last executing test programs:

26.03456497s ago: executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x3ffffffffffffda, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="180000dd3d58c0b09707e9901428ae1a6730a6003346aec00bae37138956c90294c73eef91d912aa917e2c4dc7710ad916c70529db2ed29467056da0231fbb4b88320ae984855728e816", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000080850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x15)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000001880), 0x2, 0x0)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast2, 0xff}, 0x1c)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}, 0x1c)
ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000016c0), 0x2, 0x0)
dup3(r5, r2, 0x0)

25.989117428s ago: executing program 0:
syz_usb_connect$hid(0x2, 0x3f, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1b96, 0xa, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x5, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}, {{}, [{}]}}}]}}]}}, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x80002, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x9}, 0x1c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_emit_ethernet(0x83, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030086dd601b8b97004d88c19edace00000000000000002100000002ff02000000000000000000000000000104004e20"], 0x0)
r1 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_INIT(r1, 0x29, 0xc8, &(0x7f0000000340), 0x4)
setsockopt$MRT6_ADD_MIF(r1, 0x29, 0xca, &(0x7f0000000040)={0x0, 0x1}, 0xc)
setsockopt$MRT6_ADD_MFC_PROXY(r1, 0x29, 0xd2, &(0x7f00000001c0)={{0xa, 0x0, 0x0, @empty}, {0xa, 0x0, 0x0, @mcast1}, 0x0, {[0x0, 0x9]}}, 0x5c)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
r3 = accept$inet(r2, &(0x7f0000000040)={0x2, 0x0, @private}, &(0x7f0000000080)=0x10)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r3, 0x89f8, &(0x7f00000002c0)={'gretap0\x00', &(0x7f0000000280)={'gretap0\x00', 0x0, 0x8000, 0x8, 0x101, 0x400, {{0x8, 0x4, 0x3, 0x1b, 0x20, 0x68, 0x0, 0x40, 0x0, 0x0, @multicast2, @loopback, {[@generic={0x44, 0xb, "baf181095438a37fed"}]}}}}})
r4 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10)
sendmmsg$inet(r4, &(0x7f0000005240), 0x4000095, 0x0)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(r4, 0x0, 0x4, 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000040)={'ip6tnl0\x00', &(0x7f0000000100)={'ip6gre0\x00', <r5=>0x0, 0x2f, 0x72, 0x3e, 0xd234, 0x24, @mcast2, @empty, 0x7, 0x700, 0x401, 0x1}})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000080)={0x30, 0x10, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @fd=r7}, @typed={0x8, 0x0, 0x0, 0x0, @fd}, @nested={0xd, 0x2b, 0x0, 0x1, [@typed={0x8, 0x3, 0x0, 0x0, @uid}, @generic="f2"]}]}, 0x30}], 0x1}, 0x0)
sendmsg$nl_generic(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0010003a00070300000000000000000300000008005120", @ANYRES32=0x0, @ANYBLOB], 0x1c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)=@ipmr_newroute={0x58, 0x18, 0x10, 0x70bd2b, 0x25dfdbfd, {0x80, 0x80, 0x20, 0x8, 0x0, 0x4, 0x35, 0xa}, [@RTA_MULTIPATH={0xc, 0x9, {0x1, 0x10, 0x1, r5}}, @RTA_SPORT={0x6, 0x1c, 0x4e22}, @RTA_PRIORITY={0x8, 0x6, 0x8001}, @RTA_OIF={0x8}, @RTA_OIF={0x8}, @RTA_UID={0x8}, @RTA_SRC={0x8, 0x2, @local}]}, 0x58}, 0x1, 0x0, 0x0, 0x10000000}, 0x0)
setsockopt$inet_mreqn(r3, 0x0, 0x23, &(0x7f00000001c0)={@remote, @loopback}, 0xc)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000004c0)={'veth0_virt_wifi\x00'})
sendmmsg$inet6(r2, &(0x7f0000001800)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x0)
ioctl$sock_TIOCINQ(r0, 0x541b, 0x0)
ptrace(0x10, 0x1)

11.841931184s ago: executing program 4:
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x4, 0x4}, 0x48)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001300)={<r1=>0xffffffffffffffff})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@bloom_filter={0x1e, 0x0, 0x2000003, 0x8, 0x0, 0x1}, 0x48)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b707000008000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = socket$inet6(0xa, 0x80803, 0x84)
setsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@local, @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x8}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@private1, 0x0, 0x33}, 0x0, @in6=@private1}}, 0xe8)
connect$inet6(r5, &(0x7f00000000c0), 0x1c)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000001c0)={r2, 0x0, 0x0}, 0x20)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r8, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000a40)={0x14}, 0x14}}, 0x0)
getsockname$packet(r8, &(0x7f0000000200)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r9, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x44, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10}}}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000009240)={&(0x7f0000002a40)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {0x0, 0x3}, {}, {0xb}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x14, 0x2, [@TCA_CGROUP_EMATCHES={0x10, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x7787}}, @TCA_EMATCH_TREE_LIST={0x4}]}]}}]}, 0x44}}, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x30, 0x10, 0x401, 0x0, 0x0, {0x0, 0x48, 0x600, r9}, [@IFLA_MTU={0x8, 0x4, 0x60}, @IFLA_TXQLEN={0x40, 0xd, 0x3}]}, 0x30}}, 0x0)
r10 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r10, 0x29, 0x20, &(0x7f0000000080)={@mcast1, 0x7, 0x2, 0x1}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000780)={{r0}, &(0x7f0000000700), &(0x7f0000000740)=r1}, 0x20)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000000008000000000000000008500000020000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000710000009500000000000000"], &(0x7f0000000080)='GPL\x00'}, 0x65)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r11, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xa5bc, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

11.666601131s ago: executing program 4:
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x0, 0xfff, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f0000000240)={'fscrypt:', @desc3}, &(0x7f00000002c0)={0x0, "615a091a55a8c9a640115d99d981b3886420589c6685d4982a83b71b906769e737201ac6b7a7804454156569cbf3a5be811debc957b5831b89b59d703e748c7c", 0x25}, 0x48, 0xffffffffffffffff)
bind$unix(0xffffffffffffffff, &(0x7f00000001c0)=@abs={0xa, 0x2}, 0x18)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x2008002, &(0x7f0000000080), 0x1, 0x53d, &(0x7f0000000a80)="$eJzs3c9vHFcdAPDvjH82TesEeoAKSIBCQFF2400bVb20uYBQVQlRcUAcUmNvLJNdr/GuS20s4f4NIIHECf4EDkgckHriwI0jEgeEVA5IASxQjATSopkdO1t7TZbsepd6Px9pMvPmzcz3vWxm39u3m3kBTKyrEbEXEbMR8VZELBT7k2KJ1zpLdtzD/d3lg/3d5STa7Tf/muT52b7oOifzdHHN+Yj42pcjvpWcjNvc3rm/VKtVN4t0uVXfKDe3d26s1ZdWq6vV9Url9uLtmy/feqkytLpeqf/8wZfWXv/6r375yfd/u/fF72XFuljkdddjmDpVnzmKk5mOiNfPItgYTBXr2TGXgyeTRsRHIuIz+f2/EFP5v04A4DxrtxeivdCdBgDOuzQfA0vSUkSkadEJKHXG8J6LC2mt0Wxdv9fYWl/pjJVdipn03lqtevPy3O+/kx88k2TpxTwvz8/TlWPpWxFxOSJ+OPdUni4tN2or4+nyAMDEe7q7/Y+If8ylaanU16k9vtUDAD405sddAABg5LT/ADB5tP8AMHn6aP+LL/v3zrwsAMBo+PwPAJNH+w8Ak0f7DwAT5atvvJEt7YPi+dcrb29v3W+8fWOl2rxfqm8tl5Ybmxul1UZjNX9mT/1x16s1GhuLL8bWO+VWtdkqN7d37tYbW+utu/lzve9WZ0ZSKwDgv7l85b3fJRGx98pT+RJdczloq+F8S8ddAGBspgY5WQcBPtTM9gWTq68mPO8k/ObMywKMR8+Hec/33PygH/8PQfzOCP6vXPt4/+P/5niG88X4P0yuJxv/f3Xo5QBGz/g/TK52Ozk+5//sURYAcC4N8BO+9veH1QkBxupxk3kP5ft/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOGcuRsS3I0lL+VzgafZnWipFPBMRl2ImubdWq96MiGfjSkTMzGXpxXEXGgAYUPrnpJj/69rCCxeP584m/5zL1xHx3Z+8+aN3llqtzcVs/9+O9s8dTh9WeXTeAPMKAgBDlrfflWLd9UH+4f7u8uEyyvI8uBP/LqYiXj7Y382XTs50ZDsj5vO+xIW/JzFdnDMfEc9HxNQQ4u+9GxEf61X/JB8buVTMfNodP4rYz4w0fvqB+Gme11lnna+PDqEsMGneuxMRr/W6/9K4mq973//z+TvU4B7c6Vzs8L3voCv+dBFpqkf87J6/2m+MF3/9lRM72wudvHcjnp/uFT85ip+cEv+FPuP/4ROf+sGrp+S1fxpxLXrH745VbtU3ys3tnRtr9aXV6mp1vVK5vXj75su3XqqU8zHq8uFI9Ul/eeX6s6eVLav/hVPiz/es/+zRuZ/rs/4/+9db3/z0o+Tc8fhf+Gzv1/+5nvE7sjbx833GX7rwi1On787ir5xS/8e9/tf7jP/+n3ZW+jwUABiB5vbO/aVarbo50Eb2KXQY1zmxkRWxv4MPu4uDBf1jnEUtnnBj5qz+Vs98Y/qorzjcK38ju+KIq5MOvRYDbTwcVazxvScBo/Hoph93SQAAAAAAAAAAAAAAgNOM4r8ujbuOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnF//CQAA//+zi8zo")
open(&(0x7f0000000180)='./bus\x00', 0x14d27e, 0x0)
creat(&(0x7f0000000080)='./file0\x00', 0x0)

11.559682558s ago: executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000a40)=ANY=[], 0x9)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000017b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000e00)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
pipe2$9p(0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='ext4_da_release_space\x00', r2}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)

11.524783773s ago: executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f0000000fc0)=@base={0xb, 0x5, 0x2, 0x4, 0xa80}, 0x48)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = gettid()
rt_sigqueueinfo(r1, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x1})
sendmsg$nl_route(r0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r2, &(0x7f0000000540)={&(0x7f0000000040), 0xc, &(0x7f0000000240)={&(0x7f0000000880)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
socketpair(0x1, 0x2, 0x0, &(0x7f0000000000))
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xe0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0xc9d7, 0x9, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r5, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r5, <r6=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r5, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r7}, 0x10)
mincore(&(0x7f0000ffd000/0x2000)=nil, 0x2000, &(0x7f0000000600)=""/204)
sendmsg$inet(r3, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000080)="3bfdd75fa5717852d59a9367444a2130e72cd4dabc8854532cca0c32a5b9f844a4610c7525650ce3d3b76b15026d93e6dee896115e9364066aa3d14e33ef732b4681335c576902153114bdb9c74b538a71115fb1d1a63d1b04129661b29aab89d0be999a6b7c9bea755adedbf305a79f70b71d3d4c98577b49db4963ce89b0def5e840f459659cb6f86d56b069a5de11d601d348ff88ca6e5e2cfe40176880b33e9e8dbc32ba2e6a99b1b50276dc4f06166000d7069a3cc76f", 0xb9}, {&(0x7f0000000180)="892950e2405ee8629d9384a90f16d1706a3e61f305119f95cac0f1927f4c205b971eb41147cb1f86883d6910e68ac3996551800b3ec64b77f8444b18345a2c8b178eeeba0cde7319a5a46bfe7f5770e019efd9d52069edcced33a758c4e657f3a792dc193a1911b4e82ea800ad7afe03c851a8", 0x73}, {&(0x7f0000000200)="a68cde0d56b170df7710b54f17d9a39c4f98f3547190", 0x20000216}, {&(0x7f0000000240)="45e04400f2b383517a08c397dd0a76e67ecfc8e74573c24dedd3a48fb62418c1412fdcd15e888cb0f5d02e77bfecefda6b064c0bb2b66a9a522e63873dde02330510255eec7dfa1af708cdab59fb71eca786a359a2c3b0cbad35144ec5b069c53f90e43339845dc7fd140c55b0149ab38eb27c140f374bcc2c95b0b121d1a9302f3a01b888243b3fc0d46f0de0", 0x8d}, {&(0x7f0000000300)="87fb74cf4d67adbbd062637f514c1f5eb18d7b442e6457a356c6cb1f71a43dfae773c8489cce5145f92615d4bdb13ef54d6ae90ec7733180fcf5adf3e13fdb05b57b748bd14eda042a97fdd84498304a504a0a159b972e8200c2d0f536a3465ec498ed12b924bd134057df36129d3ebe3dd3ce9f0671e5278143e4afa3d43f444681de1b5f9725fca34fa357fe2154981666fb9dc202fc17a0199eb1c25bdd1005e590e84783ee9894c888998dc25a83c14aeee31d114acfa0bcd235d571cd765f4b9259ba43e6fc30291d8a642146c4771898030b736aeee6b247abb0784b154e104e7dcda401f9b1736fea30a41a4153fe6a9a525bd0a3487571f914f05b590e242341ade289d8f5b842c6be4a93c2755dfd47174def782a2f8f61c068b5a012f02c0801601e860def788121e8808c01fed4c920a3698d0d684920918c95b17f76bbcb4f265c931d8f79560ff8114b70f4dd6791e2ed70cfeb89905791b88be26efe1c5c66b7b50b3d2be0dbc066dfc31618f9507f6f340b85a2f76a6dcac9d6ccc289ace5e5fecd25afe22ffa451f5e365ab33cc985f2e9d7f7fb1be4794740a94215d7db14b0ffcec19e5e3c5ae0d8578ef3b65d2a7a77a11e390a6c3a6b391061c886b961e3c2f42d62047bfe1356a44b840d3d956105f4c0fa95db08c4933f00de77cdc057c28b41fecfc8398c442be1ad065954f6c9dfeb2fd7207e8548a00a1d50bdf522d2abfdafd71723616a34830fbfa8fc81e0c2639cc12f363a4919b7a00ac8189dad3e7e54122a2ef430f623658d5e281c9a19442995bb9b0e3f7d13e3016b6f9523be196bf23bbcc5ec802f43ef8b651d688d9d5a44f35c9847e4c32bce3e9ebed2326adadc76f06a195db32c80b3090d7cd65c9d8518ba4e528c5eb5c7a1c5695b21595fa8a8621734bfda8afddd65e1f37a1990220a00fa9bd2c22b0117ceb08ae6af3c944c2eca924abfddad065d1472d0c3f742a49b1e78c669471873706ad157d831d7482b773f07b0673a6ce1e227a7a4d13744bf459434c0ab1c323a38b1a84cbf1ce9741f2b8fdcc2e073e56171603d035aacd83e71d5132831f4f1e8bf517979f132a33fd03783272e9b8c96dfa4e1d320a58d82acfc8d3d53a5a52daafe4dc8be08f4ad53e11cc21374b6ff4ff5ea2ecc5d3f7c057f74f0098e57d990090475cdaffdef0da917653ed10fb70b94b72e5b4d95cbea0fc1dd2579635ad6ab545ba4d7b6d2f5442bdb78beb6c8ed62942a439117025b4566b48d9f3a17fdf4577e8606a4bc4c26557e58312fd2d1a541ebec3e5ae28eef8b2ab0597083716dd12889335570ee7839530eee879d9b137606cd4dd7103991671b4464bb68529eb19fb7a8845e3491bfbac688a87cf0744f429ea112014402915c4c1f6bae08d689d3cb7d641d7befe8fc74a2242310a9a367a39531b4c86da5b39df524e52f33ff9c40b48cb196ffc9ca855b6e698ade8a83e52b9ddc5031ff09e1907e4f8b0d07e64e1fb8e427f8819a7be907aa216bf8e2a4c7cc87ed53bf9490d4cc788b91f3b9f705e984a7e62c7a495e8421b97c39dc954b35468f17c6682334f4e16308448f457faeffff6d1f818522fa441d3a48168bdb12ffebace436a3915b63076cb6a655718647f87eaaf313b5bbd430421eed3a2215e439600a56eac8c65291eb103326a8034662bd337ab51577d9110ec7151be5cc9c54b2a30891acac5ad006ed537dbeb8f16eecbde7cf4e71373faf3c36b772f6d7ea9346875c8cf1049d49d4f8eb01b946c11e8c8e3ab2015f282167acddcc77fff03e1be9134252af0abfe538b4d25fc4ff874b52b9fb0996b5f32b4141dbd30578ff46e13ef6c63fc1620f62cb11a3dce401993976c272a5f62fde3f2a0e654d19e7a39dcdb622b9526d2a15cc18e6f817c916a00775353dd9c8954e66d0445b59bb0f5e6e3b46447232f52a0e398b057d123ef503afcbd48544db6434d2025bfc8dab72262a4fa5426a03061e7f8966e0086ff8ab5a91ab59f19b830394ee8bc76d6fb4816b8f4cde35b7eb9d3811228d51c54828f97fd1e648196c81bc73ed56249a59f318704e84656a6cedd2b8c1e1808d1cc648749abc643131e494c01336d4a14b8609656f2c972dc23c5c2e43fe40119fb88b5ec2aade35c03646e347354c493de8ab3672ccf94af0df333c6678299129d79be0eec281c5b3858ce3995566a390b674635b356692e3e9c53a089638ba0d69e772b7b410a5ae03de12e7de755ee559e1707b7b8003aabc8e2ce03c01e3183ff2d93262f6d5ceaafecdae66bc7cb3952c5a6571d864d502f281db5a228695badca5d022fdb6da56ab15dc377d1c1f8581ff56e28c2b2a84edb629547d28275c2ed571103b4ca7cdeb0776ba9f9dffcd78d21c3d4caa9289ed199672f4e7b912068c49c817114c37d37ea03954bae87d1ddae3da2ad85feb2fbb735b75a51f7bee5c8d88cc7bf64700d1a46ec6b631ae22ac7b06730a86a26bdcb992e1c7b50142de96b14a8468e4514068a30896fc677fddefaebb125c693a8d460469c7fe535f844781940f66d6abd091191c3122d584f5b0f5b0d443713d7d5186124d73de28aca30b719d4a55e09d259bddbf16995aeb1000880890afbd24d4066b0398985a40999de22ce176348e1c1f57eaf75b92a1e4f1482e89a00ac2cc36b20e36af9ec310599c19a5b1d6f8fadba104c58c801c6633315f82ebfa88faddd0b693e2f827f586c1cc5538e93bcf10f81af6dd7ee727df3b5018c0b4e31e40d040a47503b6ace4d29a1162ce487351825255f5584aff7cbd421f85c3d9fbb3784abd9848f16028b68f0d32ed8bb80106e8cc4acb939ff88bd39976d166b2addebf628b3fcd056da2f60e1b90f7a32702954921908ebccb683622a1f574ceba6951bef5e751c338c8279318dc28e36b9fc2bb17c3ad08aceb00fc388e6db112a738f86a4a1eb11526e1b9d73250b326285ed47c4398d93a3933d9a784249b65ad7d78a1f81d96ef36493ed693045a2150a8eb43cecc0c93e7d20b15b39a0646b081c2923b816365b7fbb41683a41732d942c5aa12faf876ec7f036becde8f3295af6dacff38d076d8e06260fee167703bb610745374a2758a6b88e465ca77d1f3105ae8b6b04a1eb509fb178d6249dbbc84d5d1d069278449a89d03e4a9a395d8170c329a296cfc329798cb9b9f1078d098cf3f989fd4ec53e013fbe917df35292d44fb1f3da4da4432a1847d4721514ade8cda5e5c0b51183580fc35266a970ebba74faeda56d4dcb56df51f96ad237452cedbd0cb2bee112713c3d450835811bf3da9745136d428e148fd0932dc77c8d8e61a16c625241fad8425b4ece394eedd5f165bd94923bfa1172be8edc8a4fcaae5f77ee8cc510192b27964da09c3e84efb4bc7154da1a24da8b7e544b42278d2574687ec76143afa6cf193d52a2a7f4c20ee57b6056a1337d5e408117a6cf1ab49c8980f39597f69902085d3e8d374d44e6ab4ed1185a26be2bc7281e9cfbbeb6bed899aa1924d3faa06d95999fbeaf2337494e0c2c39eef5a73fcde84459a9ea48d4e015d9e5bb5839354967ce02f637bc8678d2595b9a918fc36b927d7501f0ac2e3471ce02b5df355689c87f191ef5390900a41deec29984e45a878ece964b0009aad561316fc3b30ce1b49266d32eb17cd30f3e17e1f59014e8c518940dd0a093d1349c1a7c2581963bbe0ba372b6426e81c33c71b2ec8141c5713e52a37fff0a417a5b259e1420d9fb6a731f5baa0cc494221947895aa8fa14745a986a366bff9d0c239a19f85372497565b5b703da16439019df5f3d29f4247fb528854c9648630f03e9dedde5a08a47728ea6a4d42e62eff6fa3bd402325e0f4387b60171c37c180f958ad80955779c899517e7ea76eed00598e01552eaaf08b723daf9d466e8c57af43a15a46528b1119f5074aa3c51f77357ebe158275bc06b89640d7ce3c0a03af01418d7dc6ae8a1be8ab08c1722d66d1e9277480b8b178447667c024f9b78f8a878a2d7cf8e83e5104f6964b2907a989abafc7d7d0df941abf3d7283b6a11d46c2911a42182ec27ab785d92946e1ee8ef44846d561850d2a98c305c382f36d4cfc9b2bfd3b86ef21a0d187adcafbec8268c7d662a34dda1c83c4967097743133bc8c587edf249f5668c34ddb112fa4eb1bea9c8f6a000f1f34428b54688a5e214a7919868b25dbe930e86a243ecf54afe0b518c647d04873d2cf62cb2ab27f00015537a4fd2ea3dc8777abdf3284622347016566da0b9c406ca8c40694e4013a53fbf2e803d51b0bbe5e9df5fc74f66be618856357ccf803c53ed0e3b3fe79f69f0ede9b565d8f7a8ce5aa8cbb4e8fa61be3fd00ffb07e45065498925c14c0b311942d4ed951ad6237aadb5405bc7b2d79e1fd295b7c2ed8efa883e44c86a5053e2f421c6d4dc0c47d3a05d911db37d6efdb8e50fb3f06139ac147bc7162c21aece79eaf72e9779f19eb5395cec3d15a7594ea70a6b373d98651d2215b210f037ea3f8a57ded74474f6fdb64a08b56af52168da70b30aee03472cd8bee5af04cad7303004a4aba464b99", 0xcb3}], 0x5, &(0x7f0000001480)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @private, @multicast1}}}], 0x20}, 0x0)
recvmsg$unix(r4, &(0x7f0000001140)={0x0, 0x0, &(0x7f0000001040)=[{&(0x7f00000015c0)=""/4096, 0x7ffff000}], 0x1}, 0x40000100)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1}, 0x48)
getegid()

10.632791362s ago: executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x2}, 0x48)
r2 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r2, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10)
openat$incfs(0xffffffffffffffff, &(0x7f00000002c0)='.log\x00', 0x10000, 0x84)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000001ac0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r3}, 0x10)
r4 = socket$packet(0x11, 0x4000000000002, 0x300)
setsockopt$packet_tx_ring(r4, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c)

10.589166499s ago: executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
rt_sigtimedwait(&(0x7f0000000040), 0x0, 0x0, 0x8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r1}, 0x10)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000090003206d0414c340000000000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0)
syz_usb_control_io$hid(r2, &(0x7f00000001c0)={0x24, &(0x7f0000000dc0)=ANY=[@ANYBLOB="00020c0000000c0002"], 0x0, 0x0, 0x0}, 0x0)
ptrace(0x10, 0x1)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000140)='mm_page_alloc\x00', r4}, 0x10)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
ioctl$KVM_SET_BOOT_CPU_ID(r3, 0xae41, 0x0)

1.851027442s ago: executing program 2:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='mm_page_alloc\x00', r0}, 0x10)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x800084}, 0x10}, 0x90)
ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001400)
ioctl$TUNSETOFFLOAD(r1, 0x40047451, 0x2000000c)

1.789360531s ago: executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x16, 0x0, 0x4, 0xffff, 0x0, 0x1}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001280)=[r2, r2]}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x4, 0x4, 0x3, 0x0, r2}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000024c0), &(0x7f0000001280), 0x2, r3}, 0x27)

1.787729892s ago: executing program 1:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
vmsplice(r1, 0x0, 0x0, 0x0)

1.776953583s ago: executing program 1:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000a40)=ANY=[], 0x9)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000017b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000e00)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
pipe2$9p(0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='ext4_da_release_space\x00'}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)

1.776260314s ago: executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000200000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000002380)={'batadv0\x00', <r1=>0x0})
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000002440)={&(0x7f0000002480)=ANY=[@ANYBLOB="9feb0100180000000000007b713e1b551a000c0000000c000000070000000000000b0100000000000000005dfafde7cc88fbf44c30e4c342b4af6d3ea194d6e8d12a"], &(0x7f0000002400)=""/55, 0x2b, 0x37, 0x1, 0x21}, 0x20)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x2d, 0x3ff, 0x8, 0x1, 0x977827f93137d2d4, r0, 0x1, '\x00', r1, r2, 0x5, 0x1, 0x80000003}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000088500000082"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000180)='sys_enter\x00', r5}, 0x10)
accept4$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r4}, 0x10)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0xfff, 0x7, 0x1004}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000007000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
timer_create(0x0, 0x0, &(0x7f0000000000))
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000002500)='xprtrdma_decode_seg\x00', r7}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1}, 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000002140)='/proc/schedstat\x00', 0x0, 0x0)
read$FUSE(r10, &(0x7f0000000080)={0x2020}, 0x2020)
preadv(r10, &(0x7f0000004440)=[{&(0x7f00000041c0)=""/191, 0xbf}], 0x1, 0x0, 0x0)
read$FUSE(r10, &(0x7f0000004480)={0x2020}, 0x2020)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000002340)={r10, 0x20, &(0x7f0000002100)={&(0x7f0000002180)=""/133, 0x85, <r11=>0x0, &(0x7f0000002240)=""/193, 0xc1}}, 0x10)
r12 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1a, 0x2033, &(0x7f0000000200)=ANY=[], &(0x7f00000020c0)='syzkaller\x00', 0x1000a84, 0x0, 0x0, 0x0, 0xb, '\x00', 0x0, 0x0, r10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r11, r9, 0x0, 0x0, 0x0, 0x0, 0x80}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000900)='mm_page_alloc\x00', r12}, 0x10)
bind$inet6(r10, &(0x7f00000023c0)={0xa, 0x4e23, 0x0, @mcast2}, 0x1c)
r13 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r13, 0x6, 0x4, &(0x7f0000000040)=0x200, 0x4)

1.764308305s ago: executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000080)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xb, 0x0, 0x10001, 0x8, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000002c7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
lchown(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r4}, 0x10)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x0)
getdents64(r5, 0x0, 0x0)

1.759844966s ago: executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000fc0)=@base={0xb, 0x5, 0x2, 0x4, 0xa80}, 0x48)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = gettid()
rt_sigqueueinfo(r1, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x1})
sendmsg$nl_route(r0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r2, &(0x7f0000000540)={&(0x7f0000000040), 0xc, &(0x7f0000000240)={&(0x7f0000000880)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
socketpair(0x1, 0x2, 0x0, &(0x7f0000000000))
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xe0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0xc9d7, 0x9, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r3, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r3, <r4=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r3, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20)
getegid()

1.747666108s ago: executing program 1:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
fstat(r0, &(0x7f0000000940)={0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0})
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x1000801, &(0x7f0000000b40)=ANY=[@ANYRES32=r1, @ANYRES16, @ANYRES32, @ANYRES32, @ANYRESHEX, @ANYRESOCT, @ANYRES8, @ANYRESDEC], 0x2, 0x1d4, &(0x7f0000000640)="$eJzsmb/L00AYx793yZv39UUEFwcXBwtWtGmSqnTpUMFREFpRx2JjqaattBHagkNxcXF0EFz9BxwcOjm4ubnqoILgYEc34SSXMznTH7S6BN7nA7187+65uydP6TfQgCCII8vXLz8/P7tabV4EcBwF7Kvx70Yaw7X4Ty8eXXheu/by9cdX7/onHs+z+zEAQmx/vgXgbd1AqPpC/L26oK5N8ETfBMd5pW+BwY7lLyHS1T4Y7qiY+5oeHFMi8O27g6B9rxv4TtS4UeNFTUU/3wSwmDG0ARyo/Jg2P5pMH7SCwB9mxZ74c87S1K5iU/1kfnWOmla/6Pu6/fTJLOqr2sDR6ueCw1W6AoaG0lXsw7bttCTa/Z820/2Nbe4/D+JkKRdpkMiXYNmR6AedjJxazN8vr/qWl+T/QUjjArA09eEwCK7/x86WMoGVMak/MRM4p/mTCTPxj3LYe1geTaalbq/V8Tt+3/MqV5xLjnPZK0sjitsN/ncg/elQ239vTazFLIxbYTh0x0A4dJO+F7ea4zbeDH7INVz6H0fxbLwHU8+s5EGZgakPl9dIFY21yRMEQRAEQRAEQRAEQRAEQezEGTDEb8IEU3+IrsK7IaN/BwAA///fvG96")
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0xc9d7, 0x9, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r2, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r2, <r3=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./file0\x00', 0x2, 0x0, 0x0, 0x0, 0x0)

1.73411167s ago: executing program 2:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000))
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8}, 0x48)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000180)={'syztnl2\x00', 0x0, 0x4, 0x5, 0x7f, 0x8b4c, 0x42, @mcast2, @private1, 0x40, 0x8, 0x0, 0xab}})
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, r0, 0x22, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r3, &(0x7f0000000080), &(0x7f0000001540)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r4}, 0x10)
r5 = dup(r2)
write$FUSE_BMAP(r5, &(0x7f0000000080)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r5, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
chdir(&(0x7f0000000040)='./file0\x00')
syz_mount_image$fuse(0x0, &(0x7f0000006340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)

1.699933606s ago: executing program 2:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r2}, 0x10)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_control_io$hid(r5, 0x0, 0x0)
syz_usb_control_io$hid(r5, &(0x7f0000000280)={0x24, 0x0, 0x0, &(0x7f0000000200)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0x0, "ff0008b0"}]}}, 0x0}, 0x0)
syz_usb_ep_write(r5, 0x81, 0x41, &(0x7f0000000400)="97ae72ff54b05f523dfbd89511878f1175598c42563d5f9e690600c3e6ed9ec9d9b999d3e0d569946266ea2b3ff3a128bec3d8ac4d41758617950caf32699636f8")
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

1.678884849s ago: executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000002400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000e00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x2, 0x5}, 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000580)={{r2}, &(0x7f0000000500), &(0x7f0000000540)='%+9llu \x00'}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000002000018110000", @ANYRES32=<r3=>r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='ext4_mballoc_alloc\x00', r4}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x26e1, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700)
write$cgroup_int(r5, &(0x7f0000000200), 0x43400)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='net_dev_xmit\x00', r6}, 0x10)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r7}, &(0x7f0000000040), &(0x7f0000000080)}, 0x20)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000000)='sched_switch\x00', r8}, 0x10)
futex(&(0x7f000000cffc)=0x100000000000004, 0x0, 0x4, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r9 = getpid()
ioctl$BINDER_GET_FROZEN_INFO(r5, 0xc00c620f, &(0x7f0000000300)={r9})
futex(&(0x7f000000cffc), 0x1, 0x0, 0x0, 0x0, 0x0)
mlockall(0x3)
io_setup(0x2, &(0x7f0000000180))
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000640)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd020f4c0c8c56147d66527da307bf731fef97861750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3665f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447c2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72e7ead0509d380578673f8b6e74ce23877a6b24db0000000000000003629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d7b90dfae158b94f50adab988dd8e12b1b56073d0d10f7067c881434af5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf77bfc95769a9294df517d90bdc01e73835efd98ad5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b31592479ecf2392548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbe1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5646ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4766e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec859c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f250057931d828ec78e116ae46c4897e2795b6ff92e9a1f63a6ed8fb4f8f3a6ec4e76f8621e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403f02734137ff47257f164391c673b6071b6ad0f05eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb79f5589829b6b0679b5d65a81826fc9b38f791c8f1892b51ad65a89bc84646ebf78f5d5d4804d9abb071fd711b5e7cc163b42a6510b8f5ee6747df0b560eabe0499bf1fef7c18bb9f55effa018679845c6598fb78bf1b8d9d9f04a5f6062c2bbb91952755b3f7c948268cb647d0a0bb1286480615941154a01d23734bcafe3b164474e2f2efa77850686ee4541f3e79efa63545a7ae53d5f0c40cc86473f7eb093980bd0d97bb4750128d9c519984c5f731ea259e71b2f12d67ce12e52c283e74594dfc933e625737ed231d61263721d46daf093f770357cd78fe1431aef52b4a0a933f1a5334ad03f3876fc8a8e187f80318427b4c922075cf829e3cc49d71d52137b48e1fb6b05dd1c7b251a7059f0a4b4f3431f67fc65b75c202e43816e34ff41db85bacd77b25242830b788ae1e00"/2566], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f00000001c0)=ANY=[@ANYRESDEC=r3], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1d, '\x00', 0x0, 0x2, r5, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xcdfa}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='sched_switch\x00', r10}, 0x10)

1.384551215s ago: executing program 1:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r2}, 0x10)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_control_io$hid(r5, 0x0, 0x0)
syz_usb_control_io$hid(r5, &(0x7f0000000280)={0x24, 0x0, 0x0, &(0x7f0000000200)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0x0, "ff0008b0"}]}}, 0x0}, 0x0)
syz_usb_ep_write(r5, 0x81, 0x41, &(0x7f0000000400)="97ae72ff54b05f523dfbd89511878f1175598c42563d5f9e690600c3e6ed9ec9d9b999d3e0d569946266ea2b3ff3a128bec3d8ac4d41758617950caf32699636f8")
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

891.231491ms ago: executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000000000000000000000000000000000b8b2b1dfbaf9da81f220b5e82490885b6d556a41877ec604858db703bdeb521dff9202394c4c23c1a9ebb20f145a77346505c0492e1749f71e90aeda1545e8b36a7b1108912c9b17ad96d178f8d9e056d3c76b5bb1c087741706e667fc23ad4b939d456c89129ce417898458eb5b8e776280759d3ba67768c3327f21410272f3ffaf0e7e875965e78b07efc1bea4067aa753237eda29c563dbce", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xb, 0x4, 0xf1, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000023"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async, rerun: 64)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (rerun: 64)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='jbd2_checkpoint_stats\x00', r1}, 0x10) (async)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0) (async)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0xc8800, 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r2, 0x800c6613, &(0x7f0000000000)=@v2={0x2, @aes256, 0xf, '\x00', @c})
open(0x0, 0x0, 0x0) (async)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000540)='./file1\x00', 0x141043, 0x0)
pwritev2(r3, &(0x7f0000000480)=[{0x0}], 0x1, 0x0, 0x0, 0x0) (async)
pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r4, &(0x7f00000002c0)=ANY=[], 0x15)
dup(r4) (async, rerun: 32)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/devices/pci0000:00', 0x1a1081, 0x0) (async, rerun: 32)
socket$inet6_udplite(0xa, 0x2, 0x88)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r6=>0x0})
r7 = socket(0x10, 0x80002, 0x0) (async)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r9}, 0x10) (async)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000880)=@bridge_setlink={0x270, 0x13, 0xa29, 0x0, 0x0, {0x7, 0x0, 0x0, r6}, [@IFLA_AF_SPEC={0x8, 0x1a, 0x0, 0x1, [@AF_INET={0x10, 0x3, 0x0, 0x1, {0xc, 0x5, 0x0, 0x1, [{0x8}]}}]}, @IFLA_VF_PORTS={0x10, 0x3, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, [@IFLA_PORT_REQUEST={0x5, 0xc}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "714abbd2547de97cbbf6efb226f19bf9"}, @IFLA_PORT_PROFILE={0xd, 0x2, ':(\x8e^[[Z@\x00'}]}, {0x60, 0x7, 0x0, 0x1, [@IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "293a02149f3b75a67093c28fd6f55a23"}, @IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "e48f01e49713f0c2d839f940d9f088d8"}, @IFLA_PORT_REQUEST={0x5}, @IFLA_PORT_PROFILE={0x13, 0x2, 'bridge_ilave_0\x00'}, @IFLA_PORT_PROFILE={0x7, 0x2, '):\x00'}, @IFLA_PORT_REQUEST={0x5}, @IFLA_PORT_VF={0x8}]}, {0x18, 0x1, 0x0, 0x1, [@IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "4d2906d0880fc8acc30fe2020f984967"}]}, {0x50, 0x1, 0x0, 0x1, [@IFLA_PORT_HOST_UUID={0x14, 0x5, "a1085e7df341b9dc3d8008a2fe5bdaad"}, @IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "9c7e472c916020fe41bcc5aa8f56c947"}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "80ab8be51421cfa3c9e5cbfe8217e0af"}, @IFLA_PORT_VF={0x8}, @IFLA_PORT_VF={0x8}]}, {0x60, 0x1, 0x0, 0x1, [@IFLA_PORT_REQUEST={0x5}, @IFLA_PORT_REQUEST={0x5}, @IFLA_PORT_VF={0x8}, @IFLA_PORT_REQUEST={0x5}, @IFLA_PORT_PROFILE={0xc, 0x2, 'syztnl0\x00'}, @IFLA_PORT_VF={0x8}, @IFLA_PORT_PROFILE={0x13, 0x2, 'bridge_slave_0\x00'}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "e078d277f38ed3a40a448f3f6b6763e8"}]}, {0xe0, 0xc, 0x0, 0x1, [@IFLA_PORT_VF={0x8, 0x25}, @IFLA_PORT_REQUEST={0x5}, @IFLA_PORT_INSTANCE_UUID={0x14, 0x19, "03dd96197aca85b64424a37dbda7b694"}, @IFLA_PORT_INSTANCE_UUID={0x14, 0x7, "eb052fcd3dd4d3e8bbcbf1de857c0e1c"}]}, {0xa4, 0x18, 0x0, 0x1, [@IFLA_PORT_VF={0x4}, @IFLA_PORT_VF={0x8}, @IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "b2112a97bf9704ee57915340334b8271"}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "e8635392a70f36f95f4b9b352920ebec"}]}]}, @IFLA_GSO_MAX_SEGS={0x8}, @IFLA_AF_SPEC={0x60, 0x1a, 0x0, 0x1, [@AF_INET6={0x20, 0xa, 0x0, 0x1, [@IFLA_INET6_ADDR_GEN_MODE={0x5}, @IFLA_INET6_TOKEN={0x14, 0x7, @local}]}, @AF_INET6={0x34, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x0, 0x7, @local}, @IFLA_INET6_TOKEN={0x14, 0x7, @ipv4={'\x00', '\xff\xff', @broadcast}}, @IFLA_INET6_TOKEN={0x14, 0x7, @mcast1}]}, @AF_BRIDGE={0x4}, @AF_INET6={0x0, 0xa, 0x0, 0x1, [@IFLA_INET6_ADDR_GEN_MODE, @IFLA_INET6_TOKEN={0x0, 0x7, @remote}, @IFLA_INET6_TOKEN={0x0, 0x7, @loopback}, @IFLA_INET6_ADDR_GEN_MODE, @IFLA_INET6_ADDR_GEN_MODE, @IFLA_INET6_TOKEN={0x0, 0x7, @private2}, @IFLA_INET6_TOKEN={0x0, 0x7, @private1}]}]}]}, 0x270}}, 0x0)
sendmsg$IPSET_CMD_SAVE(r3, &(0x7f00000030c0)={&(0x7f0000003000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000003080)={&(0x7f0000003040)=ANY=[@ANYBLOB="30000020080601030000000000000000000000050900020073797a300000000005000100070000000500010007000000"], 0x30}, 0x1, 0x0, 0x0, 0x4080}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='proc\x00', 0x0, 0x0) (async, rerun: 32)
openat(0xffffffffffffff9c, &(0x7f0000000340)='./bus/file0\x00', 0x2042, 0x0) (rerun: 32)

394.128939ms ago: executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000000000000000000000000000000000b8b2b1dfbaf9da81f220b5e82490885b6d556a41877ec604858db703bdeb521dff9202394c4c23c1a9ebb20f145a77346505c0492e1749f71e90aeda1545e8b36a7b1108912c9b17ad96d178f8d9e056d3c76b5bb1c087741706e667fc23ad4b939d456c89129ce417898458eb5b8e776280759d3ba67768c3327f21410272f3ffaf0e7e875965e78b07efc1bea4067aa753237eda29c563dbce", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xb, 0x4, 0xf1, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000023"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async, rerun: 64)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (rerun: 64)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='jbd2_checkpoint_stats\x00', r1}, 0x10) (async)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0) (async)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0xc8800, 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r2, 0x800c6613, &(0x7f0000000000)=@v2={0x2, @aes256, 0xf, '\x00', @c})
open(0x0, 0x0, 0x0) (async)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000540)='./file1\x00', 0x141043, 0x0)
pwritev2(r3, &(0x7f0000000480)=[{0x0}], 0x1, 0x0, 0x0, 0x0) (async)
pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r4, &(0x7f00000002c0)=ANY=[], 0x15)
dup(r4) (async, rerun: 32)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/devices/pci0000:00', 0x1a1081, 0x0) (async, rerun: 32)
socket$inet6_udplite(0xa, 0x2, 0x88)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r6=>0x0})
r7 = socket(0x10, 0x80002, 0x0) (async)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r9}, 0x10) (async)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000880)=@bridge_setlink={0x270, 0x13, 0xa29, 0x0, 0x0, {0x7, 0x0, 0x0, r6}, [@IFLA_AF_SPEC={0x8, 0x1a, 0x0, 0x1, [@AF_INET={0x10, 0x3, 0x0, 0x1, {0xc, 0x5, 0x0, 0x1, [{0x8}]}}]}, @IFLA_VF_PORTS={0x10, 0x3, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, [@IFLA_PORT_REQUEST={0x5, 0xc}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "714abbd2547de97cbbf6efb226f19bf9"}, @IFLA_PORT_PROFILE={0xd, 0x2, ':(\x8e^[[Z@\x00'}]}, {0x60, 0x7, 0x0, 0x1, [@IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "293a02149f3b75a67093c28fd6f55a23"}, @IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "e48f01e49713f0c2d839f940d9f088d8"}, @IFLA_PORT_REQUEST={0x5}, @IFLA_PORT_PROFILE={0x13, 0x2, 'bridge_ilave_0\x00'}, @IFLA_PORT_PROFILE={0x7, 0x2, '):\x00'}, @IFLA_PORT_REQUEST={0x5}, @IFLA_PORT_VF={0x8}]}, {0x18, 0x1, 0x0, 0x1, [@IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "4d2906d0880fc8acc30fe2020f984967"}]}, {0x50, 0x1, 0x0, 0x1, [@IFLA_PORT_HOST_UUID={0x14, 0x5, "a1085e7df341b9dc3d8008a2fe5bdaad"}, @IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "9c7e472c916020fe41bcc5aa8f56c947"}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "80ab8be51421cfa3c9e5cbfe8217e0af"}, @IFLA_PORT_VF={0x8}, @IFLA_PORT_VF={0x8}]}, {0x60, 0x1, 0x0, 0x1, [@IFLA_PORT_REQUEST={0x5}, @IFLA_PORT_REQUEST={0x5}, @IFLA_PORT_VF={0x8}, @IFLA_PORT_REQUEST={0x5}, @IFLA_PORT_PROFILE={0xc, 0x2, 'syztnl0\x00'}, @IFLA_PORT_VF={0x8}, @IFLA_PORT_PROFILE={0x13, 0x2, 'bridge_slave_0\x00'}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "e078d277f38ed3a40a448f3f6b6763e8"}]}, {0xe0, 0xc, 0x0, 0x1, [@IFLA_PORT_VF={0x8, 0x25}, @IFLA_PORT_REQUEST={0x5}, @IFLA_PORT_INSTANCE_UUID={0x14, 0x19, "03dd96197aca85b64424a37dbda7b694"}, @IFLA_PORT_INSTANCE_UUID={0x14, 0x7, "eb052fcd3dd4d3e8bbcbf1de857c0e1c"}]}, {0xa4, 0x18, 0x0, 0x1, [@IFLA_PORT_VF={0x4}, @IFLA_PORT_VF={0x8}, @IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "b2112a97bf9704ee57915340334b8271"}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "e8635392a70f36f95f4b9b352920ebec"}]}]}, @IFLA_GSO_MAX_SEGS={0x8}, @IFLA_AF_SPEC={0x60, 0x1a, 0x0, 0x1, [@AF_INET6={0x20, 0xa, 0x0, 0x1, [@IFLA_INET6_ADDR_GEN_MODE={0x5}, @IFLA_INET6_TOKEN={0x14, 0x7, @local}]}, @AF_INET6={0x34, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x0, 0x7, @local}, @IFLA_INET6_TOKEN={0x14, 0x7, @ipv4={'\x00', '\xff\xff', @broadcast}}, @IFLA_INET6_TOKEN={0x14, 0x7, @mcast1}]}, @AF_BRIDGE={0x4}, @AF_INET6={0x0, 0xa, 0x0, 0x1, [@IFLA_INET6_ADDR_GEN_MODE, @IFLA_INET6_TOKEN={0x0, 0x7, @remote}, @IFLA_INET6_TOKEN={0x0, 0x7, @loopback}, @IFLA_INET6_ADDR_GEN_MODE, @IFLA_INET6_ADDR_GEN_MODE, @IFLA_INET6_TOKEN={0x0, 0x7, @private2}, @IFLA_INET6_TOKEN={0x0, 0x7, @private1}]}]}]}, 0x270}}, 0x0)
sendmsg$IPSET_CMD_SAVE(r3, &(0x7f00000030c0)={&(0x7f0000003000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000003080)={&(0x7f0000003040)=ANY=[@ANYBLOB="30000020080601030000000000000000000000050900020073797a300000000005000100070000000500010007000000"], 0x30}, 0x1, 0x0, 0x0, 0x4080}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='proc\x00', 0x0, 0x0) (async, rerun: 32)
openat(0xffffffffffffff9c, &(0x7f0000000340)='./bus/file0\x00', 0x2042, 0x0) (rerun: 32)

362.372414ms ago: executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000ff0f0000000000ff000000850000000e000000850000005000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r0}, 0x10)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000100))
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=@newsa={0x10c, 0x10, 0x76906a42e39c600b, 0x0, 0x20000000, {{@in6=@private2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3a}, {@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x3c}, @in=@empty, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f7}, {}, {}, 0x0, 0x0, 0x2}, [@encap={0x1c, 0x4, {0x0, 0x0, 0x0, @in=@remote}}]}, 0x10c}}, 0x0)
r3 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000001c0)={'bridge0\x00'})
setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000000), 0x4)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
lsetxattr$trusted_overlay_origin(&(0x7f00000009c0)='./file0/file0/file0/file0/file0/file0\x00', 0x0, 0x0, 0x0, 0x0)
lsetxattr$security_selinux(&(0x7f0000000380)='./file0\x00', &(0x7f0000000b00), 0x0, 0x0, 0x0)
umount2(&(0x7f0000000040)='./file0\x00', 0x2)
write$FUSE_GETXATTR(r4, &(0x7f0000000000)={0x18}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRESOCT=0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xff35, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xf, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000ef00000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095000000000000008f2e6a9acb21cc38d58adf9a3ccaff750851adb6340e45c57c5b628c78ac09ad31c76165011f6752349c8a1732d9aa7ce7aa553a7edb58d95335eee8e1036913724db01821966474e32743d3b9b033eb7925275fb902bec4ffe51c9304184ac36a85eaf2d14776"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r7}, 0x10)
futimesat(0xffffffffffffffff, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

341.320837ms ago: executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1}, 0x48)
bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000400)={r3, &(0x7f0000000380), 0x20000000}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYRESHEX=0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x90)
write$cgroup_subtree(r2, &(0x7f00000002c0)=ANY=[], 0x7)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x43400)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x59, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='jbd2_handle_extend\x00', r4}, 0x10)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2000000000000000)
mmap(&(0x7f000001b000/0x3000)=nil, 0x3000, 0x7, 0x13, r5, 0xfffff000)
r6 = syz_usb_connect(0x0, 0x10b, &(0x7f0000000000)=ANY=[@ANYBLOB="05010900b24b6a10e6040300770100000001090224000b010000000904000302ccd4280009050b02000000040009058a02"], 0x0)
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x17, 0xcdcb, 0x4, 0xff, 0xd00, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0xfffffffe}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000a80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xf77}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r8}, 0x0, &(0x7f00000002c0)}, 0x20)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000780)=ANY=[@ANYRESHEX=r4, @ANYBLOB="1f1320be12703b57c4dcc7fa8f57a0e632e05549465adce3d03fbc31706f8cb564704737664671106a94e10c48b7e63686854e1768efd09f909dbba83aed56d3e626177c2e95cfb904cba8fc818a96d4ead2b7036fb162eeb589d3dbc0c6858ccc2cc317777927c9934c6782054e68b8058e7e04d2", @ANYRESOCT=0x0, @ANYBLOB="facc5991ae832abbd51a43fa86e47af780acb5ee379ddb911737c89b434a3ba75d3ae3d6fab183cbbac2d3fe6a2d7fefad5e1a2bf7fcb5b083cd07fc95cf5e3d6ef730c3c448e17f6ce0bdd92dc01129151ed1fea75778b8d9fd7d2755af8836d1314fddc2bc5c7ece8e97e63e902434857882fdc95abd3f58295833f01ee02adf1e9053de0fae417d2032b373fff80d68cabd1047a6fd0d"], &(0x7f0000000240)='GPL\x00', 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r9}, 0x10)
r10 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_msfilter(r10, 0x0, 0x29, 0x0, 0x5000)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000300000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b7030000310000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000000140)='kfree\x00', r11}, 0x10)
bpf$BPF_GET_MAP_INFO(0x4, 0x0, 0x0)
syz_usb_control_io(r6, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@bloom_filter={0x1e, 0xfffffffd, 0x5, 0x5, 0x100, r2, 0x86, '\x00', 0x0, r7, 0x4, 0x5, 0x3, 0x20000000f}, 0x48)
r12 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r12}, 0x10)
pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

324.07452ms ago: executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r1, 0x5421, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"})

297.600204ms ago: executing program 3:
socket$key(0xf, 0x3, 0x2)
mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000c1a000/0x1000)=nil, 0x1000, 0x3000, 0x7, &(0x7f0000404000/0x3000)=nil)
munlock(&(0x7f0000fff000/0x1000)=nil, 0x1000)
mlock2(&(0x7f00006bf000/0x1000)=nil, 0x1000, 0x1)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x14d27e, 0x19)
munlock(&(0x7f0000fe4000/0x4000)=nil, 0x4000)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0, 0x4002011, r0, 0x0)

283.856626ms ago: executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300002311f3358500000004000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000005c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_on}]})
r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
mknodat$loop(r1, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0)
syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000100)='./bus\x00', 0x100000, &(0x7f0000000200)=ANY=[], 0x1, 0x0, 0x0)
linkat(r2, &(0x7f0000001180)='./file1\x00', r2, &(0x7f00000002c0)='./file0\x00', 0x0)
open(&(0x7f00009e1000)='./file0\x00', 0x2, 0x0)

255.118801ms ago: executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x16, 0x0, 0x4, 0xffff, 0x0, 0x1}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001280)=[r2, r2]}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x4, 0x4, 0x3, 0x0, r2}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000024c0), &(0x7f0000001280), 0x2, r3}, 0x27)

126.634191ms ago: executing program 3:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=@base={0x1e, 0x0, 0x4, 0x1fe, 0x0, 0x1}, 0x48)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000070018110000", @ANYRES32=r1], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='ext4_request_blocks\x00'}, 0x10)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
chdir(&(0x7f0000000000)='./file0\x00')
creat(&(0x7f0000000040)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r3 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r3, 0x0)
readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/asound/timers\x00', 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYRESOCT=r0, @ANYBLOB="a238542ca6592894075d261a7bae29566fde16bc6734a64f904146d5dd7c6e227df98b2be1e9571b8383f624427f935c46d08b2db5b0b32349e373c7ad765742cf0d150a88b3cd1556c75ac6b0e7b14bc6058ac09d75c0fdc953203d026c7e1b7244dc2b7cb54a43f0ba53c467a90f2018005dd5394288dfe83d9888b41ff58f1d831d36e4481587fd49dc5acc32f187603d73e68ca2d57a3c64e46d8a44e113b9cc86256d47b851ce5b372625f3a8b839324d1bfa0bf15774da3875f1b0351079b3d8f92f8fb9204a18c75448442ef08ad168c2f3cee8fab2f41ffd2aa4b28eb83d84c54cd7a19611dc71965af67c89", @ANYRES16=r1, @ANYRES32=r2, @ANYRES8=r2], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='ext4_request_blocks\x00', r4}, 0x10)
openat$incfs(r1, &(0x7f0000000080)='.log\x00', 0x30100, 0x10a)
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$VT_OPENQRY(r5, 0x5600, &(0x7f0000000040))

0s ago: executing program 3:
r0 = syz_open_procfs(0xffffffffffffffff, 0x0)
ioctl$INCFS_IOC_FILL_BLOCKS(r0, 0x80106720, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x0, 0x15, &(0x7f0000000000)="c4ffa96da5f5efcd70dd216e7899eede58203ce326", 0x1}]})
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000000440))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
mlockall(0x1)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r3 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f00000000c0)='cgroup.threads\x00', 0x2, 0x0)
fcntl$lock(r3, 0x25, &(0x7f0000000100)={0x1, 0x1, 0xf4f, 0xffffffffffffffff, r1})
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7f7)

kernel console output (not intermixed with test programs):

USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00
[  249.441361][ T6612] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  249.474910][ T6612] usb 4-1: config 0 descriptor??
[  249.730138][ T7101] syz-executor.3 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  249.826299][  T327] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  249.898036][  T350] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  250.028078][ T6612] usb 4-1: string descriptor 0 read error: -71
[  250.034768][ T6612] usb 4-1: USB disconnect, device number 31
[  250.108059][    T6] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  250.138276][  T350] usb 5-1: Using ep0 maxpacket: 16
[  250.166255][ T7158] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65 sclass=netlink_route_socket pid=7158 comm=syz-executor.0
[  250.198156][  T327] usb 2-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  250.208310][  T327] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  250.258075][  T350] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  250.270481][  T350] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  250.279737][ T7165] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65 sclass=netlink_route_socket pid=7165 comm=syz-executor.0
[  250.280172][  T350] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  250.305334][  T327] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  250.314443][  T327] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  250.322272][  T327] usb 2-1: SerialNumber: syz
[  250.326975][  T350] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  250.336130][  T350] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  250.344462][  T350] usb 5-1: config 0 descriptor??
[  250.478058][    T6] usb 3-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  250.488011][    T6] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  250.668571][   T10] Bluetooth: hci0: Frame reassembly failed (-84)
[  250.769455][   T10] Bluetooth: hci0: Frame reassembly failed (-84)
[  250.908465][    T6] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  250.917519][    T6] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  250.925493][    T6] usb 3-1: SerialNumber: syz
[  250.948106][  T350] usbhid 5-1:0.0: can't add hid device: -71
[  250.954280][  T350] usbhid: probe of 5-1:0.0 failed with error -71
[  250.973255][  T350] usb 5-1: USB disconnect, device number 46
[  252.046994][ T7186] loop0: detected capacity change from 0 to 512
[  252.069489][   T10] Bluetooth: hci1: Frame reassembly failed (-84)
[  252.070368][ T7188] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65 sclass=netlink_route_socket pid=7188 comm=syz-executor.3
[  252.091534][ T7186] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor.0: bg 0: block 97: padding at end of block bitmap is not set
[  252.106953][ T7186] Quota error (device loop0): write_blk: dquota write failed
[  252.114285][ T7186] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  252.124550][ T7186] EXT4-fs error (device loop0): ext4_xattr_delete_inode:2926: inode #15: comm syz-executor.0: corrupted xattr block 19
[  252.137097][ T7186] EXT4-fs warning (device loop0): ext4_evict_inode:299: xattr delete (err -117)
[  252.146070][ T7186] EXT4-fs (loop0): 1 orphan inode deleted
[  252.151682][ T7186] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  252.160777][ T7186] ext4 filesystem being mounted at /root/syzkaller-testdir1700510296/syzkaller.IDNqzB/90/file0 supports timestamps until 2038 (0x7fffffff)
[  252.178031][    T8] Quota error (device loop0): do_check_range: Getting block 0 out of range 1-5
[  252.187169][    T8] Quota error (device loop0): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  252.204488][ T7196] loop4: detected capacity change from 0 to 512
[  252.207168][ T7186] syz-executor.0 (7186) used greatest stack depth: 19368 bytes left
[  252.219977][ T6095] EXT4-fs (loop0): unmounting filesystem.
[  252.227790][ T7198] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65 sclass=netlink_route_socket pid=7198 comm=syz-executor.3
[  252.244458][ T7196] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  252.253457][ T7196] ext4 filesystem being mounted at /root/syzkaller-testdir2255541184/syzkaller.GzZslN/257/file0 supports timestamps until 2038 (0x7fffffff)
[  252.274807][ T7196] EXT4-fs error (device loop4): ext4_do_update_inode:5212: inode #2: comm syz-executor.4: corrupted inode contents
[  252.287193][ T7196] EXT4-fs error (device loop4): ext4_dirty_inode:6074: inode #2: comm syz-executor.4: mark_inode_dirty error
[  252.299487][ T7196] EXT4-fs error (device loop4): ext4_do_update_inode:5212: inode #2: comm syz-executor.4: corrupted inode contents
[  252.319802][ T7196] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #2: comm syz-executor.4: mark_inode_dirty error
[  252.339480][ T3882] EXT4-fs (loop4): unmounting filesystem.
[  252.363302][ T7211] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'.
[  252.374097][ T7211] device vlan2 entered promiscuous mode
[  252.379537][ T7211] device bridge0 entered promiscuous mode
[  252.387273][ T7211] device bridge0 left promiscuous mode
[  252.728043][   T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  252.728080][ T1112] Bluetooth: hci0: command 0x1003 tx timeout
[  252.931690][  T327] usb 2-1: 0:2 : does not exist
[  252.938054][  T327] usb 2-1: unit 5 not found!
[  252.945949][  T327] usb 2-1: USB disconnect, device number 36
[  253.494256][ T7238] loop4: detected capacity change from 0 to 16
[  253.506293][ T7238] erofs: (device loop4): mounted with root inode @ nid 36.
[  253.519127][ T7238] erofs: (device loop4): erofs_read_inode: unsupported i_format 36 of nid 37
[  254.566680][ T1111] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  254.572722][   T45] Bluetooth: hci1: command 0x1003 tx timeout
[  254.632041][  T327] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[  254.648719][    T6] usb 3-1: 0:2 : does not exist
[  254.653425][    T6] usb 3-1: unit 5 not found!
[  254.665495][    T6] usb 3-1: USB disconnect, device number 31
[  254.693487][ T7276] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[  254.704649][ T7276] device vlan2 entered promiscuous mode
[  254.710623][ T7276] device bridge0 entered promiscuous mode
[  254.717012][ T7276] device bridge0 left promiscuous mode
[  254.845943][   T28] audit: type=1400 audit(1717340150.426:3226): avc:  denied  { mount } for  pid=7289 comm="syz-executor.3" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[  254.887195][   T28] audit: type=1400 audit(1717340150.466:3227): avc:  denied  { unmount } for  pid=6184 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[  254.908094][ T3626] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[  254.998045][  T327] usb 1-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  255.008526][  T327] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  255.268054][  T302] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  255.413459][  T327] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  255.422461][  T327] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  255.430374][  T327] usb 1-1: SerialNumber: syz
[  255.578054][ T3626] usb 5-1: config 0 has an invalid descriptor of length 208, skipping remainder of the config
[  255.588340][ T3626] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 5
[  255.601483][ T3626] usb 5-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00
[  255.621689][ T3626] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  255.630332][ T3626] usb 5-1: config 0 descriptor??
[  255.669999][   T10] Bluetooth: hci0: Frame reassembly failed (-84)
[  255.688104][  T302] usb 3-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  255.698611][  T302] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  255.901208][  T302] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  255.912505][  T302] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  255.921592][  T302] usb 3-1: SerialNumber: syz
[  256.028669][  T327] usb 1-1: 0:2 : does not exist
[  256.033472][  T327] usb 1-1: unit 5 not found!
[  256.039762][  T327] usb 1-1: USB disconnect, device number 40
[  256.075670][ T7316] netlink: 'syz-executor.3': attribute type 13 has an invalid length.
[  256.085184][ T7316] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue
[  256.092798][ T7316] device gretap1 entered promiscuous mode
[  256.126174][ T7320] loop3: detected capacity change from 0 to 512
[  256.139943][ T7320] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  256.148707][ T7320] ext4 filesystem being mounted at /root/syzkaller-testdir1758057461/syzkaller.rs5v16/92/file0 supports timestamps until 2038 (0x7fffffff)
[  256.165612][ T7320] EXT4-fs error (device loop3): ext4_do_update_inode:5212: inode #2: comm syz-executor.3: corrupted inode contents
[  256.177828][ T7320] EXT4-fs error (device loop3): ext4_dirty_inode:6074: inode #2: comm syz-executor.3: mark_inode_dirty error
[  256.189567][ T7320] EXT4-fs error (device loop3): ext4_do_update_inode:5212: inode #2: comm syz-executor.3: corrupted inode contents
[  256.201712][ T7320] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #2: comm syz-executor.3: mark_inode_dirty error
[  256.211440][   T10] Bluetooth: hci1: Frame reassembly failed (-84)
[  256.222434][ T6184] EXT4-fs (loop3): unmounting filesystem.
[  256.268067][ T3626] usb 5-1: string descriptor 0 read error: -71
[  256.275365][ T3626] usb 5-1: USB disconnect, device number 47
[  256.360273][ T7331] xt_SECMARK: invalid security context 'system_u:object_r:devicekit_exec_t:s0'
[  257.679587][ T1112] Bluetooth: hci0: command 0x1003 tx timeout
[  257.685486][ T1111] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  257.768012][  T505] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  257.811145][ T7373] netlink: 'syz-executor.0': attribute type 13 has an invalid length.
[  257.821691][ T7373] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue
[  257.829587][ T7373] device gretap1 entered promiscuous mode
[  257.899654][ T7382] tmpfs: Unknown parameter 'permit_directio'
[  258.034298][  T505] usb 4-1: Using ep0 maxpacket: 16
[  258.096402][ T7394] 9pnet_fd: Insufficient options for proto=fd
[  258.168061][  T505] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  258.185454][  T505] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  258.195097][  T505] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  258.208873][  T505] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  258.219876][  T505] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  258.237688][  T505] usb 4-1: config 0 descriptor??
[  258.242542][ T1111] Bluetooth: hci1: command 0x1003 tx timeout
[  258.246227][ T7408] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  258.248391][   T45] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  258.256582][ T7408] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  258.329010][  T302] usb 3-1: 0:2 : does not exist
[  258.333722][  T302] usb 3-1: unit 5 not found!
[  258.344045][  T302] usb 3-1: USB disconnect, device number 32
[  258.388049][    T6] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[  258.777996][  T327] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[  258.818094][  T505] usbhid 4-1:0.0: can't add hid device: -71
[  258.824139][  T505] usbhid: probe of 4-1:0.0 failed with error -71
[  258.830954][  T505] usb 4-1: USB disconnect, device number 32
[  258.884025][ T7419] tmpfs: Unknown parameter 'permit_directio'
[  259.018013][  T327] usb 5-1: Using ep0 maxpacket: 8
[  259.028080][    T6] usb 1-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  259.038138][    T6] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  259.063081][ T7424] 9pnet_fd: Insufficient options for proto=fd
[  259.164144][    T6] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  259.173082][  T327] usb 5-1: config 135 has an invalid interface number: 230 but max is 0
[  259.181728][  T327] usb 5-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config
[  259.191829][    T6] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  259.199729][    T6] usb 1-1: SerialNumber: syz
[  259.204186][  T327] usb 5-1: config 135 has no interface number 0
[  259.210952][  T327] usb 5-1: config 135 interface 230 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  259.378131][  T327] usb 5-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a
[  259.390369][  T327] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  259.407075][  T327] usb 5-1: Product: syz
[  259.415598][  T327] usb 5-1: Manufacturer: syz
[  259.425553][  T327] usb 5-1: SerialNumber: syz
[  259.450364][    T8] Bluetooth: hci0: Frame reassembly failed (-84)
[  259.468625][  T327] usb 5-1: Found UVC 0.00 device syz (18ec:3288)
[  259.474846][  T327] usb 5-1: No valid video chain found.
[  259.488725][    T6] usb 1-1: 0:2 : does not exist
[  259.493606][    T6] usb 1-1: unit 5 not found!
[  259.499462][    T6] usb 1-1: USB disconnect, device number 41
[  259.518037][ T3626] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  259.650185][   T28] audit: type=1400 audit(1717340155.236:3228): avc:  denied  { execute } for  pid=7460 comm="syz-executor.3" path="/root/syzkaller-testdir1758057461/syzkaller.rs5v16/103/file0/bus" dev="tmpfs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  259.679814][  T505] usb 5-1: USB disconnect, device number 48
[  259.757968][ T3626] usb 2-1: Using ep0 maxpacket: 32
[  259.878118][ T3626] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  259.889106][ T3626] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  260.018079][ T3626] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  260.027018][ T3626] usb 2-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  260.035162][ T3626] usb 2-1: Product: syz
[  260.039170][ T3626] usb 2-1: Manufacturer: syz
[  260.078584][ T3626] hub 2-1:4.0: USB hub found
[  260.338151][ T3626] hub 2-1:4.0: 2 ports detected
[  260.488017][  T327] usb 5-1: new high-speed USB device number 49 using dummy_hcd
[  260.748100][    T6] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  260.848012][  T327] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  260.858880][  T327] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  260.868792][  T327] usb 5-1: New USB device found, idVendor=04b4, idProduct=0001, bcdDevice= 0.00
[  260.878535][  T327] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  260.886884][  T327] usb 5-1: config 0 descriptor??
[  261.032656][ T7495] loop3: detected capacity change from 0 to 256
[  261.039614][ T7495] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  261.128156][    T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  261.139010][    T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  261.148701][    T6] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  261.157603][    T6] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  261.165975][    T6] usb 3-1: config 0 descriptor??
[  261.278029][ T3626] hub 2-1:4.0: hub_hub_status failed (err = -71)
[  261.284195][ T3626] hub 2-1:4.0: config failed, can't get hub status (err -71)
[  261.338251][ T3626] usb 2-1: USB disconnect, device number 37
[  261.388690][  T327] cypress 0003:04B4:0001.003D: item fetching failed at offset 4/5
[  261.396461][  T327] cypress 0003:04B4:0001.003D: parse failed
[  261.402313][  T327] cypress: probe of 0003:04B4:0001.003D failed with error -22
[  261.508073][    T6] usbhid 3-1:0.0: can't add hid device: -71
[  261.513857][    T6] usbhid: probe of 3-1:0.0 failed with error -71
[  261.520777][    T6] usb 3-1: USB disconnect, device number 33
[  261.527995][ T1111] Bluetooth: hci0: command 0x1003 tx timeout
[  261.533847][   T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  261.619433][  T302] usb 5-1: USB disconnect, device number 49
[  262.179867][ T7519] EXT4-fs (sda1): re-mounted. Quota mode: none.
[  262.262420][ T7534] A link change request failed with some changes committed already. Interface veth0_to_bond may have been left with an inconsistent configuration, please check.
[  262.311898][ T7539] loop1: detected capacity change from 0 to 512
[  262.323469][ T7539] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  262.333329][ T7539] EXT4-fs (loop1): 1 truncate cleaned up
[  262.339162][ T7539] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  262.355867][ T3356] EXT4-fs (loop1): unmounting filesystem.
[  262.363558][   T28] audit: type=1326 audit(1717340157.946:3229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7533 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3c8e7cee9 code=0x7ffc0000
[  262.376031][ T7504] loop0: detected capacity change from 0 to 131072
[  262.387502][   T28] audit: type=1326 audit(1717340157.946:3230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7533 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3c8e7cee9 code=0x7ffc0000
[  262.424258][   T28] audit: type=1326 audit(1717340157.946:3231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7533 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb3c8e7cee9 code=0x7ffc0000
[  262.448159][ T7504] F2FS-fs (loop0): QUOTA feature is enabled, so ignore jquota_fmt
[  262.456469][   T28] audit: type=1326 audit(1717340157.946:3232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7533 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3c8e7cee9 code=0x7ffc0000
[  262.480949][   T28] audit: type=1326 audit(1717340157.946:3233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7533 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3c8e7cee9 code=0x7ffc0000
[  262.506741][ T7504] F2FS-fs (loop0): invalid crc value
[  262.512213][   T28] audit: type=1326 audit(1717340157.946:3234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7533 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb3c8e7cee9 code=0x7ffc0000
[  262.536345][   T28] audit: type=1326 audit(1717340157.996:3235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7533 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3c8e7cee9 code=0x7ffc0000
[  262.560271][    T6] usb 5-1: new high-speed USB device number 50 using dummy_hcd
[  262.568212][   T28] audit: type=1326 audit(1717340157.996:3236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7533 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fb3c8e7a667 code=0x7ffc0000
[  262.592064][   T28] audit: type=1326 audit(1717340157.996:3237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7533 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb3c8e40329 code=0x7ffc0000
[  262.620725][ T7504] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387)
[  262.656518][ T7504] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b
[  263.259674][  T505] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  263.557976][  T505] usb 2-1: Using ep0 maxpacket: 16
[  263.658046][    T6] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  263.678049][    T6] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  263.738048][  T505] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  263.751040][  T505] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  263.778079][    T6] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  264.189531][  T505] usb 2-1: New USB device found, idVendor=17ef, idProduct=60a3, bcdDevice= 0.00
[  264.343944][    T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  264.375721][  T505] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  264.442319][  T505] usb 2-1: config 0 descriptor??
[  264.662899][    T6] usb 5-1: SerialNumber: syz
[  264.714710][ T7587] A link change request failed with some changes committed already. Interface veth0_to_bond may have been left with an inconsistent configuration, please check.
[  264.784386][   T28] kauditd_printk_skb: 61 callbacks suppressed
[  264.784405][   T28] audit: type=1326 audit(1717340160.366:3299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7586 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3c8e7cee9 code=0x7ffc0000
[  264.814234][   T28] audit: type=1326 audit(1717340160.366:3300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7586 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb3c8e7cee9 code=0x7ffc0000
[  264.838233][   T28] audit: type=1326 audit(1717340160.366:3301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7586 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3c8e7cee9 code=0x7ffc0000
[  264.862212][   T28] audit: type=1326 audit(1717340160.436:3302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7586 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb3c8e7cee9 code=0x7ffc0000
[  264.890810][   T28] audit: type=1326 audit(1717340160.466:3303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7586 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3c8e7cee9 code=0x7ffc0000
[  264.914805][   T28] audit: type=1326 audit(1717340160.476:3304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7586 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fb3c8e7a667 code=0x7ffc0000
[  264.915501][    T6] usb 5-1: 0:2 : does not exist
[  264.938813][   T28] audit: type=1326 audit(1717340160.476:3305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7586 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb3c8e40329 code=0x7ffc0000
[  264.967193][   T28] audit: type=1326 audit(1717340160.476:3306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7586 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fb3c8e7a667 code=0x7ffc0000
[  264.990856][   T28] audit: type=1326 audit(1717340160.476:3307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7586 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb3c8e40329 code=0x7ffc0000
[  265.014522][   T28] audit: type=1326 audit(1717340160.476:3308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7586 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fb3c8e7a667 code=0x7ffc0000
[  265.069298][  T505] lenovo 0003:17EF:60A3.003E: unbalanced collection at end of report description
[  265.082921][  T505] lenovo 0003:17EF:60A3.003E: hid_parse failed
[  265.095173][  T505] lenovo: probe of 0003:17EF:60A3.003E failed with error -22
[  265.272861][  T505] usb 2-1: USB disconnect, device number 38
[  265.648900][    T6] usb 5-1: USB disconnect, device number 50
[  266.818105][  T505] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  267.218839][  T302] usb 1-1: new high-speed USB device number 42 using dummy_hcd
[  267.378129][  T505] usb 4-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  267.390398][  T505] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  267.499464][  T505] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  267.513219][  T505] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  267.526087][  T505] usb 4-1: SerialNumber: syz
[  267.668080][  T302] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  267.678919][  T302] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  267.688647][  T302] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  267.697588][  T302] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  267.706056][  T302] usb 1-1: config 0 descriptor??
[  267.828793][  T505] usb 4-1: 0:2 : does not exist
[  267.833579][  T505] usb 4-1: unit 5 not found!
[  267.839313][  T505] usb 4-1: USB disconnect, device number 33
[  268.389417][  T302] hid (null): bogus close delimiter
[  268.521236][ T7657] fuse: Unknown parameter '0x0000000000000004'
[  269.244806][  T575] usb 5-1: new high-speed USB device number 51 using dummy_hcd
[  270.108213][  T302] usb 1-1: string descriptor 0 read error: -71
[  270.128020][  T302] uclogic 0003:256C:006D.003F: failed retrieving string descriptor #200: -71
[  270.142609][  T302] uclogic 0003:256C:006D.003F: failed retrieving pen parameters: -71
[  270.151235][  T302] uclogic 0003:256C:006D.003F: failed probing pen v2 parameters: -71
[  270.159583][  T302] uclogic 0003:256C:006D.003F: failed probing parameters: -71
[  270.166925][  T302] uclogic: probe of 0003:256C:006D.003F failed with error -71
[  270.175014][  T302] usb 1-1: USB disconnect, device number 42
[  270.278340][  T575] usb 5-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  270.290590][  T575] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  270.378096][  T575] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  270.387196][  T575] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  270.395027][  T575] usb 5-1: SerialNumber: syz
[  271.029004][  T575] usb 5-1: 0:2 : does not exist
[  271.033832][  T575] usb 5-1: unit 5 not found!
[  271.047721][  T575] usb 5-1: USB disconnect, device number 51
[  271.138017][  T302] usb 1-1: new high-speed USB device number 43 using dummy_hcd
[  271.548081][  T302] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  271.558938][  T302] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  271.568453][  T302] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  271.577388][  T302] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  271.588608][  T302] usb 1-1: config 0 descriptor??
[  271.602723][ T7710] loop4: detected capacity change from 0 to 512
[  271.609784][ T7710] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  271.619901][ T7710] EXT4-fs (loop4): 1 truncate cleaned up
[  271.625444][ T7710] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  271.641275][ T3882] EXT4-fs (loop4): unmounting filesystem.
[  272.018118][ T7739] loop3: detected capacity change from 0 to 512
[  272.025108][ T7739] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  272.034864][ T7739] EXT4-fs (loop3): 1 truncate cleaned up
[  272.041031][ T7739] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  272.059071][ T6184] EXT4-fs (loop3): unmounting filesystem.
[  272.225147][ T7754] 9pnet_fd: Insufficient options for proto=fd
[  272.270436][   T28] kauditd_printk_skb: 3756 callbacks suppressed
[  272.270454][   T28] audit: type=1400 audit(1717340167.856:7065): avc:  denied  { getopt } for  pid=7756 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  273.287275][   T28] audit: type=1400 audit(1717340168.866:7066): avc:  denied  { execute_no_trans } for  pid=7772 comm="syz-executor.3" path=2F6D656D66643A202864656C6574656429 dev="tmpfs" ino=192 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  273.335254][ T7774] 9pnet_fd: Insufficient options for proto=fd
[  273.363843][ T7783] 9pnet_fd: Insufficient options for proto=fd
[  273.398028][  T302] uclogic 0003:256C:006D.0040: failed retrieving string descriptor #200: -71
[  273.406800][  T302] uclogic 0003:256C:006D.0040: failed retrieving pen parameters: -71
[  273.414946][  T302] uclogic 0003:256C:006D.0040: failed probing pen v2 parameters: -71
[  273.423418][  T302] uclogic 0003:256C:006D.0040: failed probing parameters: -71
[  273.440266][  T302] uclogic: probe of 0003:256C:006D.0040 failed with error -71
[  273.471907][  T302] usb 1-1: USB disconnect, device number 43
[  273.935915][ T7811] 9pnet_fd: Insufficient options for proto=fd
[  273.959451][ T7813] 9pnet_fd: Insufficient options for proto=fd
[  274.239893][ T7835] 9pnet_fd: Insufficient options for proto=fd
[  274.248006][  T327] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  274.330760][ T7843] bridge0: port 3(vlan2) entered blocking state
[  274.336852][ T7843] bridge0: port 3(vlan2) entered disabled state
[  274.398018][  T302] usb 1-1: new high-speed USB device number 44 using dummy_hcd
[  274.491181][  T327] usb 4-1: Using ep0 maxpacket: 16
[  274.668090][  T302] usb 1-1: Using ep0 maxpacket: 16
[  274.830952][  T302] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  274.841914][  T302] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  274.848075][  T327] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  274.851636][  T302] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  274.868002][  T327] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  274.874878][  T302] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  274.886628][  T327] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  274.902282][  T302] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  274.912110][  T327] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  274.920147][  T302] usb 1-1: config 0 descriptor??
[  274.925090][  T327] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  274.935660][  T327] usb 4-1: config 0 descriptor??
[  274.968148][    T6] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  275.199366][  T575] usb 5-1: new high-speed USB device number 52 using dummy_hcd
[  275.278063][  T327] usbhid 4-1:0.0: can't add hid device: -71
[  275.280081][  T302] usbhid 1-1:0.0: can't add hid device: -71
[  275.288312][  T327] usbhid: probe of 4-1:0.0 failed with error -71
[  275.297078][  T327] usb 4-1: USB disconnect, device number 34
[  275.297835][  T302] usbhid: probe of 1-1:0.0 failed with error -71
[  275.310081][  T302] usb 1-1: USB disconnect, device number 44
[  275.328112][    T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  275.339219][    T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  275.348885][    T6] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  275.357785][    T6] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  275.366417][    T6] usb 3-1: config 0 descriptor??
[  275.420296][ T7866] 9pnet_fd: Insufficient options for proto=fd
[  275.558058][  T575] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  275.568871][  T575] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  275.578451][  T575] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  275.587286][  T575] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  275.595628][  T575] usb 5-1: config 0 descriptor??
[  275.700398][ T7874] 9pnet_fd: Insufficient options for proto=fd
[  277.310971][   T28] audit: type=1326 audit(1717340172.896:7067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7892 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5ce67cee9 code=0x7fc00000
[  277.407687][   T28] audit: type=1326 audit(1717340172.926:7068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7892 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5ce67cee9 code=0x7fc00000
[  277.533860][    T6] uclogic 0003:256C:006D.0041: failed retrieving string descriptor #200: -71
[  277.542643][    T6] uclogic 0003:256C:006D.0041: failed retrieving pen parameters: -71
[  277.550529][    T6] uclogic 0003:256C:006D.0041: failed probing pen v2 parameters: -71
[  277.558388][    T6] uclogic 0003:256C:006D.0041: failed probing parameters: -71
[  277.565660][    T6] uclogic: probe of 0003:256C:006D.0041 failed with error -71
[  277.573890][    T6] usb 3-1: USB disconnect, device number 34
[  277.678067][ T7904] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'.
[  277.688058][  T575] uclogic 0003:256C:006D.0042: failed retrieving string descriptor #200: -71
[  277.696996][  T575] uclogic 0003:256C:006D.0042: failed retrieving pen parameters: -71
[  277.704989][  T575] uclogic 0003:256C:006D.0042: failed probing pen v2 parameters: -71
[  277.713075][  T575] uclogic 0003:256C:006D.0042: failed probing parameters: -71
[  277.720401][  T575] uclogic: probe of 0003:256C:006D.0042 failed with error -71
[  277.728614][  T575] usb 5-1: USB disconnect, device number 52
[  277.759615][   T28] audit: type=1400 audit(1717340173.346:7069): avc:  denied  { listen } for  pid=7905 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  277.779918][   T28] audit: type=1400 audit(1717340173.346:7070): avc:  denied  { accept } for  pid=7905 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  277.802102][ T7906] loop1: detected capacity change from 0 to 512
[  277.809193][ T7906] EXT4-fs (loop1): unsupported inode size: 264
[  277.815232][ T7906] EXT4-fs (loop1): blocksize: 1024
[  278.016320][   T28] audit: type=1326 audit(1717340173.596:7071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7892 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5ce67cee9 code=0x7fc00000
[  278.040567][   T28] audit: type=1326 audit(1717340173.596:7072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7892 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa5ce67cee9 code=0x7fc00000
[  278.064497][   T28] audit: type=1326 audit(1717340173.596:7073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7892 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5ce67cee9 code=0x7fc00000
[  278.089740][   T28] audit: type=1326 audit(1717340173.596:7074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7892 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5ce67cee9 code=0x7fc00000
[  278.113730][   T28] audit: type=1326 audit(1717340173.596:7075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7892 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5ce67cee9 code=0x7fc00000
[  278.137575][   T28] audit: type=1326 audit(1717340173.596:7076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7892 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5ce67cee9 code=0x7fc00000
[  278.168022][ T2863] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  278.292342][ T7920] 9pnet_fd: Insufficient options for proto=fd
[  278.428031][ T2863] usb 2-1: Using ep0 maxpacket: 16
[  278.448024][  T302] usb 1-1: new high-speed USB device number 45 using dummy_hcd
[  278.471105][ T7931] bridge0: port 3(vlan2) entered blocking state
[  278.477249][ T7931] bridge0: port 3(vlan2) entered disabled state
[  278.548038][ T2863] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  278.558909][ T2863] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  278.568703][ T2863] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.40
[  278.577651][ T2863] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  278.590946][ T2863] usb 2-1: config 0 descriptor??
[  278.599427][ T7934] sch_tbf: burst 1399 is lower than device veth0_to_team mtu (1514) !
[  278.698035][  T302] usb 1-1: Using ep0 maxpacket: 16
[  278.798053][  T575] usb 5-1: new high-speed USB device number 53 using dummy_hcd
[  278.828151][  T302] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  278.839075][  T302] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  278.848757][  T302] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  278.861353][  T302] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  278.870217][  T302] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  278.878810][  T302] usb 1-1: config 0 descriptor??
[  279.052802][ T7908] loop1: detected capacity change from 0 to 1024
[  279.059080][    T6] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  279.060170][ T7908] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps block group descriptors
[  279.077080][ T7908] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (25054!=20869)
[  279.086500][ T7908] EXT4-fs (loop1): filesystem has both journal inode and journal device!
[  279.158030][  T575] usb 5-1: config 27 has an invalid descriptor of length 48, skipping remainder of the config
[  279.168355][  T575] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 12336, setting to 64
[  279.179388][  T575] usb 5-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  279.192252][  T575] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  279.201800][ T7946] loop1: detected capacity change from 0 to 128
[  279.203249][  T575] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  279.208620][ T7946] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[  279.248033][  T302] usbhid 1-1:0.0: can't add hid device: -71
[  279.254715][ T2863] cp2112 0003:10C4:EA90.0043: unknown main item tag 0x0
[  279.260296][  T575] snd-usb-audio: probe of 5-1:27.0 failed with error -2
[  279.261607][  T302] usbhid: probe of 1-1:0.0 failed with error -71
[  279.281634][ T2863] cp2112 0003:10C4:EA90.0043: unknown main item tag 0x0
[  279.288651][ T2863] cp2112 0003:10C4:EA90.0043: unknown main item tag 0x0
[  279.297002][  T302] usb 1-1: USB disconnect, device number 45
[  279.302948][ T2863] cp2112 0003:10C4:EA90.0043: unknown main item tag 0x0
[  279.310583][ T2863] cp2112 0003:10C4:EA90.0043: unknown main item tag 0x0
[  279.318856][ T2863] cp2112 0003:10C4:EA90.0043: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.1-1/input0
[  279.336846][ T7951] bridge0: port 3(vlan2) entered blocking state
[  279.343149][ T7951] bridge0: port 3(vlan2) entered disabled state
[  279.418093][    T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  279.428978][    T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  279.438549][    T6] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  279.447354][    T6] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  279.455863][    T6] usb 3-1: config 0 descriptor??
[  279.468031][ T2863] cp2112 0003:10C4:EA90.0043: error requesting version
[  279.475208][ T2863] cp2112: probe of 0003:10C4:EA90.0043 failed with error -5
[  279.508766][ T2863] usb 5-1: USB disconnect, device number 53
[  279.652983][ T7955] 9pnet_fd: Insufficient options for proto=fd
[  279.667998][  T575] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  279.677150][  T350] usb 2-1: USB disconnect, device number 39
[  279.798107][    T6] usbhid 3-1:0.0: can't add hid device: -71
[  279.803875][    T6] usbhid: probe of 3-1:0.0 failed with error -71
[  279.810674][    T6] usb 3-1: USB disconnect, device number 35
[  279.997985][ T3626] usb 1-1: new high-speed USB device number 46 using dummy_hcd
[  280.023739][ T7967] loop4: detected capacity change from 0 to 512
[  280.029946][  T575] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  280.030879][ T7967] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  280.040939][  T575] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  280.051128][ T7967] EXT4-fs (loop4): 1 truncate cleaned up
[  280.058495][  T575] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  280.063947][ T7967] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  280.072895][  T575] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  280.096121][  T575] usb 4-1: config 0 descriptor??
[  280.101633][ T3882] EXT4-fs (loop4): unmounting filesystem.
[  280.307591][ T7983] loop2: detected capacity change from 0 to 512
[  280.320986][ T7983] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  280.329952][ T7983] ext4 filesystem being mounted at /root/syzkaller-testdir1183906713/syzkaller.jy7QNX/204/file0 supports timestamps until 2038 (0x7fffffff)
[  280.347287][ T7983] EXT4-fs error (device loop2): ext4_do_update_inode:5212: inode #2: comm syz-executor.2: corrupted inode contents
[  280.359479][ T3626] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  280.360486][ T7983] EXT4-fs error (device loop2): ext4_dirty_inode:6074: inode #2: comm syz-executor.2: mark_inode_dirty error
[  280.369630][ T3626] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  280.381241][ T7983] EXT4-fs error (device loop2): ext4_do_update_inode:5212: inode #2: comm syz-executor.2: corrupted inode contents
[  280.401651][ T7983] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #2: comm syz-executor.2: mark_inode_dirty error
[  280.425820][ T5015] EXT4-fs (loop2): unmounting filesystem.
[  280.468089][ T3626] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  280.479089][ T3626] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  280.490978][ T3626] usb 1-1: SerialNumber: syz
[  280.513164][ T7992] 9pnet_fd: Insufficient options for proto=fd
[  280.664388][ T8007] loop2: detected capacity change from 0 to 512
[  280.671206][ T8007] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[  280.681289][ T8007] EXT4-fs (loop2): 1 truncate cleaned up
[  280.686795][ T8007] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  280.701038][ T5015] EXT4-fs (loop2): unmounting filesystem.
[  280.758766][ T3626] usb 1-1: 0:2 : does not exist
[  281.000767][ T8015] loop4: detected capacity change from 0 to 512
[  281.020453][ T8015] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  281.029323][ T8015] ext4 filesystem being mounted at /root/syzkaller-testdir2255541184/syzkaller.GzZslN/313/file0 supports timestamps until 2038 (0x7fffffff)
[  281.048397][ T8015] EXT4-fs error (device loop4): ext4_do_update_inode:5212: inode #2: comm syz-executor.4: corrupted inode contents
[  281.060607][ T8015] EXT4-fs error (device loop4): ext4_dirty_inode:6074: inode #2: comm syz-executor.4: mark_inode_dirty error
[  281.072284][ T8015] EXT4-fs error (device loop4): ext4_do_update_inode:5212: inode #2: comm syz-executor.4: corrupted inode contents
[  281.084955][ T8015] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #2: comm syz-executor.4: mark_inode_dirty error
[  281.121339][ T3882] EXT4-fs (loop4): unmounting filesystem.
[  281.135280][ T8011] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'.
[  281.141250][ T8026] 9pnet_fd: Insufficient options for proto=fd
[  281.438089][  T575] uclogic 0003:256C:006D.0044: failed retrieving string descriptor #100: -71
[  281.446996][  T575] uclogic 0003:256C:006D.0044: failed retrieving pen parameters: -71
[  281.455084][  T575] uclogic 0003:256C:006D.0044: failed probing pen v1 parameters: -71
[  281.463097][  T575] uclogic 0003:256C:006D.0044: failed probing parameters: -71
[  281.471838][  T575] uclogic: probe of 0003:256C:006D.0044 failed with error -71
[  281.480207][  T575] usb 4-1: USB disconnect, device number 35
[  281.747999][  T302] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[  281.999950][ T8032] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'.
[  282.085771][ T8061] loop3: detected capacity change from 0 to 512
[  282.099745][ T8061] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  282.108708][ T8061] ext4 filesystem being mounted at /root/syzkaller-testdir1758057461/syzkaller.rs5v16/158/file0 supports timestamps until 2038 (0x7fffffff)
[  282.125963][ T8061] EXT4-fs error (device loop3): ext4_do_update_inode:5212: inode #2: comm syz-executor.3: corrupted inode contents
[  282.138194][ T8061] EXT4-fs error (device loop3): ext4_dirty_inode:6074: inode #2: comm syz-executor.3: mark_inode_dirty error
[  282.138376][  T302] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8
[  282.150031][ T8061] EXT4-fs error (device loop3): ext4_do_update_inode:5212: inode #2: comm syz-executor.3: corrupted inode contents
[  282.159384][  T302] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 32
[  282.172480][ T8061] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #2: comm syz-executor.3: mark_inode_dirty error
[  282.205344][ T8066] 9pnet_fd: Insufficient options for proto=fd
[  282.215922][ T6184] EXT4-fs (loop3): unmounting filesystem.
[  282.288107][  T302] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  282.297166][  T302] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  282.304987][  T302] usb 5-1: SerialNumber: syz
[  282.338067][ T8042] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  282.345218][ T8042] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  282.484967][ T8081] loop2: detected capacity change from 0 to 512
[  282.500134][ T8081] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  282.509098][ T8081] ext4 filesystem being mounted at /root/syzkaller-testdir1183906713/syzkaller.jy7QNX/217/bus supports timestamps until 2038 (0x7fffffff)
[  282.538008][  T313] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  282.558959][ T8042] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  282.566007][ T8042] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  282.581214][   T28] kauditd_printk_skb: 62 callbacks suppressed
[  282.581231][   T28] audit: type=1326 audit(1717340178.166:7139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8080 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fb3c8e7a667 code=0x7ffc0000
[  282.610948][   T28] audit: type=1326 audit(1717340178.166:7140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8080 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb3c8e40329 code=0x7ffc0000
[  282.634512][   T28] audit: type=1326 audit(1717340178.166:7141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8080 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fb3c8e7a667 code=0x7ffc0000
[  282.658303][   T28] audit: type=1326 audit(1717340178.166:7142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8080 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb3c8e40329 code=0x7ffc0000
[  282.682515][   T28] audit: type=1326 audit(1717340178.166:7143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8080 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fb3c8e7a667 code=0x7ffc0000
[  282.682968][ T2863] usb 1-1: USB disconnect, device number 46
[  282.706354][   T28] audit: type=1326 audit(1717340178.166:7144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8080 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb3c8e40329 code=0x7ffc0000
[  282.735542][   T28] audit: type=1326 audit(1717340178.166:7145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8080 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fb3c8e7a667 code=0x7ffc0000
[  282.759262][  T505] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  282.759308][   T28] audit: type=1326 audit(1717340178.166:7146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8080 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb3c8e40329 code=0x7ffc0000
[  282.790480][   T28] audit: type=1326 audit(1717340178.166:7147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8080 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fb3c8e7a667 code=0x7ffc0000
[  282.814318][   T28] audit: type=1326 audit(1717340178.166:7148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8080 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb3c8e40329 code=0x7ffc0000
[  283.002274][  T313] usb 4-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  283.013229][  T313] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  283.039967][ T8042] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  283.053887][ T8042] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  283.618717][  T302] cdc_ether: probe of 5-1:1.0 failed with error -22
[  283.654356][ T5015] EXT4-fs (loop2): unmounting filesystem.
[  283.688203][  T313] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  283.698078][  T313] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  283.706042][  T313] usb 4-1: SerialNumber: syz
[  283.738156][ T8096] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  283.768152][  T505] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  283.779010][  T505] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  283.788599][  T505] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  283.797473][  T505] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  283.807193][  T505] usb 2-1: config 0 descriptor??
[  283.822897][ T8104] 9pnet_fd: Insufficient options for proto=fd
[  283.949779][    T8] Bluetooth: hci0: Frame reassembly failed (-84)
[  283.988684][  T313] usb 4-1: 0:2 : does not exist
[  283.993378][  T313] usb 4-1: unit 5 not found!
[  283.998860][  T313] usb 4-1: USB disconnect, device number 36
[  284.137991][  T302] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  284.198595][ T8100] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  284.508052][  T302] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  284.518801][  T302] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  284.528358][  T302] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  284.537192][  T302] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  284.545530][  T302] usb 3-1: config 0 descriptor??
[  284.581365][ T8113] loop0: detected capacity change from 0 to 512
[  284.588064][ T8113] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[  284.597909][ T8113] EXT4-fs (loop0): 1 truncate cleaned up
[  284.603446][ T8113] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  284.618462][ T6095] EXT4-fs (loop0): unmounting filesystem.
[  284.648238][ T8119] loop0: detected capacity change from 0 to 512
[  284.659764][ T8119] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  284.668796][ T8119] ext4 filesystem being mounted at /root/syzkaller-testdir1700510296/syzkaller.IDNqzB/126/bus supports timestamps until 2038 (0x7fffffff)
[  284.978038][  T302] usbhid 3-1:0.0: can't add hid device: -71
[  284.985399][  T302] usbhid: probe of 3-1:0.0 failed with error -71
[  284.987636][  T350] usb 5-1: USB disconnect, device number 54
[  284.994846][  T302] usb 3-1: USB disconnect, device number 36
[  285.017788][ T8136] loop4: detected capacity change from 0 to 512
[  285.040699][ T8134] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  285.061903][ T8136] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  285.078127][ T8136] ext4 filesystem being mounted at /root/syzkaller-testdir2255541184/syzkaller.GzZslN/320/file0 supports timestamps until 2038 (0x7fffffff)
[  285.097003][ T8136] EXT4-fs error (device loop4): ext4_do_update_inode:5212: inode #2: comm syz-executor.4: corrupted inode contents
[  285.112557][ T8136] EXT4-fs error (device loop4): ext4_dirty_inode:6074: inode #2: comm syz-executor.4: mark_inode_dirty error
[  285.125778][ T8136] EXT4-fs error (device loop4): ext4_do_update_inode:5212: inode #2: comm syz-executor.4: corrupted inode contents
[  285.138070][  T505] uclogic 0003:256C:006D.0045: failed retrieving string descriptor #100: -71
[  285.150685][  T505] uclogic 0003:256C:006D.0045: failed retrieving pen parameters: -71
[  285.161092][  T505] uclogic 0003:256C:006D.0045: failed probing pen v1 parameters: -71
[  285.173168][ T8136] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #2: comm syz-executor.4: mark_inode_dirty error
[  285.191558][ T8142] 9pnet_fd: Insufficient options for proto=fd
[  285.203054][ T3882] EXT4-fs (loop4): unmounting filesystem.
[  285.210099][  T505] uclogic 0003:256C:006D.0045: failed probing parameters: -71
[  285.222331][  T505] uclogic: probe of 0003:256C:006D.0045 failed with error -71
[  285.239600][  T505] usb 2-1: USB disconnect, device number 40
[  285.327017][ T8154] fuse: Unknown parameter 'fUY�ȿxl���|d'
[  285.609624][ T6095] EXT4-fs (loop0): unmounting filesystem.
[  285.922441][ T8178] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[  285.997156][ T8171] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'.
[  286.007986][ T1111] Bluetooth: hci0: command 0x1003 tx timeout
[  286.013858][   T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  286.036142][ T8186] loop3: detected capacity change from 0 to 512
[  286.050578][ T8186] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  286.059466][ T8186] ext4 filesystem being mounted at /root/syzkaller-testdir1758057461/syzkaller.rs5v16/160/file0 supports timestamps until 2038 (0x7fffffff)
[  286.076615][ T8186] EXT4-fs error (device loop3): ext4_do_update_inode:5212: inode #2: comm syz-executor.3: corrupted inode contents
[  286.089278][ T8186] EXT4-fs error (device loop3): ext4_dirty_inode:6074: inode #2: comm syz-executor.3: mark_inode_dirty error
[  286.101222][ T8186] EXT4-fs error (device loop3): ext4_do_update_inode:5212: inode #2: comm syz-executor.3: corrupted inode contents
[  286.113400][ T8186] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #2: comm syz-executor.3: mark_inode_dirty error
[  286.132215][ T6184] EXT4-fs (loop3): unmounting filesystem.
[  286.182834][ T8196] loop3: detected capacity change from 0 to 512
[  286.189855][ T8196] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  286.200732][ T8196] EXT4-fs (loop3): 1 truncate cleaned up
[  286.206284][ T8196] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  286.220865][ T6184] EXT4-fs (loop3): unmounting filesystem.
[  286.347439][ T8176] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'.
[  287.029549][ T8222] loop2: detected capacity change from 0 to 1024
[  287.047541][ T8222] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869)
[  287.057047][ T8222] EXT4-fs (loop2): group descriptors corrupted!
[  287.128079][  T313] usb 5-1: new high-speed USB device number 55 using dummy_hcd
[  287.128158][  T505] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  287.397464][ T8228] loop0: detected capacity change from 0 to 512
[  287.409868][ T8228] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  287.418840][ T8228] ext4 filesystem being mounted at /root/syzkaller-testdir1700510296/syzkaller.IDNqzB/133/file0 supports timestamps until 2038 (0x7fffffff)
[  287.436226][ T8228] EXT4-fs error (device loop0): ext4_do_update_inode:5212: inode #2: comm syz-executor.0: corrupted inode contents
[  287.448433][ T8228] EXT4-fs error (device loop0): ext4_dirty_inode:6074: inode #2: comm syz-executor.0: mark_inode_dirty error
[  287.460084][ T8228] EXT4-fs error (device loop0): ext4_do_update_inode:5212: inode #2: comm syz-executor.0: corrupted inode contents
[  287.472209][ T8228] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #2: comm syz-executor.0: mark_inode_dirty error
[  287.492427][ T6095] EXT4-fs (loop0): unmounting filesystem.
[  287.550705][ T8238] loop0: detected capacity change from 0 to 512
[  287.557609][ T8238] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[  287.567668][ T8238] EXT4-fs (loop0): 1 truncate cleaned up
[  287.573234][ T8238] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  287.586579][ T6095] EXT4-fs (loop0): unmounting filesystem.
[  287.638046][    T6] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  287.728119][  T505] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  287.728238][  T313] usb 5-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  287.748999][  T505] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  287.759028][  T505] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  287.768141][  T505] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  287.776234][  T313] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  287.785729][  T505] usb 2-1: config 0 descriptor??
[  287.878056][  T313] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  287.887037][  T313] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  287.894908][  T313] usb 5-1: SerialNumber: syz
[  288.008098][    T6] usb 4-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  288.028009][    T6] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  288.068159][ T8257] loop2: detected capacity change from 0 to 512
[  288.080013][ T8257] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  288.088869][ T8257] ext4 filesystem being mounted at /root/syzkaller-testdir1183906713/syzkaller.jy7QNX/237/file0 supports timestamps until 2038 (0x7fffffff)
[  288.105790][ T8257] EXT4-fs error (device loop2): ext4_do_update_inode:5212: inode #2: comm syz-executor.2: corrupted inode contents
[  288.117905][    T6] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  288.118266][ T8257] EXT4-fs error (device loop2): ext4_dirty_inode:6074: inode #2: comm syz-executor.2: mark_inode_dirty error
[  288.127006][    T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  288.138821][ T8257] EXT4-fs error (device loop2): ext4_do_update_inode:5212: inode #2: comm syz-executor.2: corrupted inode contents
[  288.146180][    T6] usb 4-1: SerialNumber: syz
[  288.158976][ T8257] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #2: comm syz-executor.2: mark_inode_dirty error
[  288.168322][  T355] Bluetooth: hci0: Frame reassembly failed (-84)
[  288.190709][ T5015] EXT4-fs (loop2): unmounting filesystem.
[  288.218535][  T313] usb 5-1: 0:2 : does not exist
[  288.223270][  T313] usb 5-1: unit 5 not found!
[  288.228978][  T313] usb 5-1: USB disconnect, device number 55
[  288.307996][  T575] usb 1-1: new high-speed USB device number 47 using dummy_hcd
[  288.409630][ T5849] Bluetooth: hci1: Frame reassembly failed (-84)
[  288.448577][    T6] usb 4-1: 0:2 : does not exist
[  288.453263][    T6] usb 4-1: unit 5 not found!
[  288.459420][    T6] usb 4-1: USB disconnect, device number 37
[  288.488014][   T39] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  288.668068][  T575] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  288.678851][  T575] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  288.688386][  T575] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  288.697371][  T575] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  288.705880][  T575] usb 1-1: config 0 descriptor??
[  288.758034][   T39] usb 3-1: Using ep0 maxpacket: 32
[  288.878070][   T39] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  288.888844][   T39] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  289.018085][   T39] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  289.027187][   T39] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  289.035338][   T39] usb 3-1: Product: syz
[  289.039293][   T39] usb 3-1: Manufacturer: syz
[  289.088403][   T39] hub 3-1:4.0: USB hub found
[  289.108034][  T505] uclogic 0003:256C:006D.0046: failed retrieving string descriptor #100: -71
[  289.116746][  T505] uclogic 0003:256C:006D.0046: failed retrieving pen parameters: -71
[  289.124670][  T505] uclogic 0003:256C:006D.0046: failed probing pen v1 parameters: -71
[  289.132733][  T505] uclogic 0003:256C:006D.0046: failed probing parameters: -71
[  289.140021][  T505] uclogic: probe of 0003:256C:006D.0046 failed with error -71
[  289.148075][  T505] usb 2-1: USB disconnect, device number 41
[  289.308087][   T39] hub 3-1:4.0: 2 ports detected
[  289.639310][ T8269] loop1: detected capacity change from 0 to 512
[  289.646289][ T8269] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  289.655978][ T8269] EXT4-fs (loop1): 1 truncate cleaned up
[  289.661639][ T8269] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  289.675010][ T3356] EXT4-fs (loop1): unmounting filesystem.
[  289.848022][  T575] uclogic 0003:256C:006D.0047: failed retrieving string descriptor #200: -71
[  289.856868][  T575] uclogic 0003:256C:006D.0047: failed retrieving pen parameters: -71
[  289.864936][  T575] uclogic 0003:256C:006D.0047: failed probing pen v2 parameters: -71
[  289.872981][  T575] uclogic 0003:256C:006D.0047: failed probing parameters: -71
[  289.880394][  T575] uclogic: probe of 0003:256C:006D.0047 failed with error -71
[  289.888890][  T575] usb 1-1: USB disconnect, device number 47
[  290.238009][ T1112] Bluetooth: hci0: command 0x1003 tx timeout
[  290.238007][   T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  290.311187][ T8279] loop4: detected capacity change from 0 to 512
[  290.318207][ T8279] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  290.330066][ T8279] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  290.338927][ T8279] ext4 filesystem being mounted at /root/syzkaller-testdir2255541184/syzkaller.GzZslN/329/file0 supports timestamps until 2038 (0x7fffffff)
[  290.382956][ T3882] EXT4-fs (loop4): unmounting filesystem.
[  290.427712][ T8287] loop4: detected capacity change from 0 to 1024
[  290.435064][ T8287] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  290.443525][ T8287] EXT4-fs (loop4): orphan cleanup on readonly fs
[  290.450960][ T8287] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:477: comm syz-executor.4: Invalid block bitmap block 0 in block_group 0
[  290.464733][ T8287] __quota_error: 7219 callbacks suppressed
[  290.464746][ T8287] Quota error (device loop4): write_blk: dquota write failed
[  290.477608][ T8287] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  290.478210][ T1111] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  290.490360][ T1360] Bluetooth: hci1: command 0x1003 tx timeout
[  290.494072][ T8287] EXT4-fs error (device loop4): ext4_free_blocks:6197: comm syz-executor.4: Freeing blocks not in datazone - block = 0, count = 4096
[  290.512893][ T8287] EXT4-fs error (device loop4): ext4_read_inode_bitmap:140: comm syz-executor.4: Invalid inode bitmap blk 0 in block_group 0
[  290.525849][ T8287] EXT4-fs error (device loop4) in ext4_free_inode:362: Corrupt filesystem
[  290.538085][  T355] Quota error (device loop4): do_check_range: Getting block 0 out of range 1-8
[  290.547536][ T8287] EXT4-fs (loop4): 1 orphan inode deleted
[  290.581233][ T8287] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  290.647485][   T39] hub 3-1:4.0: activate --> -90
[  290.906185][ T8263] EXT4-fs warning (device sda1): ext4_group_extend:1869: can't shrink FS - resize aborted
[  291.098980][   T39] usb 3-1: USB disconnect, device number 37
[  291.118510][  T505] hub 3-1:4.0: hub_ext_port_status failed (err = -71)
[  291.168031][  T575] usb 5-1: new high-speed USB device number 56 using dummy_hcd
[  291.391025][ T8314] loop3: detected capacity change from 0 to 512
[  291.397876][ T8314] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  291.417987][  T505] usb 1-1: new high-speed USB device number 48 using dummy_hcd
[  291.425991][ T8314] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  291.434933][ T8314] ext4 filesystem being mounted at /root/syzkaller-testdir1758057461/syzkaller.rs5v16/168/file0 supports timestamps until 2038 (0x7fffffff)
[  291.486178][ T6184] EXT4-fs (loop3): unmounting filesystem.
[  291.549898][ T8322] 9pnet_fd: Insufficient options for proto=fd
[  291.758366][  T505] usb 1-1: Using ep0 maxpacket: 32
[  291.768681][ T8332] loop2: detected capacity change from 0 to 2048
[  291.800702][ T8332] EXT4-fs (loop2): failed to initialize system zone (-117)
[  291.811867][ T8332] EXT4-fs (loop2): mount failed
[  291.836612][  T575] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  291.848734][  T575] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  291.856585][  T575] usb 5-1: Product: syz
[  291.860587][  T575] usb 5-1: Manufacturer: syz
[  291.865083][  T575] usb 5-1: SerialNumber: syz
[  291.898148][  T505] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  291.927200][  T505] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  292.078045][  T505] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  292.087799][  T505] usb 1-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  292.096085][  T505] usb 1-1: Product: syz
[  292.100453][  T505] usb 1-1: Manufacturer: syz
[  292.138406][  T505] hub 1-1:4.0: USB hub found
[  292.264606][ T8345] loop2: detected capacity change from 0 to 512
[  292.271417][ T8345] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[  292.281221][ T8345] EXT4-fs (loop2): 1 truncate cleaned up
[  292.286719][ T8345] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  292.300742][ T5015] EXT4-fs (loop2): unmounting filesystem.
[  292.317789][ T8349] loop2: detected capacity change from 0 to 512
[  292.324892][ T8349] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  292.358238][ T8349] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  292.367233][ T8349] ext4 filesystem being mounted at /root/syzkaller-testdir1183906713/syzkaller.jy7QNX/244/file0 supports timestamps until 2038 (0x7fffffff)
[  292.374800][   T28] audit: type=1400 audit(1717340187.956:14368): avc:  denied  { create } for  pid=8311 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  292.409688][   T28] audit: type=1400 audit(1717340187.996:14369): avc:  denied  { bind } for  pid=8311 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  292.476948][ T8358] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'.
[  292.478167][ T5015] EXT4-fs (loop2): unmounting filesystem.
[  292.486180][  T505] hub 1-1:4.0: config failed, can't read hub descriptor (err -22)
[  292.528320][  T505] usb 1-1: USB disconnect, device number 48
[  292.571047][ T8366] loop3: detected capacity change from 0 to 512
[  292.589604][ T8366] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  292.598668][ T8366] ext4 filesystem being mounted at /root/syzkaller-testdir1758057461/syzkaller.rs5v16/172/file0 supports timestamps until 2038 (0x7fffffff)
[  292.615818][ T8366] EXT4-fs error (device loop3): ext4_do_update_inode:5212: inode #2: comm syz-executor.3: corrupted inode contents
[  292.628164][ T8366] EXT4-fs error (device loop3): ext4_dirty_inode:6074: inode #2: comm syz-executor.3: mark_inode_dirty error
[  292.639940][ T8366] EXT4-fs error (device loop3): ext4_do_update_inode:5212: inode #2: comm syz-executor.3: corrupted inode contents
[  292.652166][ T8366] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #2: comm syz-executor.3: mark_inode_dirty error
[  292.671916][ T6184] EXT4-fs (loop3): unmounting filesystem.
[  292.708509][ T8374] loop3: detected capacity change from 0 to 512
[  292.715321][ T8374] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  292.725012][ T8374] EXT4-fs (loop3): 1 truncate cleaned up
[  292.730843][ T8374] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  292.744333][ T6184] EXT4-fs (loop3): unmounting filesystem.
[  292.768956][ T8379] loop3: detected capacity change from 0 to 512
[  292.789914][ T8379] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  292.799234][ T8379] ext4 filesystem being mounted at /root/syzkaller-testdir1758057461/syzkaller.rs5v16/177/file0 supports timestamps until 2038 (0x7fffffff)
[  292.808013][   T39] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  292.819649][ T8379] EXT4-fs error (device loop3): ext4_do_update_inode:5212: inode #2: comm syz-executor.3: corrupted inode contents
[  292.820822][  T313] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  292.832974][ T8379] EXT4-fs error (device loop3): ext4_dirty_inode:6074: inode #2: comm syz-executor.3: mark_inode_dirty error
[  292.851711][ T8379] EXT4-fs error (device loop3): ext4_do_update_inode:5212: inode #2: comm syz-executor.3: corrupted inode contents
[  292.863822][ T8379] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #2: comm syz-executor.3: mark_inode_dirty error
[  292.883776][ T6184] EXT4-fs (loop3): unmounting filesystem.
[  292.941114][ T8388] loop3: detected capacity change from 0 to 512
[  292.947893][ T8388] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  292.959826][ T8388] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  292.968749][ T8388] ext4 filesystem being mounted at /root/syzkaller-testdir1758057461/syzkaller.rs5v16/180/file0 supports timestamps until 2038 (0x7fffffff)
[  293.007190][ T6184] EXT4-fs (loop3): unmounting filesystem.
[  293.098026][   T39] usb 2-1: Using ep0 maxpacket: 32
[  293.238088][  T313] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8
[  293.247935][   T39] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  293.258931][  T313] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 32
[  293.268646][   T39] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  293.284499][ T8404] bridge0: port 2(bridge_slave_1) entered disabled state
[  293.291576][ T8404] bridge0: port 2(bridge_slave_1) entered blocking state
[  293.298458][ T8404] bridge0: port 2(bridge_slave_1) entered forwarding state
[  293.305560][ T3626] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  293.335076][   T28] audit: type=1400 audit(1717340188.916:14370): avc:  denied  { read } for  pid=8408 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  293.335935][ T8409] loop0: detected capacity change from 0 to 16
[  293.361157][ T8409] erofs: Unknown parameter '��ݐɣ'��[�gP{0���s�m��Y�M�
0x0000000000000000�
'
[  293.378038][  T313] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  293.387229][  T313] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  293.395248][  T313] usb 3-1: SerialNumber: syz
[  293.411675][ T8411] loop0: detected capacity change from 0 to 512
[  293.418036][ T8364] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  293.418045][   T39] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  293.425180][ T8364] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  293.435565][   T39] usb 2-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  293.449268][   T39] usb 2-1: Product: syz
[  293.453243][   T39] usb 2-1: Manufacturer: syz
[  293.458107][  T505] usb 5-1: USB disconnect, device number 56
[  293.460044][ T8411] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  293.472923][ T8411] ext4 filesystem being mounted at /root/syzkaller-testdir1700510296/syzkaller.IDNqzB/155/file0 supports timestamps until 2038 (0x7fffffff)
[  293.489998][ T8411] EXT4-fs error (device loop0): ext4_do_update_inode:5212: inode #2: comm syz-executor.0: corrupted inode contents
[  293.502179][ T8411] EXT4-fs error (device loop0): ext4_dirty_inode:6074: inode #2: comm syz-executor.0: mark_inode_dirty error
[  293.514076][ T8411] EXT4-fs error (device loop0): ext4_do_update_inode:5212: inode #2: comm syz-executor.0: corrupted inode contents
[  293.514189][   T39] hub 2-1:4.0: USB hub found
[  293.530895][ T8411] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #2: comm syz-executor.0: mark_inode_dirty error
[  293.542716][ T3882] EXT4-fs (loop4): unmounting filesystem.
[  293.550067][ T6095] EXT4-fs (loop0): unmounting filesystem.
[  293.598322][ T3626] usb 4-1: device descriptor read/64, error -71
[  293.671737][ T8364] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  293.679053][ T8364] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  293.718111][   T39] hub 2-1:4.0: 2 ports detected
[  293.853933][ T8424] loop0: detected capacity change from 0 to 40427
[  293.860935][ T8424] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(2) root(0)
[  293.868507][ T8424] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  293.877427][ T8424] F2FS-fs (loop0): invalid crc value
[  293.883998][ T8424] F2FS-fs (loop0): Found nat_bits in checkpoint
[  293.919471][ T8424] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  293.926454][ T8424] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  293.938727][  T505] usb 5-1: new high-speed USB device number 57 using dummy_hcd
[  293.958521][ T6095] syz-executor.0: attempt to access beyond end of device
[  293.958521][ T6095] loop0: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  293.987985][ T3626] usb 4-1: device descriptor read/64, error -71
[  294.061187][ T8434] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[  294.071919][ T8434] device bridge0 entered promiscuous mode
[  294.077521][ T8434] device macsec1 entered promiscuous mode
[  294.109995][ T8364] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  294.118404][ T8364] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  294.148244][  T313] cdc_ether: probe of 3-1:1.0 failed with error -22
[  294.216760][ T8436] loop0: detected capacity change from 0 to 40427
[  294.226118][ T8436] F2FS-fs (loop0): Found nat_bits in checkpoint
[  294.261602][ T8436] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  294.271644][ T8436] syz-executor.0: attempt to access beyond end of device
[  294.271644][ T8436] loop0: rw=0, sector=45064, nr_sectors = 8 limit=40427
[  294.348160][  T505] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  294.364717][  T505] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[  294.368057][ T3626] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  294.375843][  T505] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  294.396156][  T505] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  294.405378][  T505] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  294.413874][  T505] usb 5-1: config 0 descriptor??
[  294.429572][ T8448] loop0: detected capacity change from 0 to 512
[  294.436517][ T8448] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  294.445126][ T8416] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  294.459025][ T8448] [EXT4 FS bs=4096, gc=1, bpg=71, ipg=32, mo=a842c09c, mo2=0000]
[  294.466654][ T8448] System zones: 0-2, 18-18, 34-34
[  294.472581][ T8448] EXT4-fs (loop0): 1 orphan inode deleted
[  294.478182][ T8448] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  294.486869][ T8448] ext4 filesystem being mounted at /root/syzkaller-testdir1700510296/syzkaller.IDNqzB/167/file1 supports timestamps until 2038 (0x7fffffff)
[  294.657988][ T3626] usb 4-1: device descriptor read/64, error -71
[  294.878708][  T505] plantronics 0003:047F:FFFF.0048: unknown main item tag 0xd
[  294.887412][  T505] plantronics 0003:047F:FFFF.0048: No inputs registered, leaving
[  294.889614][  T575] usb 3-1: USB disconnect, device number 38
[  294.896284][  T505] plantronics 0003:047F:FFFF.0048: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  294.918721][ T8453] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2052 sclass=netlink_route_socket pid=8453 comm=syz-executor.2
[  295.008014][   T39] hub 2-1:4.0: activate --> -90
[  295.100667][ T8457] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.2'.
[  295.353402][ T3626] usb 4-1: device descriptor read/64, error -71
[  295.362318][ T8362] EXT4-fs warning (device sda1): ext4_group_extend:1869: can't shrink FS - resize aborted
[  295.371097][    T6] usb 5-1: USB disconnect, device number 57
[  295.378478][ T6095] EXT4-fs (loop0): unmounting filesystem.
[  295.413685][  T575] usb 2-1: USB disconnect, device number 42
[  295.438070][   T39] hub 2-1:4.0: hub_ext_port_status failed (err = -71)
[  295.478536][ T3626] usb usb4-port1: attempt power cycle
[  295.500498][   T28] audit: type=1400 audit(1717340191.086:14371): avc:  denied  { getopt } for  pid=8468 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  295.850874][ T8477] loop0: detected capacity change from 0 to 1024
[  295.857732][ T8477] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869)
[  295.867883][ T8477] EXT4-fs (loop0): barriers disabled
[  295.873101][ T8477] JBD2: no valid journal superblock found
[  295.878807][ T8477] EXT4-fs (loop0): error loading journal
[  295.888012][ T3626] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  295.959559][ T8487] netem: change failed
[  296.038428][ T3626] usb 4-1: device descriptor read/8, error -71
[  296.098012][    T6] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  296.197993][  T575] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  296.248134][ T3626] usb 4-1: device descriptor read/8, error -71
[  296.308019][  T327] usb 5-1: new high-speed USB device number 58 using dummy_hcd
[  296.337993][  T313] usb 1-1: new full-speed USB device number 49 using dummy_hcd
[  296.337993][    T6] usb 3-1: Using ep0 maxpacket: 16
[  296.468049][    T6] usb 3-1: config 0 has an invalid interface number: 2 but max is 0
[  296.476003][    T6] usb 3-1: config 0 has no interface number 0
[  296.482143][    T6] usb 3-1: config 0 interface 2 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024
[  296.548055][  T327] usb 5-1: Using ep0 maxpacket: 16
[  296.558041][  T575] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8
[  296.567652][  T575] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 32
[  296.648085][    T6] usb 3-1: New USB device found, idVendor=0582, idProduct=0005, bcdDevice= f.88
[  296.657064][  T575] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  296.666104][    T6] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  296.673959][  T327] usb 5-1: config 0 has an invalid interface number: 2 but max is 0
[  296.681700][  T575] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  296.689784][    T6] usb 3-1: Product: syz
[  296.693730][    T6] usb 3-1: Manufacturer: syz
[  296.698193][  T327] usb 5-1: config 0 has no interface number 0
[  296.704093][  T327] usb 5-1: config 0 interface 2 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  296.713577][  T575] usb 2-1: SerialNumber: syz
[  296.713579][  T313] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  296.718045][    T6] usb 3-1: SerialNumber: syz
[  296.733341][  T313] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  296.734078][  T327] usb 5-1: config 0 interface 2 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[  296.743250][  T313] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 10
[  296.752534][ T8485] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  296.763315][  T313] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  296.771058][    T6] usb 3-1: config 0 descriptor??
[  296.779815][  T313] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  296.784896][ T8485] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  296.797267][  T313] usb 1-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00
[  296.804404][ T8483] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  296.813139][  T313] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  296.828398][  T313] usb 1-1: config 0 descriptor??
[  296.958120][  T327] usb 5-1: New USB device found, idVendor=0582, idProduct=0005, bcdDevice= f.88
[  296.967057][  T327] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  296.974901][  T327] usb 5-1: Product: syz
[  296.978936][  T327] usb 5-1: Manufacturer: syz
[  296.983418][  T327] usb 5-1: SerialNumber: syz
[  296.988716][  T327] usb 5-1: config 0 descriptor??
[  297.047852][ T8485] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  297.054999][ T8485] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  297.070216][   T28] audit: type=1400 audit(1717340192.656:14372): avc:  denied  { accept } for  pid=8501 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  297.108815][    T6] usb 3-1: invalid MIDI in EP 0
[  297.115765][    T6] snd-usb-audio: probe of 3-1:0.2 failed with error -22
[  297.124067][    T6] usb 3-1: USB disconnect, device number 39
[  297.155527][ T8511] netlink: 1 bytes leftover after parsing attributes in process `syz-executor.0'.
[  297.270312][  T327] snd-usb-audio: probe of 5-1:0.2 failed with error -12
[  297.277851][  T327] usb 5-1: USB disconnect, device number 58
[  297.308033][  T313] usbhid 1-1:0.0: can't add hid device: -71
[  297.313847][  T313] usbhid: probe of 1-1:0.0 failed with error -71
[  297.321173][  T313] usb 1-1: USB disconnect, device number 49
[  297.498049][ T3626] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  297.509749][ T8485] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  297.518108][ T8485] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  297.528078][  T575] cdc_ether: probe of 2-1:1.0 failed with error -22
[  297.588042][ T3626] usb 4-1: Using ep0 maxpacket: 16
[  297.708088][ T3626] usb 4-1: config 0 has an invalid interface number: 2 but max is 0
[  297.715948][ T3626] usb 4-1: config 0 has no interface number 0
[  297.721855][ T3626] usb 4-1: config 0 interface 2 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  297.731363][ T3626] usb 4-1: config 0 interface 2 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[  297.898108][ T3626] usb 4-1: New USB device found, idVendor=0582, idProduct=0005, bcdDevice= f.88
[  297.906984][ T3626] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  297.914857][ T3626] usb 4-1: Product: syz
[  297.918855][ T3626] usb 4-1: Manufacturer: syz
[  297.923371][ T3626] usb 4-1: SerialNumber: syz
[  297.927960][  T313] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  297.936430][ T3626] usb 4-1: config 0 descriptor??
[  298.220100][ T3626] snd-usb-audio: probe of 4-1:0.2 failed with error -12
[  298.227599][ T3626] usb 4-1: USB disconnect, device number 41
[  298.227966][  T313] usb 3-1: Using ep0 maxpacket: 32
[  298.239562][  T505] usb 2-1: USB disconnect, device number 43
[  298.398188][  T313] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  298.408978][  T313] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  298.548043][  T313] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  298.556967][  T313] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  298.565171][  T313] usb 3-1: Product: syz
[  298.569183][  T313] usb 3-1: Manufacturer: syz
[  298.608498][  T313] hub 3-1:4.0: USB hub found
[  298.807972][  T505] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  298.818061][  T313] hub 3-1:4.0: 2 ports detected
[  298.823910][   T28] audit: type=1400 audit(1717340194.406:14373): avc:  denied  { nlmsg_read } for  pid=8542 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  298.823924][ T8545] netlink: 224 bytes leftover after parsing attributes in process `syz-executor.3'.
[  298.927990][ T3626] usb 5-1: new high-speed USB device number 59 using dummy_hcd
[  299.067961][  T505] usb 2-1: Using ep0 maxpacket: 32
[  299.167985][ T3626] usb 5-1: Using ep0 maxpacket: 32
[  299.188120][  T505] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  299.198925][  T505] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  299.288094][ T3626] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  299.298908][ T3626] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  299.348080][  T505] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  299.357097][  T505] usb 2-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  299.365266][  T505] usb 2-1: Product: syz
[  299.369300][  T505] usb 2-1: Manufacturer: syz
[  299.428086][ T3626] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  299.428467][  T505] hub 2-1:4.0: USB hub found
[  299.437114][ T3626] usb 5-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  299.449649][ T3626] usb 5-1: Product: syz
[  299.453604][ T3626] usb 5-1: Manufacturer: syz
[  299.498478][ T3626] hub 5-1:4.0: USB hub found
[  299.638056][  T505] hub 2-1:4.0: 2 ports detected
[  299.778035][ T3626] hub 5-1:4.0: config failed, can't read hub descriptor (err -22)
[  299.808496][ T3626] usb 5-1: USB disconnect, device number 59
[  300.098039][  T313] hub 3-1:4.0: activate --> -90
[  300.118019][  T575] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  300.300755][ T8513] EXT4-fs warning (device sda1): ext4_group_extend:1869: can't shrink FS - resize aborted
[  300.358005][  T575] usb 4-1: Using ep0 maxpacket: 16
[  300.386560][ T2863] usb 3-1: USB disconnect, device number 40
[  300.392393][  T313] hub 3-1:4.0: hub_ext_port_status failed (err = -71)
[  300.478045][  T575] usb 4-1: config 0 has an invalid interface number: 2 but max is 0
[  300.485932][  T575] usb 4-1: config 0 has no interface number 0
[  300.492036][  T575] usb 4-1: config 0 interface 2 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024
[  300.558258][    T6] usb 5-1: new high-speed USB device number 60 using dummy_hcd
[  300.658048][  T575] usb 4-1: New USB device found, idVendor=0582, idProduct=0005, bcdDevice= f.88
[  300.666964][  T575] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  300.674769][  T575] usb 4-1: Product: syz
[  300.678825][  T575] usb 4-1: Manufacturer: syz
[  300.683216][  T575] usb 4-1: SerialNumber: syz
[  300.688302][  T575] usb 4-1: config 0 descriptor??
[  300.708074][ T8561] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  300.798390][    T6] usb 5-1: Using ep0 maxpacket: 32
[  300.918108][    T6] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  300.934035][    T6] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  300.938027][  T313] hub 2-1:4.0: activate --> -90
[  300.988724][  T575] usb 4-1: invalid MIDI in EP 0
[  300.995839][  T575] snd-usb-audio: probe of 4-1:0.2 failed with error -22
[  301.006084][  T575] usb 4-1: USB disconnect, device number 42
[  301.058055][    T6] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  301.067120][    T6] usb 5-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  301.075393][    T6] usb 5-1: Product: syz
[  301.079453][    T6] usb 5-1: Manufacturer: syz
[  301.118626][    T6] hub 5-1:4.0: USB hub found
[  301.147271][ T8533] EXT4-fs warning (device sda1): ext4_group_extend:1869: can't shrink FS - resize aborted
[  301.197621][  T313] usb 2-1: USB disconnect, device number 44
[  301.207996][ T2863] hub 2-1:4.0: hub_ext_port_status failed (err = -71)
[  301.398041][    T6] hub 5-1:4.0: config failed, can't read hub descriptor (err -22)
[  301.428218][    T6] usb 5-1: USB disconnect, device number 60
[  301.815505][ T8585] futex_wake_op: syz-executor.2 tries to shift op by 32; fix this program
[  301.829173][ T8585] loop2: detected capacity change from 0 to 256
[  301.835912][ T8585] FAT-fs (loop2): Unrecognized mount option "uni_x
" or missing value
[  301.869059][ T8585] syz-executor.2[8585] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  301.869115][ T8585] syz-executor.2[8585] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  301.956906][ T8602] loop2: detected capacity change from 0 to 128
[  301.988296][ T8603] loop1: detected capacity change from 0 to 2048
[  302.166721][ T8611] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8611 comm=syz-executor.1
[  302.307975][ T2863] usb 5-1: new high-speed USB device number 61 using dummy_hcd
[  302.420550][ T8619] futex_wake_op: syz-executor.3 tries to shift op by 32; fix this program
[  302.430357][ T8619] loop3: detected capacity change from 0 to 256
[  302.437059][ T8619] FAT-fs (loop3): Unrecognized mount option "uni_x
" or missing value
[  302.489968][ T8619] syz-executor.3[8619] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  302.490024][ T8619] syz-executor.3[8619] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  302.523179][ T8621] loop3: detected capacity change from 0 to 512
[  302.550672][ T8621] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 47 vs 41 free clusters
[  302.565387][ T8621] EXT4-fs (loop3): 1 orphan inode deleted
[  302.571052][ T8621] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  302.580029][ T8621] ext4 filesystem being mounted at /root/syzkaller-testdir1758057461/syzkaller.rs5v16/199/file0 supports timestamps until 2038 (0x7fffffff)
[  302.587997][ T2863] usb 5-1: Using ep0 maxpacket: 32
[  302.658457][    T8] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  302.728421][ T2863] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  302.739794][ T2863] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  302.779293][ T8626] netem: change failed
[  302.989468][ T8628] loop2: detected capacity change from 0 to 512
[  303.008579][ T8628] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 47 vs 41 free clusters
[  303.023342][ T8628] EXT4-fs (loop2): 1 orphan inode deleted
[  303.029111][ T2863] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  303.038190][ T8628] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  303.046950][ T2863] usb 5-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  303.054970][ T8628] ext4 filesystem being mounted at /root/syzkaller-testdir1183906713/syzkaller.jy7QNX/260/file0 supports timestamps until 2038 (0x7fffffff)
[  303.062883][ T2863] usb 5-1: Product: syz
[  303.073156][ T2863] usb 5-1: Manufacturer: syz
[  303.137574][  T355] Quota error (device loop2): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  303.168517][ T2863] hub 5-1:4.0: USB hub found
[  303.246361][ T8639] netem: change failed
[  303.514343][ T2863] hub 5-1:4.0: 2 ports detected
[  303.520164][ T6184] EXT4-fs (loop3): unmounting filesystem.
[  303.865796][    T6] usb 4-1: new full-speed USB device number 43 using dummy_hcd
[  303.874450][ T5015] EXT4-fs (loop2): unmounting filesystem.
[  304.228016][    T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  304.238866][    T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  304.248363][    T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 10
[  304.259012][    T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  304.268467][    T6] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  304.281158][    T6] usb 4-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00
[  304.289998][    T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  304.298415][    T6] usb 4-1: config 0 descriptor??
[  304.749438][  T327] hid-generic 0000:0000:0000.0049: unknown main item tag 0x0
[  304.756773][  T327] hid-generic 0000:0000:0000.0049: unknown main item tag 0x0
[  304.764043][  T327] hid-generic 0000:0000:0000.0049: unknown main item tag 0x0
[  304.771367][  T327] hid-generic 0000:0000:0000.0049: unknown main item tag 0x0
[  304.779419][    T6] ntrig 0003:1B96:000A.004A: unknown main item tag 0x0
[  304.786366][  T327] hid-generic 0000:0000:0000.0049: unknown main item tag 0x0
[  304.793700][    T6] ntrig 0003:1B96:000A.004A: unknown main item tag 0x0
[  304.800444][  T327] hid-generic 0000:0000:0000.0049: unknown main item tag 0x0
[  304.807606][    T6] ntrig 0003:1B96:000A.004A: unknown main item tag 0x0
[  304.808063][ T2863] hub 5-1:4.0: activate --> -90
[  304.814321][  T327] hid-generic 0000:0000:0000.0049: unknown main item tag 0x0
[  304.826180][    T6] ntrig 0003:1B96:000A.004A: unknown main item tag 0x0
[  304.832888][    T6] ntrig 0003:1B96:000A.004A: unknown main item tag 0x0
[  304.839680][  T327] hid-generic 0000:0000:0000.0049: unknown main item tag 0x0
[  304.847241][  T327] hid-generic 0000:0000:0000.0049: unknown main item tag 0x0
[  304.854551][    T6] ntrig 0003:1B96:000A.004A: hidraw0: USB HID v0.00 Device [HID 1b96:000a] on usb-dummy_hcd.3-1/input0
[  304.865462][  T327] hid-generic 0000:0000:0000.0049: unknown main item tag 0x0
[  304.872640][  T327] hid-generic 0000:0000:0000.0049: unknown main item tag 0x0
[  304.879867][  T327] hid-generic 0000:0000:0000.0049: unknown main item tag 0x0
[  304.887024][  T327] hid-generic 0000:0000:0000.0049: unknown main item tag 0x0
[  304.894245][  T327] hid-generic 0000:0000:0000.0049: unknown main item tag 0x0
[  304.901462][  T327] hid-generic 0000:0000:0000.0049: unknown main item tag 0x0
[  304.908726][  T327] hid-generic 0000:0000:0000.0049: unknown main item tag 0x0
[  304.915933][  T327] hid-generic 0000:0000:0000.0049: unknown main item tag 0x0
[  304.923141][  T327] hid-generic 0000:0000:0000.0049: unknown main item tag 0x0
[  304.930425][  T327] hid-generic 0000:0000:0000.0049: unknown main item tag 0x0
[  304.937613][  T327] hid-generic 0000:0000:0000.0049: unknown main item tag 0x0
[  304.944835][  T327] hid-generic 0000:0000:0000.0049: unknown main item tag 0x0
[  304.952036][  T327] hid-generic 0000:0000:0000.0049: unknown main item tag 0x0
[  304.959245][  T327] hid-generic 0000:0000:0000.0049: unknown main item tag 0x0
[  304.966457][  T327] hid-generic 0000:0000:0000.0049: unknown main item tag 0x0
[  304.973652][  T327] hid-generic 0000:0000:0000.0049: unknown main item tag 0x0
[  304.980889][  T327] hid-generic 0000:0000:0000.0049: unknown main item tag 0x0
[  304.988071][  T327] hid-generic 0000:0000:0000.0049: unknown main item tag 0x0
[  304.995277][  T327] hid-generic 0000:0000:0000.0049: unknown main item tag 0x0
[  305.002672][  T327] hid-generic 0000:0000:0000.0049: unknown main item tag 0x0
[  305.009980][  T327] hid-generic 0000:0000:0000.0049: unknown main item tag 0x0
[  305.017303][  T327] hid-generic 0000:0000:0000.0049: unknown main item tag 0x0
[  305.024757][  T327] hid-generic 0000:0000:0000.0049: unknown main item tag 0x0
[  305.032212][  T327] hid-generic 0000:0000:0000.0049: unknown main item tag 0x0
[  305.040122][  T327] hid-generic 0000:0000:0000.0049: unknown main item tag 0x0
[  305.047549][  T327] hid-generic 0000:0000:0000.0049: unknown main item tag 0x0
[  305.055105][  T327] hid-generic 0000:0000:0000.0049: unknown main item tag 0x0
[  305.055100][ T8600] EXT4-fs warning (device sda1): ext4_group_extend:1869: can't shrink FS - resize aborted
[  305.072110][  T327] hid-generic 0000:0000:0000.0049: unknown main item tag 0x0
[  305.079395][  T327] hid-generic 0000:0000:0000.0049: unknown main item tag 0x0
[  305.089698][  T327] hid-generic 0000:0000:0000.0049: hidraw1: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  305.100095][    T6] usb 4-1: USB disconnect, device number 43
[  305.173018][  T327] usb 5-1: USB disconnect, device number 61
[  305.177979][ T2863] hub 5-1:4.0: hub_ext_port_status failed (err = -71)
[  305.212674][ T8665] loop2: detected capacity change from 0 to 8192
[  305.273647][ T8667] loop1: detected capacity change from 0 to 512
[  305.290184][ T8667] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 47 vs 41 free clusters
[  305.304638][ T8667] EXT4-fs (loop1): 1 orphan inode deleted
[  305.310385][ T8667] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  305.319170][  T355] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  305.319933][ T8667] ext4 filesystem being mounted at /root/syzkaller-testdir38971303/syzkaller.8ZTvHV/377/file0 supports timestamps until 2038 (0x7fffffff)
[  305.488098][  T313] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  305.514193][ T8671] netem: change failed
[  305.858038][  T313] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  305.868780][  T313] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  305.878419][  T313] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  305.891146][  T313] usb 3-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00
[  305.899980][  T313] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  305.908399][  T313] usb 3-1: config 0 descriptor??
[  306.140712][ T3356] EXT4-fs (loop1): unmounting filesystem.
[  306.557457][ T8682] loop3: detected capacity change from 0 to 512
[  306.571859][ T8682] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 47 vs 41 free clusters
[  306.586577][ T8682] EXT4-fs (loop3): 1 orphan inode deleted
[  306.592450][ T8682] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  306.601371][  T355] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  306.611497][ T8682] ext4 filesystem being mounted at /root/syzkaller-testdir1758057461/syzkaller.rs5v16/203/file0 supports timestamps until 2038 (0x7fffffff)
[  306.694814][ T8692] 9pnet: Could not find request transport: fd0x0000000000000005
[  306.808429][  T313] usbhid 3-1:0.0: can't add hid device: -71
[  306.814626][  T313] usbhid: probe of 3-1:0.0 failed with error -71
[  306.836983][ T8701] netem: change failed
[  306.869002][  T313] usb 3-1: USB disconnect, device number 41
[  307.209347][ T8707] loop1: detected capacity change from 0 to 512
[  307.228366][ T8707] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 47 vs 41 free clusters
[  307.250334][ T8707] EXT4-fs (loop1): 1 orphan inode deleted
[  307.259262][ T8707] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  307.268127][  T355] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  307.283461][ T8707] ext4 filesystem being mounted at /root/syzkaller-testdir38971303/syzkaller.8ZTvHV/380/file0 supports timestamps until 2038 (0x7fffffff)
[  307.435063][ T6184] EXT4-fs (loop3): unmounting filesystem.
[  307.440939][  T313] usb 5-1: new full-speed USB device number 62 using dummy_hcd
[  307.504954][ T8711] netem: change failed
[  307.848055][  T313] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  307.858983][  T313] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  307.870128][  T313] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 10
[  307.880958][  T313] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  307.890494][  T313] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  307.903083][  T313] usb 5-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00
[  307.912066][  T313] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  307.920401][  T313] usb 5-1: config 0 descriptor??
[  308.074814][ T3356] EXT4-fs (loop1): unmounting filesystem.
[  308.123575][ T8727] loop1: detected capacity change from 0 to 8192
[  308.398014][   T19] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  308.408710][  T313] ntrig 0003:1B96:000A.004B: unknown main item tag 0x0
[  308.415405][  T313] ntrig 0003:1B96:000A.004B: unknown main item tag 0x0
[  308.422098][  T313] ntrig 0003:1B96:000A.004B: unknown main item tag 0x0
[  308.428774][  T313] ntrig 0003:1B96:000A.004B: unknown main item tag 0x0
[  308.435442][  T313] ntrig 0003:1B96:000A.004B: unknown main item tag 0x0
[  308.442612][  T313] ntrig 0003:1B96:000A.004B: hidraw0: USB HID v0.00 Device [HID 1b96:000a] on usb-dummy_hcd.4-1/input0
[  308.659802][  T313] usb 5-1: USB disconnect, device number 62
[  308.724055][ T8736] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8736 comm=syz-executor.2
[  308.758092][   T19] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  308.768801][   T19] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  308.778733][   T19] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  308.791327][   T19] usb 2-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00
[  308.800167][   T19] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  308.818429][   T19] usb 2-1: config 0 descriptor??
[  309.162314][ T8740] loop4: detected capacity change from 0 to 512
[  309.169210][ T8740] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  309.180557][ T8740] EXT4-fs (loop4): 1 truncate cleaned up
[  309.186186][ T8740] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  309.256612][ T8742] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.4: corrupted in-inode xattr
[  309.269176][ T8742] EXT4-fs warning (device loop4): ext4_xattr_set_entry:1745: inode #15: comm syz-executor.4: unable to update i_inline_off
[  309.282197][ T8742] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.4: corrupted in-inode xattr
[  309.620664][ T8754] 9pnet_fd: Insufficient options for proto=fd
[  309.668156][   T19] usbhid 2-1:0.0: can't add hid device: -71
[  309.674182][   T19] usbhid: probe of 2-1:0.0 failed with error -71
[  309.681641][   T19] usb 2-1: USB disconnect, device number 45
[  309.758168][   T39] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[  309.770268][ T8750] input: syz1 as /devices/virtual/input/input24
[  310.000097][ T3882] EXT4-fs (loop4): unmounting filesystem.
[  310.027951][   T39] usb 4-1: Using ep0 maxpacket: 16
[  310.155493][ T8764] 9pnet_fd: Insufficient options for proto=fd
[  310.188153][   T39] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  310.199350][   T39] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  310.217119][   T39] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  310.230384][   T39] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  310.239484][   T39] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  310.248145][   T39] usb 4-1: config 0 descriptor??
[  310.278314][ T8771] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8771 comm=syz-executor.4
[  310.308216][ T8771] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'.
[  310.336387][ T8770] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[  310.382948][ T8773] loop4: detected capacity change from 0 to 512
[  310.400450][ T8773] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  310.409471][ T8773] ext4 filesystem being mounted at /root/syzkaller-testdir2255541184/syzkaller.GzZslN/359/file0 supports timestamps until 2038 (0x7fffffff)
[  310.426837][ T8773] EXT4-fs error (device loop4): ext4_do_update_inode:5212: inode #2: comm syz-executor.4: corrupted inode contents
[  310.439350][ T8773] EXT4-fs error (device loop4): ext4_dirty_inode:6074: inode #2: comm syz-executor.4: mark_inode_dirty error
[  310.451108][ T8773] EXT4-fs error (device loop4): ext4_do_update_inode:5212: inode #2: comm syz-executor.4: corrupted inode contents
[  310.463311][ T8773] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #2: comm syz-executor.4: mark_inode_dirty error
[  310.485348][ T3882] EXT4-fs (loop4): unmounting filesystem.
[  310.525812][ T8781] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8781 comm=syz-executor.4
[  310.532611][ T8777] loop1: detected capacity change from 0 to 8192
[  310.597992][   T39] usbhid 4-1:0.0: can't add hid device: -71
[  310.603884][   T39] usbhid: probe of 4-1:0.0 failed with error -71
[  310.610914][   T39] usb 4-1: USB disconnect, device number 44
[  310.802094][ T8787] 9pnet_fd: Insufficient options for proto=fd
[  310.818028][  T327] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[  310.828373][ T8789] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
[  310.975144][ T8795] 9pnet_fd: Insufficient options for proto=fd
[  311.178057][  T327] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  311.188902][  T327] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  311.198528][  T327] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  311.211138][  T327] usb 2-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00
[  311.219983][  T327] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  311.228380][  T327] usb 2-1: config 0 descriptor??
[  311.358005][   T39] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[  311.758048][   T39] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  311.768796][   T39] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  311.778328][   T39] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  311.787225][   T39] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  311.788077][   T19] usb 5-1: new high-speed USB device number 63 using dummy_hcd
[  311.796089][   T39] usb 4-1: config 0 descriptor??
[  311.995627][ T8820] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
[  312.038035][   T19] usb 5-1: Using ep0 maxpacket: 32
[  312.068057][  T327] usbhid 2-1:0.0: can't add hid device: -71
[  312.074043][  T327] usbhid: probe of 2-1:0.0 failed with error -71
[  312.081283][  T327] usb 2-1: USB disconnect, device number 46
[  312.139756][ T8824] 9pnet_fd: Insufficient options for proto=fd
[  312.149165][ T8833] loop2: detected capacity change from 0 to 512
[  312.158873][   T19] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  312.169689][   T19] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  312.179511][   T19] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  312.188436][   T19] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  312.188933][   T39] usbhid 4-1:0.0: can't add hid device: -71
[  312.205214][   T39] usbhid: probe of 4-1:0.0 failed with error -71
[  312.208315][ T8839] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8839 comm=syz-executor.1
[  312.221709][   T39] usb 4-1: USB disconnect, device number 45
[  312.238769][   T19] hub 5-1:4.0: USB hub found
[  312.457988][   T19] hub 5-1:4.0: 2 ports detected
[  312.591677][ T8847] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8847 comm=syz-executor.3
[  313.076880][ T8854] 9pnet: Could not find request transport: fd0x0000000000000003
[  313.123624][ T8856] loop2: detected capacity change from 0 to 8192
[  313.340021][ T8870] 9pnet_fd: Insufficient options for proto=fd
[  313.397977][  T327] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[  315.238028][   T19] hub 5-1:4.0: hub_hub_status failed (err = -32)
[  315.244245][   T19] hub 5-1:4.0: config failed, can't get hub status (err -32)
[  315.349737][  T355] Bluetooth: hci0: Frame reassembly failed (-84)
[  315.374311][  T327] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  315.385055][  T327] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  315.394945][  T327] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  315.407586][  T327] usb 3-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00
[  315.416435][  T327] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  315.425468][  T327] usb 3-1: config 0 descriptor??
[  315.712232][ T8902] bridge0: port 1(bridge_slave_0) entered blocking state
[  315.719393][ T8902] bridge0: port 1(bridge_slave_0) entered disabled state
[  315.726680][ T8902] device bridge_slave_0 entered promiscuous mode
[  315.734247][ T8902] bridge0: port 2(bridge_slave_1) entered blocking state
[  315.741114][ T8902] bridge0: port 2(bridge_slave_1) entered disabled state
[  315.748406][ T8902] device bridge_slave_1 entered promiscuous mode
[  315.778034][    T6] usb 5-1: USB disconnect, device number 63
[  315.807479][ T8902] bridge0: port 2(bridge_slave_1) entered blocking state
[  315.814346][ T8902] bridge0: port 2(bridge_slave_1) entered forwarding state
[  315.821430][ T8902] bridge0: port 1(bridge_slave_0) entered blocking state
[  315.828217][ T8902] bridge0: port 1(bridge_slave_0) entered forwarding state
[  315.850520][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  315.857869][   T39] bridge0: port 1(bridge_slave_0) entered disabled state
[  315.865640][   T39] bridge0: port 2(bridge_slave_1) entered disabled state
[  315.875925][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  315.883933][    T6] bridge0: port 1(bridge_slave_0) entered blocking state
[  315.890771][    T6] bridge0: port 1(bridge_slave_0) entered forwarding state
[  315.909178][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  315.917163][    T6] bridge0: port 2(bridge_slave_1) entered blocking state
[  315.924007][    T6] bridge0: port 2(bridge_slave_1) entered forwarding state
[  315.931507][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  315.939301][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  315.955385][ T8902] device veth0_vlan entered promiscuous mode
[  315.962122][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  315.970683][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  315.978652][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  315.985854][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  315.998069][  T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  316.008007][ T8902] device veth1_macvtap entered promiscuous mode
[  316.018820][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  316.030894][  T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  316.268034][  T327] usbhid 3-1:0.0: can't add hid device: -71
[  316.273899][  T327] usbhid: probe of 3-1:0.0 failed with error -71
[  316.281098][  T327] usb 3-1: USB disconnect, device number 42
[  316.549037][    T8] device bridge_slave_1 left promiscuous mode
[  316.550158][ T8915] loop1: detected capacity change from 0 to 40427
[  316.554998][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[  316.571981][ T8915] F2FS-fs (loop1): Invalid Fs Meta Ino: node(1) meta(2) root(0)
[  316.580611][ T8915] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  316.581491][    T8] device bridge_slave_0 left promiscuous mode
[  316.598654][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[  316.606242][ T8915] F2FS-fs (loop1): invalid crc value
[  316.616582][    T8] device veth1_macvtap left promiscuous mode
[  316.622905][    T8] device veth0_vlan left promiscuous mode
[  316.632850][ T8915] F2FS-fs (loop1): Found nat_bits in checkpoint
[  316.729452][ T8915] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  316.736596][ T8915] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  316.773761][ T8902] syz-executor.1: attempt to access beyond end of device
[  316.773761][ T8902] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  317.357975][   T45] Bluetooth: hci0: command 0x1003 tx timeout
[  317.363970][ T1111] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  318.128030][ T2863] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[  318.291724][ T8981] x_tables: duplicate entry at hook 2
[  318.297494][   T28] audit: type=1400 audit(1717340213.876:14374): avc:  denied  { getopt } for  pid=8980 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  318.318683][   T28] audit: type=1400 audit(1717340213.876:14375): avc:  denied  { setopt } for  pid=8980 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  318.548045][ T2863] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  318.559524][ T2863] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  318.568434][ T2863] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  318.607983][    T6] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[  318.626526][ T2863] usb 2-1: config 0 descriptor??
[  318.967969][    T6] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  318.978020][    T6] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  318.986757][    T6] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  318.995627][    T6] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  319.004059][    T6] usb 3-1: config 0 descriptor??
[  319.068003][  T327] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[  319.088468][ T2863] keytouch 0003:0926:3333.004C: fixing up Keytouch IEC report descriptor
[  319.097959][ T2863] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.004C/input/input25
[  319.179716][ T2863] keytouch 0003:0926:3333.004C: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0
[  319.255069][    T6] usb 3-1: USB disconnect, device number 43
[  319.308064][  T327] usb 4-1: Using ep0 maxpacket: 8
[  319.468050][  T327] usb 4-1: unable to get BOS descriptor or descriptor too short
[  319.548046][  T327] usb 4-1: config 0 has no interfaces?
[  319.646519][ T2863] usb 2-1: USB disconnect, device number 47
[  319.708471][  T327] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  319.717413][  T327] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  319.725240][  T327] usb 4-1: Product: syz
[  319.729281][  T327] usb 4-1: Manufacturer: syz
[  319.733599][  T327] usb 4-1: SerialNumber: syz
[  319.738633][  T327] usb 4-1: config 0 descriptor??
[  320.289494][ T9027] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9027 comm=syz-executor.2
[  320.310327][ T9029] loop1: detected capacity change from 0 to 16
[  320.317240][ T9029] erofs: (device loop1): mounted with root inode @ nid 36.
[  320.326941][ T9029] erofs: (device loop1): z_erofs_do_map_blocks: invalid logical cluster 0 at nid 36
[  320.336834][ T9029] syz-executor.1: attempt to access beyond end of device
[  320.336834][ T9029] loop1: rw=0, sector=296, nr_sectors = 8 limit=16
[  320.350478][ T9029] erofs: (device loop1): z_erofs_read_folio: failed to read, err [-117]
[  320.667979][ T2863] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[  320.938010][  T327] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[  321.068087][ T2863] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  321.078901][ T2863] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  321.087883][ T2863] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  321.096775][ T2863] usb 3-1: config 0 descriptor??
[  321.252442][ T9042] bridge0: port 1(bridge_slave_0) entered blocking state
[  321.259474][ T9042] bridge0: port 1(bridge_slave_0) entered disabled state
[  321.266590][ T9042] device bridge_slave_0 entered promiscuous mode
[  321.273351][ T9042] bridge0: port 2(bridge_slave_1) entered blocking state
[  321.280612][ T9042] bridge0: port 2(bridge_slave_1) entered disabled state
[  321.287838][ T9042] device bridge_slave_1 entered promiscuous mode
[  321.297986][  T327] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  321.308895][  T327] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  321.317974][  T327] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  321.326675][  T327] usb 2-1: config 0 descriptor??
[  321.372566][ T9042] bridge0: port 2(bridge_slave_1) entered blocking state
[  321.379936][ T9042] bridge0: port 2(bridge_slave_1) entered forwarding state
[  321.386990][ T9042] bridge0: port 1(bridge_slave_0) entered blocking state
[  321.393842][ T9042] bridge0: port 1(bridge_slave_0) entered forwarding state
[  321.416323][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  321.423749][    T6] bridge0: port 1(bridge_slave_0) entered disabled state
[  321.431080][    T6] bridge0: port 2(bridge_slave_1) entered disabled state
[  321.443064][  T313] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  321.451804][  T313] bridge0: port 1(bridge_slave_0) entered blocking state
[  321.458645][  T313] bridge0: port 1(bridge_slave_0) entered forwarding state
[  321.470792][  T313] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  321.479246][  T313] bridge0: port 2(bridge_slave_1) entered blocking state
[  321.486079][  T313] bridge0: port 2(bridge_slave_1) entered forwarding state
[  321.497711][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  321.508348][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  321.527582][ T9042] device veth0_vlan entered promiscuous mode
[  321.533971][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  321.542781][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  321.550644][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  321.557852][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  321.559320][ T2863] keytouch 0003:0926:3333.004D: fixing up Keytouch IEC report descriptor
[  321.574751][ T2863] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.004D/input/input26
[  321.577222][   T19] usb 4-1: USB disconnect, device number 46
[  321.599421][ T9042] device veth1_macvtap entered promiscuous mode
[  321.609103][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  321.618606][  T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  321.628250][  T575] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  321.650365][ T2863] keytouch 0003:0926:3333.004D: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0
[  321.719478][  T355] device bridge_slave_1 left promiscuous mode
[  321.725583][  T355] bridge0: port 2(bridge_slave_1) entered disabled state
[  321.733802][  T355] device bridge_slave_0 left promiscuous mode
[  321.739943][  T355] bridge0: port 1(bridge_slave_0) entered disabled state
[  321.748276][  T355] device bridge0 left promiscuous mode
[  321.753693][  T355] device veth1_macvtap left promiscuous mode
[  321.759921][  T355] device veth0_vlan left promiscuous mode
[  321.809697][  T327] keytouch 0003:0926:3333.004E: fixing up Keytouch IEC report descriptor
[  321.819789][  T327] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.004E/input/input27
[  321.900006][  T327] keytouch 0003:0926:3333.004E: input,hidraw1: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0
[  321.924641][ T9069] loop3: detected capacity change from 0 to 1024
[  321.931444][ T9069] EXT4-fs: Ignoring removed orlov option
[  321.936935][ T9069] EXT4-fs: Ignoring removed nomblk_io_submit option
[  321.950515][ T9069] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  321.965285][   T28] audit: type=1400 audit(1717340217.546:14376): avc:  denied  { map } for  pid=9068 comm="syz-executor.3" path="/root/syzkaller-testdir1758057461/syzkaller.rs5v16/236/file1/file0/bus" dev="devtmpfs" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  321.994968][  T575] usb 1-1: new high-speed USB device number 50 using dummy_hcd
[  322.006590][ T9069] EXT4-fs error (device loop3): get_max_inline_xattr_value_size:69: inode #12: comm syz-executor.3: corrupt xattr in inline inode
[  322.020450][ T9069] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2213: inode #12: comm syz-executor.3: corrupted in-inode xattr
[  322.042840][ T6184] ==================================================================
[  322.050723][ T6184] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xcd0/0xce0
[  322.058531][ T6184] Read of size 4 at addr ffff888138141000 by task syz-executor.3/6184
[  322.066515][ T6184] 
[  322.068690][ T6184] CPU: 0 PID: 6184 Comm: syz-executor.3 Tainted: G        W          6.1.78-syzkaller-00133-g74c507aab139 #0
[  322.080351][ T6184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  322.090245][ T6184] Call Trace:
[  322.093366][ T6184]  <TASK>
[  322.096144][ T6184]  dump_stack_lvl+0x151/0x1b7
2024/06/02 14:56:57 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF
[  322.100657][ T6184]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[  322.105958][ T6184]  ? _printk+0xd1/0x111
[  322.109948][ T6184]  ? __virt_addr_valid+0x242/0x2f0
[  322.114895][ T6184]  print_report+0x158/0x4e0
[  322.119231][ T6184]  ? __virt_addr_valid+0x242/0x2f0
[  322.124184][ T6184]  ? kasan_addr_to_slab+0xd/0x80
[  322.128955][ T6184]  ? ext4_xattr_delete_inode+0xcd0/0xce0
[  322.134423][ T6184]  kasan_report+0x13c/0x170
[  322.138762][ T6184]  ? ext4_xattr_delete_inode+0xcd0/0xce0
[  322.144232][ T6184]  __asan_report_load4_noabort+0x14/0x20
[  322.149695][ T6184]  ext4_xattr_delete_inode+0xcd0/0xce0
[  322.154998][ T6184]  ? sb_end_intwrite+0x130/0x130
[  322.159763][ T6184]  ? ext4_expand_extra_isize_ea+0x1c40/0x1c40
[  322.165667][ T6184]  ? __kasan_check_read+0x11/0x20
[  322.170524][ T6184]  ? ext4_inode_is_fast_symlink+0x295/0x3d0
[  322.176700][ T6184]  ? ext4_evict_inode+0xbc2/0x1550
[  322.181645][ T6184]  ext4_evict_inode+0xef9/0x1550
[  322.186422][ T6184]  ? _raw_spin_unlock+0x4c/0x70
[  322.191109][ T6184]  ? ext4_inode_is_fast_symlink+0x3d0/0x3d0
[  322.196847][ T6184]  ? _raw_spin_unlock+0x4c/0x70
[  322.201524][ T6184]  ? inode_io_list_del+0x18b/0x1a0
[  322.206469][ T6184]  ? ext4_inode_is_fast_symlink+0x3d0/0x3d0
[  322.212201][ T6184]  evict+0x2a3/0x630
[  322.215937][ T6184]  iput+0x642/0x870
[  322.219577][ T6184]  vfs_rmdir+0x3c2/0x500
[  322.223663][ T6184]  do_rmdir+0x3ab/0x630
[  322.227652][ T6184]  ? d_delete_notify+0x160/0x160
[  322.232426][ T6184]  __x64_sys_unlinkat+0xdf/0xf0
[  322.237230][ T6184]  do_syscall_64+0x3d/0xb0
[  322.241602][ T6184]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  322.247331][ T6184] RIP: 0033:0x7ff8ca47c6c7
[  322.251782][ T6184] Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  322.271226][ T6184] RSP: 002b:00007fffb9b5cd38 EFLAGS: 00000207 ORIG_RAX: 0000000000000107
[  322.279901][ T6184] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007ff8ca47c6c7
[  322.287711][ T6184] RDX: 0000000000000200 RSI: 00007fffb9b5dee0 RDI: 00000000ffffff9c
[  322.295524][ T6184] RBP: 00007ff8ca4c8336 R08: 0000000000000000 R09: 0000000000000000
[  322.303335][ T6184] R10: 0000000000000100 R11: 0000000000000207 R12: 00007fffb9b5dee0
[  322.311235][ T6184] R13: 00007ff8ca4c8336 R14: 000000000004e96d R15: 0000000000000014
[  322.319052][ T6184]  </TASK>
[  322.321915][ T6184] 
[  322.324079][ T6184] The buggy address belongs to the physical page:
[  322.330339][ T6184] page:ffffea0004e05040 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x1 pfn:0x138141
[  322.340661][ T6184] flags: 0x4000000000000000(zone=1)
[  322.345698][ T6184] raw: 4000000000000000 ffffffff876b4190 ffffea0004fe9b88 0000000000000000
[  322.354124][ T6184] raw: 0000000000000001 0000000000000000 00000000ffffff7f 0000000000000000
[  322.362533][ T6184] page dumped because: kasan: bad access detected
[  322.368789][ T6184] page_owner tracks the page as freed
[  322.373986][ T6184] page last allocated via order 0, migratetype Movable, gfp_mask 0x8140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO|__GFP_CMA), pid 9066, tgid 9066 (syz-executor.3), ts 321898870981, free_ts 321914615854
[  322.393777][ T6184]  post_alloc_hook+0x213/0x220
[  322.398376][ T6184]  prep_new_page+0x1b/0x110
[  322.402714][ T6184]  get_page_from_freelist+0x27ea/0x2870
[  322.408094][ T6184]  __alloc_pages+0x3a1/0x780
[  322.412522][ T6184]  __folio_alloc+0x15/0x40
[  322.416773][ T6184]  wp_page_copy+0x23b/0x1690
[  322.421201][ T6184]  do_wp_page+0xc25/0xdf0
[  322.425365][ T6184]  handle_mm_fault+0x15a2/0x2f40
[  322.430139][ T6184]  exc_page_fault+0x3b3/0x700
[  322.434652][ T6184]  asm_exc_page_fault+0x27/0x30
[  322.439338][ T6184] page last free stack trace:
[  322.443854][ T6184]  free_unref_page_prepare+0x83d/0x850
[  322.449149][ T6184]  free_unref_page_list+0xf1/0x7b0
[  322.454095][ T6184]  release_pages+0xf7f/0xfe0
[  322.458521][ T6184]  free_pages_and_swap_cache+0x8a/0xa0
[  322.463833][ T6184]  tlb_finish_mmu+0x1e0/0x3f0
[  322.468416][ T6184]  exit_mmap+0x421/0x940
[  322.472493][ T6184]  __mmput+0x95/0x310
[  322.476314][ T6184]  mmput+0x56/0x170
[  322.479967][ T6184]  do_exit+0xb29/0x2b80
[  322.483953][ T6184]  do_group_exit+0x21a/0x2d0
[  322.488377][ T6184]  get_signal+0x169d/0x1820
[  322.492721][ T6184]  arch_do_signal_or_restart+0xb0/0x16f0
[  322.498184][ T6184]  exit_to_user_mode_loop+0x74/0xa0
[  322.503220][ T6184]  exit_to_user_mode_prepare+0x5a/0xa0
[  322.508603][ T6184]  syscall_exit_to_user_mode+0x26/0x140
[  322.513983][ T6184]  do_syscall_64+0x49/0xb0
[  322.518236][ T6184] 
[  322.520402][ T6184] Memory state around the buggy address:
[  322.525890][ T6184]  ffff888138140f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  322.533775][ T6184]  ffff888138140f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  322.541672][ T6184] >ffff888138141000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  322.549569][ T6184]                    ^
[  322.553480][ T6184]  ffff888138141080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  322.561374][ T6184]  ffff888138141100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  322.569268][ T6184] ==================================================================
[  322.588475][    T6] usb 3-1: USB disconnect, device number 44
[  322.594203][ T6184] Disabling lock debugging due to kernel taint
[  322.718023][  T575] usb 1-1: Using ep0 maxpacket: 16
[  322.783479][ T6184] EXT4-fs (loop3): unmounting filesystem.
[  322.812498][  T313] usb 2-1: USB disconnect, device number 48
[