last executing test programs:

4.628593857s ago: executing program 3 (id=947):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00'}, 0x10)
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r1 = epoll_create1(0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'tunl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x36, 0x4, 0x0, 0x0, 0xd8, 0x64, 0x0, 0x0, 0x29, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x9, [0x401, 0x5, 0x0, 0x5, 0x4]}, @timestamp_prespec={0x44, 0x44, 0xc0, 0x3, 0x0, [{@private=0xa010100}, {@multicast1, 0x5}, {@remote, 0x8}, {@dev={0xac, 0x14, 0x14, 0x32}, 0x659}, {@broadcast}, {@empty}, {@multicast1, 0xffd200}, {@private=0xa010100, 0x7}]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x8, [{@dev}, {@remote, 0x4}, {@multicast2}, {@private=0xa010101}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}, {@multicast2}]}, @noop, @noop, @noop, @lsrr={0x83, 0xf, 0xdc, [@private=0xa010102, @rand_addr=0x64010102, @multicast1]}, @rr={0x7, 0x17, 0x4, [@dev, @remote, @multicast1, @remote, @remote]}]}}}}})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r4, 0x0)
r5 = dup(r3)
r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x4)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000672000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_SET_MP_STATE(r9, 0x4004ae99, &(0x7f0000000000)=0x4)
ioctl$KVM_SET_MP_STATE(r9, 0x4004ae99, &(0x7f0000000040)=0x6)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$KVM_NMI(r6, 0xae9a)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
poll(&(0x7f0000000480)=[{r1}], 0x1, 0x100)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r10, &(0x7f0000000100), 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r10, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000))
epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000100))

4.245819603s ago: executing program 3 (id=952):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x2c)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
sendto$inet(r1, &(0x7f0000000440)="54a8dc5b52961eb747c65b2b5cafff0e005c8b658f43e198a87fae59e54244db02af506b21228009096c1a0907694347a098545d3f23005d86eb9d7b9c04c963d40fd583e4e10a9c660edde78bc5fbacbd5eac0697a2e97422dd223e52bf61c2d9a5f06bf16819f36b7ca254cad3d149eee51df792b9e14fc63c161586af586c1818d8ce5db71ef840f151347fc842fd552bb71846cff2dbef386d278240e1ac86cbc6e6dfac8c3f72c04e92363affbd495b000456949c3589b082d504f147379a69bba52a0045f1925ae562b89f", 0xce, 0x0, &(0x7f0000000240)={0x2, 0x4e21, @loopback}, 0x10)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000180)={0x0, <r2=>0x0})
sched_setscheduler(r2, 0x0, 0xfffffffffffffffd)
r3 = socket$inet6(0xa, 0x3, 0x87)
setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000280)={{{@in=@local, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x1}}, 0xe8)
r4 = socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ioctl$sock_inet_SIOCSIFFLAGS(r4, 0x8914, &(0x7f00000000c0)={'ip6gre0\x00', 0x1000})
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040)={0x0, <r8=>0x0})
ptrace$setopts(0x4206, r8, 0x0, 0x0)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)

3.909901586s ago: executing program 4 (id=955):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x5, 0x4, 0x4, 0x4}, 0x48)
open_tree(0xffffffffffffffff, &(0x7f0000000040)='./file2\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000480)='./file2\x00', 0x130a48, &(0x7f0000000700)={[{@errors_remount}, {@nomblk_io_submit}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x2}}, {}], [{@fsmagic={'fsmagic', 0x3d, 0x100}}, {@smackfshat}, {@uid_lt={'uid<', 0xee00}}, {@flag='mand'}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x66, 0x64, 0x30, 0x66, 0x61, 0x62, 0x66], 0x2d, [0x62, 0x3a, 0x39, 0x34], 0x2d, [0x31, 0x30, 0x62, 0x35], 0x2d, [0x0, 0x35, 0x35, 0x62], 0x2d, [0x37, 0x31, 0x38, 0x65, 0x65, 0x39, 0x61, 0x62]}}}, {@func={'func', 0x3d, 'POLICY_CHECK'}}, {@subj_role={'subj_role', 0x3d, '\xfb'}}, {@dont_hash}]}, 0xfd, 0x490, &(0x7f0000000940)="$eJzs3M1rHOUfAPDvzG6SX1+TX60vrdVGq1h8SZq0akHBFxA8KAh6qCeJSVpq00aaCLYEG6XUi6AF7yJ4EfwLPHkS9SR41bsUivTS6mllsrPrJtndvGyym3Y/H5hmnuwz+3y/M/PMPDOTaQBdazD7J4nYGRG/R0R/RKS1FY5ExLZyvVs35sb/vjE3nkSp9OZfSbZY3LwxN16pmuQ/d5QLxeyL0stJvFin3ZkLF8+MTU1Nns/Lw7Nn3x+euXDxqdNnx05Nnpo8N3r8+LGjI88+M/r0huSZxXRz/0fTB/a9+vbV18dPXH335++SmqBr82jRc/3V2bnqOlnq0Q1qbKvYVTOfFDsYCGvSFxHZ5upZ6P/9Ubi8u/pZf7zySUeDAzZVqVQqjTb+eL4E3MGS6HQEQGdUTvTZ9W9latPQY0u4/lL5AijL+1Y+lT8plu+D9JWvjXZtUvuDEXFi/p+vsinWfB+iZ5OiAgDuZD9k458n643/0rinpt7u/NnQQET8PyL2RMRdEbE3Iu6OWKh7b0TcV7+ZwXcatD+4pLx8/JNeW392K8vGf8/nz7YWj/+qT8EGCnlp10L+PcnJ01OTR/J1cjh6+rLySN1vTyLms5+/fd6o/drxXzZl7VfGgnkc14p9i5eZGJsdaznx3PWPI/YX6+WfRPG/LGJfROxfZxunH//2wOLfFKpzK+ffxAY8Zyp9HfFYefvPx5L8K5LmzyeH/xdTk0eGK3vFcr/8euWNRu2X80+jef7bWk+0gWz7b6+3/79QzX8gqX1eO7PsK3pXauPKH582vKZZ7/7fm7y1qPEPx2Znz49E9CavLf99zQ3uSrlSP8v/8KH6/X9PvkyW//0Rke3ED0TEgxFxMI/9oYh4OCIONcn/p5cfea9h/gdb2P83QJb/RN3jX6Ptv/aZwpkfv2/U/uq2/7FKYSGo1Rz/VhtgK+sOAAAAbhdpROyMJB2qzqfp0FD57+X3xvZ0anpm9omT0x+cmyi/IzAQPWnlTld/zf3QkfzecKU8mpcv5eWj+X3jLwvbFspD49NTE51OHrrcjgb9P/NnodPRAZvO+1rQvfR/6F7r7/+OHHC7W6EXp+2KA2g/Z3HoXvX6/6XaQhLlv5IH7jjO/9C9qv3/i1VUrnnda+nLm8Dtp9n5v9TfxkCAtjP+h67Uynv9W2ImvoloXifZKqGuaeazVhYvtiHCSDu4fno7slFGCxEd3CWKq/1fLeJC6VLLjXb6yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALAx/g0AAP//nsPkhw==")
r1 = creat(&(0x7f0000000080)='./file0/file1\x00', 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioprio_set$uid(0x3, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmsg(0xffffffffffffffff, 0x0, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r5=>0x0})
r6 = socket(0x10, 0x80002, 0x0)
getpid()
getdents64(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYRES16=r0, @ANYRES32=r5, @ANYBLOB="00000a00100000001c001a80080002802d00ff0408000200f47b0c0d"], 0x44}}, 0x0)
syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff)
sendmsg$NFC_CMD_GET_SE(r2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x7, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="b400000000000000dd0a0000000000950000000000000042151fe1f5a89e50f7378394ef4db0620c8cfaa10690ea27c4e11cff262f5ff858c549c5ce2e485101761b342807c9347f2434f890fafa719135310d00000000000000000062d5f6f1481d99e2ca542078bb5fe9f73cd5f706a995e23daae64a18f70b88005f78511207e595faae060000000000000072e6c647b1fc9d1882b6867eb5108467e346d713a016f33c02e425da74aeeeb0d676bbd0e81e6c3b3cdbde"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x19, &(0x7f0000000000)={0x0, 0x2}, 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x2000000}, 0x10}, 0x90)
sendmsg$NBD_CMD_STATUS(r2, 0x0, 0x0)
write$cgroup_type(r1, &(0x7f00000009c0), 0xd4ba0ff)
unlink(&(0x7f0000000100)='./file0/file1\x00')
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)

3.618237437s ago: executing program 4 (id=958):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r1 = creat(&(0x7f0000002440)='./file0\x00', 0x0)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
syz_emit_ethernet(0x3e, &(0x7f0000000180)=ANY=[@ANYBLOB="ffdd605678c100080000001a000000000000000000000000000000aac40000000000000000000000000000000000000000000000000000000000000000008bef7f5b19146b05e5d84728214af04c0639fc94cd1267adcf004fb1b9d998e2638bafb9468dc2773448f4a3f95c249b8e0e8cfddc22dc9053aec8b5cfeee6aaf1e5c73315bfb53f09dccc"], 0x0)
r2 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r2, &(0x7f0000001680)={&(0x7f0000000000)=@id, 0x10, 0x0}, 0x0)
connect$tipc(r2, &(0x7f0000000140)=@name, 0x10)
write$cgroup_type(r1, &(0x7f0000000240), 0xfb3f)
lgetxattr(&(0x7f0000000080)='.\x00', &(0x7f00000000c0)=@known='user.incfs.metadata\x00', &(0x7f0000000340)=""/4096, 0x1000)
fallocate(r0, 0x8, 0x0, 0x8000)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000e9420000000000000000c9b42cae44c7491e9500000000090000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x80)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)

3.609644778s ago: executing program 4 (id=959):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'wg0\x00', <r2=>0x0})
r3 = syz_genetlink_get_family_id$team(&(0x7f0000000080), r0)
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$packet(0x11, 0x2, 0x300)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket$igmp(0x2, 0x3, 0x2)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8b15, &(0x7f0000000500)={'wlan1\x00', <r7=>0x0})
sendmsg$SMC_PNETID_GET(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x410000}, 0xc, &(0x7f00000009c0)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000b2eac720d57e394f6594301dee2d0b1f3cfceea846ad0a8a0b046e6d011943f6e5fc068824c336425fd7bf9e8bbe77e9083500f5ffffff0000000000000000", @ANYRES16=r7, @ANYBLOB="00042cbd7000fedbdf250100000005000400010000080900030073797a32000000000900010073797a32000000000900010073797a300000000014000200677265746170300000000000000000000900010073797a300000000005000400010000000900030073797a3200000000"], 0x74}, 0x1, 0x0, 0x0, 0x40000}, 0x20004800)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
r9 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCXONC(r9, 0x540a, 0x0)
ioctl$TCSETA(r9, 0x5406, &(0x7f0000000100)={0x0, 0x0, 0x0, 0xfffc, 0x0, "001c6fb20a00"})
sendmsg$NFNL_MSG_CTHELPER_NEW(r8, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f00000007c0)={0x50, 0x0, 0x9, 0x101, 0x0, 0x0, {}, [@NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8}}, @NFCTH_TUPLE={0x24, 0x2, [@CTA_TUPLE_IP={0x4, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @private}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x50}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r10=>0x0})
connect$inet(r6, &(0x7f0000000140)={0x2, 0x4e23, @multicast1}, 0x10)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'bridge0\x00', <r11=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=ANY=[@ANYBLOB="240000001c00040026ca700c0000000007000000", @ANYRES32=r11, @ANYBLOB='\x00'/12], 0x24}}, 0x4)
setsockopt$MRT_ADD_VIF(r6, 0x0, 0xca, &(0x7f0000000000)={0x0, 0x8, 0xfb, 0x7b1, @vifc_lcl_ifindex=r11, @empty}, 0x10)
sendmsg$nl_route(r5, &(0x7f00000004c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000480)={&(0x7f0000000340)=ANY=[@ANYBLOB="940000001100010026bd7000fcdbdf2500000000", @ANYRES32=r11, @ANYBLOB="4068000a43c6037f7300"/26, @ANYRES32=0x0, @ANYBLOB="080023000100000008000d00fffbffff140003006d6163736563300000000000000000001400030076657468315f766972745f776966690024001280090001007866726d000000001400028008000200030000000800010004000000"], 0x94}, 0x1, 0x0, 0x0, 0x4091}, 0x20000000)
setsockopt$packet_drop_memb(r4, 0x107, 0x2, &(0x7f0000000180)={r11, 0x1, 0x4, @broadcast}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xd, 0x8006, 0x4, 0x6, 0x115}, 0x48)
r12 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
r13 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
sendfile(r13, r12, 0x0, 0x3a)
sendmsg$TEAM_CMD_OPTIONS_GET(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f0000000340)={0x5ac, r3, 0x4, 0x70bd28, 0x25dfdbfb, {}, [{{0x8, 0x1, r2}, {0x7c, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r2}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}]}}, {{0x8, 0x1, r11}, {0xb0, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r2}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x4}}}]}}, {{0x8, 0x1, r2}, {0x1f8, 0x2, 0x0, 0x1, [{0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0xe9}}, {0x8, 0x6, r2}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r2}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}, {0x64, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x34, 0x4, [{0x8, 0x0, 0x4}, {0x0, 0x94, 0x53, 0x9}, {0x2, 0x80, 0x4}, {0xb5eb, 0x49, 0x0, 0x4}, {0x0, 0x40, 0x3, 0x5}, {0x0, 0x7f, 0x4, 0x3ff}]}}}]}}, {{0x8, 0x1, r2}, {0xf0, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x5ed5}}, {0x8, 0x6, r2}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0xc5c}}}, {0x3c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0xc, 0x4, [{0x7, 0xfc, 0x20, 0xfffffffc}]}}}]}}, {{0x8, 0x1, r2}, {0x15c, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x96}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r2}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r2}}}]}}]}, 0x5ac}}, 0x20000040)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYRESHEX=r10, @ANYRES32=0x0, @ANYBLOB="0000000000000000180012800e0001007769726567756172640000000400028008000a00", @ANYRES32=r2, @ANYBLOB], 0x40}}, 0x0)
syz_usb_connect$uac1(0x0, 0x9b, &(0x7f0000000840)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x89, 0x3, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@output_terminal={0x9}, @selector_unit={0x6, 0x24, 0x5, 0x0, 0x0, "a2"}, @extension_unit={0x7}, @output_terminal={0x9}, @feature_unit={0xb, 0x24, 0x6, 0x0, 0x0, 0x2, [0x5, 0x0]}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7, 0x25, 0x1, 0x0, 0x0, 0x7f}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, 0x0)

3.55332593s ago: executing program 1 (id=960):
socket$vsock_stream(0x28, 0x1, 0x0) (async)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
r1 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
syz_mount_image$tmpfs(&(0x7f0000000180), &(0x7f0000000080)='./file0\x00', 0x880088, 0x0, 0x4, 0x0, &(0x7f00000006c0))
rt_sigprocmask(0x0, &(0x7f0000000200)={[0xfffffbfd]}, 0x0, 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c000000000000000000000c850000006d00000095"], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) (async)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c000000000000000000000c850000006d00000095"], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='9p_protocol_dump\x00', r2}, 0x10)
pipe2$9p(&(0x7f0000000240)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15)
dup(r4) (async)
r5 = dup(r4)
socket$nl_xfrm(0x10, 0x3, 0x6) (async)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000021c0)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@local, @in6=@local}, {@in=@broadcast, 0x0, 0x33}, @in, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}, @algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x184}}, 0x0)
write$P9_RFLUSH(r5, &(0x7f0000000200)={0x7}, 0x7)
mount$9p_fd(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000024c0)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r5}, 0x2c, {[], [], 0x6b}})
rt_sigaction(0x19, &(0x7f00000000c0)={&(0x7f0000000080)="366465f029144d00000081f30fc27f5e06ae0d0fd82e2e460f01d626f00994aff7000000c4c1796f960600000040cd00c4e2f1453c99f340a56544ca0c00", 0x84000004, 0x0}, 0x0, 0x8, &(0x7f0000000000))
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
writev(r7, &(0x7f0000000000)=[{&(0x7f0000000080)='e', 0x1}], 0x1) (async)
writev(r7, &(0x7f0000000000)=[{&(0x7f0000000080)='e', 0x1}], 0x1)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r7, 0x0)
ftruncate(r1, 0x3292e291) (async)
ftruncate(r1, 0x3292e291)
shutdown(r0, 0x0)

3.410180816s ago: executing program 0 (id=962):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00'}, 0x10)
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r1 = epoll_create1(0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'tunl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x36, 0x4, 0x0, 0x0, 0xd8, 0x64, 0x0, 0x0, 0x29, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x9, [0x401, 0x5, 0x0, 0x5, 0x4]}, @timestamp_prespec={0x44, 0x44, 0xc0, 0x3, 0x0, [{@private=0xa010100}, {@multicast1, 0x5}, {@remote, 0x8}, {@dev={0xac, 0x14, 0x14, 0x32}, 0x659}, {@broadcast}, {@empty}, {@multicast1, 0xffd200}, {@private=0xa010100, 0x7}]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x8, [{@dev}, {@remote, 0x4}, {@multicast2}, {@private=0xa010101}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}, {@multicast2}]}, @noop, @noop, @noop, @lsrr={0x83, 0xf, 0xdc, [@private=0xa010102, @rand_addr=0x64010102, @multicast1]}, @rr={0x7, 0x17, 0x4, [@dev, @remote, @multicast1, @remote, @remote]}]}}}}})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r4, 0x0)
r5 = dup(r3)
r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x4)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000672000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_SET_MP_STATE(r9, 0x4004ae99, &(0x7f0000000000)=0x4)
ioctl$KVM_SET_MP_STATE(r9, 0x4004ae99, &(0x7f0000000040)=0x6)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$KVM_NMI(r6, 0xae9a)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
poll(&(0x7f0000000480)=[{r1}], 0x1, 0x100)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r10, &(0x7f0000000100), 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r10, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000))

3.332398438s ago: executing program 3 (id=963):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r0=>0xffffffffffffffff})
unshare(0x22000600)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = dup3(r1, r2, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6(0xa, 0x3, 0xff)
getsockopt$inet_IP_IPSEC_POLICY(r3, 0x0, 0x10, &(0x7f0000000840)={{{@in=@private, @in6=@empty}}, {{@in6=@private0}, 0x0, @in=@dev}}, &(0x7f0000000940)=0xe8)

3.086035198s ago: executing program 0 (id=965):
r0 = socket(0x10, 0x803, 0x0)
write(r0, &(0x7f0000000040)="2600000022004701050007108980e8ff06006d20002b1f00c0e90101c7bb0000b00000000000", 0x26)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000180)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='attr/prev\x00')
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000e27b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000004"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10)
writev(r1, &(0x7f00000006c0)=[{0x0}, {&(0x7f00000004c0)='\n', 0x1}], 0x2)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000400), 0x4)
sendto(r0, &(0x7f00000005c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000100)='syscall\x00')
r5 = socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
r6 = socket(0x1, 0x803, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=r7, @ANYBLOB="000000000000000028001280090001007665746800000000180002801400010000000000", @ANYRES32=r4], 0x50}}, 0x0)
getsockopt$bt_sco_SCO_CONNINFO(r0, 0x11, 0x2, &(0x7f0000000140)=""/111, &(0x7f0000000000)=0x6f)
sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7)
open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
open(0x0, 0x163142, 0x48)
r8 = socket(0x40000000002, 0x0, 0x2)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x14, &(0x7f0000000440)=0x185, 0x4)
r9 = socket(0x40000000002, 0x3, 0x80000000002)
setsockopt$SO_BINDTODEVICE(r9, 0x1, 0x19, 0x0, 0x0)
sendto$unix(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000180)=@abs={0x0, 0x0, 0x10000e0}, 0x6e)
recvmmsg(r8, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$msdos(&(0x7f00000000c0), &(0x7f0000000080)='./file1\x00', 0x200008, &(0x7f0000000500)=ANY=[], 0xfe, 0x1c7, &(0x7f00000014c0)="$eJzs3bFu00AYB/DPKSQpQ9UZMViwMFXAExShIiEiIYEywAQSTC0LLIGpI6/AW6JO3Q4lZxMcB4kAjgn8fks++e873/ksZ8rl5Y23p5+GsTAeFzE4juO4LOIwBnHzIB8/j5b99iEAYFdcphRfUtb3WACA7fD9DwD/n2fPXzy+P5mcPC3LccTFeVEdn03z58NHk5M75cLhstXFbDbdi/rcuzmfNvOrca1qfy/nZTMfxu1bOZ9nD55MVvJRvO5y4gAAAAAAAAAAAAAAAAAAAAAA0KOj8pvW/j6L/OhHea6+2x9oZf+ez3H9ytamAQAAAAAAAAAAAAAAAAAAADvt/bguPnw8fXV29ubdjhcppTSfzyatRtU9+J2rH/wFc28VEWuieuk36bBu091Q094f7LCcF0VE9LwEv/hEDZurM6hufndDLdY8Est3xKjztxAAAAAAAAAAAAAAAAAAABCNn/33PRIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6M/y//83LNIod/ATJ6+77v6W5wkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMC/7WsAAAD//wc2Fgs=")

2.918394965s ago: executing program 0 (id=966):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00'}, 0x10)
openat$rfkill(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r0 = epoll_create1(0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'tunl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x36, 0x4, 0x0, 0x0, 0xd8, 0x64, 0x0, 0x0, 0x29, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x9, [0x401, 0x5, 0x0, 0x5, 0x4]}, @timestamp_prespec={0x44, 0x44, 0xc0, 0x3, 0x0, [{@private=0xa010100}, {@multicast1, 0x5}, {@remote, 0x8}, {@dev={0xac, 0x14, 0x14, 0x32}, 0x659}, {@broadcast}, {@empty}, {@multicast1, 0xffd200}, {@private=0xa010100, 0x7}]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x8, [{@dev}, {@remote, 0x4}, {@multicast2}, {@private=0xa010101}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}, {@multicast2}]}, @noop, @noop, @noop, @lsrr={0x83, 0xf, 0xdc, [@private=0xa010102, @rand_addr=0x64010102, @multicast1]}, @rr={0x7, 0x17, 0x4, [@dev, @remote, @multicast1, @remote, @remote]}]}}}}})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r3, 0x0)
r4 = dup(r2)
r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x4)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000672000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_MP_STATE(r8, 0x4004ae99, &(0x7f0000000000)=0x4)
ioctl$KVM_SET_MP_STATE(r8, 0x4004ae99, &(0x7f0000000040)=0x6)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_NMI(r5, 0xae9a)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
poll(&(0x7f0000000480)=[{r0}], 0x1, 0x100)

2.720549263s ago: executing program 1 (id=967):
mkdir(&(0x7f0000000300)='./file0\x00', 0x0)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x3000480, &(0x7f0000000380), 0x45, 0x7a5, &(0x7f0000001740)="$eJzs3c9rG1ceAPDvyPLPZNdeWNjNngwLu4YQeZ31Jlso1KWHUmgg0J6bGFkxqWUrWHKIjWkTSqGXQlt6ay859+el9Nofh17a/6MkpK0TmtJDcRn9sJVYcuTElpLm84Gx3pt50nvfeaOZJ81YE8Bjazz9k4k4EhFvJRGj9flJRPRXU9mImVq52xvr+XRKYnPzhR+TaplbG+v5aHpO6lA98/eI+Or1iKOZnfWWV9cWZovFwnI9P1lZvDBZXl07dn5xdr4wX1g6MTU9ffzk/06e2L9Yf/5u7fD1t5/998czv772t0/e/DqJmThcX9Ycx34Zj/H6OulPV+Edntnvynrms1c6KNS0BWQPsjHsUdoxffVeORKj0bdb/wx3s2UAwEF5NSI22+lruwQAeKQlteP/U71uBwDQLY3vAW5trOcbU2+/keiuG09HxFAt/sb5zdqSbP2c3VD1POjIreSOMyNJRIztQ/3jEfH+5y99mE5xQOchAVq5fCUizo6N79z/JzuuWdir/3RQZvyuvP0fdM8X6fjn/63Gf5mt8U+0GP8Mtnjv3o97v/8z1/ahmrbS8d+TTde23W6Kv26sr577U3XM15+cO18spPu2P0fERPQPpvmpXeqYuPnbzXbLmsd/P73z8gdp/enjdonMtezgnc+Zm63MPkjMzW5cifhHtlX8yVb/J23Gv6c7rOO5J954r92yNP403sa0M/6DtXk14l8t+z/ZKpPsen3iZHVzmGxsFC18OhMj7eofz273fzql9Tc+C3RD2v8ju8c/ljRfr1nu+KW3rhb79urol+0KNW//reNvvf0PJC9W0wP1eZdmK5XlqYiB5Pmd849vP7eRb5RP45/4Z+v3/27bf/qZ8GyHKyJ7/YeP7j/+g5XGP7en/t9zIoZuL/S1q7+z/p+upibqczrZ/3XawAdZdwAAAAAAAAAAAAAAAAAAAAAAAADQqUxEHI4kk9tKZzK5XO0e3n+NkUyxVK4cPVdaWZqL6r2yx6I/0/ipy9Gm30Odqv8efiN//K78fyPiLxHx7uBwNZ/Ll4pzvQ4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOoOtbn/f+r7wV63DgA4MEN9vW4BANBlSTbb6yYAAN02tKfSwwfWDgCge/Z2/AcA/ggc/wHg8XOP479/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBBnT51Kp02f9lYz6f5uYurKwuli8fmCuWF3OJKPpcvLV/IzZdK88VCLl9abPtCl2sPxVLpwnQsrVyarBTKlcny6tqZxdLKUuXM+cXZ+cKZQn/XIgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAzpVX1xZmi8XCskRPEgvf1PrhYWmPxN4ScbnWfw9Le/YvEQPbe4nh3uycAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4BvwcAAP//JJMi3A==")
r0 = open(&(0x7f00000000c0)='./bus\x00', 0x1431c2, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./bus\x00', 0x0, 0x1000, 0x0)
r1 = open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r1, 0x0)
r2 = open(&(0x7f00000001c0)='./bus\x00', 0x64942, 0x0)
r3 = open(&(0x7f0000007f80)='./bus\x00', 0x0, 0x0)
sendfile(r2, r3, 0x0, 0x1000200201005)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r5, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r6 = dup(r5)
sendmsg$NFT_MSG_GETFLOWTABLE(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)={0x70, 0x17, 0xa, 0x101, 0x0, 0x0, {0x3, 0x0, 0x1}, [@NFTA_FLOWTABLE_FLAGS={0x8}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_FLAGS={0x8}, @NFTA_FLOWTABLE_FLAGS={0x8}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x1}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x4}]}, 0x70}}, 0x28000004)
write$FUSE_BMAP(r6, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r6, &(0x7f0000000800)={0x168, 0x0, 0x0, [{{}, {0x0, 0x0, 0xba, 0x0, '9p\x00\xdb\xad5\xfe;\xc4\x06\x8c\xbd\xc7L\x91\xc9\x14\xdf($\x1c\n\xe4\x7f\xbc\xca\x12\xe5NP\xfba\x03\xd1\xbf\x1dxRU1\xe5%\xc2k\"*\xc4\x15\xf5S\x86\xc6\xc8^ka<\x97n\x0f\x87e\xfdv\xd0\xa2\xa6RjM85\xf9\xd1R\x02\x1f\xf1\xf7\x11?\xdc\xddH\xb1\x90D\x0f\xa6\x1cQ\"\x9dia\xd3\xe3K\x01Y\xbd\t\x7f\x05m\xdc\xdf\xa8\v\x82ssH\xaeq\xd4\xc9\'j\x8cze\xbc\xfa\xc5\xdb\xd4\x05\xb0\xd2\xc7\x01\xfc?\x82\x15\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00%@\xfc\x18\x15+v\xb8\x9d\xd6\x9a\x84\xaf\xe5\xae\xeaQ:\x8f\xa8;\xe8`\xb1N\x1bw\x98\xb0U\xd2q\"\xed\x027\x9c\x9b'}}]}, 0x168)
getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)=<r7=>0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r6, @ANYBLOB=',privport,access=', @ANYRESDEC=r7])
chown(&(0x7f0000000040)='./file0\x00', 0x0, 0xffffffffffffffff)
fchmodat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000500)=@generic={&(0x7f00000003c0)='./file0\x00', 0x0, 0x8}, 0x18)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

2.495473731s ago: executing program 0 (id=968):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x16, 0xffff, 0x4, 0xbba, 0x4, 0xffffffffffffffff, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x0, 0x3}, 0x48)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0x16}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0xc, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="a500000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000003c0)='sched_switch\x00'}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
copy_file_range(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000000100)='net/if_inet6\x00')
read$FUSE(r6, &(0x7f0000000f40)={0x2020}, 0x2020)
preadv(r6, &(0x7f0000000180)=[{0x0}], 0x1, 0x0, 0x0)
read$FUSE(r6, 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r6, 0x89f8, &(0x7f0000000000)={'sit0\x00', &(0x7f0000000300)={'gretap0\x00', <r7=>0x0, 0x0, 0x7, 0xffffffff, 0x0, {{0x16, 0x4, 0x3, 0x0, 0x58, 0x65, 0x0, 0xff, 0x0, 0x0, @remote, @rand_addr=0x64010100, {[@timestamp_addr={0x44, 0xc, 0x9d, 0x1, 0xe, [{@multicast1, 0x1}]}, @timestamp_prespec={0x44, 0x14, 0x97, 0x3, 0x8, [{@loopback, 0x4dd4}, {@remote, 0x2}]}, @cipso={0x86, 0x24, 0x0, [{0x6, 0xe, "f20b1161cc17a6295195025d"}, {0x7, 0x5, 'w 6'}, {0x1, 0x2}, {0x6, 0x9, "37bb88c10e4afb"}]}]}}}}})
r8 = openat$cgroup_ro(r0, &(0x7f0000000040)='memory.events\x00', 0x7a05, 0x1700)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000480)=ANY=[@ANYRES16=r4, @ANYRESOCT=r5, @ANYRES64=r6, @ANYRES64], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r7, 0x8580651e8b3a0e64, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYRES64=r1, @ANYBLOB="4a77688874e28498709e6cd3f986d021bc3274bce0f6a16a8c4bd3deaf5a380c92fd17ca893b0e48cf7d004818c35f6bb11e16947805af3cc639ba7eee3ec77c1313e9372d0b9110562940c396f5682e8b13ce348aa8eb7586391d5a121bae094c38368304707504163bf8b76718aaa0bb3074fc3be11203ca3a36c49250863344b9c69bd2056b94ba392fe43d33d7c3479bfd51f820e7200bea0f1708f146b410c1014dc861d5f5612154bf228b645e9c74d3900fb9a190056f48f6"], &(0x7f0000000680)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, 0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000280)='sched_kthread_stop\x00', r8}, 0x10)

2.450350023s ago: executing program 3 (id=969):
socket$igmp(0x2, 0x3, 0x2)
r0 = socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 32)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000680)={0x2, &(0x7f0000000000)=[{0x6, 0x3, 0x6, 0x7ffffffb}, {0x1c, 0x3}]}) (rerun: 32)
bind$inet(0xffffffffffffffff, 0x0, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x6, &(0x7f0000000580)=ANY=[@ANYBLOB="b4050000000000007110890000000000850077000300000018240000", @ANYRES32=0x1, @ANYBLOB="00000000540e00009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x5}, 0x10}, 0x90) (async)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, 0x0, 0x0) (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000005c0)={0x3, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80}, 0x90) (async)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0x64, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$unix(r3, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f00000009c0)="ec", 0x1}], 0x1, &(0x7f0000000840)=ANY=[], 0x18}, 0x0) (async)
recvmsg$unix(r2, &(0x7f0000006c40)={0x0, 0x0, &(0x7f0000006bc0)=[{&(0x7f0000004880)=""/4096, 0x1000}], 0x1}, 0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) (async)
io_setup(0x0, &(0x7f0000000000)=<r5=>0x0)
socket$inet6_udp(0xa, 0x2, 0x0) (async)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0) (async)
io_submit(r5, 0x1, &(0x7f0000001d00)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffffffffffff, &(0x7f0000000340)='p', 0x300, 0x80fb0f0000000000}])
ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0) (async, rerun: 32)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x3fffd, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2003}, 0x48) (async, rerun: 32)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x2d) (async)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8) (async)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000540)={0x0, 0x0, 0x0, &(0x7f00000002c0)=""/138, 0x0}) (async)
ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, &(0x7f0000000940))
ioctl$VHOST_SET_VRING_KICK(r4, 0x4008af20, &(0x7f0000000040)={0x1})
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) (async)
ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000500)={0x1, 0x0, [{0x5000, 0xd8, &(0x7f0000000b00)=""/216}]}) (async)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="4000000010000104000000000000004000000000", @ANYRES32=r0, @ANYBLOB="00000000880000002000128008000100677265001400028008001400050000000500130001"], 0x40}}, 0x0) (async, rerun: 64)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0) (rerun: 64)

2.450197363s ago: executing program 3 (id=970):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000e00)={0x0, {{0xa, 0x4000, 0x0, @mcast1}}, 0x1}, 0x5000)

2.447081183s ago: executing program 3 (id=971):
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x0, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000030000000bca30000000000002403000040feffff7b1af0ff0000000079a4f0ff000000001f030000000000002e030200000000002604fdffffff000e61141800000000001d430000000000007a0a00fe0000001f6114140000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f30002af51efd601b6bf01c8e8b1fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f0177184b6a89adaf17b0a6041bdef728f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566de74e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48b936e6f9e0fcda88fe4413537528fd79153baae244e7bf573eac34b781337ad5901a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab51380d7b4ead35a385e0b4a26b602396df7e0c1e02b88c114f2440000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb1188883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcc536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d648532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2654026c6ea08b83b123145ab5703dad844ceb201efeb6dc5f6a9037d2283c42efc54dd84323afc4c10eff462c8843187f1dd48ef0900000000000000ff0f4000000000f00700003c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fcdb4c1011e32f808890205f0e6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c9494963442aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2869291b7d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e637d4219ef7ec61261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ecab5d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addbc4b3093c91b8068c5adfcb0d7fd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf699b3746979f99f6a1527f004f37e84fb478199dc1020f4beb98b8074bf7df8b5e783637daf121f175a81cffff4ac55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a4a274000000000000000000000000000000000000000000000009dd14b38f2f5426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4120260ffcd030000006d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb3928143be1c1023a375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10b0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d3b332240d450fdb0a9a69f432e277f3a0386eb2bd1305c88629a6c921c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07e18b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e8c0a0d213c3ffad44d2a376def42e41e9fc3167a257e040fa7cf32c221aaac6cfdeb33c27500001a0000000000000000000017350000c11ae694b0c69c2c03f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d10522a7a945b93fbf05b95b6aae27a8fab1e6984c8bdc12360627137ab6737b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481ffe46a4ce86be0b1f8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0b74903580ac98708007c80d6c7d0de4614195e40d797c0348dd70f36a220e8b3710fb5358c27e90793bcb9ee6319342c4b239ca8cbc6fc83d32e6eb62ad92e43991f2447be9c2a1ae1119eafb901a43d57e885116d19aa152bfb89f8d0b2516f80120a1cddff771657f3d0288ec3899f1e3ba0151c4037148fb479de703fc52b6573349c28d1b107d859b4961324c17756dde99de1924a1d2b7095d34a55060f47f4407d89acf9f285b20c2e6b3d0491d0d3591b0d94713332b6b79c8297117b0d14eff64e0aca8a4b4aa773d8fba1217e9519952419bb9dd998d0ec870ff00b6d556018602738fbc6cec89d6dd13cf55b96f6fe9a137d2d6a56ad78e52c23ed080000000000002bc261a781fd14126c146a0aac4221839a4b9bbf61e4bba695a41e2109eba8e40c370267cc51ffadbd15cafc97a4d3edfdcb9b5729307c6bdaf7b69325fb05fa8a9869de0600ee477d71ca3e36d1d9019edfa27aae24b632f251df210c86a18fae731ecb8b0d48357378caf2b6789509b1bacfd4fa812dc341875cfa5e798bbf59770000000000000000c8a594ea3c3347962d9113b1fecdfad5a8da641053f02e49456f5d21674521e67a5b18ea451eccf69dd6af928d2d68da9304a296c22fdcea26498d26229110b1aade386b113045033a6188d56e675564d8cb8d5b40114b0f5bf15dd64c9ece60b8588ee8777d0ea8f4713b258427c7d90f9e93348e17723ba9ab8ae790f74cc41ae5795835f3cec40dff485d2802c08611454d9ea784a205bcc07ec26f906f3cf45bb37014ab6f22af6213618e242b283ea9d3f0677ee598072ec06f7170009d92bb7ed9d12c378dfd3e74ec056ee83eef666423d934fc5908c9ff98715218a5964f1e00000000426ac9588e27aefe307f49662990ee823568bbc2f89596ced7c6c52d76b8096f1848410843b93fd404f535be474f456778b5ef85abb8fc2336abd5ea64a6efea8a5aca0015499b88ae780a7bae4df603bd3c72808cf300440b1b638a6640f7de8d0d82f359ca2f779cd48cd8d3603f4f69e47f386988c9b7b5d6dd3d48a1fdca780049d7c87bea42161a4c0d7cf0125b43dc9d8845f3c05a08acda647e7143d0e0aee2949a45e2848890522c2288072467d2afe269f589fb7e034b92d3ca245b16b71998711bfe206c9690b6d0eebb06a29349229eb45ff15c63aa2c82c56d7420738cd1b04eb16e87cb524315d7361ea3635d3799bb7fcc56aa5e1dbe031a7a12554dee6754b72f43a6fddf427f32ec3df274a88097725679769beebf1aa6eb09d5154e4900000000000d0f7160a05911d969879953d3d4702b2676c07bb0fd14020a66718378825d5ed789711b77d40dc31e0b8fc651b45559da463f0000000000000000000000000052d42124e9c26aba885015e69d42ecd710342ac597ebea576ae15fdf611356f622e831741ab15549e0d7a2bd0324e2b3b48a10551607492c19eaf58485feb4cab19c303b30ba2ddea0d792d77724c9fa4ed58b93668fc20484f141ee2b6a0029e88fdc853189b4dafd36ff23b11967090e508f45e3f10857038a52ef275cf9e3e4b5d30b12d138dfa70930c603b5e3f4b7be67be3dba3cbd8d4d143195af0697d779445d67dcfbd922d12a8b49f93eac7a72faacf80346b3b60f132a2bf8a858392f34072d99aee0ec70aa6d75096e608d97ac4b7bfa2e0ae3e59718e7a7691a98b1334e34553300000000000000000000000000000000062c7cf52e9624806a4833e1c0059e5a703ab9c2e9b38779270dc5e80af75d509b1a31fe6ed3f8c0172659256dc88de4e377c8a07e95ec5549ae47dc43b93a159a201be254048b9e0857ea3c736c761e686f9b3d0690f035617a12055b2cb3a03794d67b95e7f4fc6af323120c09d0503c8ce92e869e22bb2590299ad76d541f844d32f96184f74d433793bbd75ec15fb1497ce835445212421cb4e3ce08395c9055a2dbaa548a03d153de186e1194e520da76ee6d1902a54ecf277afa9a0516be86048321a1f8b138e4197089be800d5fc674f4f711b3a9aa4d4a8179ac1e2dd9e145c3"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f00000000c0)={0x0, 0x0, 0x3}, 0x10}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18090000000000000000000000000004850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10)
r1 = syz_open_dev$usbfs(&(0x7f0000000c40), 0x310decfa, 0x1)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r3, 0x10e, 0x1, &(0x7f0000000080)=0x1e, 0x4)
write$binfmt_aout(0xffffffffffffffff, 0x0, 0xc1)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x4010, r2, 0x0)
r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x54c, 0x24b, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io(r4, 0x0, 0x0)
syz_usb_control_io$hid(r4, &(0x7f0000000b80)={0x24, 0x0, 0x0, &(0x7f0000000b00)={0x0, 0x22, 0x5, {[@global=@item_4={0x3, 0x1, 0x0, "efb9ce47"}]}}, 0x0}, 0x0)
r5 = openat(r2, &(0x7f0000000900)='./file1\x00', 0x6083, 0x6be0213b6b56eac7)
ioctl$MON_IOCG_STATS(r5, 0x80089203, &(0x7f0000000940))
syz_usb_control_io$hid(r4, 0x0, &(0x7f00000008c0)={0x2c, &(0x7f00000006c0)={0x60, 0x1b, 0xe, "777dcc1f5da922ca3d267c10e567"}, &(0x7f0000000700)={0x0, 0xa, 0x1, 0x9}, &(0x7f0000000740)={0x0, 0x8, 0x1, 0xff}, &(0x7f0000000780)={0x20, 0x1, 0xcf, "c0266c957fca23a2eb268c25e8b95a51eaaa38a4b4a454525079f36e0e76139165ac6a5124ee62e023215e64d85b9a78962afea9f16deb7c32e34a71cca98781e6bd122da022a66ca3cd479567cd4fa2cda451342ae61bbf3adbb20057ed8548f8dca4af70afaefdf97ef884eb781fbef92658b16375b489920bf06c2298ef7900df475aa5c92b4ef667f60f28ce2bf89da0e09f0731633fd36f6d0d6236358cc2546b49cfe0ae13ebc2d1e0708f7a9bc22a44e06e64402b81364db0a168cf7288969055c584367351a646911aed26"}, &(0x7f0000000880)={0x20, 0x3, 0x1, 0x1}})
ioctl$USBDEVFS_CONTROL(r1, 0xc0105512, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xb, &(0x7f0000000180)=ANY=[@ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x90)
r6 = socket$netlink(0x10, 0x3, 0x8000000004)
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000240)={0x0, <r8=>0x0}, &(0x7f0000000280)=0x5)
setuid(r8)
writev(r6, &(0x7f0000000280)=[{&(0x7f0000000040)="580000001400192340834b80040d8c560a067fbc45ff81054e220000000058000b480400945f64009400050038925a01000000000000008000f0fffeffe809000000fff5dd000000100001000b080800418e224e0a04fcff", 0x58}], 0x1)
r9 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/profiling', 0x0, 0x0)
utimensat(r9, 0x0, &(0x7f0000000040)={{}, {0x0, 0x3ffffffe}}, 0x0)
r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010080000000080000000000000004850000006d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r10}, 0x10)
sigaltstack(&(0x7f0000000040)={0x0, 0x80000001, 0xffffffffffffff76}, 0x0)
prctl$PR_SET_SECUREBITS(0x1c, 0x7)
socket(0x10, 0x2, 0x0)

2.005859991s ago: executing program 1 (id=974):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x474c, 0x4)
r1 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x0, &(0x7f0000d06000)=0x1, 0x4)
setsockopt$inet_opts(r1, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000740)='syz_tun\x00', 0x10)
connect$inet(r1, &(0x7f0000000140)={0x2, 0x0, @multicast1}, 0x10)
setsockopt$inet_opts(r1, 0x0, 0x4, 0x0, 0x0)
setsockopt$inet_opts(r1, 0x0, 0x1, &(0x7f00000004c0)="18", 0x1)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000000c0), 0x4)

1.944740593s ago: executing program 1 (id=975):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00'}, 0x10)
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r1 = epoll_create1(0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'tunl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x36, 0x4, 0x0, 0x0, 0xd8, 0x64, 0x0, 0x0, 0x29, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x9, [0x401, 0x5, 0x0, 0x5, 0x4]}, @timestamp_prespec={0x44, 0x44, 0xc0, 0x3, 0x0, [{@private=0xa010100}, {@multicast1, 0x5}, {@remote, 0x8}, {@dev={0xac, 0x14, 0x14, 0x32}, 0x659}, {@broadcast}, {@empty}, {@multicast1, 0xffd200}, {@private=0xa010100, 0x7}]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x8, [{@dev}, {@remote, 0x4}, {@multicast2}, {@private=0xa010101}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}, {@multicast2}]}, @noop, @noop, @noop, @lsrr={0x83, 0xf, 0xdc, [@private=0xa010102, @rand_addr=0x64010102, @multicast1]}, @rr={0x7, 0x17, 0x4, [@dev, @remote, @multicast1, @remote, @remote]}]}}}}})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r4, 0x0)
r5 = dup(r3)
r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x4)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000672000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_SET_MP_STATE(r9, 0x4004ae99, &(0x7f0000000000)=0x4)
ioctl$KVM_SET_MP_STATE(r9, 0x4004ae99, &(0x7f0000000040)=0x6)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$KVM_NMI(r6, 0xae9a)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
poll(&(0x7f0000000480)=[{r1}], 0x1, 0x100)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r10, &(0x7f0000000100), 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r10, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000))

1.917424295s ago: executing program 4 (id=977):
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fchdir(r0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x200000, &(0x7f0000000180), 0xfc, 0x585, &(0x7f0000000580)="$eJzs3c9rVNceAPDvvUk06nsvCiLvvUUJuKjFOmOS/rDQhV2WViq0ezskY5BMHMlMxKRCdVE33RQplFKhtPvuu5T+A/0rhFaQIqFddDPlTu7E0cwkkzj5ofP5wNVz7rkz55y593vm3Lk33AAG1nj2Txrxv4j4KokYaysbjrxwfHW7lcc3p7MliUbj4z+SSPJ1re2T/P8jeea/EfHLFxGn0/X11paW50qVSnkhzxcjuVasLS2fuTJfmi3Plq9OTk2de3Nq8p233+pbX1+7+Ne3H91//9yXJ1e++enhsbtJnI/G56tl7f14DrfaM+Mxnn8mI3H+mQ0n+lDZfpLsdQPYlqE8zkciGwPGYiiP+o4aY7vZNGCHZV9/DWBAJeIfBlRrHtA6t+/TefAL49F7qydA6/s/vPrbSIw2z40OryRPnRll57tH+1B/VsfPv9+7my3Rv98hADZ163ZEnB0eXj/+Jfn4t31ne9jm2TqMf7B77mfzn9c7zX/StflPdJj/HOkQu9uxefynD/tQTVfZ/O/djvPftYtWR4fy3L+bc76R5PKVSjkb2/4TEadi5GCW3+B6zqfpyoNGt8L2+V+2ZPW35oJ5Ox4OH3z6NTOleum5Ot3m0e2I/3ec/yZr+z/psP+zz+Nij3WcKN97pVvZ5v3fWY0fIl7tuP+fXNHKUsX6fLfrk8Xm8VBsHRXr/XnnxK/d6t/r/mf7//DG/T+atF+vrW29ju9H/y53K9vu8X8g+aSZPpCvu1Gq1xcmIg4kH65fP/nkta18a/us/6dObjz+dTr+D2WB3WP/7xy/077p6Eb9H+nxPfsl6//Mlvb/1hMPPvjsu27197b/32imTuVrehn/em3g83x2AAAAAAAAsN+kEfGvSNLCWjpNC4XV+zuOx+G0Uq3VT1+uLl6dycqa9z+krSvdY233Q0zk98O28pPP5Kci4lhEfD10qJkvTFcrM3vdeQAAAAAAAAAAAAAAAAAAANgnjkSMdvr7/8xvQ3vdOmDHbfDI7252+zkFwA7pHv95ST+e9ATsS+3xf3AP2wHsvm3M/4GXRA/xn+5GO4Dd5/sfBpf4h8El/mFwiX8YXFuJ/x8v7GBDAAAAAAAAAAAAAAAAAAAAAAAAAAAA4OVw8cKFbGmsPL45neVnri8tzlWvn5kp1+YK84vThenqwrXCbLU6WykXpqvzm71fpVq9NjEZizeK9XKtXqwtLV+ary5erV+6Ml+aLV8qe244AAAAAAAAAAAAAAAAAAAArFdbWp4rVSrlBQmJbSWG90czuiXS/EDfL+15YRJ7PDABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQJt/AgAA//9UjzKL")
mount$binder(0x0, &(0x7f0000000000)='./bus\x00', &(0x7f00000000c0), 0xff8c, &(0x7f0000000080)=ANY=[@ANYBLOB='stats=g'])

1.654443155s ago: executing program 4 (id=978):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000340)='./file0\x00', 0x0, &(0x7f00000001c0), 0x81, 0x79e, &(0x7f00000018c0)="$eJzs3ctrXGUbAPDnTG5N2u9LPvhA6yogaKB0YmpsFVxUXIhgoaBr2zCZhjaTTMlMShMCbRHBjaDFhaCb7gQvdefWy1b/CxfSUmwajLiQkTOZaSfNTDppbo35/eC07zvnTJ73OZf3vDPnMCeAfWsw/ScTcTgiPkoi+muvJxHRVS11RpxcWW55cSGXTklUKm//nlSXWVpcyEXDe1IHa5WnI+LH9yOOZNbGLc3NT44VCvmZWn24PHVxuDQ3f/T81NhEfiI/fXxkdPTYiZdOHN+6XP/4Zf7Q7Y/feP6bk3+999TND39K4mQcqs1rzGOrDMZgbZ10patwlde3OtguS9aZd2AH28HGpIdmx8pRHoejPzqqpRZ6d7JlAMB2uRIRFQBgn0mc/wFgn6l/D7C0uJCrT+t8XbDOxYG96c5rKxeolmrXNpfv599Zu2Z3oHodtG8pWZV8EhEDWxB/MCI+/+7dr9Iptuk6JEAzV69FxNmBwbX9f7LmnoWNeqGNZQYfqjf0f92bDA88wvfp+OflZuO/zP3xTzQZ//Q0OXYfxzrHf03m1haEaSkd/73acG/bckP+NQMdtdp/qmO+ruTc+UI+7dv+GxFD0dWT1kfWiTF07+97reY1jv/uXr+Q9nm5u9cvfPlgicytzp7V7xkfK49tJudGd65FPNPZLP96/79yD1uz8e/pNmO8+coHn7Wal+af5luf0vir899elRsRzzXd/g/uaEvWvT9xuLo7DNd3iia+/fXTvlbxG7d/OqXx658FdkK6/fvWz38gabxfs7TxGD/f6P+h1bxH5998/+9O3qmW64OEy2Pl8sxIRHfy1trXjz14b71eXz7Nf+jZ7qbHf73/a7b/p58Jz7aZf+fta18/fv7bK81/fEPbf+OFm8uTHa3it7f9R6ulodor7fR/7TZwM+sOAAAAAAAAAAAAAAAAAAAAAAAAANqViYhDkWSy98uZTDa78gzv/0dfplAslY+cK85Oj0f1WdkD0ZWp/9Rlf8PvoY7Ufg+/Xj/2UP3FiPhfRHzS01utZ3PFwvhuJw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANQdbPP8/9VvPbrcOANg2B3a7AQDAjnP+B4D9Z2Pn/95tawcAsHN8/geA/cf5HwD2H+d/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAttnpU6fSqfLn4kIurY9fmpudLF46Op4vTWanZnPZXHHmYnaiWJwo5LO54lTLP3R15b9CsXhxNKZnLw+X86XycGlu/sxUcXa6fOb81NhE/ky+a8cyAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID2lebmJ8cKhfzMnilUKpUrT0Az/g2FjtpO8KS0Z88VMptYdV/sduMfUWjsJXp3p3MCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AP+CQAA//+qiiUU")
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000100)={'gre0\x00', &(0x7f0000000040)=@ethtool_wolinfo={0x6, 0x81, 0x6, "4b7fb10f0524"}})
open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1081000, 0x0)
r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600016, 0x15)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x181102, 0x0)
ioctl$BLKDISCARD(r1, 0x1277, &(0x7f00000000c0))
syz_usb_connect(0x0, 0x2d, &(0x7f0000000e80)={{0x12, 0x1, 0x0, 0x79, 0x4a, 0x29, 0x40, 0x468c, 0x90ea, 0x996d, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0xe, 0x1, 0x1, 0x0, [], [{{0x9, 0x5, 0xa}}]}}]}}]}}, 0x0)

1.576953998s ago: executing program 0 (id=979):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r0=>0xffffffffffffffff})
unshare(0x22000600)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = dup3(r1, r2, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6(0xa, 0x3, 0xff)
getsockopt$inet_IP_IPSEC_POLICY(r3, 0x0, 0x10, &(0x7f0000000840)={{{@in=@private, @in6=@empty}}, {{@in6=@private0}, 0x0, @in=@dev}}, &(0x7f0000000940)=0xe8)

1.452864543s ago: executing program 1 (id=976):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xa, 0x8, 0x7fe2, 0x1}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f00000004c0)='kmem_cache_free\x00', r2}, 0x10)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0)
mkdir(&(0x7f0000000440)='./file0\x00', 0x42)
prlimit64(0x0, 0x3, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x1}, &(0x7f0000001fee)='R\x10rust\xe3c*sgrVex:Dd', 0x0)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs={0x1}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
ioctl$TUNSETVNETLE(r0, 0x400454dc, &(0x7f0000000400)=0x1)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000640)={0x0, 0x0, 0x40}, 0x20)
r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000380)='net/nf_conntrack\x00')
lseek(r7, 0x401, 0x0)
r8 = dup(0xffffffffffffffff)
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0x80, 0x200000, 0x0, 0x40}, 0x10)
sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="2c0000001a000100000000000000000002009b00000000b2593e7fe1722934818a699dc8ea9622000000000005001b009049489e831c90bf", @ANYRES32=0x0, @ANYBLOB], 0x2c}}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000240), 0x0, 0x0)
write$FUSE_BMAP(r8, 0x0, 0x0)
write$FUSE_NOTIFY_RETRIEVE(r8, &(0x7f00000000c0)={0x14c}, 0x137)
r9 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00')
getdents64(r9, &(0x7f0000000040)=""/55, 0x37)

817.983798ms ago: executing program 2 (id=983):
r0 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
setsockopt$inet_opts(r0, 0x0, 0x4, 0x0, 0x0)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000740)='syz_tun\x00', 0x10)
connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @multicast1}, 0x10)
setsockopt$inet_opts(r0, 0x0, 0x4, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0), 0x4)

766.34525ms ago: executing program 2 (id=984):
mkdir(&(0x7f0000000300)='./file0\x00', 0x0)
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x3000480, &(0x7f0000000380), 0x45, 0x7a5, &(0x7f0000001740)="$eJzs3c9rG1ceAPDvyPLPZNdeWNjNngwLu4YQeZ31Jlso1KWHUmgg0J6bGFkxqWUrWHKIjWkTSqGXQlt6ay859+el9Nofh17a/6MkpK0TmtJDcRn9sJVYcuTElpLm84Gx3pt50nvfeaOZJ81YE8Bjazz9k4k4EhFvJRGj9flJRPRXU9mImVq52xvr+XRKYnPzhR+TaplbG+v5aHpO6lA98/eI+Or1iKOZnfWWV9cWZovFwnI9P1lZvDBZXl07dn5xdr4wX1g6MTU9ffzk/06e2L9Yf/5u7fD1t5/998czv772t0/e/DqJmThcX9Ycx34Zj/H6OulPV+Edntnvynrms1c6KNS0BWQPsjHsUdoxffVeORKj0bdb/wx3s2UAwEF5NSI22+lruwQAeKQlteP/U71uBwDQLY3vAW5trOcbU2+/keiuG09HxFAt/sb5zdqSbP2c3VD1POjIreSOMyNJRIztQ/3jEfH+5y99mE5xQOchAVq5fCUizo6N79z/JzuuWdir/3RQZvyuvP0fdM8X6fjn/63Gf5mt8U+0GP8Mtnjv3o97v/8z1/ahmrbS8d+TTde23W6Kv26sr577U3XM15+cO18spPu2P0fERPQPpvmpXeqYuPnbzXbLmsd/P73z8gdp/enjdonMtezgnc+Zm63MPkjMzW5cifhHtlX8yVb/J23Gv6c7rOO5J954r92yNP403sa0M/6DtXk14l8t+z/ZKpPsen3iZHVzmGxsFC18OhMj7eofz273fzql9Tc+C3RD2v8ju8c/ljRfr1nu+KW3rhb79urol+0KNW//reNvvf0PJC9W0wP1eZdmK5XlqYiB5Pmd849vP7eRb5RP45/4Z+v3/27bf/qZ8GyHKyJ7/YeP7j/+g5XGP7en/t9zIoZuL/S1q7+z/p+upibqczrZ/3XawAdZdwAAAAAAAAAAAAAAAAAAAAAAAADQqUxEHI4kk9tKZzK5XO0e3n+NkUyxVK4cPVdaWZqL6r2yx6I/0/ipy9Gm30Odqv8efiN//K78fyPiLxHx7uBwNZ/Ll4pzvQ4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOoOtbn/f+r7wV63DgA4MEN9vW4BANBlSTbb6yYAAN02tKfSwwfWDgCge/Z2/AcA/ggc/wHg8XOP479/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBBnT51Kp02f9lYz6f5uYurKwuli8fmCuWF3OJKPpcvLV/IzZdK88VCLl9abPtCl2sPxVLpwnQsrVyarBTKlcny6tqZxdLKUuXM+cXZ+cKZQn/XIgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAzpVX1xZmi8XCskRPEgvf1PrhYWmPxN4ScbnWfw9Le/YvEQPbe4nh3uycAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4BvwcAAP//JJMi3A==")
r0 = open(&(0x7f00000000c0)='./bus\x00', 0x1431c2, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./bus\x00', 0x0, 0x1000, 0x0)
r1 = open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r1, 0x0)
r2 = open(&(0x7f00000001c0)='./bus\x00', 0x64942, 0x0)
r3 = open(&(0x7f0000007f80)='./bus\x00', 0x0, 0x0)
sendfile(r2, r3, 0x0, 0x1000200201005)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r5, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r6 = dup(r5)
sendmsg$NFT_MSG_GETFLOWTABLE(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)={0x70, 0x17, 0xa, 0x101, 0x0, 0x0, {0x3, 0x0, 0x1}, [@NFTA_FLOWTABLE_FLAGS={0x8}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_FLAGS={0x8}, @NFTA_FLOWTABLE_FLAGS={0x8}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x1}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x4}]}, 0x70}}, 0x28000004)
write$FUSE_BMAP(r6, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r6, &(0x7f0000000800)={0x168, 0x0, 0x0, [{{}, {0x0, 0x0, 0xba, 0x0, '9p\x00\xdb\xad5\xfe;\xc4\x06\x8c\xbd\xc7L\x91\xc9\x14\xdf($\x1c\n\xe4\x7f\xbc\xca\x12\xe5NP\xfba\x03\xd1\xbf\x1dxRU1\xe5%\xc2k\"*\xc4\x15\xf5S\x86\xc6\xc8^ka<\x97n\x0f\x87e\xfdv\xd0\xa2\xa6RjM85\xf9\xd1R\x02\x1f\xf1\xf7\x11?\xdc\xddH\xb1\x90D\x0f\xa6\x1cQ\"\x9dia\xd3\xe3K\x01Y\xbd\t\x7f\x05m\xdc\xdf\xa8\v\x82ssH\xaeq\xd4\xc9\'j\x8cze\xbc\xfa\xc5\xdb\xd4\x05\xb0\xd2\xc7\x01\xfc?\x82\x15\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00%@\xfc\x18\x15+v\xb8\x9d\xd6\x9a\x84\xaf\xe5\xae\xeaQ:\x8f\xa8;\xe8`\xb1N\x1bw\x98\xb0U\xd2q\"\xed\x027\x9c\x9b'}}]}, 0x168)
getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)=<r7=>0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r6, @ANYBLOB=',privport,access=', @ANYRESDEC=r7])
chown(&(0x7f0000000040)='./file0\x00', 0x0, 0xffffffffffffffff)
fchmodat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000500)=@generic={&(0x7f00000003c0)='./file0\x00', 0x0, 0x8}, 0x18)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

735.513091ms ago: executing program 0 (id=985):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000380)=0x474c, 0x4)
r1 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, 0x0, 0x0)
setsockopt$inet_opts(r1, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000740)='syz_tun\x00', 0x10)
connect$inet(r1, &(0x7f0000000140)={0x2, 0x0, @multicast1}, 0x10)
setsockopt$inet_opts(r1, 0x0, 0x4, 0x0, 0x0)
setsockopt$inet_opts(r1, 0x0, 0x1, &(0x7f00000004c0)="18", 0x1)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000000c0), 0x4)

621.236716ms ago: executing program 2 (id=986):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00'}, 0x10)
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r1 = epoll_create1(0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'tunl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x36, 0x4, 0x0, 0x0, 0xd8, 0x64, 0x0, 0x0, 0x29, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x9, [0x401, 0x5, 0x0, 0x5, 0x4]}, @timestamp_prespec={0x44, 0x44, 0xc0, 0x3, 0x0, [{@private=0xa010100}, {@multicast1, 0x5}, {@remote, 0x8}, {@dev={0xac, 0x14, 0x14, 0x32}, 0x659}, {@broadcast}, {@empty}, {@multicast1, 0xffd200}, {@private=0xa010100, 0x7}]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x8, [{@dev}, {@remote, 0x4}, {@multicast2}, {@private=0xa010101}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}, {@multicast2}]}, @noop, @noop, @noop, @lsrr={0x83, 0xf, 0xdc, [@private=0xa010102, @rand_addr=0x64010102, @multicast1]}, @rr={0x7, 0x17, 0x4, [@dev, @remote, @multicast1, @remote, @remote]}]}}}}})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r4, 0x0)
r5 = dup(r3)
r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x4)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000672000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_SET_MP_STATE(r9, 0x4004ae99, &(0x7f0000000000)=0x4)
ioctl$KVM_SET_MP_STATE(r9, 0x4004ae99, &(0x7f0000000040)=0x6)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$KVM_NMI(r6, 0xae9a)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
poll(&(0x7f0000000480)=[{r1}], 0x1, 0x100)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r10, &(0x7f0000000100), 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r10, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000))

531.706549ms ago: executing program 1 (id=987):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4)
syz_emit_ethernet(0x52, &(0x7f00000000c0)={@empty, @broadcast, @val, {@ipv6={0x86dd, @tcp={0x0, 0x6, "080108", 0x14, 0x2f, 0x0, @local, @private1, {[], {{0x0, 0x8906, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=@framed={{}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x14}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1e7d, 0x31ce, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xb}}}}]}}]}}, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000400)='./bus\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYRESDEC=r0, @ANYRES16, @ANYRES64], 0x1, 0x375, &(0x7f0000000880)="$eJzs3c+LG2UYwPFndrPZZEs3OYiiIPugF70Mu6tnNUgL4oJl24itIEy7Ew0Zk2UmRCLixpNX8eY/IFh68FDwUFD/gb14qxcvntxLQdAi4sj8ys9Jsslu2Wz7/UCbN3nfJ/O+yWR5nsC8OXrvq49rFc+sWE1ZyqkYIiIPRYqyJAkjuslKio68fOHP+89fvX7j7dLOzqVd1cula69sq+r6xo+ffJaPh91blcPiB0cPtn8/fPrw2aP/rn1U9bTqab3RVEtvNn5rWjcdW/eqXs1UveLYlmdrte7ZbtTfiPorTmN/v61Wfe/i2r5re55a9bbW7LY2G9p022p9aFXrapqmXlxLm+5jLDdHTPn27q5VmvOAt+aMw2n7x/f9Cd2uW7KWRcz8SE/59iOdFwAAWEhD+f83SY5QlKVuQmnEtUA2bA+WAUH+n7TD/D8oFnr5/50Xfm5eePfuepz/38um5f+v/hrFD+T/wdFPPf//buj+aEZ07h3MMvhE+T8Ww8bgJ/KPXsUeC/L/4NPQrei/eP/OZtgg/wcAAAAAAAAAAAAAAAAAAAAA4Dx46PsF3/cLyW3yr3cJQXw/ZHQmXmiMc2fc+78a7yjQPR/wWLp6/Ybkwgv3Musizpetcqsc3cb9ycBNKci/4fkQizac6ISdGijKT85Bq7wSByyH/5eyouKILVtSkOJAfNi+/NbOpS2NRPHh8Q9aZSOzFsRXpBrGb0tBnkqP306Nz8pLL/bFm1KQX25JQxzZC8/rXvznW6pvvrMzFJ8Px6V5/dG+JQAAAAAAnDpTNReXz8XB+jeq301TNa0/qOWlvz4f/X6gW19vptbnmcJzmbNdOwAAAAAATwov+2nNchzb9dpjG3mZNmY1frbJz5PeyMwyOGjcDxsrk8Ys963wuM+cjX9BY4bJy2wrtRznr1VJfTGTLVwHunIneFUtJ1n/MQbnZn0LXG9p9rXbrrcRzEfnWk5fI/naKHpkeeSlkyvjwr83kqjZDprsnDtt8DNff/v3fOsy4l17+7teu5sbWOmYcGPokc6Uk/aB70+dz0r6X4sf5vmRGQAAAAALIkn6817yyBtnOyEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ5AJ9uJ7XiNs14jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsCj+DwAA///sY/Oz")
r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
fcntl$setstatus(r3, 0x4, 0x6100)
r4 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r4, 0x0)
ftruncate(r3, 0x22)
write$FUSE_ATTR(r3, &(0x7f0000000600)={0x78}, 0x78)
write$cgroup_type(r3, &(0x7f0000000200), 0x175d9003)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, &(0x7f0000000200)={0x24, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00220c00000083b14372a3292e4bd4be3a24bbad65baedaec45d38287368e30ec93da935b6465da7745d2fad116cbdb1ed01a27be6bb182a351ba6f7bb943957125791eec454d8"], 0x0}, 0x0)

466.302222ms ago: executing program 2 (id=988):
socket$xdp(0x2c, 0x3, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000001400000014000000020000000000000001001f1d34afdf5c0006040000000c000001"], &(0x7f0000001f80)=""/237, 0x2e, 0xed, 0x1}, 0x20)

81.119337ms ago: executing program 2 (id=989):
mkdir(&(0x7f0000002200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
mount$tmpfs(0xa00000000000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x210020, &(0x7f0000000280))

30.276069ms ago: executing program 2 (id=990):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x2c)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
sendto$inet(r1, &(0x7f0000000440)="54a8dc5b52961eb747c65b2b5cafff0e005c8b658f43e198a87fae59e54244db02af506b21228009096c1a0907694347a098545d3f23005d86eb9d7b9c04c963d40fd583e4e10a9c660edde78bc5fbacbd5eac0697a2e97422dd223e52bf61c2d9a5f06bf16819f36b7ca254cad3d149eee51df792b9e14fc63c161586af586c1818d8ce5db71ef840f151347fc842fd552bb71846cff2dbef386d278240e1ac86cbc6e6dfac8c3f72c04e92363affbd495b000456949c3589b082d504f147379a69bba52a0045f1925ae562b89f", 0xce, 0x0, &(0x7f0000000240)={0x2, 0x4e21, @loopback}, 0x10)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000180)={0x0, <r2=>0x0})
sched_setscheduler(r2, 0x0, 0xfffffffffffffffd)
r3 = socket$inet6(0xa, 0x3, 0x87)
setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000280)={{{@in=@local, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x1}}, 0xe8)
r4 = socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ioctl$sock_inet_SIOCSIFFLAGS(r4, 0x8914, &(0x7f00000000c0)={'ip6gre0\x00', 0x1000})
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040)={0x0, <r7=>0x0})
ptrace$setopts(0x4206, r7, 0x0, 0x0)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)

0s ago: executing program 4 (id=991):
r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb4, 0x7f}, 0x48)
r1 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)=@o_path={&(0x7f0000000040)='./file0\x00', 0x0, 0x18, r0}, 0x18)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f00000007c0)=ANY=[@ANYRESHEX=r2, @ANYRES32, @ANYRES32=r1, @ANYRES8=<r4=>r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000bc0)=ANY=[@ANYRES16=r2, @ANYRES32=<r6=>r2, @ANYBLOB="a6dbec29398b5f1851a68e9925465cfef7d4e7c6c950ab27f0566834217e8b68041b6f716416bab8913637f3213199c416aa5b7fe22165b5133b4ce08618795324bc86078cece7e4a0d18e2fc3a68244a7fc169de65c59e31fdae3a6392ba7e69d354b2893e71d538b17ee697f86186692a69137e99ae7114c343086175a05a4644957f73fc7f6eabbb05e370e978842fb1f774f144482be27580a8cd0907f28d6dc3ad730d120b1", @ANYRESHEX=r2, @ANYRES8=<r7=>r5], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}, 0x90)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000000c0)='jbd2_write_superblock\x00', r8}, 0x10)
r9 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x1, 0x8, '\x00', 0x0, 0x0, 0x0, 0xffffffff}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xf, &(0x7f0000000cc0)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES64=r7, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000828dec9c8500000084000000b7000000000000009500000000000000a8f058f5e0866604912dd163fffe504682e56265de4ac0c730f01d2540baef6b3e84fc0178fbcc055e256309892209f266e6b7d152a638cd821131f0d0076742c6ab3aee1f3fbd0f945ef0dc2fb21725842e6895390fa2506979687f55f00045af005229e512afd39fc9f9d93af7520ff2a29c9da89e895ae9c4115736f8f52e744a46a2bbdc952c4e9c945af37dbb3619d0380c5fdd10faddb3f1f5689676c3692905676d33db97b01225d84da98e05c5e15244fbd29b3e08643cdb4a3749fdca81cb43b6e9719f523988dd6a45c8ba06f43c62f188db97189e97eca03e7610"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000580)=ANY=[@ANYBLOB="050000000000000063112d00000000008510000002000000850200000000000095000000000000009523a50500000000ad83dfd36a6aa7fb174c28ad491eb81991b16b8b5eb96f30e7"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70)
r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0)
ioctl$SIOCSIFHWADDR(r11, 0x40086602, &(0x7f0000000540)={'\x00', @remote})
r12 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.kill\x00', 0x7a05, 0x1700)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xc, &(0x7f0000000380)=ANY=[@ANYRES32=r6, @ANYRES8=r0, @ANYRES8=r4], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@bloom_filter={0x1e, 0x1, 0x5, 0x1000008, 0x1a22, r9, 0x3, '\x00', 0x0, r12, 0x1, 0x4, 0x1, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000300)=ANY=[@ANYRES32, @ANYRESHEX=r6], 0x0, 0x0, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, 0x0, r11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203a608c}, 0x90)
r13 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.current\x00', 0x275a, 0x0)
ioctl$SIOCSIFHWADDR(r13, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}})
write$cgroup_pid(r12, &(0x7f0000000340), 0x1009)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{0x1}, &(0x7f0000000500), &(0x7f0000000540)=r10}, 0x20)
r14 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xa, 0x144000, 0x7fe2, 0x1}, 0x48)
bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000400)={r14, &(0x7f0000000180), 0x20000000}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x3, &(0x7f0000000000)={r14, &(0x7f0000000180), 0x0}, 0x20)
r15 = syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000880)='./file0\x00', 0x4500, 0x0, 0x13, 0x4ff, &(0x7f00000008c0)="$eJzs3VFrHFsdAPD/bLK3aZtrctWH6wVvL94r7UW7mzS2DQptBbEPUlDre43JJoRssiG7aZtQJMV3BREV/AC+CH4AQfoRRCjou9SiiLb64IO6MrOzGtPd7rbd7Nbk94PpnDOzs///SbMnc2YOOwEcW+9FxLWIGIuIDyNiKt9eyJfraWWv9bqnT+4tpksSzebNPyeR5Nva75Xk69OtQ2IiIr5+PeJbybNx6zu7awvVamUrr5cb65vl+s7u+dX1hZXKSmVjbm720vzl+YvzMwNp53REXPnS4x9+76dfvvLLz9753a0/nvt2mtZkvn9/Owap1fRi9rNoG4+IrcMINgJj+brYZf93x4aYDAAAPaXn+B+NiE9l5/9TMZadnQIAAABHSfPqZPwjiWgCAAAAR1YhmwObFEr5XIDJKBRKpdYc3o/HqUK1Vm98Zrm2vbHUmis7HcXC8mq1MpPPFZ6OYpLWZ/M5tu36hQP1uYh4KyJ+MHUyq5cWa9WlUV/8AAAAgGPi9IHx/9+msvH/iVHnBQAAAAzY9KgTAAAAAA6d8T8AAAAcfS8+/k88JQAAAAD+f3z1xo10abaff710e2d7rXb7/FKlvlZa314sLda2NksrtdpK9p19673er1qrbX4uNrbvlhuVeqNc39m9tV7b3mjcWv2fR2ADAAAAQ/TWmQe/TSJi7/MnsyX1xqiTAoYi6bE/e0jIo7zy+yEkBAzN2Esc4/wAjgbzeOH4Ko46AWDkel0H6Dp551eDzwUAADgcZz/R/f6/awNwtBVGnQAAMHTu/8PxVXypGYDAUfKRHvtf/f5/s/lCCQEAAAM3mS1JoZTfC5yMQqFUingzeyxAMVlerVZm8vHBb6aKJ9L6bHZk0nPOMAAAAAAAAAAAAAAAAAAAAAAAAADQ0mwm0QQAAACOtIjCH5Ls2/wjzk59MHnw+sAbyd+nsnVE3PnJzR/dXWg0tmbT7X/5z/bGj/PtF7pcZPjCYV/FAAAAAPZrj9Pb43gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGKSnT+4ttpdhxv3TFyNiumP8MxPZaiKKEXHqr0mM7zsuiYixAcTfux8Rb3eKn6RpxXS0sugU/+QI4xci4vQA4sNx9iDtf651+vwV4r1s3fnzN54vr6p7/1eIdv83ti9+MT8u7X/e7DPGOw9/Xu4a/37EO+Od+592/KRL//d+n/G/+Y3d3Y47kuxtMp3i749Vbqxvlus7u+dX1xdWKiuVjbm52Uvzl+cvzs+Ul1erlfzfjmG+/8lf/Ot57T/VJf50j/Z/0Gf7//nw7pOPtYrFTvHPvd/57+/bz8b/yp28709/Jz6dl9P9Z9vlvVZ5v3d/9ut3n9f+pS7t7/X/f67P9n/4te886vOlAMAQ1Hd21xaq1cpWP4XmiYi+XzzoQuxFDD1op0J6DvcapDHIwtXHo08j/W18PX4agy6ceT3SeMHCqHsmAABg0P570t/vEROHmxAAAAAAAAAAAAAAAAAAAAAcQ8P4OrGDMfdG01QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgOf6dwAAAP//dCfVTw==")
r16 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000240)=@o_path={&(0x7f0000000040)='./file0\x00', 0x0, 0x0, r15}, 0x18)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000280)={@mcast2, <r17=>0x0}, &(0x7f00000002c0)=0x14)
r18 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x8, 0x401, 0x77b, 0x10, r16, 0x5, '\x00', r17, 0xffffffffffffffff, 0x5, 0x4, 0x0, 0xf}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800"/13], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000740)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r18}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x80}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

kernel console output (not intermixed with test programs):

=tipc_socket permissive=1
[   70.606068][ T2097] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=2097 comm=syz.4.470
[   70.636205][ T2093] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[   70.647027][ T2093] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[   70.679869][ T2111] netlink: 24 bytes leftover after parsing attributes in process `syz.1.474'.
[   70.689127][ T2093] F2FS-fs (loop0): Found nat_bits in checkpoint
[   70.735433][ T2093] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[   70.747528][ T2093] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[   70.754500][ T2093] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   70.907704][ T2119] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[   70.908256][ T2116] overlayfs: missing 'lowerdir'
[   70.922519][ T2119] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (20904!=33349)
[   70.940364][ T2119] EXT4-fs (loop4): revision level too high, forcing read-only mode
[   70.948683][ T2119] EXT4-fs (loop4): orphan cleanup on readonly fs
[   70.954929][ T2119] EXT4-fs error (device loop4): ext4_map_blocks:617: inode #2: block 4: comm syz.4.477: lblock 0 mapped to illegal pblock 4 (length 1)
[   71.006333][    T7] attempt to access beyond end of device
[   71.006333][    T7] loop0: rw=1, want=45224, limit=40427
[   71.017830][ T2119] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -117
[   71.025825][ T2119] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsold,noquota,errors=continue,noload,init_itable=0x0000000000001000,usrjquota="init_itable=0x0000000000000601,max_dir_size_kb=0x0000000000000003,,errors=continue
[   71.168027][ T2133] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a802c018, mo2=0002]
[   71.176672][ T2133] System zones: 0-1, 3-12
[   71.255120][ T2133] EXT4-fs (loop1): mounted filesystem without journal. Opts: init_itable=0x0000000000000000,debug,,errors=continue
[   71.386931][    T5] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[   71.477000][  T386] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[   71.508995][ T2141] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   71.529149][ T2141] EXT4-fs error (device loop0) in ext4_do_update_inode:5534: error 27
[   71.539361][ T2141] EXT4-fs error (device loop0) in ext4_do_update_inode:5534: error 27
[   71.558371][ T2141] EXT4-fs warning (device loop0): ext4_dirblock_csum_verify:389: inode #2: comm syz.0.479: No space for directory leaf checksum. Please run e2fsck -D.
[   71.577270][ T2141] EXT4-fs error (device loop0): __ext4_find_entry:1654: inode #2: comm syz.0.479: checksumming directory block 0
[   71.599974][ T1200] EXT4-fs warning (device loop0): ext4_dirblock_csum_verify:389: inode #2: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D.
[   71.616969][ T1200] EXT4-fs error (device loop0): ext4_readdir:220: inode #2: comm syz-executor: path (unknown): directory fails checksum at offset 0
[   71.632953][ T1200] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 3: comm syz-executor: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0
[   71.654013][ T1200] EXT4-fs warning (device loop0): ext4_dirblock_csum_verify:389: inode #2: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D.
[   71.669456][ T1200] EXT4-fs error (device loop0): ext4_readdir:220: inode #2: comm syz-executor: path (unknown): directory fails checksum at offset 18432
[   71.683715][ T1200] EXT4-fs warning (device loop0): ext4_dirblock_csum_verify:389: inode #2: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D.
[   71.699307][ T1200] EXT4-fs error (device loop0): ext4_readdir:220: inode #2: comm syz-executor: path (unknown): directory fails checksum at offset 20480
[   71.713365][ T1200] EXT4-fs warning (device loop0): ext4_dirblock_csum_verify:389: inode #2: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D.
[   71.730323][ T1200] EXT4-fs error (device loop0): ext4_readdir:220: inode #2: comm syz-executor: path (unknown): directory fails checksum at offset 22528
[   71.744537][ T1200] EXT4-fs warning (device loop0): ext4_dirblock_csum_verify:389: inode #2: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D.
[   71.759989][ T1200] EXT4-fs error (device loop0): ext4_readdir:220: inode #2: comm syz-executor: path (unknown): directory fails checksum at offset 24576
[   71.773713][  T386] usb 3-1: device descriptor read/64, error 18
[   71.780013][ T1200] EXT4-fs warning (device loop0): ext4_dirblock_csum_verify:389: inode #2: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D.
[   71.795431][ T1200] EXT4-fs error (device loop0): ext4_readdir:220: inode #2: comm syz-executor: path (unknown): directory fails checksum at offset 26624
[   71.809456][    T5] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   71.814648][ T1200] EXT4-fs warning (device loop0): ext4_dirblock_csum_verify:389: inode #2: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D.
[   71.820141][    T5] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   71.835851][ T1200] EXT4-fs warning (device loop0): ext4_dirblock_csum_verify:389: inode #2: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D.
[   71.845060][    T5] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[   71.860926][ T1200] EXT4-fs warning (device loop0): ext4_dirblock_csum_verify:389: inode #2: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D.
[   71.869330][    T5] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   71.893435][    T5] usb 4-1: config 0 descriptor??
[   71.923714][ T2155] overlayfs: missing 'lowerdir'
[   71.937110][  T732] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[   72.158760][ T2164] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[   72.166548][ T2164] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[   72.174702][  T386] usb 3-1: device descriptor read/64, error 18
[   72.192906][ T2164] F2FS-fs (loop4): Found nat_bits in checkpoint
[   72.216959][  T732] usb 2-1: device descriptor read/64, error 18
[   72.228464][ T2164] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[   72.241888][ T2164] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[   72.249069][ T2164] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   72.300332][ T1734] attempt to access beyond end of device
[   72.300332][ T1734] loop4: rw=1, want=45224, limit=40427
[   72.377326][    T5] hid (null): bogus close delimiter
[   72.382554][    T5] hid (null): unknown global tag 0xe
[   72.446950][  T386] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[   72.586992][    T5] usb 4-1: language id specifier not provided by device, defaulting to English
[   72.616935][  T732] usb 2-1: device descriptor read/64, error 18
[   72.716916][  T386] usb 3-1: device descriptor read/64, error 18
[   72.867016][    T5] uclogic 0003:256C:006D.000A: failed retrieving Huion firmware version: -71
[   72.875605][    T5] uclogic 0003:256C:006D.000A: failed probing parameters: -71
[   72.893678][    T5] uclogic: probe of 0003:256C:006D.000A failed with error -71
[   72.897024][  T732] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[   72.903392][    T5] usb 4-1: USB disconnect, device number 10
[   72.968014][ T2176] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.974968][ T2176] bridge0: port 1(bridge_slave_0) entered disabled state
[   72.982586][ T2176] device bridge_slave_0 entered promiscuous mode
[   72.989443][ T2176] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.996345][ T2176] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.003678][ T2176] device bridge_slave_1 entered promiscuous mode
[   73.049110][ T2176] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.055973][ T2176] bridge0: port 2(bridge_slave_1) entered forwarding state
[   73.063143][ T2176] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.069976][ T2176] bridge0: port 1(bridge_slave_0) entered forwarding state
[   73.092042][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   73.099409][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.106429][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.113759][  T386] usb 3-1: device descriptor read/64, error 18
[   73.123052][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   73.131129][   T18] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.137963][   T18] bridge0: port 1(bridge_slave_0) entered forwarding state
[   73.146585][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   73.154849][    T5] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.161699][    T5] bridge0: port 2(bridge_slave_1) entered forwarding state
[   73.177097][  T732] usb 2-1: device descriptor read/64, error 18
[   73.183918][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   73.195501][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   73.209592][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   73.225813][  T373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   73.233848][  T373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   73.237036][  T386] usb usb3-port1: attempt power cycle
[   73.249140][  T373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   73.259335][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   73.290391][ T2181] netlink: 40 bytes leftover after parsing attributes in process `syz.0.493'.
[   73.459664][ T2183] EXT4-fs (loop4): Unrecognized mount option "func=KEXEC_INITRAMFS_CHECK" or missing value
[   73.567015][  T373] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[   73.574478][  T732] usb 2-1: device descriptor read/64, error 18
[   73.612863][ T2189] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[   73.621183][ T2189] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (20904!=33349)
[   73.632329][ T2189] EXT4-fs (loop3): revision level too high, forcing read-only mode
[   73.641860][ T2189] EXT4-fs (loop3): orphan cleanup on readonly fs
[   73.648392][ T2189] EXT4-fs error (device loop3): ext4_map_blocks:617: inode #2: block 4: comm syz.3.496: lblock 0 mapped to illegal pblock 4 (length 1)
[   73.662249][  T386] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[   73.670427][ T2189] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -117
[   73.684676][ T2189] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsold,noquota,errors=continue,noload,init_itable=0x0000000000001000,usrjquota="init_itable=0x0000000000000601,max_dir_size_kb=0x0000000000000003,,errors=continue
[   73.707323][  T732] usb usb2-port1: attempt power cycle
[   73.987363][  T373] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   74.001145][  T373] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   74.010997][  T373] usb 1-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[   74.017015][  T386] usb 3-1: device descriptor read/8, error -61
[   74.020136][  T373] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   74.034571][  T373] usb 1-1: config 0 descriptor??
[   74.156776][ T2201] overlayfs: missing 'lowerdir'
[   74.156947][  T732] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[   74.246985][  T386] usb 3-1: device descriptor read/8, error -71
[   74.286370][ T2212] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[   74.367059][  T732] usb 2-1: device descriptor read/8, error -61
[   74.421172][ T2214] 9pnet: Insufficient options for proto=fd
[   74.431460][ T2206] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[   74.439130][ T2206] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[   74.441334][   T23] kauditd_printk_skb: 6 callbacks suppressed
[   74.441343][   T23] audit: type=1326 audit(74.421:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2210 comm="syz.4.503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcccf822b99 code=0x7fc00000
[   74.458563][ T2206] F2FS-fs (loop2): Found nat_bits in checkpoint
[   74.497789][ T2206] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[   74.506956][ T2181] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[   74.515970][ T2206] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[   74.523486][ T2206] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   74.531602][  T373] hid-multitouch 0003:1FD2:6007.000B: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.0-1/input0
[   74.577058][  T732] usb 2-1: device descriptor read/8, error -71
[   74.603300][    T7] attempt to access beyond end of device
[   74.603300][    T7] loop2: rw=1, want=45224, limit=40427
[   74.734546][   T13] usb 1-1: USB disconnect, device number 14
[   74.743869][ T2223] F2FS-fs (loop1): Wrong secs_per_zone / total_sections (67108865, 24)
[   74.755297][ T2223] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock
[   74.766351][ T2223] F2FS-fs (loop1): invalid crc value
[   74.774431][ T2223] F2FS-fs (loop1): Found nat_bits in checkpoint
[   74.816597][ T2223] F2FS-fs (loop1): Try to recover 2th superblock, ret: 0
[   74.823556][ T2223] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   74.842077][ T2226] attempt to access beyond end of device
[   74.842077][ T2226] loop1: rw=2049, want=40976, limit=40427
[   75.031052][   T23] audit: type=1400 audit(75.011:320): avc:  denied  { getopt } for  pid=2233 comm="syz.1.507" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[   75.071322][   T23] audit: type=1326 audit(75.051:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2210 comm="syz.4.503" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcccf822b99 code=0x7fc00000
[   75.097567][ T2240] device pim6reg1 entered promiscuous mode
[   75.231319][ T2244] overlayfs: missing 'workdir'
[   75.277033][  T386] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[   75.280401][ T2251] erofs: (device loop4): erofs_parse_options: Unrecognized mount option "ÿÿÿÿÿÿ18446744073709551615°íi‚®(ŒíˆµFïp=�œ5L©	ËE¿Âùx§®Ú®é·Î£ 7dÏÿ¾¦‰©k;µ\7�Šcû|Zæä~ÿôö^ª“~ÿÿÿÿÿÿÿÿÿÿÿÿÿ01777777777777777777777ÿÿÿÿÿÿÿÿ0xffffffffffffffffÿÿÿÿÿÿÿÿÿÿÿÿ" or missing value
[   75.340505][ T2255] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[   75.348932][ T2255] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (20904!=33349)
[   75.359186][ T2255] EXT4-fs (loop3): revision level too high, forcing read-only mode
[   75.367560][ T2255] EXT4-fs (loop3): orphan cleanup on readonly fs
[   75.373747][ T2255] EXT4-fs error (device loop3): ext4_map_blocks:617: inode #2: block 4: comm syz.3.515: lblock 0 mapped to illegal pblock 4 (length 1)
[   75.388139][ T2255] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -117
[   75.396191][ T2255] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsold,noquota,errors=continue,noload,init_itable=0x0000000000001000,usrjquota="init_itable=0x0000000000000601,max_dir_size_kb=0x0000000000000003,,errors=continue
[   75.444785][ T2258] EXT4-fs (loop0): mounted filesystem without journal. Opts: journal_dev=0x0000000000000000,nouid32,,errors=continue
[   75.525141][  T386] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   75.537557][  T386] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   75.547990][  T386] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[   75.556829][  T386] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   75.569400][  T386] usb 3-1: config 0 descriptor??
[   75.841541][ T2262] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[   75.855230][ T2262] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[   75.874422][ T2262] F2FS-fs (loop4): Found nat_bits in checkpoint
[   75.914372][ T2262] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[   75.937244][ T2262] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[   75.944158][ T2262] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   75.963009][ T1604] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix.
[   75.963014][ T1604] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix.
[   75.970940][ T1604] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix.
[   75.978440][ T1604] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix.
[   75.985850][ T1604] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix.
[   75.996099][ T1604] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix.
[   76.012756][ T1604] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix.
[   76.044970][  T386] hid (null): bogus close delimiter
[   76.073205][  T386] hid (null): unknown global tag 0xe
[   76.097305][ T2299] overlayfs: missing 'workdir'
[   76.337212][  T386] usb 3-1: language id specifier not provided by device, defaulting to English
[   76.404571][ T2307] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[   76.515995][ T2310] 9pnet: Insufficient options for proto=fd
[   76.534914][   T23] audit: type=1326 audit(76.511:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2303 comm="syz.1.524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc106f55b99 code=0x7fc00000
[   76.594708][   T23] audit: type=1326 audit(76.571:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2303 comm="syz.1.524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc106f55b99 code=0x7fc00000
[   76.637086][  T386] uclogic 0003:256C:006D.000C: failed retrieving Huion firmware version: -71
[   76.645760][  T386] uclogic 0003:256C:006D.000C: failed probing parameters: -71
[   76.653063][  T386] uclogic: probe of 0003:256C:006D.000C failed with error -71
[   76.662285][  T386] usb 3-1: USB disconnect, device number 13
[   77.186106][   T23] audit: type=1326 audit(77.161:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2303 comm="syz.1.524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc106f55b99 code=0x7fc00000
[   77.411412][ T2328] EXT4-fs (loop3): can't mount with journal_async_commit, fs mounted w/o journal
[   77.426778][ T2325] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[   77.434787][ T2325] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[   77.435546][   T23] audit: type=1400 audit(77.421:325): avc:  denied  { watch watch_reads } for  pid=2330 comm="syz.2.531" path="/syzcgroup/unified/syz2" dev="cgroup2" ino=93 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[   77.451491][ T2325] F2FS-fs (loop1): Found nat_bits in checkpoint
[   77.491720][ T2325] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[   77.503712][ T2325] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[   77.510840][ T2325] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   77.556210][  T350] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix.
[   77.556215][  T350] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix.
[   77.563858][ T2338] netlink: 20 bytes leftover after parsing attributes in process `syz.2.532'.
[   77.565245][  T350] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix.
[   77.638246][ T2338] FAT-fs (loop2): Unrecognized mount option "-U" or missing value
[   77.739929][   T23] audit: type=1400 audit(77.721:326): avc:  denied  { map } for  pid=2337 comm="syz.2.532" path="socket:[23258]" dev="sockfs" ino=23258 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[   77.822573][ T2346] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[   77.836788][ T2346] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (20904!=33349)
[   77.850230][ T2346] EXT4-fs (loop2): revision level too high, forcing read-only mode
[   77.858969][ T2346] EXT4-fs (loop2): orphan cleanup on readonly fs
[   77.865440][ T2346] EXT4-fs error (device loop2): ext4_map_blocks:617: inode #2: block 4: comm syz.2.535: lblock 0 mapped to illegal pblock 4 (length 1)
[   77.880007][ T2346] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -117
[   77.888426][ T2346] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsold,noquota,errors=continue,noload,init_itable=0x0000000000001000,usrjquota="init_itable=0x0000000000000601,max_dir_size_kb=0x0000000000000003,,errors=continue
[   77.957173][ T2350] overlayfs: missing 'workdir'
[   77.993225][ T2356] device pim6reg1 entered promiscuous mode
[   78.478719][   T23] audit: type=1400 audit(78.461:327): avc:  denied  { add_name } for  pid=2376 comm="syz.4.543" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   78.498693][   T23] audit: type=1400 audit(78.461:328): avc:  denied  { associate } for  pid=2376 comm="syz.4.543" name="file0" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[   78.501571][ T2377] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=2377 comm=syz.4.543
[   78.748525][ T2382] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[   78.756215][ T2382] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[   78.767342][ T2382] F2FS-fs (loop4): Found nat_bits in checkpoint
[   78.789436][ T2382] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[   78.808997][ T2382] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[   78.816228][ T2382] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   79.046255][ T2404] netlink: 'syz.0.553': attribute type 25 has an invalid length.
[   79.055709][ T2404] netlink: 'syz.0.553': attribute type 7 has an invalid length.
[   79.119727][ T2404] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 1, start 00000001)
[   79.136970][ T2404] FAT-fs (loop0): Filesystem has been set read-only
[   79.284966][ T2400] F2FS-fs (loop2): invalid crc value
[   79.308304][ T2400] F2FS-fs (loop2): Found nat_bits in checkpoint
[   79.365278][ T2400] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   79.529937][   T23] audit: type=1400 audit(79.511:329): avc:  denied  { setopt } for  pid=2427 comm="syz.0.560" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   79.546966][    T5] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[   79.852191][ T2426] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[   79.883224][ T2426] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[   79.906184][ T1111] attempt to access beyond end of device
[   79.906184][ T1111] loop2: rw=2049, want=45112, limit=40427
[   79.921516][ T2426] F2FS-fs (loop4): Found nat_bits in checkpoint
[   79.967555][ T2426] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[   79.987275][ T2426] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[   79.994156][ T2426] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   80.037036][    T5] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[   80.065498][    T5] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[   80.075305][    T5] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[   80.084076][    T5] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   80.185802][ T2447] device pim6reg1 entered promiscuous mode
[   80.327853][ T2410] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[   80.429923][ T2453] erofs: (device loop0): erofs_parse_options: Unrecognized mount option "ÿÿÿÿÿÿÿÿ01777777777777777777777ÿÿÿÿ0xffffffffffffffff" or missing value
[   80.547272][ T2410] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[   80.758879][ T2456] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[   80.766498][ T2456] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[   80.778613][ T2456] F2FS-fs (loop0): invalid crc value
[   80.785155][ T2456] F2FS-fs (loop0): Found nat_bits in checkpoint
[   80.810687][ T2456] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[   80.817719][ T2456] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   81.117019][    T5] aiptek 4-1:17.0: Aiptek using 400 ms programming speed
[   81.124598][    T5] input: Aiptek as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:17.0/input/input9
[   81.133738][    T5] input: failed to attach handler kbd to device input9, error: -5
[   81.187751][ T2469] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[   81.189682][    T5] usb 4-1: USB disconnect, device number 11
[   81.215659][ T2469] EXT4-fs error (device loop1): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   81.226732][   T23] audit: type=1400 audit(81.191:330): avc:  denied  { write } for  pid=2463 comm="syz.1.567" name="file0" dev="loop1" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   81.253983][   T23] audit: type=1400 audit(81.191:331): avc:  denied  { open } for  pid=2463 comm="syz.1.567" path="/root/syzkaller.T14QPc/113/file1/file0/file0" dev="loop1" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   81.305512][   T23] audit: type=1400 audit(81.281:332): avc:  denied  { mounton } for  pid=2463 comm="syz.1.567" path="/root/syzkaller.T14QPc/113/file1/file0" dev="loop1" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   81.714356][   T23] audit: type=1400 audit(81.691:333): avc:  denied  { rmdir } for  pid=350 comm="syz-executor" name="lost+found" dev="loop1" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   81.736715][   T23] audit: type=1400 audit(81.711:334): avc:  denied  { unlink } for  pid=350 comm="syz-executor" name="file0" dev="loop1" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   81.758295][   T23] audit: type=1400 audit(81.711:335): avc:  denied  { unlink } for  pid=350 comm="syz-executor" name="file1" dev="loop1" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1
[   81.812122][ T2493] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[   81.820868][ T2493] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[   81.833211][ T2493] F2FS-fs (loop3): Found nat_bits in checkpoint
[   81.855093][ T2493] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[   81.866808][ T2493] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[   81.873891][ T2493] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   82.009104][ T1554] f2fs_fill_dentries: 18 callbacks suppressed
[   82.009111][ T1554] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix.
[   82.009116][ T1554] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix.
[   82.025992][ T1554] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix.
[   82.033640][ T1554] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix.
[   82.047049][ T1554] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix.
[   82.054415][ T1554] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix.
[   82.063244][ T1554] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix.
[   82.475170][ T2503] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[   82.501106][ T2503] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[   82.513332][ T2503] F2FS-fs (loop1): Found nat_bits in checkpoint
[   82.535563][ T2503] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[   82.550009][ T2503] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[   82.556925][ T2503] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   82.577763][  T350] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix.
[   82.577768][  T350] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix.
[   82.585250][  T350] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix.
[   82.597046][    T5] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[   82.841312][ T2525] device pim6reg1 entered promiscuous mode
[   82.909715][ T2531] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=2531 comm=syz.1.580
[   82.937739][   T23] audit: type=1400 audit(82.921:336): avc:  denied  { mount } for  pid=2527 comm="syz.4.584" name="/" dev="ramfs" ino=24927 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[   82.959686][ T2528] 9pnet: Insufficient options for proto=fd
[   83.006983][    T5] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   83.017704][    T5] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[   83.030948][    T5] usb 3-1: New USB device found, idVendor=5543, idProduct=006e, bcdDevice= 0.00
[   83.043010][    T5] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   83.051955][    T5] usb 3-1: config 0 descriptor??
[   83.128588][ T2538] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[   83.136184][ T2538] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[   83.147854][ T2538] F2FS-fs (loop1): Found nat_bits in checkpoint
[   83.170163][ T2538] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[   83.182023][ T2538] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[   83.189016][ T2538] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   83.202179][ T2538] attempt to access beyond end of device
[   83.202179][ T2538] loop1: rw=2049, want=78344, limit=40427
[   83.213580][ T2538] attempt to access beyond end of device
[   83.213580][ T2538] loop1: rw=2049, want=45104, limit=40427
[   83.297987][ T2513] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[   83.575984][ T2560] fuse: Invalid rootmode
[   83.662947][ T2558] EXT4-fs (loop4): quotafile must be on filesystem root
[   83.765022][   T23] audit: type=1400 audit(83.741:337): avc:  denied  { read } for  pid=2557 comm="syz.4.587" lport=136 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   83.817164][ T2565] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[   84.282143][ T2564] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[   84.299414][ T2564] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[   84.328964][ T2564] F2FS-fs (loop1): Found nat_bits in checkpoint
[   84.373488][ T2564] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[   84.386864][ T2564] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[   84.393977][ T2564] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   84.409199][ T2567] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[   84.416973][ T2567] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[   84.446993][    T5] usbhid 3-1:0.0: can't add hid device: -71
[   84.452778][    T5] usbhid: probe of 3-1:0.0 failed with error -71
[   84.468444][    T5] usb 3-1: USB disconnect, device number 14
[   84.478107][ T2567] F2FS-fs (loop0): Found nat_bits in checkpoint
[   84.524093][ T2567] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[   84.540751][ T2567] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[   84.547711][ T2567] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   84.734365][   T23] audit: type=1400 audit(84.711:338): avc:  denied  { ioctl } for  pid=2589 comm="syz.4.595" path="socket:[25790]" dev="sockfs" ino=25790 ioctlcmd=0x8903 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   84.738528][ T2598] netlink: 'syz.4.595': attribute type 29 has an invalid length.
[   84.775374][ T2598] netlink: 'syz.4.595': attribute type 3 has an invalid length.
[   84.780771][   T23] audit: type=1400 audit(84.711:339): avc:  denied  { create } for  pid=2589 comm="syz.4.595" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[   84.783377][ T2598] netlink: 76 bytes leftover after parsing attributes in process `syz.4.595'.
[   84.810094][   T23] audit: type=1400 audit(84.711:340): avc:  denied  { accept } for  pid=2589 comm="syz.4.595" laddr=172.20.20.170 lport=35074 faddr=224.0.0.1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1
[   84.930327][   T23] audit: type=1400 audit(84.911:341): avc:  denied  { read } for  pid=2605 comm="syz.1.597" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   85.316973][  T386] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[   85.326947][   T13] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[   85.616938][  T386] usb 2-1: device descriptor read/64, error 18
[   85.687031][   T13] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   85.697859][   T13] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   85.707671][   T13] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[   85.716846][   T13] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   85.727134][   T13] usb 4-1: config 0 descriptor??
[   85.768755][ T2625] F2FS-fs (loop4): Unrecognized mount option "usrquota=mode=lfs" or missing value
[   85.778388][ T2645] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[   85.785937][ T2645] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[   85.837006][ T2645] F2FS-fs (loop2): Found nat_bits in checkpoint
[   85.865165][ T2645] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[   85.876861][ T2645] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[   85.896921][ T2645] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   85.989084][ T2639] F2FS-fs (loop0): Found nat_bits in checkpoint
[   86.017094][  T386] usb 2-1: device descriptor read/64, error 18
[   86.023526][ T2633] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   86.038533][ T2633] EXT4-fs (loop3): Unsupported blocksize for fs encryption
[   86.086992][ T2639] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   86.121036][ T2657] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.128126][ T2657] bridge0: port 1(bridge_slave_0) entered disabled state
[   86.135602][ T2657] device bridge_slave_0 entered promiscuous mode
[   86.142942][ T2657] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.150250][ T2657] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.169248][ T2657] device bridge_slave_1 entered promiscuous mode
[   86.224728][ T2657] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.231586][ T2657] bridge0: port 2(bridge_slave_1) entered forwarding state
[   86.238879][ T2657] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.245618][ T2657] bridge0: port 1(bridge_slave_0) entered forwarding state
[   86.278654][  T732] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   86.286639][  T732] bridge0: port 1(bridge_slave_0) entered disabled state
[   86.294838][  T732] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.297015][  T386] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[   86.328386][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   86.336470][   T74] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.343322][   T74] bridge0: port 1(bridge_slave_0) entered forwarding state
[   86.351353][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   86.360904][   T74] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.367762][   T74] bridge0: port 2(bridge_slave_1) entered forwarding state
[   86.384037][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   86.392283][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   86.427068][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   86.468678][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   86.483103][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   86.498103][  T355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   86.627002][  T386] usb 2-1: device descriptor read/64, error 18
[   86.687174][   T13] usb 4-1: string descriptor 0 read error: -71
[   86.722290][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   86.732631][   T13] uclogic 0003:256C:006D.000D: failed retrieving string descriptor #200: -71
[   86.743744][   T13] uclogic 0003:256C:006D.000D: failed retrieving pen parameters: -71
[   86.752170][   T13] uclogic 0003:256C:006D.000D: failed probing pen v2 parameters: -71
[   86.760744][   T13] uclogic 0003:256C:006D.000D: failed probing parameters: -71
[   86.768644][   T13] uclogic: probe of 0003:256C:006D.000D failed with error -71
[   86.781696][   T13] usb 4-1: USB disconnect, device number 12
[   87.012785][ T2670] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[   87.021017][ T2670] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[   87.036955][  T386] usb 2-1: device descriptor read/64, error 18
[   87.047987][ T2691] tipc: Started in network mode
[   87.052895][ T2691] tipc: Own node identity 00000000000000000000e1ffffffff, cluster identity 4711
[   87.052902][ T2670] F2FS-fs (loop4): Found nat_bits in checkpoint
[   87.068637][ T2691] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[   87.085237][ T2670] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[   87.099933][ T2670] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[   87.106862][ T2670] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   87.142516][ T2657] f2fs_fill_dentries: 25 callbacks suppressed
[   87.142523][ T2657] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix.
[   87.142528][ T2657] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix.
[   87.156311][ T2657] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix.
[   87.165007][  T386] usb usb2-port1: attempt power cycle
[   87.195004][ T2657] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix.
[   87.195009][ T2657] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix.
[   87.203049][ T2657] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix.
[   87.247083][ T2657] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix.
[   87.357938][ T2700] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[   87.383196][ T2700] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[   87.410623][ T2700] F2FS-fs (loop0): Found nat_bits in checkpoint
[   87.446153][ T2700] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[   87.517602][ T2716] overlayfs: missing 'workdir'
[   87.628395][ T2700] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[   87.635359][ T2700] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   87.686942][  T386] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[   87.712020][ T2709] F2FS-fs (loop3): Invalid Fs Meta Ino: node(1) meta(2) root(0)
[   87.723399][ T2176] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix.
[   87.723404][ T2176] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix.
[   87.731712][ T2709] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[   87.737093][ T2176] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix.
[   87.758882][ T2709] F2FS-fs (loop3): invalid crc value
[   87.809426][ T2709] F2FS-fs (loop3): Found nat_bits in checkpoint
[   87.844815][ T2709] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[   87.851748][ T2709] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   87.859135][  T386] usb 2-1: device descriptor read/8, error -61
[   87.861820][ T2709] attempt to access beyond end of device
[   87.861820][ T2709] loop3: rw=2049, want=45104, limit=40427
[   87.968817][ T2731] netlink: 56 bytes leftover after parsing attributes in process `syz.0.624'.
[   88.066686][ T1554] attempt to access beyond end of device
[   88.066686][ T1554] loop3: rw=2049, want=45112, limit=40427
[   88.078012][  T386] usb 2-1: device descriptor read/8, error -71
[   88.097166][   T13] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[   88.198893][   T23] audit: type=1400 audit(88.181:342): avc:  denied  { connect } for  pid=2737 comm="syz.2.630" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   88.367086][   T13] usb 5-1: device descriptor read/64, error 18
[   88.728088][ T2757] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[   88.735787][ T2757] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[   88.747462][ T2757] F2FS-fs (loop3): Found nat_bits in checkpoint
[   88.767014][   T13] usb 5-1: device descriptor read/64, error 18
[   88.772881][ T2757] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[   88.784833][ T2757] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[   88.791893][ T2757] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   89.037158][   T13] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[   89.227083][ T2787] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[   89.293783][   T23] audit: type=1326 audit(89.271:343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2798 comm="syz.2.642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff05365db99 code=0x7ffc0000
[   89.323183][   T23] audit: type=1326 audit(89.301:344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2798 comm="syz.2.642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff05365db99 code=0x7ffc0000
[   89.348649][   T23] audit: type=1326 audit(89.301:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2798 comm="syz.2.642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7ff05365db99 code=0x7ffc0000
[   89.371731][   T23] audit: type=1326 audit(89.301:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2798 comm="syz.2.642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff05365db99 code=0x7ffc0000
[   89.376974][   T13] usb 5-1: device descriptor read/64, error 18
[   89.394732][   T23] audit: type=1326 audit(89.301:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2798 comm="syz.2.642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff05365db99 code=0x7ffc0000
[   89.427565][ T2804] netlink: 'syz.2.642': attribute type 16 has an invalid length.
[   89.441574][ T2804] netlink: 64138 bytes leftover after parsing attributes in process `syz.2.642'.
[   89.631597][ T2795] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[   89.644440][ T2795] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[   89.657758][ T2795] F2FS-fs (loop0): Found nat_bits in checkpoint
[   89.684606][ T2795] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[   89.700633][ T2795] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[   89.707599][ T2795] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   89.786949][   T13] usb 5-1: device descriptor read/64, error 18
[   89.993551][   T13] usb usb5-port1: attempt power cycle
[   90.008068][ T2820] netlink: 92 bytes leftover after parsing attributes in process `syz.1.653'.
[   90.017597][ T2820] netlink: 12 bytes leftover after parsing attributes in process `syz.1.653'.
[   90.026484][ T2820] netlink: 20 bytes leftover after parsing attributes in process `syz.1.653'.
[   90.035580][ T2820] netlink: 20 bytes leftover after parsing attributes in process `syz.1.653'.
[   90.337034][    T5] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[   90.446974][   T13] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[   90.617055][   T13] usb 5-1: device descriptor read/8, error -61
[   90.660867][ T2851] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[   90.668610][ T2851] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[   90.680211][ T2851] F2FS-fs (loop2): Found nat_bits in checkpoint
[   90.702630][ T2851] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[   90.714264][ T2851] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[   90.721271][    T5] usb 2-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config
[   90.727671][ T2851] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   90.731180][    T5] usb 2-1: config 9 has 0 interfaces, different from the descriptor's value: 1
[   90.754082][    T5] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[   90.763147][    T5] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   90.857058][   T13] usb 5-1: device descriptor read/8, error -71
[   91.038352][ T2822] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[   91.078881][ T2822] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[   91.111855][ T2866] EXT4-fs (loop2): Unrecognized mount option "" or missing value
[   91.177010][    T5] usb 2-1: string descriptor 0 read error: -71
[   91.184141][    T5] usb 2-1: USB disconnect, device number 19
[   91.355159][   T23] kauditd_printk_skb: 34 callbacks suppressed
[   91.355167][   T23] audit: type=1326 audit(91.331:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2876 comm="syz.4.669" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f66e45b3b99 code=0x0
[   91.486957][  T386] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[   91.794327][  T386] usb 3-1: Using ep0 maxpacket: 8
[   91.811842][ T2893] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[   91.820320][ T2893] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[   91.841029][ T2893] F2FS-fs (loop3): Found nat_bits in checkpoint
[   91.917095][  T386] usb 3-1: config 135 has an invalid interface number: 230 but max is 0
[   91.944342][  T386] usb 3-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config
[   91.997498][ T2893] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[   92.015131][  T386] usb 3-1: config 135 has no interface number 0
[   92.032567][  T386] usb 3-1: config 135 interface 230 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[   92.072322][ T2893] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[   92.079251][ T2893] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   92.377131][  T386] usb 3-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a
[   92.386281][  T386] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   92.394602][  T386] usb 3-1: Product: syz
[   92.399300][  T386] usb 3-1: Manufacturer: syz
[   92.403982][  T386] usb 3-1: SerialNumber: syz
[   92.439458][ T2911] EXT4-fs error (device loop4): ext4_orphan_get:1260: comm syz.4.679: bad orphan inode 8192
[   92.449612][ T2911] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[   92.459625][  T386] uvcvideo: Found UVC 0.00 device syz (18ec:3288)
[   92.465968][  T386] uvcvideo: No valid video chain found.
[   92.472503][   T23] audit: type=1400 audit(92.461:383): avc:  denied  { execute } for  pid=2910 comm="syz.4.679" path="/root/syzkaller.pHmLzx/7/file0/bus" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   92.709371][   T13] usb 3-1: USB disconnect, device number 15
[   92.979081][ T2934] EXT4-fs (loop0): 1 orphan inode deleted
[   92.984680][ T2934] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,usrquota,
[   93.010868][ T2934] EXT4-fs error (device loop0): ext4_map_blocks:731: inode #16: block 41: comm syz.0.686: lblock 0 mapped to illegal pblock 41 (length 2)
[   93.027601][ T2934] EXT4-fs (loop0): Remounting filesystem read-only
[   93.034144][ T2934] EXT4-fs error (device loop0): __ext4_get_inode_loc:4710: comm syz.0.686: Invalid inode table block 0 in block_group 0
[   93.046735][ T2934] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6099: Corrupt filesystem
[   93.091898][ T2176] EXT4-fs error (device loop0): ext4_map_blocks:617: inode #2: block 3: comm syz-executor: lblock 0 mapped to illegal pblock 3 (length 1)
[   93.094440][ T2939] erofs: (device loop3): mounted with opts: , root inode @ nid 36.
[   93.119297][ T2939] attempt to access beyond end of device
[   93.119297][ T2939] loop3: rw=0, want=48, limit=16
[   93.141733][ T1734] tipc: Left network mode
[   93.256216][ T2943] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.282744][ T2943] bridge0: port 1(bridge_slave_0) entered disabled state
[   93.290227][ T2943] device bridge_slave_0 entered promiscuous mode
[   93.346115][ T2943] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.359426][ T2943] bridge0: port 2(bridge_slave_1) entered disabled state
[   93.367342][ T2943] device bridge_slave_1 entered promiscuous mode
[   93.425010][ T2943] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.431863][ T2943] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.438990][ T2943] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.445731][ T2943] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.583802][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   93.594430][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[   93.603139][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[   93.656946][  T386] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   93.674233][  T386] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.681218][  T386] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.688920][  T386] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   93.697331][  T386] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.704192][  T386] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.722377][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   93.730447][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   93.747294][  T732] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   93.778563][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   93.800380][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   93.815608][   T23] audit: type=1400 audit(93.791:384): avc:  denied  { read } for  pid=2964 comm="syz.3.698" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   93.818136][  T732] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   93.857648][  T732] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   93.865988][ T2967] netlink: 224 bytes leftover after parsing attributes in process `syz.3.698'.
[   93.947420][ T1734] device bridge_slave_1 left promiscuous mode
[   93.953451][ T1734] bridge0: port 2(bridge_slave_1) entered disabled state
[   93.975277][ T1734] device bridge_slave_0 left promiscuous mode
[   93.981324][ T1734] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.410142][   T23] audit: type=1400 audit(94.371:385): avc:  denied  { execute } for  pid=2972 comm="syz.0.691" path=2F6D656D66643A1033717D329ACEAF0386E7C0148F5ED5FDA90DAC374194EBCD09202864656C6574656429 dev="tmpfs" ino=27575 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[   94.608019][ T2971] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[   94.616552][ T2971] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[   94.683678][ T2971] F2FS-fs (loop1): Found nat_bits in checkpoint
[   94.796924][    T5] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[   94.907068][ T2971] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[   94.976708][ T2971] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[   94.983707][ T2971] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   95.084692][  T350] f2fs_fill_dentries: 32 callbacks suppressed
[   95.084699][  T350] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix.
[   95.084704][  T350] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix.
[   95.178946][  T350] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix.
[   95.187202][    T5] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   95.225725][  T350] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix.
[   95.225730][  T350] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix.
[   95.246304][    T5] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   95.256944][  T350] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix.
[   95.256949][  T350] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix.
[   95.307832][    T5] usb 5-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00
[   95.351831][   T23] audit: type=1400 audit(95.331:386): avc:  denied  { bind } for  pid=3011 comm="syz.3.709" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   95.399318][    T5] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   95.423156][ T3012] EXT4-fs error (device loop3): ext4_quota_enable:6056: comm syz.3.709: inode #67043328: comm syz.3.709: iget: illegal inode #
[   95.436447][ T1734] Trying to write to read-only block-device loop1 (partno 0)
[   95.452728][    T5] usb 5-1: config 0 descriptor??
[   95.472831][ T3012] EXT4-fs (loop3): Remounting filesystem read-only
[   95.496564][ T3012] EXT4-fs error (device loop3): ext4_quota_enable:6059: comm syz.3.709: Bad quota inode: 67043328, type: 2
[   95.530204][ T3012] EXT4-fs warning (device loop3): ext4_enable_quotas:6100: Failed to enable quota tracking (type=2, err=-117, ino=67043328). Please run e2fsck to fix.
[   95.567242][ T3012] EXT4-fs (loop3): mount failed
[   95.956987][  T386] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[   95.972323][   T23] audit: type=1400 audit(95.951:387): avc:  denied  { read } for  pid=2985 comm="syz.4.703" name=".pending_reads" dev="incremental-fs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   95.998512][    T5] sony 0003:054C:0268.000E: unknown main item tag 0x0
[   96.016933][   T23] audit: type=1400 audit(95.981:388): avc:  denied  { open } for  pid=2985 comm="syz.4.703" path="/root/syzkaller.pHmLzx/10/file0/.pending_reads" dev="incremental-fs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   96.104346][   T23] audit: type=1400 audit(95.981:389): avc:  denied  { ioctl } for  pid=2985 comm="syz.4.703" path="/root/syzkaller.pHmLzx/10/file0/.pending_reads" dev="incremental-fs" ino=2 ioctlcmd=0x6726 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   96.173700][    T5] sony 0003:054C:0268.000E: hiddev96,hidraw0: USB HID v80.00 Device [HID 054c:0268] on usb-dummy_hcd.4-1/input0
[   96.196938][    T5] sony 0003:054C:0268.000E: failed to claim input
[   96.266922][  T386] usb 1-1: Using ep0 maxpacket: 16
[   96.387011][  T386] usb 1-1: unable to get BOS descriptor set
[   96.467009][  T386] usb 1-1: config 0 has no interfaces?
[   96.740908][   T74] usb 5-1: USB disconnect, device number 20
[   96.836977][  T386] usb 1-1: string descriptor 0 read error: -22
[   96.843116][  T386] usb 1-1: New USB device found, idVendor=176f, idProduct=720c, bcdDevice=51.90
[   96.862636][  T386] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   96.863905][  T386] usb 1-1: config 0 descriptor??
[   96.876688][   T23] audit: type=1400 audit(96.861:390): avc:  denied  { map } for  pid=3061 comm="syz.3.720" path="/dev/tty27" dev="devtmpfs" ino=78 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tty_device_t tclass=chr_file permissive=1
[   96.876708][   T23] audit: type=1400 audit(96.861:391): avc:  denied  { execute } for  pid=3061 comm="syz.3.720" path="/dev/tty27" dev="devtmpfs" ino=78 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tty_device_t tclass=chr_file permissive=1
[   97.019087][ T3045] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[   97.037696][ T3045] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[   97.069255][ T3045] F2FS-fs (loop1): Found nat_bits in checkpoint
[   97.127689][ T3045] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[   97.149527][ T3045] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[   97.156497][ T3045] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   97.168990][ T3079] netlink: 20 bytes leftover after parsing attributes in process `syz.3.725'.
[   97.209907][  T121] usb 1-1: USB disconnect, device number 15
[   97.253488][  T350] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix.
[   97.253494][  T350] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix.
[   97.261217][  T350] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix.
[   97.283198][  T179] Trying to write to read-only block-device loop1 (partno 0)
[   98.086935][  T121] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[   98.537097][  T121] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   98.587530][  T121] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   98.600692][ T3120] EXT4-fs (loop2): revision level too high, forcing read-only mode
[   98.636930][ T3120] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e000e018, mo2=0002]
[   98.652256][  T121] usb 1-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00
[   98.666968][ T3120] System zones: 0-1, 15-15, 18-18, 34-34
[   98.677085][  T121] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   98.685511][ T3120] EXT4-fs (loop2): orphan cleanup on readonly fs
[   98.697255][ T3120] Quota error (device loop2): v2_read_header: Failed header read: expected=8 got=0
[   98.706925][   T13] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[   98.717025][  T121] usb 1-1: config 0 descriptor??
[   98.722636][ T3120] EXT4-fs warning (device loop2): ext4_enable_quotas:6100: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[   98.758095][ T3120] EXT4-fs (loop2): Cannot turn on quotas: error -22
[   98.767158][ T3120] EXT4-fs error (device loop2): ext4_orphan_get:1260: comm syz.2.736: bad orphan inode 16
[   98.797120][ T3120] ext4_test_bit(bit=15, block=18) = 1
[   98.802405][ T3120] is_bad_inode(inode)=0
[   98.806305][ T3120] NEXT_ORPHAN(inode)=0
[   98.820543][ T3128] netlink: 24 bytes leftover after parsing attributes in process `syz.3.738'.
[   98.829306][ T3120] max_ino=32
[   98.832236][ T3120] i_nlink=2
[   98.835214][ T3120] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[   98.870703][ T3127] netlink: 24 bytes leftover after parsing attributes in process `syz.3.738'.
[   99.016960][   T13] usb 2-1: Using ep0 maxpacket: 16
[   99.113005][ T3136] EXT4-fs (loop4): Ignoring removed nobh option
[   99.165707][ T3136] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,nobh,max_batch_time=0x00000000000003ff,nojournal_checksum,usrquota,nobarrier,nodiscard,
[   99.213967][ T3136] Quota error (device loop4): find_tree_dqentry: Getting block too big (24397 >= 6)
[   99.224898][  T121] sony 0003:054C:0268.000F: unknown main item tag 0x0
[   99.245698][  T121] sony 0003:054C:0268.000F: hiddev96,hidraw0: USB HID v80.00 Device [HID 054c:0268] on usb-dummy_hcd.0-1/input0
[   99.269545][ T3136] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 0
[   99.291792][  T121] sony 0003:054C:0268.000F: failed to claim input
[   99.347083][   T13] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[   99.365871][   T13] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   99.387585][   T13] usb 2-1: Product: syz
[   99.393098][   T13] usb 2-1: Manufacturer: syz
[   99.399728][ T3145] x_tables: duplicate underflow at hook 1
[   99.436929][   T13] usb 2-1: SerialNumber: syz
[   99.449182][   T23] audit: type=1400 audit(99.431:392): avc:  denied  { listen } for  pid=3144 comm="syz.4.743" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   99.470789][   T13] usb 2-1: config 0 descriptor??
[   99.527996][ T3145] FAT-fs (loop4): Unrecognized mount option "uni_rlate=1" or missing value
[   99.579771][   T23] audit: type=1400 audit(99.561:393): avc:  denied  { accept } for  pid=3144 comm="syz.4.743" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   99.587782][ T3132] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[   99.606351][ T3132] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[   99.616917][ T3132] F2FS-fs (loop2): Found nat_bits in checkpoint
[   99.638974][ T3132] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[   99.663734][ T3132] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[   99.675163][ T3132] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   99.757361][  T179] Trying to write to read-only block-device loop2 (partno 0)
[   99.802060][ T3121] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[   99.822155][   T23] audit: type=1400 audit(99.801:394): avc:  denied  { read } for  pid=3119 comm="syz.1.737" name="file1" dev="loop1" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   99.896654][ T3156] EXT4-fs error (device loop1) in ext4_reserve_inode_write:6099: Corrupt filesystem
[   99.957163][   T13] r8152 2-1:0.0: Unknown version 0x0000
[   99.964602][   T13] usb 2-1: USB disconnect, device number 20
[  100.056535][  T386] usb 1-1: USB disconnect, device number 16
[  100.492728][  T350] EXT4-fs error (device loop1): ext4_map_blocks:617: inode #2: block 16: comm syz-executor: lblock 0 mapped to illegal pblock 16 (length 1)
[  100.621055][ T3181] process 'syz.2.753' launched '/dev/fd/5' with NULL argv: empty string added
[  100.629913][   T23] audit: type=1400 audit(100.611:395): avc:  denied  { execute_no_trans } for  pid=3180 comm="syz.2.753" path=2F6D656D66643A202864656C6574656429 dev="tmpfs" ino=29099 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  100.656987][  T121] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  100.735103][ T3183] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.742061][ T3183] bridge0: port 1(bridge_slave_0) entered disabled state
[  100.749825][ T3183] device bridge_slave_0 entered promiscuous mode
[  100.756603][ T3183] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.763548][ T3183] bridge0: port 2(bridge_slave_1) entered disabled state
[  100.770883][ T3183] device bridge_slave_1 entered promiscuous mode
[  100.776189][ T3188] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue
[  100.808859][   T23] audit: type=1400 audit(100.791:396): avc:  denied  { setattr } for  pid=3187 comm="syz.2.756" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  100.832391][ T3183] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.839272][ T3183] bridge0: port 2(bridge_slave_1) entered forwarding state
[  100.846354][ T3183] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.853147][ T3183] bridge0: port 1(bridge_slave_0) entered forwarding state
[  100.876842][  T373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  100.884585][  T373] bridge0: port 1(bridge_slave_0) entered disabled state
[  100.893479][  T373] bridge0: port 2(bridge_slave_1) entered disabled state
[  100.907025][  T121] usb 5-1: Using ep0 maxpacket: 8
[  100.909384][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  100.972450][    T5] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.979347][    T5] bridge0: port 1(bridge_slave_0) entered forwarding state
[  101.013131][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  101.022220][   T74] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.029222][   T74] bridge0: port 2(bridge_slave_1) entered forwarding state
[  101.047265][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  101.055514][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  101.063171][  T121] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  101.072837][  T121] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  101.080285][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  101.082609][  T121] usb 5-1: config 0 descriptor??
[  101.096140][ T3201] FAT-fs (loop0): Unrecognized mount option "" or missing value
[  101.097645][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  101.148249][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  101.174581][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  101.205579][  T373] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  101.237036][   T74] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  101.327299][ T3175] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  101.334790][ T3175] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  101.348861][ T3175] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  101.356301][ T3175] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  101.363992][ T3175] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  101.387170][  T121] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  101.405850][  T121] asix: probe of 5-1:0.0 failed with error -71
[  101.435698][  T121] usb 5-1: USB disconnect, device number 21
[  101.597030][   T74] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  101.623014][   T74] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  101.664031][   T74] usb 3-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00
[  101.700010][   T74] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  101.732879][   T74] usb 3-1: config 0 descriptor??
[  102.228259][   T74] sony 0003:054C:0268.0010: unknown main item tag 0x0
[  102.256798][   T74] sony 0003:054C:0268.0010: hiddev96,hidraw0: USB HID v80.00 Device [HID 054c:0268] on usb-dummy_hcd.2-1/input0
[  102.269562][ T3223] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  102.286946][ T3223] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  102.297211][   T74] sony 0003:054C:0268.0010: failed to claim input
[  102.308383][ T3234] erofs: (device loop1): mounted with opts: , root inode @ nid 36.
[  102.406709][ T3223] F2FS-fs (loop4): Found nat_bits in checkpoint
[  102.582355][ T3223] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  102.661837][ T3223] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  102.692532][ T3223] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  102.709064][ T3237] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.740756][ T3237] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.772364][ T3237] device bridge_slave_0 entered promiscuous mode
[  102.791159][ T2657] f2fs_fill_dentries: 11 callbacks suppressed
[  102.791166][ T2657] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix.
[  102.791171][ T2657] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix.
[  102.799941][ T3237] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.856935][ T2657] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix.
[  102.856940][ T2657] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix.
[  102.873044][ T2657] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix.
[  102.927151][ T2657] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix.
[  102.934743][ T2657] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix.
[  102.947147][ T3237] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.029065][ T3237] device bridge_slave_1 entered promiscuous mode
[  103.117744][  T386] usb 3-1: USB disconnect, device number 16
[  103.132468][  T179] Trying to write to read-only block-device loop4 (partno 0)
[  103.147164][ T3251] A link change request failed with some changes committed already. Interface xfrm0 may have been left with an inconsistent configuration, please check.
[  103.219454][ T3251] EXT4-fs (loop2): EXT4-fs: inode_readahead_blks must be 0 or a power of 2 smaller than 2^31
[  103.245877][ T3251] EXT4-fs error (device loop2): ext4_ext_check_inode:540: inode #2: comm syz.2.774: pblk 0 bad header/extent: invalid magic - magic 1, entries 0, max 0(0), depth 0(0)
[  103.262640][ T3251] EXT4-fs (loop2): get root inode failed
[  103.268700][ T3251] EXT4-fs (loop2): mount failed
[  103.273639][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  103.282908][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  103.317560][ T3234] attempt to access beyond end of device
[  103.317560][ T3234] loop1: rw=0, want=48, limit=16
[  103.318149][ T1734] device bridge_slave_1 left promiscuous mode
[  103.335645][ T1734] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.343955][ T1734] device bridge_slave_0 left promiscuous mode
[  103.350301][ T1734] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.442273][   T23] kauditd_printk_skb: 2 callbacks suppressed
[  103.442281][   T23] audit: type=1400 audit(103.421:399): avc:  denied  { write } for  pid=3259 comm="syz.2.776" name="/" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  103.522757][ T3269] attempt to access beyond end of device
[  103.522757][ T3269] loop1: rw=0, want=48, limit=16
[  103.658219][  T386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  103.666605][  T386] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  103.674953][  T386] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.681822][  T386] bridge0: port 1(bridge_slave_0) entered forwarding state
[  103.692263][  T386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  103.701433][  T386] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  103.709578][  T386] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.716423][  T386] bridge0: port 2(bridge_slave_1) entered forwarding state
[  103.723730][  T386] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  103.732313][  T386] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  103.747460][  T386] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  103.832570][  T386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  103.847354][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  103.864043][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  103.880776][  T386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  103.893224][  T386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  103.983282][ T3289] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option
[  103.998866][ T3289] EXT4-fs (loop4): mounted filesystem without journal. Opts: sysvgroups,usrjquota=,errors=remount-ro,norecovery,bsddf,nomblk_io_submit,grpquota,barrier=0xfffffffffffffffe,user_xattr,jqfmt=vfsold,
[  104.039182][ T3289] EXT4-fs error (device loop4): ext4_map_blocks:617: inode #15: block 1803188595: comm syz.4.783: lblock 0 mapped to illegal pblock 1803188595 (length 1)
[  104.084774][ T3289] EXT4-fs (loop4): Remounting filesystem read-only
[  104.144005][ T3281] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  104.212545][ T3281] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  104.236934][ T3281] F2FS-fs (loop3): Found nat_bits in checkpoint
[  104.273531][ T3281] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  104.286328][ T3281] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  104.293965][ T3281] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  104.357930][ T1554] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix.
[  104.357936][ T1554] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix.
[  104.375518][ T1554] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix.
[  104.447136][  T378] Trying to write to read-only block-device loop3 (partno 0)
[  104.606996][  T386] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  104.805562][ T3308] erofs: (device loop2): mounted with opts: , root inode @ nid 36.
[  104.823823][   T23] audit: type=1400 audit(104.801:400): avc:  denied  { shutdown } for  pid=3312 comm="syz.3.785" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  104.948840][   T23] audit: type=1400 audit(104.931:401): avc:  denied  { map } for  pid=3321 comm="syz.0.791" path="socket:[29572]" dev="sockfs" ino=29572 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  104.972268][ T3318] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  104.987109][  T386] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  104.997842][  T124] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  105.002167][ T3318] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e000e018, mo2=0002]
[  105.026398][  T386] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  105.046401][   T23] audit: type=1400 audit(104.931:402): avc:  denied  { accept } for  pid=3321 comm="syz.0.791" path="socket:[29572]" dev="sockfs" ino=29572 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  105.076949][  T386] usb 5-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00
[  105.080220][ T3318] System zones: 0-1, 15-15, 18-18, 34-34
[  105.107000][  T386] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  105.132351][ T3318] EXT4-fs (loop3): orphan cleanup on readonly fs
[  105.137151][  T386] usb 5-1: config 0 descriptor??
[  105.166968][ T3318] Quota error (device loop3): v2_read_header: Failed header read: expected=8 got=0
[  105.206471][ T3318] EXT4-fs warning (device loop3): ext4_enable_quotas:6100: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  105.237875][ T3318] EXT4-fs (loop3): Cannot turn on quotas: error -22
[  105.247310][ T3318] EXT4-fs error (device loop3): ext4_orphan_get:1260: comm syz.3.790: bad orphan inode 16
[  105.277003][  T124] usb 2-1: device descriptor read/64, error 18
[  105.281611][ T3318] ext4_test_bit(bit=15, block=18) = 1
[  105.303617][ T3328] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[  105.306924][ T3318] is_bad_inode(inode)=0
[  105.346744][ T3318] NEXT_ORPHAN(inode)=0
[  105.366958][ T3318] max_ino=32
[  105.369981][ T3318] i_nlink=2
[  105.372955][ T3318] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
[  105.429460][ T3319] fscrypt (loop3, inode 16): Error -61 getting encryption context
[  105.628296][  T386] sony 0003:054C:0268.0011: unknown main item tag 0x0
[  105.666575][  T386] sony 0003:054C:0268.0011: hiddev96,hidraw0: USB HID v80.00 Device [HID 054c:0268] on usb-dummy_hcd.4-1/input0
[  105.679045][  T124] usb 2-1: device descriptor read/64, error 18
[  105.719425][  T386] sony 0003:054C:0268.0011: failed to claim input
[  105.797157][ T3308] attempt to access beyond end of device
[  105.797157][ T3308] loop2: rw=0, want=48, limit=16
[  105.947017][  T124] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  106.037997][ T3308] attempt to access beyond end of device
[  106.037997][ T3308] loop2: rw=0, want=48, limit=16
[  106.159348][ T3349] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[  106.233549][ T3349] EXT4-fs (loop0): mounted filesystem without journal. Opts: sysvgroups,usrjquota=,errors=remount-ro,norecovery,bsddf,nomblk_io_submit,grpquota,barrier=0xfffffffffffffffe,user_xattr,jqfmt=vfsold,
[  106.326940][  T124] usb 2-1: device descriptor read/64, error 18
[  106.336224][ T3349] EXT4-fs error (device loop0): ext4_map_blocks:617: inode #15: block 1803188595: comm syz.0.796: lblock 0 mapped to illegal pblock 1803188595 (length 1)
[  106.387110][ T3349] EXT4-fs (loop0): Remounting filesystem read-only
[  106.516555][ T3344] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  106.554858][ T3344] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  106.607856][    T5] usb 5-1: USB disconnect, device number 22
[  106.616428][ T3344] F2FS-fs (loop3): Found nat_bits in checkpoint
[  106.655467][ T3344] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  106.667285][ T3344] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  106.674201][ T3344] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  106.705755][ T1734] Trying to write to read-only block-device loop3 (partno 0)
[  106.717073][  T124] usb 2-1: device descriptor read/64, error 18
[  106.837275][  T124] usb usb2-port1: attempt power cycle
[  107.183296][    T5] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  107.192811][ T3374] FAT-fs (loop2): Directory bread(block 64) failed
[  107.199693][ T3374] FAT-fs (loop2): Directory bread(block 65) failed
[  107.206236][ T3374] FAT-fs (loop2): Directory bread(block 66) failed
[  107.212684][ T3374] FAT-fs (loop2): Directory bread(block 67) failed
[  107.219279][ T3374] FAT-fs (loop2): Directory bread(block 68) failed
[  107.225668][ T3374] FAT-fs (loop2): Directory bread(block 69) failed
[  107.232140][ T3374] FAT-fs (loop2): Directory bread(block 70) failed
[  107.238695][ T3374] FAT-fs (loop2): Directory bread(block 71) failed
[  107.245062][ T3374] FAT-fs (loop2): Directory bread(block 72) failed
[  107.247023][  T124] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  107.251544][ T3374] FAT-fs (loop2): Directory bread(block 73) failed
[  107.399132][ T3377] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  107.427047][  T124] usb 2-1: device descriptor read/8, error -61
[  107.456964][    T5] usb 5-1: device descriptor read/64, error 18
[  107.661099][ T3395] netlink: 16 bytes leftover after parsing attributes in process `syz.2.807'.
[  107.674779][ T3395] bridge0: port 2(bridge_slave_1) entered disabled state
[  107.687227][ T3395] bridge0: port 2(bridge_slave_1) entered disabled state
[  107.700355][  T124] usb 2-1: device descriptor read/8, error -71
[  107.818821][ T3400] erofs: (device loop1): mounted with opts: , root inode @ nid 36.
[  107.846931][    T5] usb 5-1: device descriptor read/64, error 18
[  107.881200][ T3405] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option
[  107.949354][ T3405] EXT4-fs (loop2): mounted filesystem without journal. Opts: sysvgroups,usrjquota=,errors=remount-ro,norecovery,bsddf,nomblk_io_submit,grpquota,barrier=0xfffffffffffffffe,user_xattr,jqfmt=vfsold,
[  107.995598][ T3405] EXT4-fs error (device loop2): ext4_map_blocks:617: inode #15: block 1803188595: comm syz.2.809: lblock 0 mapped to illegal pblock 1803188595 (length 1)
[  108.011107][ T3403] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  108.011182][ T3405] EXT4-fs (loop2): Remounting filesystem read-only
[  108.025271][ T3403] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  108.088080][ T3403] F2FS-fs (loop3): Found nat_bits in checkpoint
[  108.136951][    T5] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  108.151868][ T3403] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  108.165558][ T3403] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  108.172847][ T3403] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  108.206167][ T1554] f2fs_fill_dentries: 11 callbacks suppressed
[  108.206173][ T1554] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix.
[  108.206178][ T1554] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix.
[  108.226503][ T1554] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix.
[  108.234309][ T1554] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix.
[  108.256944][ T1554] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix.
[  108.264300][ T1554] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix.
[  108.286928][ T1554] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix.
[  108.298377][ T3400] attempt to access beyond end of device
[  108.298377][ T3400] loop1: rw=0, want=48, limit=16
[  108.330341][  T378] Trying to write to read-only block-device loop3 (partno 0)
[  108.436970][    T5] usb 5-1: device descriptor read/64, error 18
[  108.490440][ T3424] attempt to access beyond end of device
[  108.490440][ T3424] loop1: rw=0, want=48, limit=16
[  108.750964][   T23] audit: type=1400 audit(108.731:403): avc:  denied  { sys_module } for  pid=3426 comm="syz.1.814" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  108.976926][    T5] usb 5-1: device descriptor read/64, error 18
[  109.097168][    T5] usb usb5-port1: attempt power cycle
[  109.507024][    T5] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  109.657016][    T5] usb 5-1: device descriptor read/8, error -71
[  109.801483][ T3451] fuse: Bad value for 'fd'
[  110.049550][    T5] usb 5-1: device descriptor read/8, error -71
[  110.132539][ T3467] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option
[  110.153853][ T3467] EXT4-fs (loop3): mounted filesystem without journal. Opts: sysvgroups,usrjquota=,errors=remount-ro,norecovery,bsddf,nomblk_io_submit,grpquota,barrier=0xfffffffffffffffe,user_xattr,jqfmt=vfsold,
[  110.205521][ T3467] EXT4-fs error (device loop3): ext4_map_blocks:617: inode #15: block 1803188595: comm syz.3.823: lblock 0 mapped to illegal pblock 1803188595 (length 1)
[  110.228448][ T3467] EXT4-fs (loop3): Remounting filesystem read-only
[  110.238948][   T23] audit: type=1400 audit(110.221:404): avc:  denied  { unlink } for  pid=144 comm="syslogd" name="messages.0" dev="tmpfs" ino=864 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  110.467266][ T3478] erofs: (device loop3): mounted with opts: , root inode @ nid 36.
[  110.577719][ T3488] fuse: Unknown parameter 'rootmox�éŒlêª/de'
[  110.908083][ T3491] F2FS-fs (loop1): Found nat_bits in checkpoint
[  110.936102][ T3478] attempt to access beyond end of device
[  110.936102][ T3478] loop3: rw=0, want=48, limit=16
[  110.967232][ T3491] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  110.995847][ T3491] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore
[  111.004669][ T3503] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[  111.008253][ T3503] EXT4-fs error (device loop4) in ext4_do_update_inode:5534: error 27
[  111.021802][ T3503] EXT4-fs error (device loop4) in ext4_do_update_inode:5534: error 27
[  111.035398][ T3491] overlayfs: missing 'lowerdir'
[  111.040692][ T3491] futex_wake_op: syz.1.830 tries to shift op by -1; fix this program
[  111.046258][ T3503] EXT4-fs warning (device loop4): ext4_dirblock_csum_verify:389: inode #2: comm syz.4.832: No space for directory leaf checksum. Please run e2fsck -D.
[  111.069323][ T3503] EXT4-fs error (device loop4): __ext4_find_entry:1654: inode #2: comm syz.4.832: checksumming directory block 0
[  111.134239][ T3513] attempt to access beyond end of device
[  111.134239][ T3513] loop3: rw=0, want=48, limit=16
[  111.283875][ T2657] EXT4-fs warning (device loop4): ext4_dirblock_csum_verify:389: inode #2: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D.
[  111.304175][ T2657] EXT4-fs error (device loop4): ext4_readdir:220: inode #2: comm syz-executor: path (unknown): directory fails checksum at offset 0
[  111.321442][ T2657] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 3: comm syz-executor: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0
[  111.344735][ T2657] EXT4-fs warning (device loop4): ext4_dirblock_csum_verify:389: inode #2: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D.
[  111.360861][ T2657] EXT4-fs error (device loop4): ext4_readdir:220: inode #2: comm syz-executor: path (unknown): directory fails checksum at offset 18432
[  111.385647][ T3183] F2FS-fs (loop1): access invalid blkaddr:2048
[  111.397129][ T2657] EXT4-fs warning (device loop4): ext4_dirblock_csum_verify:389: inode #2: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D.
[  111.408246][ T3183] CPU: 0 PID: 3183 Comm: syz-executor Not tainted 5.4.276-syzkaller-00020-g4275fce9fe94 #0
[  111.422298][ T3183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  111.424706][ T2657] EXT4-fs error (device loop4): ext4_readdir:220: inode #2: comm syz-executor: path (unknown): directory fails checksum at offset 20480
[  111.432167][ T3183] Call Trace:
[  111.432184][ T3183]  dump_stack+0x1d8/0x241
[  111.432193][ T3183]  ? nf_ct_l4proto_log_invalid+0x258/0x258
[  111.432202][ T3183]  ? memcg_check_events+0x5b/0xf0
[  111.432210][ T3183]  ? f2fs_lookup_extent_cache+0xb0/0xc30
[  111.432218][ T3183]  f2fs_is_valid_blkaddr+0xc79/0x1380
[  111.432227][ T3183]  f2fs_map_blocks+0xbe7/0x2a30
[  111.432247][ T3183]  ? f2fs_force_buffered_io+0x4e0/0x4e0
[  111.480887][ T2657] EXT4-fs warning (device loop4): ext4_dirblock_csum_verify:389: inode #2: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D.
[  111.484659][ T3183]  ? bio_add_page+0x2b3/0x450
[  111.500709][ T2657] EXT4-fs error (device loop4): ext4_readdir:220: inode #2: comm syz-executor: path (unknown): directory fails checksum at offset 22528
[  111.504436][ T3183]  f2fs_mpage_readpages+0x1206/0x2730
[  111.519377][ T2657] EXT4-fs warning (device loop4): ext4_dirblock_csum_verify:389: inode #2: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D.
[  111.523361][ T3183]  ? f2fs_update_iostat+0x240/0x240
[  111.538949][ T2657] EXT4-fs error (device loop4): ext4_readdir:220: inode #2: comm syz-executor: path (unknown): directory fails checksum at offset 24576
[  111.543665][ T3183]  ? should_fail+0x1ad/0x880
[  111.558004][ T2657] EXT4-fs warning (device loop4): ext4_dirblock_csum_verify:389: inode #2: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D.
[  111.561894][ T3183]  ? f2fs_is_compress_backend_ready+0x9d/0x130
[  111.577498][ T2657] EXT4-fs error (device loop4): ext4_readdir:220: inode #2: comm syz-executor: path (unknown): directory fails checksum at offset 26624
[  111.583153][ T3183]  ? f2fs_read_data_pages+0xc3/0x2a0
[  111.597284][ T2657] EXT4-fs warning (device loop4): ext4_dirblock_csum_verify:389: inode #2: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D.
[  111.601991][ T3183]  ? f2fs_set_data_page_dirty+0x740/0x740
[  111.617698][ T2657] EXT4-fs warning (device loop4): ext4_dirblock_csum_verify:389: inode #2: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D.
[  111.622817][ T3183]  read_pages+0x119/0x400
[  111.638518][ T2657] EXT4-fs warning (device loop4): ext4_dirblock_csum_verify:389: inode #2: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D.
[  111.642350][ T3183]  ? __do_page_cache_readahead+0x4f0/0x4f0
[  111.663270][ T3183]  ? avc_has_perm_noaudit+0x3d0/0x3d0
[  111.668466][ T3183]  ? filename_lookup+0x50e/0x6e0
[  111.673250][ T3183]  __do_page_cache_readahead+0x448/0x4f0
[  111.678707][ T3183]  ? read_cache_pages_invalidate_pages+0x1b0/0x1b0
[  111.685305][ T3183]  f2fs_readdir+0x417/0xaf0
[  111.689646][ T3183]  ? f2fs_fill_dentries+0xe10/0xe10
[  111.694677][ T3183]  ? down_read_killable+0x101/0x220
[  111.699709][ T3183]  ? __fsnotify_parent+0x310/0x310
[  111.704662][ T3183]  ? security_file_permission+0x1dc/0x2f0
[  111.710213][ T3183]  iterate_dir+0x266/0x4e0
[  111.714473][ T3183]  ? f2fs_fill_dentries+0xe10/0xe10
[  111.719501][ T3183]  ksys_getdents64+0x21b/0x4c0
[  111.724099][ T3183]  ? __ia32_sys_getdents+0x80/0x80
[  111.729054][ T3183]  ? ksys_getdents64+0x4c0/0x4c0
[  111.733822][ T3183]  ? __do_page_fault+0x725/0xbb0
[  111.738681][ T3183]  __x64_sys_getdents64+0x76/0x80
[  111.743539][ T3183]  do_syscall_64+0xca/0x1c0
[  111.747882][ T3183]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  111.753616][ T3183] RIP: 0033:0x7f3daad79c33
[  111.757856][ T3183] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 02 45 f8 ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 a8 ff ff ff f7 d8
[  111.777302][ T3183] RSP: 002b:00007ffc2f957b48 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9
[  111.785630][ T3183] RAX: ffffffffffffffda RBX: 0000555555d264e0 RCX: 00007f3daad79c33
[  111.793440][ T3183] RDX: 0000000000008000 RSI: 0000555555d264e0 RDI: 0000000000000005
[  111.801258][ T3183] RBP: 0000555555d264b4 R08: 0000000000000000 R09: 0000000000000000
[  111.809060][ T3183] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffa8
[  111.816874][ T3183] R13: 0000000000000010 R14: 0000555555d264b0 R15: 00007ffc2f959e20
[  111.825263][ T3183] attempt to access beyond end of device
[  111.825263][ T3183] loop1: rw=524288, want=45072, limit=40427
[  111.840608][ T3183] attempt to access beyond end of device
[  111.840608][ T3183] loop1: rw=0, want=45072, limit=40427
[  111.859174][ T3522] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option
[  111.897378][ T3183] attempt to access beyond end of device
[  111.897378][ T3183] loop1: rw=2049, want=45104, limit=40427
[  111.909552][ T3522] EXT4-fs (loop3): mounted filesystem without journal. Opts: sysvgroups,usrjquota=,errors=remount-ro,norecovery,bsddf,nomblk_io_submit,grpquota,barrier=0xfffffffffffffffe,user_xattr,jqfmt=vfsold,
[  111.962694][ T3522] EXT4-fs error (device loop3): ext4_map_blocks:617: inode #15: block 1803188595: comm syz.3.839: lblock 0 mapped to illegal pblock 1803188595 (length 1)
[  111.978375][ T3522] EXT4-fs (loop3): Remounting filesystem read-only
[  111.987009][  T124] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  112.147789][    T5] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  112.357106][  T124] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  112.368107][  T124] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  112.381008][  T124] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  112.389986][    T5] usb 3-1: Using ep0 maxpacket: 32
[  112.395045][  T124] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  112.408695][  T124] usb 1-1: config 0 descriptor??
[  112.414427][ T3534] bridge0: port 1(bridge_slave_0) entered blocking state
[  112.421545][ T3534] bridge0: port 1(bridge_slave_0) entered disabled state
[  112.429355][ T3534] device bridge_slave_0 entered promiscuous mode
[  112.436378][ T3534] bridge0: port 2(bridge_slave_1) entered blocking state
[  112.443768][ T3534] bridge0: port 2(bridge_slave_1) entered disabled state
[  112.453727][ T3534] device bridge_slave_1 entered promiscuous mode
[  112.507144][    T5] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  112.526798][    T5] usb 3-1: New USB device found, idVendor=0421, idProduct=04d8, bcdDevice=6a.33
[  112.541325][ T3534] bridge0: port 2(bridge_slave_1) entered blocking state
[  112.548239][ T3534] bridge0: port 2(bridge_slave_1) entered forwarding state
[  112.555299][ T3534] bridge0: port 1(bridge_slave_0) entered blocking state
[  112.562080][ T3534] bridge0: port 1(bridge_slave_0) entered forwarding state
[  112.569854][    T5] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  112.578818][    T5] usb 3-1: config 0 descriptor??
[  112.612552][ T2668] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  112.621246][ T2668] bridge0: port 1(bridge_slave_0) entered disabled state
[  112.629205][    T5] rndis_host 3-1:0.0: skipping garbage
[  112.636140][    T5] usb 3-1: bad CDC descriptors
[  112.642237][    T5] cdc_acm 3-1:0.0: skipping garbage
[  112.651605][ T2668] bridge0: port 2(bridge_slave_1) entered disabled state
[  112.688022][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  112.696114][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  112.702978][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  112.720561][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  112.728826][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  112.736098][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  112.753976][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  112.762094][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  112.825544][ T3539] 9pnet: p9_fd_create_unix (3539): address too long: ./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  112.881394][  T121] usb 3-1: USB disconnect, device number 17
[  112.930353][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  112.990105][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  113.013791][   T23] audit: type=1400 audit(112.991:405): avc:  denied  { lock } for  pid=3540 comm="syz.3.844" path="socket:[31341]" dev="sockfs" ino=31341 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  113.015369][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  113.055781][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  113.065280][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  113.123033][ T3550] netlink: 8 bytes leftover after parsing attributes in process `syz.3.848'.
[  113.146338][ T3550] EXT4-fs (loop3): barriers disabled
[  113.151874][ T3550] JBD2: no valid journal superblock found
[  113.158426][ T3550] EXT4-fs (loop3): error loading journal
[  113.192651][ T3552] bridge0: port 1(bridge_slave_0) entered blocking state
[  113.199973][ T3552] bridge0: port 1(bridge_slave_0) entered disabled state
[  113.207337][ T3552] device bridge_slave_0 entered promiscuous mode
[  113.214280][ T3552] bridge0: port 2(bridge_slave_1) entered blocking state
[  113.221212][ T3552] bridge0: port 2(bridge_slave_1) entered disabled state
[  113.228383][ T3552] device bridge_slave_1 entered promiscuous mode
[  113.293901][ T3552] bridge0: port 2(bridge_slave_1) entered blocking state
[  113.300761][ T3552] bridge0: port 2(bridge_slave_1) entered forwarding state
[  113.307873][ T3552] bridge0: port 1(bridge_slave_0) entered blocking state
[  113.314889][ T3552] bridge0: port 1(bridge_slave_0) entered forwarding state
[  113.340098][ T2668] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  113.348264][ T2668] bridge0: port 1(bridge_slave_0) entered disabled state
[  113.355604][ T2668] bridge0: port 2(bridge_slave_1) entered disabled state
[  113.365760][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  113.373814][   T74] bridge0: port 1(bridge_slave_0) entered blocking state
[  113.380705][   T74] bridge0: port 1(bridge_slave_0) entered forwarding state
[  113.398370][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  113.406382][   T74] bridge0: port 2(bridge_slave_1) entered blocking state
[  113.413228][   T74] bridge0: port 2(bridge_slave_1) entered forwarding state
[  113.420675][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  113.428870][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  113.448284][  T121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  113.458791][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  113.473142][  T121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  113.497935][  T121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  113.509068][  T121] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  113.937159][  T121] usb 5-1: new low-speed USB device number 27 using dummy_hcd
[  113.956626][ T3571] netlink: 'syz.1.853': attribute type 4 has an invalid length.
[  113.967652][ T3571] netlink: 'syz.1.853': attribute type 4 has an invalid length.
[  114.176967][  T121] usb 5-1: Invalid ep0 maxpacket: 64
[  114.247067][   T74] usb 2-1: new full-speed USB device number 25 using dummy_hcd
[  114.320616][ T3584] overlayfs: failed to create directory ./bus/work (errno: 126); mounting read-only
[  114.330016][  T121] usb 5-1: new low-speed USB device number 28 using dummy_hcd
[  114.407011][  T124] usbhid 1-1:0.0: can't add hid device: -71
[  114.412842][  T124] usbhid: probe of 1-1:0.0 failed with error -71
[  114.422883][  T124] usb 1-1: USB disconnect, device number 17
[  114.491827][ T3593] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=3593 comm=syz.2.860
[  114.527416][ T3593] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3593 comm=syz.2.860
[  114.546973][   T74] usb 2-1: device descriptor read/64, error 18
[  114.576935][  T121] usb 5-1: Invalid ep0 maxpacket: 64
[  114.582215][  T121] usb usb5-port1: attempt power cycle
[  114.588414][ T3600] FAT-fs (loop3): Directory bread(block 1285) failed
[  114.698974][ T3597] F2FS-fs (loop0): Wrong secs_per_zone / total_sections (67108865, 24)
[  114.707580][ T3597] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[  114.718186][ T3597] F2FS-fs (loop0): invalid crc value
[  114.724964][ T3597] F2FS-fs (loop0): Found nat_bits in checkpoint
[  114.750069][ T3597] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0
[  114.757518][ T3597] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  114.777956][ T3237] attempt to access beyond end of device
[  114.777956][ T3237] loop0: rw=2049, want=45104, limit=40427
[  114.936944][   T74] usb 2-1: device descriptor read/64, error 18
[  115.006968][  T121] usb 5-1: new low-speed USB device number 29 using dummy_hcd
[  115.028784][ T3615] EXT4-fs (loop0): mounted filesystem without journal. Opts: acl,,errors=continue
[  115.044145][   T23] audit: type=1400 audit(115.021:406): avc:  denied  { create } for  pid=3614 comm="syz.0.865" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=chr_file permissive=1
[  115.064537][   T23] audit: type=1400 audit(115.031:407): avc:  denied  { write } for  pid=3614 comm="syz.0.865" name="bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=chr_file permissive=1
[  115.085904][   T23] audit: type=1400 audit(115.031:408): avc:  denied  { open } for  pid=3614 comm="syz.0.865" path="/root/syzkaller.3BeZqH/17/bus/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=chr_file permissive=1
[  115.109555][  T121] usb 5-1: Invalid ep0 maxpacket: 64
[  115.207084][   T74] usb 2-1: new full-speed USB device number 26 using dummy_hcd
[  115.250500][ T3623] EXT4-fs (loop0): Ignoring removed bh option
[  115.257018][  T121] usb 5-1: new low-speed USB device number 30 using dummy_hcd
[  115.265987][ T3623] EXT4-fs error (device loop0): __ext4_iget:5217: inode #15: block 1803188595: comm syz.0.867: invalid block
[  115.277827][ T3623] EXT4-fs error (device loop0): ext4_orphan_get:1240: comm syz.0.867: couldn't read orphan inode 15 (err -117)
[  115.289855][ T3623] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue
[  115.347096][  T121] usb 5-1: Invalid ep0 maxpacket: 64
[  115.352319][  T121] usb usb5-port1: unable to enumerate USB device
[  115.507869][   T74] usb 2-1: device descriptor read/64, error 18
[  115.786940][  T121] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  115.906982][   T74] usb 2-1: device descriptor read/64, error 18
[  116.027012][   T74] usb usb2-port1: attempt power cycle
[  116.056942][  T121] usb 4-1: device descriptor read/64, error 18
[  116.132995][ T3637] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2
[  116.146146][ T3637] EXT4-fs (loop0): 1 truncate cleaned up
[  116.151897][ T3637] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,usrjquota=,min_batch_time=0x0000000000000001,noload,data_err=ignore,usrjquota="init_itable=0x0000000000000601,init_itable=0x0000000000000101,max_dir_size_kb=0x0000000000000003,,errors=continue
[  116.354373][ T3645] EXT4-fs error (device loop0): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 227 vs 220 free clusters
[  116.446975][   T74] usb 2-1: new full-speed USB device number 27 using dummy_hcd
[  116.446987][  T121] usb 4-1: device descriptor read/64, error 18
[  116.637030][   T74] usb 2-1: device descriptor read/8, error -61
[  116.726950][  T121] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  116.758165][ T3649] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  116.765771][ T3649] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  116.777915][ T3649] F2FS-fs (loop4): Found nat_bits in checkpoint
[  116.799816][ T3649] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  116.811905][ T3649] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  116.818936][ T3649] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  116.907103][   T74] usb 2-1: device descriptor read/8, error -61
[  116.996962][  T121] usb 4-1: device descriptor read/64, error 18
[  117.098927][ T3669] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  117.109869][ T3669] EXT4-fs (loop4): group descriptors corrupted!
[  117.386951][  T121] usb 4-1: device descriptor read/64, error 18
[  117.507005][  T121] usb usb4-port1: attempt power cycle
[  117.916991][  T121] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  118.059300][ T3702] FAT-fs (loop0): Unrecognized mount option "s`ortname=lowewin95" or missing value
[  118.137015][  T121] usb 4-1: device descriptor read/8, error -61
[  118.467294][  T121] usb 4-1: device descriptor read/8, error -61
[  118.538583][ T3712] EXT4-fs (loop0): Unsupported blocksize for fs encryption
[  118.554712][ T3716] EXT4-fs (loop1): orphan cleanup on readonly fs
[  118.561161][ T3716] EXT4-fs error (device loop1): ext4_orphan_get:1260: comm syz.1.885: bad orphan inode 256
[  118.571562][ T3716] EXT4-fs (loop1): mounted filesystem without journal. Opts: resuid=0x0000000000000000,,errors=continue
[  118.689327][ T3726] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 1, start 00000001)
[  118.766969][ T3729] 9pnet: Insufficient options for proto=fd
[  118.773089][ T3729] 9pnet: Insufficient options for proto=fd
[  118.993262][ T3724] F2FS-fs (loop2): invalid crc value
[  119.005712][ T3724] F2FS-fs (loop2): Found nat_bits in checkpoint
[  119.051669][ T3724] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  119.367032][  T732] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  119.616947][  T732] usb 2-1: Using ep0 maxpacket: 32
[  119.777010][  T732] usb 2-1: unable to read config index 0 descriptor/start: -61
[  119.784559][  T732] usb 2-1: can't read configurations, error -61
[  119.868940][ T3771] EXT4-fs (loop4): mounted filesystem without journal. Opts: journal_dev=0x0000000000000000,nouid32,,errors=continue
[  119.914863][   T23] audit: type=1400 audit(119.891:409): avc:  denied  { write } for  pid=3784 comm="syz.0.908" path="socket:[33365]" dev="sockfs" ino=33365 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  119.937815][  T732] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  119.949975][   T23] audit: type=1400 audit(119.931:410): avc:  denied  { setopt } for  pid=3786 comm="syz.0.909" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  120.000844][   T23] audit: type=1400 audit(119.961:411): avc:  denied  { rename } for  pid=3770 comm="syz.4.903" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop4" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  120.125001][   T23] audit: type=1400 audit(120.101:412): avc:  denied  { setattr } for  pid=3806 comm="syz.4.913" path="socket:[34339]" dev="sockfs" ino=34339 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  120.148397][   T23] audit: type=1400 audit(120.121:413): avc:  denied  { mounton } for  pid=3811 comm="syz.2.914" path="/proc/3811/task" dev="proc" ino=33395 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  120.186975][  T732] usb 2-1: Using ep0 maxpacket: 32
[  120.208050][ T3827] EXT4-fs (loop4): fragment/cluster size (2048) != block size (1024)
[  120.331647][ T3836] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[  120.347109][  T732] usb 2-1: unable to read config index 0 descriptor/start: -61
[  120.356837][  T732] usb 2-1: can't read configurations, error -61
[  120.368116][  T732] usb usb2-port1: attempt power cycle
[  120.412174][ T3841] input: syz0 as /devices/virtual/input/input12
[  120.449459][ T3832] F2FS-fs (loop2): invalid crc value
[  120.456213][ T3832] F2FS-fs (loop2): Found nat_bits in checkpoint
[  120.471569][   T23] audit: type=1400 audit(120.451:414): avc:  denied  { mount } for  pid=3840 comm="syz.4.922" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[  120.496561][ T3832] F2FS-fs (loop2): Cannot turn on quotas: -2 on 1
[  120.503442][ T3832] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  120.513472][   T23] audit: type=1400 audit(120.491:415): avc:  denied  { setattr } for  pid=3831 comm="syz.2.920" name="file1" dev="loop2" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[  120.777002][  T732] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  120.796983][  T121] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  120.866997][  T732] usb 2-1: Using ep0 maxpacket: 32
[  120.910948][   T23] audit: type=1400 audit(120.891:416): avc:  denied  { create } for  pid=3853 comm="syz.3.924" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  120.930725][   T23] audit: type=1400 audit(120.891:417): avc:  denied  { setopt } for  pid=3853 comm="syz.3.924" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  120.950366][   T23] audit: type=1400 audit(120.921:418): avc:  denied  { execmem } for  pid=3853 comm="syz.3.924" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  121.027084][  T732] usb 2-1: unable to read config index 0 descriptor/start: -61
[  121.034935][  T732] usb 2-1: can't read configurations, error -61
[  121.239300][ T3861] fuse: Invalid rootmode
[  121.317030][  T121] usb 3-1: New USB device found, idVendor=5bd3, idProduct=317c, bcdDevice= 4.5e
[  121.325942][  T121] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  121.334745][  T121] usb 3-1: config 0 descriptor??
[  121.349769][  T732] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  121.377569][  T121] usb 3-1: bad CDC descriptors
[  121.447157][  T732] usb 2-1: Using ep0 maxpacket: 32
[  121.516947][   T74] usb 5-1: new full-speed USB device number 31 using dummy_hcd
[  121.607031][  T732] usb 2-1: unable to read config index 0 descriptor/start: -61
[  121.614556][  T732] usb 2-1: can't read configurations, error -61
[  121.620763][  T732] usb usb2-port1: unable to enumerate USB device
[  121.629521][    T5] usb 3-1: USB disconnect, device number 18
[  121.786955][   T74] usb 5-1: device descriptor read/64, error 18
[  122.106939][    T5] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  122.143402][ T1111] attempt to access beyond end of device
[  122.143402][ T1111] loop2: rw=2049, want=45104, limit=40427
[  122.176917][   T74] usb 5-1: device descriptor read/64, error 18
[  122.546951][   T74] usb 5-1: new full-speed USB device number 32 using dummy_hcd
[  122.547020][    T5] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  122.563153][    T5] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  122.573135][    T5] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  122.581908][    T5] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  122.716991][    T5] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  122.725875][    T5] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  122.733893][    T5] usb 4-1: Product: syz
[  122.737960][    T5] usb 4-1: Manufacturer: syz
[  122.816961][   T74] usb 5-1: device descriptor read/64, error 18
[  122.966776][ T3905] netlink: 'syz.1.937': attribute type 6 has an invalid length.
[  123.017227][    T5] cdc_wdm: probe of 4-1:1.0 failed with error -22
[  123.024438][    T5] usb 4-1: USB disconnect, device number 17
[  123.144500][   T23] audit: type=1400 audit(123.121:419): avc:  denied  { mounton } for  pid=3912 comm="syz.0.940" path="/root/syzkaller.3BeZqH/46/file0/file0" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[  123.206968][   T74] usb 5-1: device descriptor read/64, error 18
[  123.327033][   T74] usb usb5-port1: attempt power cycle
[  123.333850][ T3919] bridge0: port 1(bridge_slave_0) entered blocking state
[  123.340982][ T3919] bridge0: port 1(bridge_slave_0) entered disabled state
[  123.348953][ T3919] device bridge_slave_0 entered promiscuous mode
[  123.356035][ T3919] bridge0: port 2(bridge_slave_1) entered blocking state
[  123.363125][ T3919] bridge0: port 2(bridge_slave_1) entered disabled state
[  123.370460][ T3919] device bridge_slave_1 entered promiscuous mode
[  123.416494][ T3919] bridge0: port 2(bridge_slave_1) entered blocking state
[  123.423350][ T3919] bridge0: port 2(bridge_slave_1) entered forwarding state
[  123.430458][ T3919] bridge0: port 1(bridge_slave_0) entered blocking state
[  123.437327][ T3919] bridge0: port 1(bridge_slave_0) entered forwarding state
[  123.460218][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  123.468754][    T5] bridge0: port 1(bridge_slave_0) entered disabled state
[  123.476021][    T5] bridge0: port 2(bridge_slave_1) entered disabled state
[  123.486073][  T121] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  123.494276][  T121] bridge0: port 1(bridge_slave_0) entered blocking state
[  123.501122][  T121] bridge0: port 1(bridge_slave_0) entered forwarding state
[  123.518343][  T121] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  123.526419][  T121] bridge0: port 2(bridge_slave_1) entered blocking state
[  123.533278][  T121] bridge0: port 2(bridge_slave_1) entered forwarding state
[  123.548700][ T3929] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3929 comm=syz.3.946
[  123.561085][  T121] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  123.569347][  T121] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  123.587539][  T121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  123.595336][  T121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  123.617555][  T121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  123.625901][  T121] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  123.634948][  T121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  123.662944][   T23] audit: type=1400 audit(123.641:420): avc:  denied  { write } for  pid=3934 comm="syz.0.943" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  123.689533][   T23] audit: type=1400 audit(123.641:421): avc:  denied  { nlmsg_write } for  pid=3934 comm="syz.0.943" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  123.746992][   T74] usb 5-1: new full-speed USB device number 33 using dummy_hcd
[  123.748301][ T3935] EXT4-fs (loop0): Ignoring removed nobh option
[  123.760616][ T3935] EXT4-fs (loop0): Journaled quota options ignored when QUOTA feature is enabled
[  123.779568][ T3935] EXT4-fs (loop0): 1 orphan inode deleted
[  123.785178][ T3935] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,nodiscard,noquota,resuid=0x0000000000000000,errors=remount-ro,nobh,sysvgroups,delalloc,usrjquota=./file1,
[  123.916980][   T74] usb 5-1: device descriptor read/8, error -61
[  124.217025][   T74] usb 5-1: device descriptor read/8, error -61
[  124.601894][ T3976] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=60082 sclass=netlink_route_socket pid=3976 comm=syz.4.959
[  124.616676][ T3976] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3976 comm=syz.4.959
[  125.007100][   T74] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  125.097034][   T74] usb 5-1: Using ep0 maxpacket: 8
[  125.163093][ T3997] netlink: 8 bytes leftover after parsing attributes in process `syz.0.965'.
[  125.217095][   T74] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  125.227871][   T74] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  125.237522][   T74] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  125.254843][   T74] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  125.427172][   T74] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  125.439352][   T74] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  125.457751][   T74] usb 5-1: Product: syz
[  125.461810][   T74] usb 5-1: Manufacturer: syz
[  125.466260][   T74] usb 5-1: SerialNumber: syz
[  125.829151][ T4015] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[  125.829624][   T74] usb 5-1: USB disconnect, device number 34
[  125.839774][   T23] audit: type=1400 audit(125.821:422): avc:  denied  { execute } for  pid=4014 comm="syz.1.967" path="/root/syzkaller.7SdcuM/15/file0/bus" dev="devtmpfs" ino=9191 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  126.072979][ T4026] EXT4-fs error (device loop1): __ext4_get_inode_loc:4710: comm syz.1.967: Invalid inode table block 0 in block_group 0
[  126.085781][ T4026] EXT4-fs error (device loop1): __ext4_get_inode_loc:4710: comm syz.1.967: Invalid inode table block 0 in block_group 0
[  126.099516][ T4026] EXT4-fs error (device loop1): __ext4_get_inode_loc:4710: comm syz.1.967: Invalid inode table block 0 in block_group 0
[  126.112388][ T4026] EXT4-fs error (device loop1): __ext4_get_inode_loc:4710: comm syz.1.967: Invalid inode table block 0 in block_group 0
[  126.125951][ T4026] overlayfs: './file1' not a directory
[  126.137340][   T23] audit: type=1400 audit(126.101:423): avc:  denied  { mounton } for  pid=4014 comm="syz.1.967" path="/root/syzkaller.7SdcuM/15/file0/bus" dev="devtmpfs" ino=9191 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  126.161073][ T3534] EXT4-fs error (device loop1): __ext4_get_inode_loc:4710: comm syz-executor: Invalid inode table block 0 in block_group 0
[  126.175874][ T3534] EXT4-fs error (device loop1): __ext4_get_inode_loc:4710: comm syz-executor: Invalid inode table block 0 in block_group 0
[  126.197685][ T3534] EXT4-fs error (device loop1): __ext4_get_inode_loc:4710: comm syz-executor: Invalid inode table block 0 in block_group 0
[  126.210816][ T3534] EXT4-fs error (device loop1) in ext4_reserve_inode_write:6099: Corrupt filesystem
[  126.220517][  T378] EXT4-fs error (device loop1): __ext4_get_inode_loc:4710: comm kworker/u4:3: Invalid inode table block 0 in block_group 0
[  126.226934][   T13] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  126.350994][ T4034] bridge0: port 1(bridge_slave_0) entered blocking state
[  126.359700][ T4034] bridge0: port 1(bridge_slave_0) entered disabled state
[  126.367177][ T4034] device bridge_slave_0 entered promiscuous mode
[  126.368426][ T4033] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e000e01c, mo2=0002]
[  126.374238][ T4034] bridge0: port 2(bridge_slave_1) entered blocking state
[  126.388109][ T4034] bridge0: port 2(bridge_slave_1) entered disabled state
[  126.388175][ T4033] System zones: 0-1, 3-12
[  126.395485][ T4034] device bridge_slave_1 entered promiscuous mode
[  126.399744][ T4033] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[  126.456175][ T4034] bridge0: port 2(bridge_slave_1) entered blocking state
[  126.463019][ T4034] bridge0: port 2(bridge_slave_1) entered forwarding state
[  126.470178][ T4034] bridge0: port 1(bridge_slave_0) entered blocking state
[  126.476999][ T4034] bridge0: port 1(bridge_slave_0) entered forwarding state
[  126.500272][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  126.508030][   T74] bridge0: port 1(bridge_slave_0) entered disabled state
[  126.515213][   T74] bridge0: port 2(bridge_slave_1) entered disabled state
[  126.529413][ T2668] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  126.537711][ T2668] bridge0: port 1(bridge_slave_0) entered blocking state
[  126.544540][ T2668] bridge0: port 1(bridge_slave_0) entered forwarding state
[  126.555544][ T3647] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  126.564954][ T3647] bridge0: port 2(bridge_slave_1) entered blocking state
[  126.571796][ T3647] bridge0: port 2(bridge_slave_1) entered forwarding state
[  126.580801][ T4042] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[  126.594604][ T3647] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  126.627008][   T13] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  126.642037][   T13] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  126.652200][   T13] usb 4-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00
[  126.661160][   T13] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  126.670470][   T13] usb 4-1: config 0 descriptor??
[  126.675429][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  126.689057][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  126.703602][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  126.717679][   T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  126.731527][  T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  126.743355][ T3647] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  126.797142][    T7] device bridge_slave_1 left promiscuous mode
[  126.803264][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[  126.811044][    T7] device bridge_slave_0 left promiscuous mode
[  126.817140][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[  126.877071][ T2668] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  127.129373][   T13] sony 0003:054C:024B.0012: hiddev96,hidraw0: USB HID v0.00 Device [HID 054c:024b] on usb-dummy_hcd.3-1/input0
[  127.141015][   T13] sony 0003:054C:024B.0012: failed to claim input
[  127.247300][ T2668] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  127.385191][ T4062] netlink: 20 bytes leftover after parsing attributes in process `syz.2.982'.
[  127.407151][ T2668] usb 5-1: New USB device found, idVendor=468c, idProduct=90ea, bcdDevice=99.6d
[  127.415991][ T2668] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  127.425362][ T2668] usb 5-1: Product: syz
[  127.430158][ T2668] usb 5-1: Manufacturer: syz
[  127.434561][ T2668] usb 5-1: SerialNumber: syz
[  127.439880][ T2668] usb 5-1: config 0 descriptor??
[  127.479958][ T4066] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  127.485601][ T2668] uvcvideo: Found UVC 0.00 device syz (468c:90ea)
[  127.495180][ T2668] uvcvideo: No valid video chain found.
[  127.529461][ T4066] EXT4-fs error (device loop2): __ext4_get_inode_loc:4710: comm syz.2.984: Invalid inode table block 0 in block_group 0
[  127.542757][ T4066] EXT4-fs error (device loop2): __ext4_get_inode_loc:4710: comm syz.2.984: Invalid inode table block 0 in block_group 0
[  127.555797][ T4066] EXT4-fs error (device loop2): __ext4_get_inode_loc:4710: comm syz.2.984: Invalid inode table block 0 in block_group 0
[  127.570431][ T4066] EXT4-fs error (device loop2): __ext4_get_inode_loc:4710: comm syz.2.984: Invalid inode table block 0 in block_group 0
[  127.584265][ T4066] overlayfs: './file1' not a directory
[  127.593462][ T1111] EXT4-fs error (device loop2): __ext4_get_inode_loc:4710: comm syz-executor: Invalid inode table block 0 in block_group 0
[  127.606845][ T1111] EXT4-fs error (device loop2): __ext4_get_inode_loc:4710: comm syz-executor: Invalid inode table block 0 in block_group 0
[  127.648403][ T1111] EXT4-fs error (device loop2): __ext4_get_inode_loc:4710: comm syz-executor: Invalid inode table block 0 in block_group 0
[  127.661437][ T1111] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6099: Corrupt filesystem
[  127.671459][    T7] EXT4-fs error (device loop2): __ext4_get_inode_loc:4710: comm kworker/u4:0: Invalid inode table block 0 in block_group 0
[  127.680076][  T121] usb 5-1: USB disconnect, device number 35
[  127.824471][ T4077] bridge0: port 1(bridge_slave_0) entered blocking state
[  127.831418][ T4077] bridge0: port 1(bridge_slave_0) entered disabled state
[  127.838598][ T4077] device bridge_slave_0 entered promiscuous mode
[  127.845390][ T4077] bridge0: port 2(bridge_slave_1) entered blocking state
[  127.852404][ T4077] bridge0: port 2(bridge_slave_1) entered disabled state
[  127.859627][ T4077] device bridge_slave_1 entered promiscuous mode
[  127.904158][ T4077] bridge0: port 2(bridge_slave_1) entered blocking state
[  127.911003][ T4077] bridge0: port 2(bridge_slave_1) entered forwarding state
[  127.916936][   T74] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  127.918154][ T4077] bridge0: port 1(bridge_slave_0) entered blocking state
[  127.932270][ T4077] bridge0: port 1(bridge_slave_0) entered forwarding state
[  127.955332][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  127.963208][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  127.971735][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  127.983275][  T121] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  127.992958][  T121] bridge0: port 1(bridge_slave_0) entered blocking state
[  128.000016][  T121] bridge0: port 1(bridge_slave_0) entered forwarding state
[  128.012101][   T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  128.020575][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  128.027565][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  128.047665][  T386] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  128.055537][  T386] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  128.066136][  T121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  128.084330][  T386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  128.092502][  T386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  128.104293][  T121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  128.114369][ T2668] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  128.188534][   T74] usb 2-1: Using ep0 maxpacket: 16
[  128.200609][ T3552] EXT4-fs error (device loop4): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  128.216639][ T3552] EXT4-fs error (device loop4): __ext4_iget:5217: inode #13: block 127754: comm syz-executor: invalid block
[  128.228402][ T3552] EXT4-fs error (device loop4): __ext4_iget:5217: inode #13: block 127754: comm syz-executor: invalid block
[  128.279668][ T4044] ------------[ cut here ]------------
[  128.284929][ T4044] kernel BUG at fs/buffer.c:3027!
[  128.289950][ T4044] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[  128.295838][ T4044] CPU: 0 PID: 4044 Comm: kmmpd-loop4 Not tainted 5.4.276-syzkaller-00020-g4275fce9fe94 #0
[  128.305549][ T4044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  128.315463][ T4044] RIP: 0010:submit_bh_wbc+0x831/0x850
[  128.320661][ T4044] Code: 10 80 e1 07 80 c1 03 38 c1 0f 8c 14 fe ff ff 48 8b 7c 24 10 e8 00 8d ea ff e9 05 fe ff ff e8 e6 a7 ba ff 0f 0b e8 df a7 ba ff <0f> 0b e8 d8 a7 ba ff 0f 0b e8 d1 a7 ba ff 0f 0b e8 ca a7 ba ff 0f
[  128.340329][ T4044] RSP: 0018:ffff8881e9a6fbf0 EFLAGS: 00010293
[  128.346314][ T4044] RAX: ffffffff81a99121 RBX: 0000000000000000 RCX: ffff8881dc19ee40
[  128.354184][ T4044] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  128.362031][ T4044] RBP: 0000000000003800 R08: ffffffff81a98994 R09: ffffed103b1c8966
[  128.369838][ T4044] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[  128.377648][ T4044] R13: ffff8881d8e44b28 R14: 0000000000000001 R15: 0000000000000000
[  128.385572][ T4044] FS:  0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  128.394338][ T4044] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  128.400769][ T4044] CR2: 00007f1908fa4d58 CR3: 00000001d9dfd000 CR4: 00000000003406b0
[  128.408572][ T4044] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  128.416467][ T4044] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  128.424276][ T4044] Call Trace:
[  128.427426][ T4044]  ? __die+0xb4/0x100
[  128.431224][ T4044]  ? die+0x26/0x50
[  128.434877][ T4044]  ? do_trap+0x1e7/0x340
[  128.438953][ T4044]  ? submit_bh_wbc+0x831/0x850
[  128.443635][ T4044]  ? submit_bh_wbc+0x831/0x850
[  128.448243][ T4044]  ? do_invalid_op+0xfb/0x110
[  128.452746][ T4044]  ? submit_bh_wbc+0x831/0x850
[  128.457436][ T4044]  ? invalid_op+0x1e/0x30
[  128.461602][ T4044]  ? submit_bh_wbc+0xa4/0x850
[  128.466207][ T4044]  ? submit_bh_wbc+0x831/0x850
[  128.470801][ T4044]  ? submit_bh_wbc+0x831/0x850
[  128.475421][ T4044]  ? debug_smp_processor_id+0x20/0x20
[  128.480621][ T4044]  submit_bh+0x21/0x30
[  128.484526][ T4044]  write_mmp_block+0x3ff/0x5b0
[  128.489118][ T4044]  ? console_conditional_schedule+0x10/0x10
[  128.494848][ T4044]  ? check_preemption_disabled+0x9f/0x320
[  128.500398][ T4044]  ? read_mmp_block+0x8a0/0x8a0
[  128.505178][ T4044]  kmmpd+0x7de/0xa10
[  128.508913][ T4044]  ? write_mmp_block+0x5b0/0x5b0
[  128.513682][ T4044]  ? __wake_up_locked+0xb7/0x110
[  128.518458][ T4044]  ? __kthread_parkme+0xb0/0x1b0
[  128.523233][ T4044]  kthread+0x2da/0x360
SYZFAIL: failed to recv rpc
fd=3 want=4 sent=0 n=0 (errno 9: Bad file descriptor)
[  128.527137][ T4044]  ? write_mmp_block+