, mo2=0002]
[  505.422721][T14380] System zones: 0-1, 3-12
[  505.427594][T14380] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodiscard,bsddf,auto_da_alloc=0x0000000000000000,lazytime,debug_want_extra_isize=0x0000000000000080,lazytime,norecovery,acl,debug,,errors=continue. Quota mode: none.
[  505.474539][T14380] EXT4-fs (loop0): re-mounted. Opts: (null). Quota mode: none.
[  505.483740][T14380] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a803c118, mo2=0002]
[  505.501947][T14380] EXT4-fs (loop0): re-mounted. Opts: (null). Quota mode: none.
[  505.512237][T14380] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2809: Unable to expand inode 12. Delete some EAs or run e2fsck.
[  505.706864][ T1797] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[  505.714911][ T1278] usb 2-1: USB disconnect, device number 39
[  505.728239][ T6632] hub 2-1:0.0: hub_ext_port_status failed (err = -71)
[  505.763138][T14400] device pim6reg1 entered promiscuous mode
[  505.895303][T14413] loop2: detected capacity change from 0 to 1024
[  505.943729][T14413] EXT4-fs (loop2): Ignoring removed orlov option
[  505.950230][T14413] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option
[  505.957987][T14421] netlink: 492 bytes leftover after parsing attributes in process `syz-executor.4'.
[  505.967532][ T1797] usb 4-1: Using ep0 maxpacket: 16
[  505.982567][T14426] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14426 comm=syz-executor.0
[  505.984493][T14427] loop4: detected capacity change from 0 to 512
[  505.996786][T14413] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  506.032044][T14413] EXT4-fs error (device loop2): get_max_inline_xattr_value_size:69: inode #12: comm syz-executor.2: corrupt xattr in inline inode
[  506.046154][T14413] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2213: inode #12: comm syz-executor.2: corrupted in-inode xattr
[  506.072051][T14427] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  506.083194][T14427] ext4 filesystem being mounted at /root/syzkaller-testdir2855158304/syzkaller.jEONzX/110/file0 supports timestamps until 2038 (0x7fffffff)
[  506.103239][ T1797] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  506.115168][ T1797] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  506.224633][ T1797] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  506.243419][ T1797] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  506.752799][ T1797] usb 4-1: config 0 descriptor??
[  507.148853][T14451] loop2: detected capacity change from 0 to 1024
[  507.236568][T14451] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a803c118, mo2=0002]
[  507.249526][T14451] System zones: 0-1, 3-12
[  507.265437][T14467] loop0: detected capacity change from 0 to 512
[  507.272372][T14451] EXT4-fs (loop2): mounted filesystem without journal. Opts: nodiscard,bsddf,auto_da_alloc=0x0000000000000000,lazytime,debug_want_extra_isize=0x0000000000000080,lazytime,norecovery,acl,debug,,errors=continue. Quota mode: none.
[  507.303520][T14451] EXT4-fs (loop2): re-mounted. Opts: (null). Quota mode: none.
[  507.312835][T14451] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a803c118, mo2=0002]
[  507.333921][ T1797] HID 045e:07da: Invalid code 65791 type 1
[  507.347012][ T1797] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.0050/input/input64
[  507.358441][T14451] EXT4-fs (loop2): re-mounted. Opts: (null). Quota mode: none.
[  507.374161][ T1797] microsoft 0003:045E:07DA.0050: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0
[  507.396244][T14467] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  507.410794][T14467] ext4 filesystem being mounted at /root/syzkaller-testdir3163852438/syzkaller.EEvKBX/123/file0 supports timestamps until 2038 (0x7fffffff)
[  507.864304][ T6632] usb 4-1: USB disconnect, device number 45
[  508.724426][T14503] loop4: detected capacity change from 0 to 512
[  508.744653][T14503] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  508.757159][T14503] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2809: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  508.770279][T14503] EXT4-fs (loop4): 1 truncate cleaned up
[  508.775937][T14503] EXT4-fs (loop4): mounted filesystem without journal. Opts: noload,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,lazytime,block_validity,quota,,errors=continue. Quota mode: writeback.
[  509.789135][T14535] loop4: detected capacity change from 0 to 512
[  509.845059][T14535] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  509.870068][T14535] EXT4-fs (loop4): 1 truncate cleaned up
[  509.875563][T14535] EXT4-fs (loop4): mounted filesystem without journal. Opts: noload,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,lazytime,block_validity,quota,,errors=continue. Quota mode: writeback.
[  509.906048][T14540] loop3: detected capacity change from 0 to 1024
[  509.929105][T14536] bridge0: port 1(bridge_slave_0) entered blocking state
[  509.936048][T14536] bridge0: port 1(bridge_slave_0) entered disabled state
[  509.944428][T14540] EXT4-fs (loop3): Ignoring removed orlov option
[  509.956265][T14536] device bridge_slave_0 entered promiscuous mode
[  509.964588][T14540] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option
[  509.972834][T14536] bridge0: port 2(bridge_slave_1) entered blocking state
[  509.979921][T14536] bridge0: port 2(bridge_slave_1) entered disabled state
[  509.987466][T14540] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  510.015661][T14536] device bridge_slave_1 entered promiscuous mode
[  510.033303][T14540] EXT4-fs error (device loop3): get_max_inline_xattr_value_size:69: inode #12: comm syz-executor.3: corrupt xattr in inline inode
[  510.054007][   T39] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[  510.057318][T14540] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2213: inode #12: comm syz-executor.3: corrupted in-inode xattr
[  510.096221][T12833] ==================================================================
[  510.104191][T12833] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xcd0/0xce0
[  510.112005][T12833] Read of size 4 at addr ffff88813c86c000 by task syz-executor.3/12833
[  510.120072][T12833] 
[  510.122242][T12833] CPU: 1 PID: 12833 Comm: syz-executor.3 Not tainted 5.15.149-syzkaller-00165-g85445b5a2107 #0
[  510.132572][T12833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  510.142491][T12833] Call Trace:
2033/05/18 03:54:18 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF
[  510.145591][T12833]  <TASK>
[  510.148372][T12833]  dump_stack_lvl+0x151/0x1b7
[  510.152977][T12833]  ? io_uring_drop_tctx_refs+0x190/0x190
[  510.158503][T12833]  ? panic+0x751/0x751
[  510.162355][T12833]  print_address_description+0x87/0x3b0
[  510.167768][T12833]  kasan_report+0x179/0x1c0
[  510.172065][T12833]  ? ext4_xattr_delete_inode+0xcd0/0xce0
[  510.177541][T12833]  ? ext4_xattr_delete_inode+0xcd0/0xce0
[  510.183011][T12833]  __asan_report_load4_noabort+0x14/0x20
[  510.188589][T12833]  ext4_xattr_delete_inode+0xcd0/0xce0
[  510.193880][T12833]  ? sb_end_intwrite+0x120/0x120
[  510.198656][T12833]  ? ext4_expand_extra_isize_ea+0x1bb0/0x1bb0
[  510.204644][T12833]  ? ext4_journal_check_start+0x16c/0x230
[  510.210199][T12833]  ? __kasan_check_read+0x11/0x20
[  510.215054][T12833]  ? ext4_inode_is_fast_symlink+0x295/0x3d0
[  510.220783][T12833]  ? ext4_evict_inode+0xb8d/0x14e0
[  510.225728][T12833]  ext4_evict_inode+0xea1/0x14e0
[  510.230506][T12833]  ? _raw_spin_unlock+0x4d/0x70
[  510.235286][T12833]  ? ext4_inode_is_fast_symlink+0x3d0/0x3d0
[  510.241038][T12833]  ? _raw_spin_unlock+0x4d/0x70
[  510.245695][T12833]  ? inode_io_list_del+0x18b/0x1a0
[  510.250653][T12833]  ? ext4_inode_is_fast_symlink+0x3d0/0x3d0
[  510.256370][T12833]  evict+0x2a3/0x630
[  510.260209][T12833]  iput+0x63b/0x7e0
[  510.263858][T12833]  vfs_rmdir+0x359/0x470
[  510.267928][T12833]  do_rmdir+0x3ab/0x630
[  510.271924][T12833]  ? d_delete_notify+0x160/0x160
[  510.276708][T12833]  __x64_sys_unlinkat+0xdf/0xf0
[  510.281378][T12833]  do_syscall_64+0x3d/0xb0
[  510.285636][T12833]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  510.291369][T12833] RIP: 0033:0x7f1f5651b707
[  510.295629][T12833] Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  510.315057][T12833] RSP: 002b:00007ffc83129f88 EFLAGS: 00000207 ORIG_RAX: 0000000000000107
[  510.323305][T12833] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007f1f5651b707
[  510.331108][T12833] RDX: 0000000000000200 RSI: 00007ffc8312b130 RDI: 00000000ffffff9c
[  510.338919][T12833] RBP: 00007f1f565786c6 R08: 0000000000000000 R09: 0000000000000000
[  510.346731][T12833] R10: 0000000000000100 R11: 0000000000000207 R12: 00007ffc8312b130
[  510.354569][T12833] R13: 00007f1f565786c6 R14: 0000000000078140 R15: 0000000000000007
[  510.362417][T12833]  </TASK>
[  510.365222][T12833] 
[  510.367388][T12833] The buggy address belongs to the page:
[  510.372868][T12833] page:ffffea0004f21b00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x13c86c
[  510.382927][T12833] flags: 0x4000000000000000(zone=1)
[  510.388060][T12833] raw: 4000000000000000 ffffea0004f21cc8 ffffea0004f22588 0000000000000000
[  510.396471][T12833] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[  510.404884][T12833] page dumped because: kasan: bad access detected
[  510.411139][T12833] page_owner tracks the page as freed
[  510.416339][T12833] page last allocated via order 0, migratetype Movable, gfp_mask 0x100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), pid 14539, ts 510011269774, free_ts 510093316804
[  510.431884][T12833]  post_alloc_hook+0x1a3/0x1b0
[  510.436560][T12833]  prep_new_page+0x1b/0x110
[  510.440901][T12833]  get_page_from_freelist+0x3550/0x35d0
[  510.446289][T12833]  __alloc_pages+0x27e/0x8f0
[  510.450737][T12833]  wp_page_copy+0x1d4/0x1b00
[  510.455137][T12833]  do_wp_page+0x6fa/0xb60
[  510.459301][T12833]  handle_pte_fault+0x7c0/0x24d0
[  510.464077][T12833]  do_handle_mm_fault+0x1ea9/0x23a0
[  510.469118][T12833]  exc_page_fault+0x26f/0x830
[  510.473728][T12833]  asm_exc_page_fault+0x27/0x30
[  510.478413][T12833] page last free stack trace:
[  510.483021][T12833]  free_unref_page_prepare+0x7c8/0x7d0
[  510.488305][T12833]  free_unref_page_list+0x14b/0xa60
[  510.493342][T12833]  release_pages+0x1310/0x1370
[  510.497939][T12833]  free_pages_and_swap_cache+0x8a/0xa0
[  510.503234][T12833]  tlb_finish_mmu+0x177/0x320
[  510.507747][T12833]  exit_mmap+0x40d/0x940
[  510.511913][T12833]  __mmput+0x95/0x310
[  510.515763][T12833]  mmput+0x5b/0x170
[  510.519375][T12833]  do_exit+0xb9c/0x2ca0
[  510.523375][T12833]  do_group_exit+0x141/0x310
[  510.527794][T12833]  __x64_sys_exit_group+0x3f/0x40
[  510.532657][T12833]  do_syscall_64+0x3d/0xb0
[  510.536916][T12833]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  510.542639][T12833] 
[  510.544836][T12833] Memory state around the buggy address:
[  510.550283][T12833]  ffff88813c86bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  510.558176][T12833]  ffff88813c86bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  510.566075][T12833] >ffff88813c86c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  510.574056][T12833]                    ^
[  510.577967][T12833]  ffff88813c86c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  510.585862][T12833]  ffff88813c86c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  510.593880][T12833] ==================================================================
[  510.601778][T12833] Disabling lock debugging due to kernel taint