last executing test programs:

4.489140901s ago: executing program 1:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000480)={&(0x7f00000003c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x7, [@fwd={0x3}]}, {0x0, [0x0, 0x0, 0x61, 0x30, 0x5f]}}, &(0x7f0000000540)=""/195, 0x2b, 0xc3, 0x1}, 0x20)

4.068686109s ago: executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x200000000000011, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_HELLO_TIME={0x8}]}}}]}, 0x3c}}, 0x0)

3.849294374s ago: executing program 1:
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1d, 0x4, 0xfff, 0x5}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x35c, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r4, 0x0, 0x23, 0x0, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
writev(r5, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(r5, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)
r6 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r6, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)
setsockopt$inet_msfilter(r6, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027f000a010000000004"], 0x57)
setsockopt$inet_mreqsrc(r4, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc)
io_setup(0x7, &(0x7f0000000280)=<r7=>0x0)
r8 = openat$sysfs(0xffffff9c, &(0x7f00000000c0)='/sys/power/wake_lock', 0x0, 0x0)
io_submit(r7, 0x1, &(0x7f0000000880)=[&(0x7f0000000040)={0x0, 0x4000, 0x0, 0x5, 0xa2, r6, 0x0, 0x0, 0x0, 0x0, 0x0, r8}])

2.710049626s ago: executing program 1:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
write$FUSE_NOTIFY_STORE(0xffffffffffffffff, 0x0, 0x2b)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
futex(&(0x7f0000000700)=0x2, 0x0, 0x2, 0x0, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000700)=[{{0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}}], 0x1, 0x0)
rt_sigreturn()
poll(0x0, 0x0, 0x64)
timer_settime(0x0, 0x0, &(0x7f0000000180)={{}, {0x0, 0x3938700}}, 0x0)
rt_sigreturn()
mlockall(0x1)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
chdir(0x0)

2.420286383s ago: executing program 1:
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000002100))
pipe2$9p(&(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RSETATTR(r0, &(0x7f0000000000)={0x7}, 0x69ff9a93bfc25838)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r2, 0x26, &(0x7f0000000000))
fcntl$lock(r2, 0x7, &(0x7f00000006c0)={0x1})
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r4 = dup(r3)
dup3(r4, r2, 0x0)
r5 = socket(0x1, 0x3, 0x0)
recvmsg$inet_nvme(r5, &(0x7f0000000180)={&(0x7f0000000080)=@pppol2tpin6={0x18, 0x1, {0x0, <r6=>0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, 0x80, 0x0}, 0x0)
close(r6)
rt_sigreturn()
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$TIOCL_GETKMSGREDIRECT(r1, 0x5451, 0x0)
write$P9_RAUTH(r0, 0x0, 0x0)
timer_create(0x0, &(0x7f00000001c0)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)=<r7=>0x0)
timer_settime(r7, 0x0, &(0x7f00000000c0)={{0x77359400}, {0x0, 0x989680}}, 0x0)

2.211616526s ago: executing program 1:
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000002c0)={<r0=>0xffffffffffffffff})
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYRES8=r0], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x55, '\x00', 0x0, 0x28, 0x0, 0x0, 0x0, 0xfffffffffffffeca, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
recvmsg(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/60, 0x3c}], 0x1}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x3, 0xc9e, 0x12, 0x401, 0xffffffffffffffff, 0x7fff, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x4, 0x2, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
io_pgetevents(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000a90000406d049ac2000000000001090224000100000000090400000103000000092100000001220700090581030000000000"], 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
open$dir(&(0x7f0000000100)='./file0\x00', 0x2, 0x0)
epoll_create1(0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000a50000002a00000095"], &(0x7f0000000b40)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)

2.209536196s ago: executing program 0:
mkdir(&(0x7f00000001c0)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r3}, 0x0, &(0x7f00000002c0)}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
mount$incfs(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000180), 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x0, 0x0, 0x4, 0x0, 0x0, 0x1}, 0x48)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_RINGS_SET(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000002c0)={0x18, r6, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_RINGS_HEADER={0x4}]}, 0x18}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x3, 0x3, 0x9, 0x1, 0xb8}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x80)

2.18683747s ago: executing program 2:
timer_create(0x0, &(0x7f0000533fa0), &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000c40)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x4000000400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r2, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
listxattr(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_GETMODE(r3, 0x5601, &(0x7f0000000180))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r4, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdir(&(0x7f0000000580)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0)
lsetxattr$trusted_overlay_opaque(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x0, 0x0, 0x0)
lsetxattr$security_evm(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240), 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000003880), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000700)={[{@numtail}, {@fat=@check_strict}, {@fat=@umask={'umask', 0x3d, 0xbc18}}, {@uni_xlate}, {@uni_xlateno}, {@fat=@fmask={'fmask', 0x3d, 0x8}}, {@utf8no}, {@numtail}, {@uni_xlateno}, {@shortname_lower}, {@numtail}, {@uni_xlate}, {@fat=@time_offset={'time_offset', 0x3d, 0x1fb}}, {@fat=@sys_immutable}, {@shortname_mixed}, {@shortname_win95}]}, 0x6, 0x2a6, &(0x7f0000000440)="$eJzs3T9rW1cUAPDzbFlS20EaOpVCH7RDJ2N77SJTbDDV1KKh7dCa2oZiiYINhv6hqqeuXTr2ExQC2fIlsmTIHsgayBYPhhee9F4kO7JsBcvOn99v8fV999x77vXFxoPO+/Hj3v5OGnvHfzyKej2JhVa04iSJZixE6a84o/VPAABvspMsi6fZ0CxxSUTU55cWADBHM//9vzv3lACAOfvm2+++Wm+3N75O03ps9v4+6uT/2edfh8/X9+Ln6MZurEQjTiOyF4btzSzL+pU014zPev2jTh7Z++F+Mf/6k4hB/Go0ojnoOhu/1d5YTYfG4vt5Hu8X67fy+LVoxIcT1t9qb6xNiI9ONT7/dCz/5WjEg5/il+jGziCJUfyfq2n6Zfbvs9+/z9PL45P+Uac2GDeSLd7wjwYAAAAAAAAAAAAAAAAAAAAAgLfYclE7pxaD+j15V1F/Z/E0/2Yp0lLzbH2eYXxSTnSuPlA/i//K+joraZpmxcBRfCU+qkTldnYNAAAAAAAAAAAAAAAAAAAAr5fDX3/b3+52dw+upVFWAyg/1v+q87TGej6J6YNro7UWiuaUmWOxHJNETE0j38Q1Hctljfcuyvn/O7NOWL98zNK087meRnm79reTyWdYi7KnXl6Se+NjqnHFtaoXPcpmun7ViY8aM++9+sGg0Z8yJpJpiX3xeHhyRU9yfhfVwalODF8qGmPh5+7GTPf55d8ViWodAAAAAAAAAAAAAAAAAAAwV6MP/U54eHxB0MOt4Uv+a3NODgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABuyOj9/zM0+kXwFQZX4+DwlrcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAO+B5AAAA///S9mga")
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)

2.141714547s ago: executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x2, 0x4, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000380)='ext4_ext_handle_unwritten_extents\x00', r1}, 0x9)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x40305839, &(0x7f0000000540)={'\x00', @link_local={0x1, 0x80, 0xc2, 0x5}})

1.75317728s ago: executing program 4:
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_freezer_state(r0, &(0x7f00000000c0), 0x2, 0x0)
r2 = openat$cgroup_procs(r0, &(0x7f00000001c0)='tasks\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f0000000040), 0x12)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff})
recvmsg$unix(r3, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
write$cgroup_pid(r2, &(0x7f00000006c0), 0x12)
write$cgroup_freezer_state(r1, &(0x7f0000000400)='FROZEN\x00', 0x7)
write$cgroup_freezer_state(r1, &(0x7f0000000080)='THAWED\x00', 0x7)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90)

1.612343802s ago: executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r2}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc}, 0x48)

1.593912905s ago: executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0xd, 0x4, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x46, 0x76}, [@call={0x27}]}, &(0x7f0000000040)='syzkaller\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffed8}, 0x3f)

1.471240695s ago: executing program 4:
mkdirat(0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='sysfs\x00', 0x0, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
chroot(&(0x7f0000000000)='./file0\x00')
pivot_root(&(0x7f0000000040)='./file0/../file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00')
chroot(&(0x7f00000001c0)='./file0/../file0/../file0\x00')

1.448074568s ago: executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000002000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000f00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0}, 0xfffffffffffffece)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='ext4_es_find_extent_range_enter\x00', r1}, 0x10)
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)

1.427424162s ago: executing program 2:
open(&(0x7f0000000080)='./file0\x00', 0x40, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff})
write$binfmt_script(r2, &(0x7f0000000340), 0xffffff46)
dup3(r2, 0xffffffffffffffff, 0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
rt_sigreturn()
mlockall(0x1)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$netlink(r1, 0x0, 0x0)

1.295043373s ago: executing program 4:
pipe2(0x0, 0x0)
ioctl$PIO_UNISCRNMAP(0xffffffffffffffff, 0x8921, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000500)={0xa, 0x2, 0x0, @empty}, 0x1c)
listen(r1, 0x0)
connect$inet(r0, &(0x7f00000001c0)={0x2, 0x2, @local}, 0x10)
r2 = accept(r1, 0x0, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000540)=ANY=[], 0x390)

1.259933578s ago: executing program 3:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = eventfd(0x0)
r2 = fcntl$dupfd(r1, 0x0, r1)
write$FUSE_ATTR(r2, &(0x7f0000000240)={0x78, 0xfffffffffffffffe}, 0x78)
write$cgroup_devices(r2, &(0x7f0000000380)=ANY=[@ANYBLOB='b *:\n'], 0x8)
close(r2)
rt_sigreturn()
r3 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0)
ioctl$TCFLSH(r3, 0x5452, 0x0)
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r4=>0x0})
timer_settime(0x0, 0x1, &(0x7f0000000080)={{0x77359400}, {0x0, r4+60000000}}, 0x0)
syz_socket_connect_nvme_tcp()
openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x1, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='freezer.state\x00', 0x275a, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0)
openat$cgroup_freezer_state(r5, &(0x7f0000000000), 0x2, 0x0)

1.229431383s ago: executing program 0:
openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r0}, &(0x7f0000004200))
timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x8}, {0x0, 0x989680}}, 0x0)
r1 = memfd_create(&(0x7f0000000640)='\x01\fD\xd1\x1e\x803\x00\x00\xbf\xecs \xc5\xb55nVg\x1b\xa3\x8a\xcc\xf2!PmENs\xe5\x83Uz\xc0W\xc1\xcc\x97\xd1\x8e\x81\n\xc0\xb3\xd4Ac\xfe(\x00\x13\xaeZ\x8bp\x1e\xdc\x18\xddf\xe9\xe1\t\bR) \xa9P9(\xe1-q \xb3\x80\xb9\xdfj\xed\xc2_o\xa6\x04\xf5\x9f\x04\xf1O\'s\xa9\x13\x14\xe6\x10*\xa5\xd5\xe3\xfa\xfd\x16=q\x93u\xf1\xde\xef\xac\x171\x13r\xc49\x80\x86\x1a\xbf\xf8H\xe8Cc\x84\xa6y\xb7\xbe\xcbX\x891\xed\a\xf9\xa6\xd8\xd0\x03\x00\x00\x00\x00\x00\x00\x00\'\xe6\xd1\xb5\xbf\xacw\xda\xed\xf0^\xd35\xeb=\xc7\x82;\xb32;\xc5\xa3\xc8\xb9\xf2\xe5\xf4\x93J\x91F\x83?\xfe\xd9\x7ffvQ\xff\xc0\x8f\xe4\xb8\xa3\xbf\xceAT\x17\xc6\x81\xc0m}O\xfd\xe0\x05$\xcd\xfdk\x7f\x00\x9bQ\xd8z\xe0\xd6\xe2\xbe\xf4\xd5\x16\x94\xe0\xbf0\xde\xcaS/\xf7\xeb\x89b,8X\xee\rSJQ\x94{}\xd5\xaf\xa9mX0\x94T\x95\x9dx@\xce:]\xb68\xa2W\xcb\x86\b#s\xb4q6\xe88\x19\x1a\x14Z\xf3\xd7\x92\xe4b\xfc\xf9\xb1\xe0\xdd2\xfd\x9f\xee\x7f>f@c\xe5\xafS\xa7\x96\b\xda\x84\xbd\b\x88\xb3\x91P6t\xf3\xcc\x03\xb8\x9a\x043|A\f\xd4\x1a?h \f\x7f\x92\xb5\x98/J\xd1\x8eW\xfd\xf4o\xd4[\x90\xb0\xa1=\x93\xffv\xb3\xc3\xf9\x18\x86\xd1\xeb\x13PIwg\xbe\xbb\"\xfce:\xae\xa9\xc57\xe7\xf6G\x93\xe1X\x9f\xfb\xa5\xe4$>L\xe5]\xc3\x88\xca\xb7\x8b\xfcCn\xcc7>\xa7\xf6mF\xc2\x96q\xc48\xeeP%\x89d\x942\x84r]S\x18{\xd8\xbfT\x0f\xcb\xf7\x84D\xac\x03F+Nj\xd5\x81\x10_\xcc\xc2\v\x96N\x1f\xae\xab\xf67\xf1e4v*\x8et\xd3}}\xee\xaf5\x123\x15\xa0\x05\xf4B\x9c\x127\xc42\xab\xf2\xcd\x9a\xcdu\xa9A\xa4\x1f?y\xf0p\x9a\xd7o\xcd\xd0X.\xfa\x15(\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\xeb\x95\x87L\fZE\x12b\xdb\xc8\xa0\xed\xaa%okh\x96\x8c\xaev\x81{\xe687?\f\x8f\xa1i`\x8e6\xd7\xc9G\xfdN\xeb\xfa\b7\x1c\xf69\x9b\x99wpd\xf1%:\a\xa5\f/\xf4\xec`\xb1\x04\x83\xd0\xa7\xbe\x18\xf6\x96\xc4\x02J\x1dS\x89?j\x0f\xed*\xb6%k\x8a\xcfb\x89\xd03\xca\b\x1e \xbb\xc8\xf6W\xcb+\xea\xe2\xb3\xeb\x19!\xd9\xfa2\x97\x03\x80o\xd6\x11\xe9\xb7\xf4N\xdb\xb0\xa0\xe0?\x7f?\xad\x83\xcc\x87@\aG\x0f\xf5\xf1\xf8\xc0\xff\xe9o\xd9\x88\n\xbez\xc8.N\xd1\x8d\xda\xc5\xfb\x04F\x1d\t\x9d\x80\xff\xea\'\xd6\xfe\xf4e\x80\xc2\x18\xc9.w\xa9\xb3o\x99\xf6\xc6\x99S\xb7j7\xfc\xbbj<\x024u\xb3\xf0\xa4k\xeb\xd5\xcb\'-\x94R\x8dSJ\x84\xef1H\xd0BJp<\xe5SR\x9be\xaa\x01\xba\x7f\xff\x93W\x9b\xc7Bz=\x88B\xfe\x93\xb2\x8b\xbeW\x8e\xa7\xa2 \xcc_\xd1\xa6GL[\x89\xde', 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x11, r1, 0x0)
socket(0x11, 0x3, 0x0)
r2 = socket$inet6_icmp(0xa, 0x2, 0x3a)
dup3(0xffffffffffffffff, r2, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000500)={0xa, 0x2, 0x0, @empty}, 0x1c)

1.159707095s ago: executing program 2:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000400)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x19bc, 0x4)
sendto$inet(r0, &(0x7f0000000080)='m', 0x1, 0x0, 0x0, 0x0)
recvmsg(r0, &(0x7f0000001180)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=""/175, 0xaf}, 0x0)

1.0628752s ago: executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x2, 0x4, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000380)='ext4_ext_handle_unwritten_extents\x00', r1}, 0x9)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x40305839, &(0x7f0000000540)={'\x00', @link_local={0x1, 0x80, 0xc2, 0x5}})

1.049043742s ago: executing program 0:
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000140)={0x4}, 0x10)
write(r0, &(0x7f0000000000)="1c0000001a005f0214f9f407000904001f000000ff02000200000000", 0x1c)
recvmmsg(r0, &(0x7f0000000e40)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000880)=""/119, 0x77}], 0x1, &(0x7f0000000380)=""/22, 0x16}, 0x7}, {{&(0x7f00000003c0)=@hci, 0x80, &(0x7f0000000600)=[{&(0x7f0000000440)=""/92, 0x5c}, {&(0x7f00000004c0)=""/127, 0x7f}, {&(0x7f0000000580)=""/111, 0x6f}], 0x3, &(0x7f00000009c0)=""/170, 0xaa}, 0x7}, {{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000780)=""/119, 0x77}, {&(0x7f0000000800)=""/70, 0x46}], 0x2}, 0x400}], 0x3, 0x20, 0x0)

988.328192ms ago: executing program 2:
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x32, 0x4, 0x0, 0x0, 0xc8, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x1c, 0x0, 0x0, 0x9, [0x401, 0x1000, 0x5, 0x0, 0x0, 0x0]}, @timestamp_prespec={0x44, 0x34, 0xc0, 0x3, 0x0, [{@private=0xa010100}, {@multicast1}, {@remote}, {@dev, 0x659}, {@empty}, {@multicast1}]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x8, [{@dev}, {@remote}, {@multicast2}, {@private=0xa010101}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}, {@multicast2}]}, @noop, @noop, @noop, @lsrr={0x83, 0xf, 0x0, [@private=0xa010102, @rand_addr, @multicast1]}, @rr={0x7, 0x13, 0x0, [@dev, @remote, @private, @remote]}]}}}}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r4, 0xae9a)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0)

870.295831ms ago: executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r3}, 0x10)
write$P9_RVERSION(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff"], 0x15)
r4 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r4])
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='trans=fd,rfdno', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])

857.033603ms ago: executing program 0:
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x33, 0x4, 0x0, 0x0, 0xcc, 0x64, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x1c, 0x0, 0x0, 0x9, [0x401, 0x1000, 0x5, 0x0, 0x5, 0x0]}, @timestamp_prespec={0x44, 0x3c, 0xc0, 0x3, 0x0, [{@private=0xa010100}, {@multicast1}, {@remote}, {@dev={0xac, 0x14, 0x14, 0x32}, 0x659}, {@broadcast, 0x8000}, {@empty}, {@multicast1, 0xffd200}]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x0, [{@dev}, {@remote}, {@multicast2}, {@private=0xa010101}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}, {@multicast2}]}, @noop, @noop, @lsrr={0x83, 0xf, 0xdc, [@private=0xa010102, @rand_addr, @multicast1]}, @rr={0x7, 0x13, 0x0, [@dev, @remote, @private, @remote]}]}}}}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r4, 0xae9a)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000001040)={0xc, {"a2e3ad21ed0d52f91b5d350987f70e06d038e7ff7fc6e5539b324b298b089b0708354a090890e0878f0e1ac6e7049b334a959bfc9a240d2567f3988f7ef319520100ffe8d178708c523c921b1b9b31070d075d0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193b63735b36d5b1b63dd1c00305d3f46635eb056d5b1dda98e2d759be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498be0800000000000000f6b76383709d6e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6efcffac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ec126c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b8247068ae949ed06e288e810bacdc76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c198045651cf4778efa5ea5677747430af4162b987b80c3e001cd34e5092f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b1cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b384c30e23ef4df5c89644f48bb536f7945b59d7beddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a119b616d41826137ba5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c5409711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4f006738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e24919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba30642f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf3f2aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f00000000000000000000b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d53588a0f9455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e51f7d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d664130bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7899484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d2462374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ea4cd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f031755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a0000ff957697c9ede7885d94ffb0969be0daf60af93109eb24ee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6994ff2bdfb14cb6d648cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)

651.068496ms ago: executing program 3:
r0 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb1000000001020009050276"], 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000001280)={0x14, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0003040000000403"], 0x0, 0x0}, 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x44, &(0x7f00000006c0)={[{0x3d, 0x4e00, "0e057c3e3ca1d8262e1211bd4e9a7935602b6d3e0c55d5b0a362ca33120d02156754716e74cb07ce74c189639a4dd447ca26b20454a1b01433ab537a94"}]})

613.804802ms ago: executing program 2:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454da, &(0x7f0000000080)={'batadv0\x00'})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[], 0x34}}, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r5 = openat$cgroup_type(r4, &(0x7f00000000c0), 0x2, 0x0)
preadv(r5, &(0x7f0000000040)=[{&(0x7f0000000100)=""/185, 0xb9}], 0x1, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
unshare(0x44000680)
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmmsg$inet6(r6, &(0x7f0000001800)=[{{&(0x7f0000000000)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r7=>0x0})
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r6, 0x89f1, &(0x7f0000000080)={'syztnl1\x00', &(0x7f00000001c0)={'ip6gre0\x00', r7, 0x29, 0x7, 0x0, 0x0, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, @loopback, 0x20, 0x1, 0x562, 0xffff}})
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000080000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r8}, 0x10)

415.102904ms ago: executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000470000000000000000001801"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000001cc0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff)
unlink(0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x5, 0x7, 0x5, 0x20}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x0, 0x7, 0x10001, 0x8, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000004c0)={{}, &(0x7f0000000000), &(0x7f00000002c0)='%pB    \x00'}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000300)='qdisc_dequeue\x00'}, 0x10)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000580), &(0x7f0000000600), 0x7ff, r1}, 0x38)
bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000040)={r1, &(0x7f0000000000), &(0x7f0000000b40)=""/4096}, 0x20)

142.671478ms ago: executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000002000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000f00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0}, 0xfffffffffffffece)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)

57.208611ms ago: executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1200000, &(0x7f0000000440)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x4}}, {@init_itable_val}, {@nolazytime}, {@grpid}, {@prjquota}, {@usrjquota}, {@lazytime}, {@errors_continue}, {@test_dummy_encryption}, {@test_dummy_encryption}]}, 0xff, 0x468, &(0x7f0000000780)="$eJzs289vFFUcAPDvzG4BQdmKiIIgVTRp/NHSgsrBxGg08aCJiR7wWNtCkIUaWhMhjVZj8GhIvBuPJv4FnjwZ9WTiFY8mhoQoMQG9uGZ2Z0q77JbWbtlN9/NJBt6befve+3bmzb6dtxtA3xrK/kki7o6IyxFRaWSXFxhq/Hfj2vzk39fmJ5Oo1d78I6mXu35tfrKWK163I69zOI1IP03yRmJgabWz5y+cnqhWp8/l+dG5M++Nzp6/8PSpMxMnp09Onx0/duzokbHnnh1/pkWvf7u01jiz+K7v+3Bm/95X3770+uTxS+/8+E3W3z0HGsezONZa5+0MZYH/2fjbNB97vNONddm/tZtxJuVu94bVKkVEOR+cl6MSpbh58irxyidd7RywobJ79tb2hxdqwCaWRLd7AHRH8Uafff4ttjs09egJV19sfADK4r6Rb40j5UjzMgMb2P5QRBxf+OfLbIum5xC1Fs8NAADW67ts/vNUq/lfGnuWlNuZrw0NRsS9EbErIu6LiN0RcX9EvewDEfHgGtsfasrfOv9Mr/yvwFYpm/89n69tLZ//FbO/GCzluXvq8Q8kJ05Vpw/nf5PhGNia5cdaVV5U8fIvn7drf+n8L9uy9ou5YF7JlXLjAd22Ys/UxNxEpyalVz+O2FduFX+yuBKQRMTeiNi3tqp3FolTT3y9v12h28e/gg6sM9W+KiqZX4im+AvJyuuTo9uiOn14tLgqbvXTzxffaNf+uuLvgOz8b19+/TeVqPyVLF2vnV088MJq27j462dtP1OWV3/9L8qu/y3JW/U13S35vg8m5ubOjUVsSV6r55ftH7/52iJflM/iHz7Uevzvyl+Txf9QRGQX8YGIeDgiDubn7pGIeDQiDq0Q/w8vPfZuu2O9cP6nWt7/Fq//weXnf+2J0unvv23X/uruf0frqeF8T/3+dxvtu1PcRpuuZgAAANjE0vp345N0ZDGdpiMjje/w747taXVmdu7JEzPvn51qfId+MAbS4klXZcnz0LFkIa+xkR/PnxUXx4/kz42/KN1Vz49MzlSnuhw79LsdbcZ/5vdSt3sHbDi/14L+1Tz+0y71A7jzvP9D/zL+oX8Z/9C/Wo3/j5ry1gJgM6pVut0DoHvM/6F/Gf/Qv4x/6Evr+V3/RiXKK/x6X6JXEpH2RDd6JnGwh0ZTuQOju8s3JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgA75LwAA///foPki")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0)
getdents64(r1, &(0x7f0000000000)=""/67, 0x43)
r2 = openat$cgroup_ro(r1, 0x0, 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r2, 0x40305829, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x0, 0x2}, 0xfffffe3b)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="9806001200"/20, @ANYBLOB="0000000000000000b703000000000000850000000c000000b707000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0x0, 0x16, 0xb3}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x0, 0xb, 0x0, &(0x7f0000000000)='GPL\x00'}, 0x90)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_BASE(r3, 0x4008af12, &(0x7f0000000080)={0x0, 0x7f})
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0x8, 0x0, &(0x7f0000000240)='syzkaller\x00', 0xb825, 0xfffffe2f, 0x0, 0x0, 0x40, '\x00', 0x0, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xfffffffffffffcb4)
ioctl$VHOST_SET_VRING_KICK(r3, 0x4008af20, 0x0)

0s ago: executing program 4:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000340)={'gre0\x00', 0x0})
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@bloom_filter={0x1e, 0x0, 0xfffffffe, 0x9b, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x0, 0x7c}, 0x1d)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000040)='jbd2_handle_stats\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.current\x00', 0x275a, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002000), 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000180)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
ftruncate(0xffffffffffffffff, 0x0)
r3 = timerfd_create(0x9, 0x0)
r4 = timerfd_create(0x0, 0x0)
timerfd_settime(r4, 0x0, 0x0, 0x0)
timerfd_settime(r3, 0x0, &(0x7f0000007000)={{0x0, 0x4}, {0x0, 0x989680}}, 0x0)
readv(r3, &(0x7f0000001540)=[{&(0x7f00000000c0)=""/181, 0xb5}], 0x1)
socket(0x40000000002, 0x3, 0x9)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xf, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014910000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r6 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000000280)={r6, 0x0, &(0x7f0000000200)=""/76}, 0x20)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
write$cgroup_subtree(r7, &(0x7f0000000280)=ANY=[], 0x32600)

kernel console output (not intermixed with test programs):

rom 0 to 40427
[ 1753.492876][T30218] F2FS-fs (loop4): Small segment_count (9 < 1 * 24)
[ 1753.499396][T30218] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[ 1753.509337][T30218] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 1753.521086][T29015] EXT4-fs (loop1): unmounting filesystem.
[ 1753.539123][T30218] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[ 1753.546045][T30218] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1753.592046][T30218] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1753.600776][T30218] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1753.715692][  T302] usb 4-1: Using ep0 maxpacket: 32
[ 1753.720854][T29634] syz-executor.4: attempt to access beyond end of device
[ 1753.720854][T29634] loop4: rw=2049, sector=45096, nr_sectors = 24 limit=40427
[ 1754.575749][  T626] usb 3-1: new high-speed USB device number 55 using dummy_hcd
[ 1754.804138][T30235] loop1: detected capacity change from 0 to 40427
[ 1754.823149][T30235] F2FS-fs (loop1): Invalid Fs Meta Ino: node(0) meta(2) root(0)
[ 1754.825693][  T302] usb 4-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed
[ 1754.830746][  T626] usb 3-1: Using ep0 maxpacket: 16
[ 1754.840113][  T302] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1754.844685][T30235] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[ 1754.852647][  T302] usb 4-1: Product: syz
[ 1754.861386][T30235] F2FS-fs (loop1): invalid crc value
[ 1754.864361][  T302] usb 4-1: Manufacturer: syz
[ 1754.864376][  T302] usb 4-1: SerialNumber: syz
[ 1754.865020][  T302] usb 4-1: config 0 descriptor??
[ 1754.871531][T30235] F2FS-fs (loop1): Found nat_bits in checkpoint
[ 1754.906899][T30235] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[ 1754.913819][T30235] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[ 1754.923604][T30235] F2FS-fs (loop1): Unrecognized mount option "€" or missing value
[ 1754.965769][  T626] usb 3-1: config 0 has no interfaces?
[ 1754.971176][  T626] usb 3-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77
[ 1754.980131][  T626] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1754.995972][  T626] usb 3-1: config 0 descriptor??
[ 1755.595701][  T302] (unnamed net_device) (uninitialized): Assigned a random MAC address: 5a:9e:d0:0e:57:46
[ 1755.605835][T30244] loop4: detected capacity change from 0 to 131072
[ 1755.606957][  T302] rtl8150 4-1:0.0: eth1: rtl8150 is detected
[ 1755.622523][T30244] F2FS-fs (loop4): invalid crc value
[ 1755.661747][T30244] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387)
[ 1755.691066][T30257] binder: 30245:30257 ioctl 4018620d 0 returned -22
[ 1755.735674][T30244] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b
[ 1755.833240][  T302] usb 4-1: USB disconnect, device number 40
[ 1755.922200][T30261] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=30261 comm=syz-executor.4
[ 1756.745749][  T626] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[ 1756.954029][T24347] usb 3-1: USB disconnect, device number 55
[ 1757.126357][  T626] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1757.184896][  T626] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1757.299434][  T626] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1757.413559][  T626] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1757.506855][  T626] usb 4-1: config 0 descriptor??
[ 1757.605020][  T302] usb 2-1: new high-speed USB device number 59 using dummy_hcd
[ 1757.736881][T30275] loop2: detected capacity change from 0 to 40427
[ 1757.747030][T30275] F2FS-fs (loop2): Small segment_count (9 < 1 * 24)
[ 1757.753447][T30275] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[ 1757.763266][T30275] F2FS-fs (loop2): Found nat_bits in checkpoint
[ 1757.804657][T30275] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[ 1757.811684][T30275] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[ 1757.855622][  T302] usb 2-1: Using ep0 maxpacket: 16
[ 1757.873951][T30275] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1757.882648][T30275] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1757.904726][T30279] loop4: detected capacity change from 0 to 128
[ 1757.975706][  T302] usb 2-1: config 0 has no interfaces?
[ 1757.981040][  T302] usb 2-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77
[ 1757.989938][  T302] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1757.998114][  T302] usb 2-1: config 0 descriptor??
[ 1758.066880][T30281] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 1758.119245][T26653] syz-executor.2: attempt to access beyond end of device
[ 1758.119245][T26653] loop2: rw=2049, sector=45096, nr_sectors = 24 limit=40427
[ 1758.305691][  T626] usb 4-1: string descriptor 0 read error: -71
[ 1758.325659][  T626] uclogic 0003:256C:006D.011B: failed retrieving string descriptor #200: -71
[ 1758.334336][  T626] uclogic 0003:256C:006D.011B: failed retrieving pen parameters: -71
[ 1758.342281][  T626] uclogic 0003:256C:006D.011B: failed probing pen v2 parameters: -71
[ 1758.350305][  T626] uclogic 0003:256C:006D.011B: failed probing parameters: -71
[ 1758.357748][  T626] uclogic: probe of 0003:256C:006D.011B failed with error -71
[ 1758.380234][  T626] usb 4-1: USB disconnect, device number 41
[ 1758.785666][  T302] usb 1-1: new high-speed USB device number 51 using dummy_hcd
[ 1759.035644][  T302] usb 1-1: Using ep0 maxpacket: 16
[ 1759.325769][  T302] usb 1-1: config 0 has no interfaces?
[ 1759.455655][  T626] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[ 1759.465726][  T302] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[ 1759.474614][  T302] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1759.482390][  T302] usb 1-1: Product: syz
[ 1759.486396][  T302] usb 1-1: Manufacturer: syz
[ 1759.491189][  T302] r8152-cfgselector 1-1: config 0 descriptor??
[ 1759.815740][  T626] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1759.841308][  T626] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1759.850938][  T626] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1759.859802][  T626] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1759.868053][  T626] usb 4-1: config 0 descriptor??
[ 1759.889390][  T302] usb 2-1: USB disconnect, device number 59
[ 1759.957340][T22591] usb 1-1: USB disconnect, device number 51
[ 1760.645947][  T626] hid (null): bogus close delimiter
[ 1760.772000][T30304] loop4: detected capacity change from 0 to 131072
[ 1760.794801][T30304] F2FS-fs (loop4): invalid crc value
[ 1760.801352][T30304] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387)
[ 1760.821905][T30304] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b
[ 1761.095072][T30321] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=30321 comm=syz-executor.4
[ 1761.422760][T30323] loop1: detected capacity change from 0 to 1024
[ 1761.445681][  T626] usb 4-1: string descriptor 0 read error: -71
[ 1761.454635][T30323] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 1761.461441][T30323] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[ 1761.465757][  T626] uclogic 0003:256C:006D.011C: failed retrieving string descriptor #200: -71
[ 1761.470248][T30323] EXT4-fs (loop1): Test dummy encryption mode enabled
[ 1761.478990][  T626] uclogic 0003:256C:006D.011C: failed retrieving pen parameters: -71
[ 1761.487110][T30323] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1761.493746][  T626] uclogic 0003:256C:006D.011C: failed probing pen v2 parameters: -71
[ 1761.510241][  T626] uclogic 0003:256C:006D.011C: failed probing parameters: -71
[ 1761.517681][  T626] uclogic: probe of 0003:256C:006D.011C failed with error -71
[ 1761.532374][  T626] usb 4-1: USB disconnect, device number 42
[ 1761.907088][T30334] loop4: detected capacity change from 0 to 1036
[ 1762.279413][T29015] EXT4-fs (loop1): unmounting filesystem.
[ 1762.347291][T30337] loop3: detected capacity change from 0 to 256
[ 1762.419768][T30337] Invalid ELF header magic: != ELF
[ 1762.462875][T30339] loop1: detected capacity change from 0 to 128
[ 1762.643736][T30341] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1764.393337][T30361] loop4: detected capacity change from 0 to 512
[ 1764.394712][T30362] syz-executor.0[30362] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1764.399679][T30362] syz-executor.0[30362] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1764.427592][T30361] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 1764.449274][T30361] ext4 filesystem being mounted at /root/syzkaller-testdir4276564848/syzkaller.3tm6PA/43/file0 supports timestamps until 2038 (0x7fffffff)
[ 1764.487215][T30361] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 12: comm syz-executor.4: path /root/syzkaller-testdir4276564848/syzkaller.3tm6PA/43/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[ 1764.513519][T30361] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 13: comm syz-executor.4: path /root/syzkaller-testdir4276564848/syzkaller.3tm6PA/43/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0
[ 1764.540616][T30361] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 14: comm syz-executor.4: path /root/syzkaller-testdir4276564848/syzkaller.3tm6PA/43/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[ 1764.566460][T30361] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 15: comm syz-executor.4: path /root/syzkaller-testdir4276564848/syzkaller.3tm6PA/43/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[ 1764.591552][T30361] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 16: comm syz-executor.4: path /root/syzkaller-testdir4276564848/syzkaller.3tm6PA/43/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0
[ 1764.617105][T22591] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[ 1764.617298][T30361] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 17: comm syz-executor.4: path /root/syzkaller-testdir4276564848/syzkaller.3tm6PA/43/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[ 1764.649336][T30361] EXT4-fs error (device loop4): ext4_map_blocks:607: inode #2: block 18: comm syz-executor.4: lblock 23 mapped to illegal pblock 18 (length 1)
[ 1764.720988][T29634] EXT4-fs (loop4): unmounting filesystem.
[ 1765.048398][T22591] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 384
[ 1765.060024][T22591] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[ 1765.210577][T22591] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1765.231851][T22591] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1765.241749][T22591] usb 4-1: SerialNumber: syz
[ 1765.375899][T30358] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1766.245904][T30358] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1766.619481][T22591] cdc_ether 4-1:1.0 wwan0: register 'cdc_ether' at usb-dummy_hcd.3-1, Mobile Broadband Network Device, 42:42:42:42:42:42
[ 1766.637324][  T626] usb 4-1: USB disconnect, device number 43
[ 1766.644037][  T626] cdc_ether 4-1:1.0 wwan0: unregister 'cdc_ether' usb-dummy_hcd.3-1, Mobile Broadband Network Device
[ 1766.785680][T30391] loop2: detected capacity change from 0 to 128
[ 1767.338222][T30395] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 1767.975695][T24347] usb 2-1: new high-speed USB device number 60 using dummy_hcd
[ 1768.160727][T30412] loop4: detected capacity change from 0 to 512
[ 1768.251545][T30412] EXT4-fs (loop4): orphan cleanup on readonly fs
[ 1768.263115][T30412] EXT4-fs error (device loop4): ext4_quota_enable:6943: comm syz-executor.4: inode #65535: comm syz-executor.4: iget: illegal inode #
[ 1768.277618][T30412] EXT4-fs error (device loop4): ext4_quota_enable:6946: comm syz-executor.4: Bad quota inode: 65535, type: 2
[ 1768.335373][T30412] EXT4-fs warning (device loop4): ext4_enable_quotas:6987: Failed to enable quota tracking (type=2, err=-117, ino=65535). Please run e2fsck to fix.
[ 1768.424426][T30412] EXT4-fs (loop4): Cannot turn on quotas: error -117
[ 1768.431052][T30412] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 1768.475747][T24347] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1768.486584][T24347] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1768.495647][T22591] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[ 1768.496348][T24347] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1768.512348][T24347] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1768.521032][T24347] usb 2-1: config 0 descriptor??
[ 1768.925681][T22591] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1768.936662][T22591] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1768.946251][T22591] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1768.955069][T22591] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1768.963554][T22591] usb 4-1: config 0 descriptor??
[ 1769.005829][T24347] hid (null): bogus close delimiter
[ 1769.020801][T29634] EXT4-fs (loop4): unmounting filesystem.
[ 1769.192947][T30423] loop4: detected capacity change from 0 to 40427
[ 1769.210877][T30423] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[ 1769.218509][T30423] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[ 1769.226495][T24347] usb 2-1: language id specifier not provided by device, defaulting to English
[ 1769.227231][T30423] F2FS-fs (loop4): invalid crc value
[ 1769.241553][T30423] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 1769.267926][T30423] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[ 1769.274817][T30423] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1769.576026][T22591] usbhid 4-1:0.0: can't add hid device: -71
[ 1769.581839][T22591] usbhid: probe of 4-1:0.0 failed with error -71
[ 1769.593736][T22591] usb 4-1: USB disconnect, device number 44
[ 1769.678784][T24347] uclogic 0003:256C:006D.011D: failed retrieving string descriptor #200: -71
[ 1769.687605][T24347] uclogic 0003:256C:006D.011D: failed retrieving pen parameters: -71
[ 1769.695541][T24347] uclogic 0003:256C:006D.011D: failed probing pen v2 parameters: -71
[ 1769.703608][T24347] uclogic 0003:256C:006D.011D: failed probing parameters: -71
[ 1769.711018][T24347] uclogic: probe of 0003:256C:006D.011D failed with error -71
[ 1769.719710][T24347] usb 2-1: USB disconnect, device number 60
[ 1770.304211][T30447] loop3: detected capacity change from 0 to 512
[ 1770.374429][T30447] EXT4-fs (loop3): orphan cleanup on readonly fs
[ 1770.381634][T30447] EXT4-fs error (device loop3): ext4_quota_enable:6943: comm syz-executor.3: inode #65535: comm syz-executor.3: iget: illegal inode #
[ 1770.396028][T30447] EXT4-fs error (device loop3): ext4_quota_enable:6946: comm syz-executor.3: Bad quota inode: 65535, type: 2
[ 1770.408106][T30447] EXT4-fs warning (device loop3): ext4_enable_quotas:6987: Failed to enable quota tracking (type=2, err=-117, ino=65535). Please run e2fsck to fix.
[ 1770.440697][T30447] EXT4-fs (loop3): Cannot turn on quotas: error -117
[ 1770.447313][T30447] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[ 1770.565648][T22591] usb 1-1: new high-speed USB device number 52 using dummy_hcd
[ 1770.605148][T30452] loop1: detected capacity change from 0 to 128
[ 1770.801443][T30456] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1771.005629][T22591] usb 1-1: device descriptor read/64, error -71
[ 1771.073011][T30458] binder: 30453:30458 ioctl 4018620d 0 returned -22
[ 1771.200696][T29464] EXT4-fs (loop3): unmounting filesystem.
[ 1771.455642][T22591] usb 1-1: device descriptor read/64, error -71
[ 1771.532007][T30462] loop1: detected capacity change from 0 to 256
[ 1771.643993][T30460] loop3: detected capacity change from 0 to 131072
[ 1771.660081][T30460] F2FS-fs (loop3): invalid crc value
[ 1771.666766][T30460] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387)
[ 1771.687667][T30460] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b
[ 1771.725695][T22591] usb 1-1: new high-speed USB device number 53 using dummy_hcd
[ 1772.321817][   T28] kauditd_printk_skb: 8 callbacks suppressed
[ 1772.321893][   T28] audit: type=1107 audit(1718168787.819:108035): pid=30459 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg=''
[ 1772.525711][T22591] usb 1-1: device descriptor read/64, error -71
[ 1772.978696][T30487] loop3: detected capacity change from 0 to 512
[ 1773.745814][ T2630] usb 3-1: new high-speed USB device number 56 using dummy_hcd
[ 1773.762292][T30487] EXT4-fs (loop3): orphan cleanup on readonly fs
[ 1773.769258][T30487] EXT4-fs error (device loop3): ext4_quota_enable:6943: comm syz-executor.3: inode #65535: comm syz-executor.3: iget: illegal inode #
[ 1773.967559][T30487] EXT4-fs error (device loop3): ext4_quota_enable:6946: comm syz-executor.3: Bad quota inode: 65535, type: 2
[ 1774.017167][T30487] EXT4-fs warning (device loop3): ext4_enable_quotas:6987: Failed to enable quota tracking (type=2, err=-117, ino=65535). Please run e2fsck to fix.
[ 1774.995816][ T2630] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1775.078756][ T2630] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1775.183198][ T2630] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1775.192208][T30487] EXT4-fs (loop3): Cannot turn on quotas: error -117
[ 1775.198805][T30487] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[ 1775.215242][T30496] device syzkaller0 entered promiscuous mode
[ 1775.245634][ T2630] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1775.256496][ T2630] usb 3-1: config 0 descriptor??
[ 1775.314960][T30490] loop1: detected capacity change from 0 to 40427
[ 1775.343822][T30490] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[ 1775.351488][T30490] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[ 1775.360246][T30490] F2FS-fs (loop1): invalid crc value
[ 1775.366678][T30490] F2FS-fs (loop1): Found nat_bits in checkpoint
[ 1775.394989][T30490] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[ 1775.402039][T30490] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[ 1775.483421][T29464] EXT4-fs (loop3): unmounting filesystem.
[ 1775.775394][T30509] loop3: detected capacity change from 0 to 128
[ 1775.788665][T30510] binder: 30503:30510 ioctl 4018620d 0 returned -22
[ 1775.935900][ T2630] usbhid 3-1:0.0: can't add hid device: -71
[ 1775.969984][T30514] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1776.011142][ T2630] usbhid: probe of 3-1:0.0 failed with error -71
[ 1776.040287][ T2630] usb 3-1: USB disconnect, device number 56
[ 1776.425644][T23686] usb 2-1: new high-speed USB device number 61 using dummy_hcd
[ 1776.675657][T23686] usb 2-1: Using ep0 maxpacket: 16
[ 1776.815718][T23686] usb 2-1: config 0 has no interfaces?
[ 1776.832324][T30520] loop2: detected capacity change from 0 to 131072
[ 1776.956305][T23686] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[ 1776.970910][T23686] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1776.993405][T23686] usb 2-1: Product: syz
[ 1777.004837][T23686] usb 2-1: Manufacturer: syz
[ 1777.021384][T23686] r8152-cfgselector 2-1: config 0 descriptor??
[ 1777.132795][T30520] F2FS-fs (loop2): invalid crc value
[ 1777.139533][T30520] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387)
[ 1777.177023][T30520] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b
[ 1777.319203][T25010] usb 2-1: config 0 descriptor??
[ 1777.426974][   T28] audit: type=1107 audit(1718168792.909:108036): pid=30519 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg=''
[ 1777.557105][  T302] usb 2-1: USB disconnect, device number 61
[ 1777.575669][T25010] usb 2-1: can't set config #0, error -71
[ 1777.655762][T23686] usb 5-1: new high-speed USB device number 56 using dummy_hcd
[ 1777.821656][T30542] loop2: detected capacity change from 0 to 512
[ 1777.837692][T30542] EXT4-fs (loop2): 1 orphan inode deleted
[ 1777.843263][T30542] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 1777.852074][T30542] ext4 filesystem being mounted at /root/syzkaller-testdir3059729094/syzkaller.m3ZGsy/214/file1 supports timestamps until 2038 (0x7fffffff)
[ 1777.978106][T30541] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1777.985349][T30541] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1777.994208][T30541] device bridge_slave_0 entered promiscuous mode
[ 1778.242463][T30541] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1778.261515][T30541] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1778.272350][T30541] device bridge_slave_1 entered promiscuous mode
[ 1778.305792][T23686] usb 5-1: device descriptor read/64, error -71
[ 1779.190114][T30560] loop4: detected capacity change from 0 to 1036
[ 1779.244775][T26653] EXT4-fs (loop2): unmounting filesystem.
[ 1779.543747][T30567] loop1: detected capacity change from 0 to 512
[ 1780.268402][T30567] EXT4-fs (loop1): orphan cleanup on readonly fs
[ 1780.275089][T30567] EXT4-fs error (device loop1): ext4_quota_enable:6943: comm syz-executor.1: inode #65535: comm syz-executor.1: iget: illegal inode #
[ 1780.599299][T30567] EXT4-fs error (device loop1): ext4_quota_enable:6946: comm syz-executor.1: Bad quota inode: 65535, type: 2
[ 1780.610956][T30567] EXT4-fs warning (device loop1): ext4_enable_quotas:6987: Failed to enable quota tracking (type=2, err=-117, ino=65535). Please run e2fsck to fix.
[ 1780.627347][T30567] EXT4-fs (loop1): Cannot turn on quotas: error -117
[ 1780.633863][T30567] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1780.693255][T16473] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1780.700577][T16473] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1780.712343][ T2630] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1780.720518][ T2630] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1780.728722][ T2630] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1780.735591][ T2630] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1780.743199][ T2630] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1780.753912][T16473] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1780.762069][T16473] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1780.770153][T16473] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1780.777004][T16473] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1780.787777][T25010] device bridge_slave_1 left promiscuous mode
[ 1780.793679][T25010] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1780.800919][T25010] device bridge_slave_0 left promiscuous mode
[ 1780.807534][T25010] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1780.814924][T25010] device veth1_macvtap left promiscuous mode
[ 1780.821143][T25010] device veth0_vlan left promiscuous mode
[ 1780.895289][T29015] EXT4-fs (loop1): unmounting filesystem.
[ 1780.975866][T30576] loop4: detected capacity change from 0 to 128
[ 1781.077104][T30580] loop1: detected capacity change from 0 to 1024
[ 1781.078265][T30581] loop2: detected capacity change from 0 to 256
[ 1781.098836][T30580] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 1781.108985][T30583] binder: 30573:30583 ioctl 4018620d 0 returned -22
[ 1781.123798][T30580] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[ 1781.134200][T30580] EXT4-fs (loop1): Test dummy encryption mode enabled
[ 1781.726689][T30580] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1781.948139][T30584] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 1781.962187][T16473] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1781.985985][T16473] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1782.015933][T16473] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1782.028166][T16473] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1782.044192][T30541] device veth0_vlan entered promiscuous mode
[ 1782.053587][T23686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1782.063692][T23686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1782.074973][T23686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1782.083028][T23686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1782.098146][T30541] device veth1_macvtap entered promiscuous mode
[ 1782.105074][T23686] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1782.112891][T23686] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1782.120518][T23686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1782.133647][T23686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1782.142268][T23686] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1782.161240][T16473] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1782.169793][T16473] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1782.178445][T16473] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1782.189016][T16473] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1782.732535][T29015] EXT4-fs (loop1): unmounting filesystem.
[ 1783.089221][T30606] loop1: detected capacity change from 0 to 40427
[ 1783.106756][T30606] F2FS-fs (loop1): Invalid Fs Meta Ino: node(0) meta(2) root(0)
[ 1783.114244][T30606] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[ 1783.122850][T30606] F2FS-fs (loop1): invalid crc value
[ 1783.129322][T30606] F2FS-fs (loop1): Found nat_bits in checkpoint
[ 1783.174697][T30606] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[ 1783.182165][ T2630] usb 5-1: new high-speed USB device number 57 using dummy_hcd
[ 1783.190431][T30606] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[ 1783.283181][   T28] audit: type=1107 audit(1718168798.779:108037): pid=30596 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg=''
[ 1783.354530][T16473] usb 3-1: new high-speed USB device number 57 using dummy_hcd
[ 1783.372069][T30606] F2FS-fs (loop1): Unrecognized mount option "€" or missing value
[ 1783.645674][ T2630] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1783.665374][ T2630] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1783.683180][ T2630] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1783.692914][ T2630] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1783.708247][ T2630] usb 5-1: config 0 descriptor??
[ 1783.823746][T16473] usb 3-1: device descriptor read/64, error -71
[ 1785.065618][T16473] usb 3-1: device descriptor read/64, error -71
[ 1785.137133][T30634] loop1: detected capacity change from 0 to 128
[ 1785.265756][ T2630] uclogic 0003:256C:006D.011E: failed retrieving string descriptor #100: -71
[ 1785.274880][ T2630] uclogic 0003:256C:006D.011E: failed retrieving pen parameters: -71
[ 1785.283002][ T2630] uclogic 0003:256C:006D.011E: failed probing pen v1 parameters: -71
[ 1785.291314][ T2630] uclogic 0003:256C:006D.011E: failed probing parameters: -71
[ 1785.298783][ T2630] uclogic: probe of 0003:256C:006D.011E failed with error -71
[ 1785.320837][T30636] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1785.364403][ T2630] usb 5-1: USB disconnect, device number 57
[ 1785.495663][T16473] usb 3-1: new high-speed USB device number 58 using dummy_hcd
[ 1785.785623][T16473] usb 3-1: device descriptor read/64, error -71
[ 1786.717159][T30652] loop4: detected capacity change from 0 to 1036
[ 1787.466860][T30653] loop3: detected capacity change from 0 to 512
[ 1787.576893][T30653] EXT4-fs (loop3): orphan cleanup on readonly fs
[ 1787.583973][T30653] EXT4-fs error (device loop3): ext4_quota_enable:6943: comm syz-executor.3: inode #65535: comm syz-executor.3: iget: illegal inode #
[ 1787.598043][T30653] EXT4-fs error (device loop3): ext4_quota_enable:6946: comm syz-executor.3: Bad quota inode: 65535, type: 2
[ 1787.609943][T30653] EXT4-fs warning (device loop3): ext4_enable_quotas:6987: Failed to enable quota tracking (type=2, err=-117, ino=65535). Please run e2fsck to fix.
[ 1787.952792][T30653] EXT4-fs (loop3): Cannot turn on quotas: error -117
[ 1787.959339][T30653] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[ 1788.295786][T24347] usb 1-1: new high-speed USB device number 54 using dummy_hcd
[ 1788.315516][T29464] EXT4-fs (loop3): unmounting filesystem.
[ 1788.385173][T30670] loop4: detected capacity change from 0 to 512
[ 1789.094126][T30670] EXT4-fs (loop4): orphan cleanup on readonly fs
[ 1789.101869][T30670] EXT4-fs error (device loop4): ext4_quota_enable:6943: comm syz-executor.4: inode #65535: comm syz-executor.4: iget: illegal inode #
[ 1789.335695][T24347] usb 1-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1789.345868][T24347] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1789.357014][T24347] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[ 1789.367634][T24347] usb 1-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1789.380705][T24347] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1789.389730][T24347] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1789.436506][T24347] usb 1-1: invalid MIDI out EP 0
[ 1789.444005][T24347] snd-usb-audio: probe of 1-1:27.0 failed with error -22
[ 1789.478838][T30670] EXT4-fs error (device loop4): ext4_quota_enable:6946: comm syz-executor.4: Bad quota inode: 65535, type: 2
[ 1789.490516][T30670] EXT4-fs warning (device loop4): ext4_enable_quotas:6987: Failed to enable quota tracking (type=2, err=-117, ino=65535). Please run e2fsck to fix.
[ 1789.506556][T30670] EXT4-fs (loop4): Cannot turn on quotas: error -117
[ 1789.513068][T30670] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 1789.636610][T24347] usb 1-1: USB disconnect, device number 54
[ 1789.704781][T29634] EXT4-fs (loop4): unmounting filesystem.
[ 1789.758203][T30683] loop4: detected capacity change from 0 to 128
[ 1789.939595][T30685] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 1790.095619][T27718] usb 2-1: new high-speed USB device number 62 using dummy_hcd
[ 1790.103033][T23686] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[ 1790.225626][T16473] usb 3-1: new high-speed USB device number 59 using dummy_hcd
[ 1790.485798][T23686] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 384
[ 1790.495512][T27718] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1790.506178][T23686] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[ 1790.518900][T27718] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1790.528481][T27718] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1790.537485][T27718] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1790.546660][T27718] usb 2-1: config 0 descriptor??
[ 1790.615710][T23686] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1790.624614][T23686] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1790.632448][T23686] usb 4-1: SerialNumber: syz
[ 1790.636926][T16473] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1790.647980][T16473] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1790.657818][T16473] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1790.666790][T16473] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1790.675103][T16473] usb 3-1: config 0 descriptor??
[ 1790.679984][T30680] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[ 1791.106456][T30680] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[ 1791.492034][T30698] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1791.500659][T30698] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1791.576955][T23686] cdc_ether 4-1:1.0 wwan0: register 'cdc_ether' at usb-dummy_hcd.3-1, Mobile Broadband Network Device, 42:42:42:42:42:42
[ 1791.866110][T24347] usb 4-1: USB disconnect, device number 45
[ 1791.876449][T24347] cdc_ether 4-1:1.0 wwan0: unregister 'cdc_ether' usb-dummy_hcd.3-1, Mobile Broadband Network Device
[ 1792.225659][T27718] uclogic 0003:256C:006D.0120: failed retrieving string descriptor #100: -71
[ 1792.234339][T16473] uclogic 0003:256C:006D.011F: failed retrieving string descriptor #100: -71
[ 1792.242942][T16473] uclogic 0003:256C:006D.011F: failed retrieving pen parameters: -71
[ 1792.250792][T27718] uclogic 0003:256C:006D.0120: failed retrieving pen parameters: -71
[ 1792.258696][T16473] uclogic 0003:256C:006D.011F: failed probing pen v1 parameters: -71
[ 1792.266577][T27718] uclogic 0003:256C:006D.0120: failed probing pen v1 parameters: -71
[ 1792.274483][T16473] uclogic 0003:256C:006D.011F: failed probing parameters: -71
[ 1792.281782][T27718] uclogic 0003:256C:006D.0120: failed probing parameters: -71
[ 1792.289054][T16473] uclogic: probe of 0003:256C:006D.011F failed with error -71
[ 1792.296397][T27718] uclogic: probe of 0003:256C:006D.0120 failed with error -71
[ 1792.305123][T27718] usb 2-1: USB disconnect, device number 62
[ 1792.310959][T16473] usb 3-1: USB disconnect, device number 59
[ 1792.677419][T30709] loop4: detected capacity change from 0 to 256
[ 1793.782118][T30728] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1793.970222][T30730] loop4: detected capacity change from 0 to 1024
[ 1793.988587][T30730] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 1793.995339][T30730] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[ 1794.003904][T30730] EXT4-fs (loop4): Test dummy encryption mode enabled
[ 1794.012336][T30730] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 1794.035638][T27718] usb 2-1: new high-speed USB device number 63 using dummy_hcd
[ 1794.043358][T29634] EXT4-fs (loop4): unmounting filesystem.
[ 1794.259615][T30736] loop4: detected capacity change from 0 to 1036
[ 1794.665660][T27718] usb 2-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1794.675715][T27718] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1794.686442][T27718] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[ 1794.696185][T27718] usb 2-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1794.708896][T27718] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1794.717762][T27718] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1794.766414][T27718] usb 2-1: invalid MIDI out EP 0
[ 1794.776772][T27718] snd-usb-audio: probe of 2-1:27.0 failed with error -22
[ 1794.966675][T27718] usb 2-1: USB disconnect, device number 63
[ 1795.054471][T30741] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=30741 comm=syz-executor.0
[ 1795.264252][T30742] loop4: detected capacity change from 0 to 40427
[ 1795.278432][T30742] F2FS-fs (loop4): Small segment_count (9 < 1 * 24)
[ 1795.284876][T30742] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[ 1795.294922][T30742] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 1795.318958][T30742] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[ 1795.325905][T30742] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1795.421017][T30745] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1795.429639][T30745] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1795.931502][T30751] loop1: detected capacity change from 0 to 40427
[ 1795.945404][T30751] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[ 1795.953319][T30751] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[ 1795.962944][T30751] F2FS-fs (loop1): Found nat_bits in checkpoint
[ 1795.998242][T30751] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[ 1796.012002][T30751] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[ 1796.019442][T30751] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[ 1796.075417][T29634] syz-executor.4: attempt to access beyond end of device
[ 1796.075417][T29634] loop4: rw=2049, sector=45096, nr_sectors = 24 limit=40427
[ 1796.195642][T24347] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[ 1796.357044][T30767] binder: 30760:30767 ioctl 4018620d 0 returned -22
[ 1796.512251][T30768] loop1: detected capacity change from 0 to 512
[ 1796.615199][T30768] EXT4-fs (loop1): orphan cleanup on readonly fs
[ 1796.629792][T30768] EXT4-fs error (device loop1): ext4_quota_enable:6943: comm syz-executor.1: inode #65535: comm syz-executor.1: iget: illegal inode #
[ 1796.647671][T30768] EXT4-fs error (device loop1): ext4_quota_enable:6946: comm syz-executor.1: Bad quota inode: 65535, type: 2
[ 1796.663312][T30768] EXT4-fs warning (device loop1): ext4_enable_quotas:6987: Failed to enable quota tracking (type=2, err=-117, ino=65535). Please run e2fsck to fix.
[ 1796.754680][T30768] EXT4-fs (loop1): Cannot turn on quotas: error -117
[ 1796.761315][T30768] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1796.795920][T24347] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 384
[ 1796.811486][T24347] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[ 1796.825624][T16473] usb 3-1: new high-speed USB device number 60 using dummy_hcd
[ 1796.915684][T24347] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1796.924611][T24347] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1796.932489][T24347] usb 4-1: SerialNumber: syz
[ 1796.955656][T30753] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1797.130415][T30775] loop4: detected capacity change from 0 to 1024
[ 1797.146459][T30775] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 1797.153291][T30775] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[ 1797.162043][T30775] EXT4-fs (loop4): Test dummy encryption mode enabled
[ 1797.169152][T29015] EXT4-fs (loop1): unmounting filesystem.
[ 1797.170413][T30775] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 1797.184273][T30753] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1797.195650][T16473] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1797.206384][T16473] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1797.215893][T16473] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1797.224751][T16473] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1797.225254][T29634] EXT4-fs (loop4): unmounting filesystem.
[ 1797.233111][T16473] usb 3-1: config 0 descriptor??
[ 1797.293872][T30778] loop1: detected capacity change from 0 to 128
[ 1797.481414][T30781] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1798.150747][T24347] cdc_ether 4-1:1.0 wwan0: register 'cdc_ether' at usb-dummy_hcd.3-1, Mobile Broadband Network Device, 42:42:42:42:42:42
[ 1798.163953][T24347] usb 4-1: USB disconnect, device number 46
[ 1798.170215][T24347] cdc_ether 4-1:1.0 wwan0: unregister 'cdc_ether' usb-dummy_hcd.3-1, Mobile Broadband Network Device
[ 1798.409278][T30790] binder: 30785:30790 ioctl 4018620d 0 returned -22
[ 1798.613343][   T28] audit: type=1326 audit(1718168814.109:108038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30791 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc963a7cea9 code=0x7ffc0000
[ 1798.637580][   T28] audit: type=1326 audit(1718168814.109:108039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30791 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc963a7cea9 code=0x7ffc0000
[ 1798.661745][   T28] audit: type=1326 audit(1718168814.109:108040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30791 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc963a7cea9 code=0x7ffc0000
[ 1798.667254][  T546] usb 2-1: new high-speed USB device number 64 using dummy_hcd
[ 1798.693239][   T28] audit: type=1326 audit(1718168814.109:108041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30791 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc963a7cea9 code=0x7ffc0000
[ 1798.717382][   T28] audit: type=1326 audit(1718168814.109:108042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30791 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc963a7cea9 code=0x7ffc0000
[ 1798.741463][T16473] uclogic 0003:256C:006D.0121: failed retrieving string descriptor #100: -71
[ 1798.750111][T16473] uclogic 0003:256C:006D.0121: failed retrieving pen parameters: -71
[ 1798.757977][T16473] uclogic 0003:256C:006D.0121: failed probing pen v1 parameters: -71
[ 1798.765882][T16473] uclogic 0003:256C:006D.0121: failed probing parameters: -71
[ 1798.773153][T16473] uclogic: probe of 0003:256C:006D.0121 failed with error -71
[ 1798.781274][T16473] usb 3-1: USB disconnect, device number 60
[ 1798.870483][T30795] loop4: detected capacity change from 0 to 256
[ 1798.890989][T30795] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0xd3fc6e3e, utbl_chksum : 0xe619d30d)
[ 1798.903132][T30795] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186)
[ 1799.095812][  T546] usb 2-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1799.159210][  T546] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1799.170693][  T546] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[ 1799.180990][  T546] usb 2-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1799.195484][  T546] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1799.204703][  T546] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1799.246426][  T546] usb 2-1: invalid MIDI out EP 0
[ 1799.252782][  T546] snd-usb-audio: probe of 2-1:27.0 failed with error -22
[ 1799.853659][  T546] usb 2-1: USB disconnect, device number 64
[ 1800.525787][T30815] loop2: detected capacity change from 0 to 512
[ 1800.550463][T30815] EXT4-fs (loop2): orphan cleanup on readonly fs
[ 1800.556902][T30815] EXT4-fs error (device loop2): ext4_quota_enable:6943: comm syz-executor.2: inode #65535: comm syz-executor.2: iget: illegal inode #
[ 1800.570905][T30815] EXT4-fs error (device loop2): ext4_quota_enable:6946: comm syz-executor.2: Bad quota inode: 65535, type: 2
[ 1800.582778][T30815] EXT4-fs warning (device loop2): ext4_enable_quotas:6987: Failed to enable quota tracking (type=2, err=-117, ino=65535). Please run e2fsck to fix.
[ 1800.597750][T30815] EXT4-fs (loop2): Cannot turn on quotas: error -117
[ 1800.604252][T30815] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 1800.710258][T30817] loop1: detected capacity change from 0 to 1024
[ 1800.738263][T30817] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 1800.745651][T30817] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[ 1800.755468][T30817] EXT4-fs (loop1): Test dummy encryption mode enabled
[ 1800.777735][T30817] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1800.832156][T29015] EXT4-fs (loop1): unmounting filesystem.
[ 1801.098107][T30827] binder: 30821:30827 ioctl 4018620d 0 returned -22
[ 1801.240936][T26653] EXT4-fs (loop2): unmounting filesystem.
[ 1801.344818][   T28] audit: type=1326 audit(1718168816.839:108043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30832 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f560047cea9 code=0x7ffc0000
[ 1801.346004][  T546] usb 2-1: new high-speed USB device number 65 using dummy_hcd
[ 1801.369185][   T28] audit: type=1326 audit(1718168816.839:108044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30832 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f560047cea9 code=0x7ffc0000
[ 1801.400730][   T28] audit: type=1326 audit(1718168816.839:108045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30832 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f560047cea9 code=0x7ffc0000
[ 1801.425275][   T28] audit: type=1326 audit(1718168816.839:108046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30832 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f560047cea9 code=0x7ffc0000
[ 1801.449478][   T28] audit: type=1326 audit(1718168816.839:108047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30832 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f560047cea9 code=0x7ffc0000
[ 1801.619664][T30837] binder: 30834:30837 ioctl 4018620d 0 returned -22
[ 1801.635874][  T546] usb 2-1: Using ep0 maxpacket: 16
[ 1801.755675][  T546] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1801.765682][  T546] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1801.774459][  T546] usb 2-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[ 1801.783355][  T546] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1801.791532][  T546] usb 2-1: config 0 descriptor??
[ 1802.249847][T30847] loop3: detected capacity change from 0 to 512
[ 1802.433453][T30849] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1802.445286][T30849] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1802.490805][T30847] EXT4-fs (loop3): orphan cleanup on readonly fs
[ 1802.497922][T30847] EXT4-fs error (device loop3): ext4_quota_enable:6943: comm syz-executor.3: inode #65535: comm syz-executor.3: iget: illegal inode #
[ 1802.512729][T30847] EXT4-fs error (device loop3): ext4_quota_enable:6946: comm syz-executor.3: Bad quota inode: 65535, type: 2
[ 1802.525152][T30847] EXT4-fs warning (device loop3): ext4_enable_quotas:6987: Failed to enable quota tracking (type=2, err=-117, ino=65535). Please run e2fsck to fix.
[ 1802.633378][T30847] EXT4-fs (loop3): Cannot turn on quotas: error -117
[ 1802.639951][T30847] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[ 1802.937672][T29464] EXT4-fs (loop3): unmounting filesystem.
[ 1803.081671][  T546] usb 5-1: new high-speed USB device number 58 using dummy_hcd
[ 1803.192604][T30863] binder: 30857:30863 ioctl 4018620d 0 returned -22
[ 1803.315658][T24347] usb 1-1: new high-speed USB device number 55 using dummy_hcd
[ 1803.445642][  T546] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1803.455948][  T546] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1803.466926][  T546] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[ 1803.476649][  T546] usb 5-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1803.489427][  T546] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1803.498390][  T546] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1803.546507][  T546] usb 5-1: invalid MIDI out EP 0
[ 1803.553612][  T546] snd-usb-audio: probe of 5-1:27.0 failed with error -22
[ 1803.695652][T24347] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1803.706411][T24347] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1803.715917][T24347] usb 1-1: New USB device found, idVendor=056a, idProduct=00f8, bcdDevice= 0.00
[ 1803.724761][T24347] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1803.732960][T24347] usb 1-1: config 0 descriptor??
[ 1803.746652][  T546] usb 5-1: USB disconnect, device number 58
[ 1803.998892][   T28] audit: type=1326 audit(1718168819.499:108048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30867 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f560047cea9 code=0x7ffc0000
[ 1804.023214][   T28] audit: type=1326 audit(1718168819.499:108049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30867 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f560047cea9 code=0x7ffc0000
[ 1804.050153][  T546] usb 2-1: USB disconnect, device number 65
[ 1804.056952][   T28] audit: type=1326 audit(1718168819.499:108050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30867 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f560047cea9 code=0x7ffc0000
[ 1804.081018][   T28] audit: type=1326 audit(1718168819.499:108051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30867 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f560047cea9 code=0x7ffc0000
[ 1804.105063][   T28] audit: type=1326 audit(1718168819.499:108052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30867 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f560047cea9 code=0x7ffc0000
[ 1804.421690][T30874] loop2: detected capacity change from 0 to 256
[ 1804.550908][T30875] loop3: detected capacity change from 0 to 256
[ 1804.603849][T30875] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0xd3fc6e3e, utbl_chksum : 0xe619d30d)
[ 1804.623172][T30875] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186)
[ 1804.637473][T30878] 9pnet_fd: Insufficient options for proto=fd
[ 1804.765032][T30885] Invalid ELF header magic: != ELF
[ 1805.683941][T30901] loop1: detected capacity change from 0 to 256
[ 1806.399200][T30905] loop3: detected capacity change from 0 to 512
[ 1806.408854][T30903] loop2: detected capacity change from 0 to 512
[ 1806.508499][T30905] EXT4-fs (loop3): orphan cleanup on readonly fs
[ 1806.515965][T30905] EXT4-fs error (device loop3): ext4_quota_enable:6943: comm syz-executor.3: inode #65535: comm syz-executor.3: iget: illegal inode #
[ 1806.530294][T30905] EXT4-fs error (device loop3): ext4_quota_enable:6946: comm syz-executor.3: Bad quota inode: 65535, type: 2
[ 1806.542210][T24347] usbhid 1-1:0.0: can't add hid device: -71
[ 1806.548141][T30905] EXT4-fs warning (device loop3): ext4_enable_quotas:6987: Failed to enable quota tracking (type=2, err=-117, ino=65535). Please run e2fsck to fix.
[ 1806.548485][T30903] EXT4-fs (loop2): orphan cleanup on readonly fs
[ 1806.563295][T24347] usbhid: probe of 1-1:0.0 failed with error -71
[ 1806.575501][T30903] EXT4-fs error (device loop2): ext4_quota_enable:6943: comm syz-executor.2: inode #65535: comm syz-executor.2: iget: illegal inode #
[ 1806.581040][T24347] usb 1-1: USB disconnect, device number 55
[ 1806.594788][T30903] EXT4-fs error (device loop2): ext4_quota_enable:6946: comm syz-executor.2: Bad quota inode: 65535, type: 2
[ 1806.606355][T30903] EXT4-fs warning (device loop2): ext4_enable_quotas:6987: Failed to enable quota tracking (type=2, err=-117, ino=65535). Please run e2fsck to fix.
[ 1806.621957][T30905] EXT4-fs (loop3): Cannot turn on quotas: error -117
[ 1806.621962][T30903] EXT4-fs (loop2): Cannot turn on quotas: error -117
[ 1806.621983][T30903] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 1806.628494][T30905] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[ 1806.692464][T30909] Invalid ELF header magic: != ELF
[ 1806.805428][   T28] audit: type=1326 audit(1718168822.299:108053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30910 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc963a7cea9 code=0x7ffc0000
[ 1806.836017][   T28] audit: type=1326 audit(1718168822.299:108054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30910 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc963a7cea9 code=0x7ffc0000
[ 1806.862029][   T28] audit: type=1326 audit(1718168822.299:108055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30910 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc963a7cea9 code=0x7ffc0000
[ 1806.887317][T29464] EXT4-fs (loop3): unmounting filesystem.
[ 1806.888330][   T28] audit: type=1326 audit(1718168822.299:108056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30910 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc963a7cea9 code=0x7ffc0000
[ 1806.917416][   T28] audit: type=1326 audit(1718168822.299:108057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30910 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc963a7cea9 code=0x7ffc0000
[ 1807.205893][T26653] EXT4-fs (loop2): unmounting filesystem.
[ 1807.395733][T30919] loop3: detected capacity change from 0 to 512
[ 1807.437140][T30920] loop4: detected capacity change from 0 to 256
[ 1807.443951][T30919] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[ 1807.452816][T30919] ext4 filesystem being mounted at /root/syzkaller-testdir1735175918/syzkaller.T58mVu/74/bus supports timestamps until 2038 (0x7fffffff)
[ 1807.471313][T30920] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0xd3fc6e3e, utbl_chksum : 0xe619d30d)
[ 1807.483568][T30920] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186)
[ 1807.492848][T29464] EXT4-fs (loop3): unmounting filesystem.
[ 1807.705770][T24347] usb 3-1: new high-speed USB device number 61 using dummy_hcd
[ 1807.819250][T30937] loop3: detected capacity change from 0 to 256
[ 1807.955647][T24347] usb 3-1: Using ep0 maxpacket: 16
[ 1808.021510][T30939] Invalid ELF header magic: != ELF
[ 1808.075718][T24347] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1808.086326][T24347] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1808.099754][T24347] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[ 1808.108946][T24347] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1808.120364][T24347] usb 3-1: config 0 descriptor??
[ 1808.165916][T24347] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[ 1808.347240][T30941] loop4: detected capacity change from 0 to 256
[ 1808.372787][T30941] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0xd3fc6e3e, utbl_chksum : 0xe619d30d)
[ 1808.384848][T30941] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186)
[ 1808.606173][T30946] 9pnet_fd: Insufficient options for proto=fd
[ 1808.669690][T30948] binder: 30942:30948 ioctl 4018620d 0 returned -22
[ 1808.787600][T30950] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1808.816609][T30950] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1809.156118][  T546] usb 2-1: new high-speed USB device number 66 using dummy_hcd
[ 1809.405622][  T546] usb 2-1: Using ep0 maxpacket: 16
[ 1809.526811][  T546] usb 2-1: config 0 has no interfaces?
[ 1809.534441][  T546] usb 2-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77
[ 1809.545002][  T546] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1809.564156][  T546] usb 2-1: config 0 descriptor??
[ 1809.588673][T30962] futex_wake_op: syz-executor.0 tries to shift op by -1; fix this program
[ 1810.484672][  T546] usb 3-1: USB disconnect, device number 61
[ 1810.584515][T30976] binder: 30970:30976 ioctl 4018620d 0 returned -22
[ 1810.891656][T30984] loop4: detected capacity change from 0 to 1036
[ 1811.092493][T30985] loop2: detected capacity change from 0 to 512
[ 1811.126149][T30985] EXT4-fs (loop2): orphan cleanup on readonly fs
[ 1811.133661][T30985] EXT4-fs error (device loop2): ext4_quota_enable:6943: comm syz-executor.2: inode #65535: comm syz-executor.2: iget: illegal inode #
[ 1811.148094][T30985] EXT4-fs error (device loop2): ext4_quota_enable:6946: comm syz-executor.2: Bad quota inode: 65535, type: 2
[ 1811.160270][T30985] EXT4-fs warning (device loop2): ext4_enable_quotas:6987: Failed to enable quota tracking (type=2, err=-117, ino=65535). Please run e2fsck to fix.
[ 1811.176436][T30985] EXT4-fs (loop2): Cannot turn on quotas: error -117
[ 1811.183052][T30985] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 1811.424122][T30975] loop3: detected capacity change from 0 to 40427
[ 1811.452358][T30975] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[ 1811.460081][T30975] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[ 1811.475073][T30975] F2FS-fs (loop3): Found nat_bits in checkpoint
[ 1811.503873][T30975] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[ 1811.515089][T30975] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[ 1811.522026][T30975] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1811.716501][T26653] EXT4-fs (loop2): unmounting filesystem.
[ 1811.763610][T30996] 9pnet_fd: Insufficient options for proto=fd
[ 1811.847946][T24347] usb 2-1: USB disconnect, device number 66
[ 1812.001170][T31004] loop3: detected capacity change from 0 to 1024
[ 1812.011136][T31005] binder: 30998:31005 ioctl 4018620d 0 returned -22
[ 1812.022422][T31004] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 1812.029394][T31004] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[ 1812.038395][T31004] EXT4-fs (loop3): Test dummy encryption mode enabled
[ 1812.053660][T31004] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[ 1812.105961][T29464] EXT4-fs (loop3): unmounting filesystem.
[ 1812.584676][   T28] kauditd_printk_skb: 551 callbacks suppressed
[ 1812.584694][   T28] audit: type=1326 audit(1718168828.079:108609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31020 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7ad47cea9 code=0x7ffc0000
[ 1812.615157][   T28] audit: type=1326 audit(1718168828.079:108610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31020 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7ad47cea9 code=0x7ffc0000
[ 1812.639451][   T28] audit: type=1326 audit(1718168828.079:108611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31020 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd7ad47cea9 code=0x7ffc0000
[ 1812.663858][   T28] audit: type=1326 audit(1718168828.079:108612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31020 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7ad47cea9 code=0x7ffc0000
[ 1812.695155][   T28] audit: type=1326 audit(1718168828.079:108613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31020 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7ad47cea9 code=0x7ffc0000
[ 1812.800377][   T28] audit: type=1326 audit(1718168828.089:108614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31020 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd7ad47cea9 code=0x7ffc0000
[ 1812.844882][   T28] audit: type=1326 audit(1718168828.189:108615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31020 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7ad47cea9 code=0x7ffc0000
[ 1812.886854][   T28] audit: type=1326 audit(1718168828.229:108616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31020 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fd7ad47a627 code=0x7ffc0000
[ 1812.931739][T31025] binder: 31022:31025 ioctl 4018620d 0 returned -22
[ 1813.278774][   T28] audit: type=1326 audit(1718168828.229:108617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31020 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd7ad4402e9 code=0x7ffc0000
[ 1813.351567][   T28] audit: type=1326 audit(1718168828.229:108618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31020 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7ad47cea9 code=0x7ffc0000
[ 1813.663006][T31030] loop2: detected capacity change from 0 to 512
[ 1813.683670][T31033] loop3: detected capacity change from 0 to 256
[ 1813.696442][T31033] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0xd3fc6e3e, utbl_chksum : 0xe619d30d)
[ 1813.708853][T31033] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186)
[ 1813.725225][T31030] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 1813.735009][T31030] ext4 filesystem being mounted at /root/syzkaller-testdir3059729094/syzkaller.m3ZGsy/235/file0 supports timestamps until 2038 (0x7fffffff)
[ 1813.984571][T31044] loop1: detected capacity change from 0 to 512
[ 1814.751507][T31030] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 12: comm syz-executor.2: path /root/syzkaller-testdir3059729094/syzkaller.m3ZGsy/235/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[ 1814.785376][T31044] EXT4-fs (loop1): orphan cleanup on readonly fs
[ 1814.792103][T31044] EXT4-fs error (device loop1): ext4_quota_enable:6943: comm syz-executor.1: inode #65535: comm syz-executor.1: iget: illegal inode #
[ 1814.914519][T31030] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 13: comm syz-executor.2: path /root/syzkaller-testdir3059729094/syzkaller.m3ZGsy/235/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0
[ 1815.035017][T31030] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 14: comm syz-executor.2: path /root/syzkaller-testdir3059729094/syzkaller.m3ZGsy/235/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[ 1815.074914][T31031] loop4: detected capacity change from 0 to 40427
[ 1815.081929][T31030] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 15: comm syz-executor.2: path /root/syzkaller-testdir3059729094/syzkaller.m3ZGsy/235/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[ 1815.107397][T31030] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 16: comm syz-executor.2: path /root/syzkaller-testdir3059729094/syzkaller.m3ZGsy/235/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0
[ 1815.133541][T31030] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 17: comm syz-executor.2: path /root/syzkaller-testdir3059729094/syzkaller.m3ZGsy/235/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[ 1815.158992][T31031] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[ 1815.170631][T31031] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[ 1815.181666][T31031] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 1815.218517][T31031] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[ 1815.231620][T31031] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[ 1815.238622][T31031] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1815.314820][T31044] EXT4-fs error (device loop1): ext4_quota_enable:6946: comm syz-executor.1: Bad quota inode: 65535, type: 2
[ 1815.315851][T26653] EXT4-fs (loop2): unmounting filesystem.
[ 1815.331829][T31044] EXT4-fs warning (device loop1): ext4_enable_quotas:6987: Failed to enable quota tracking (type=2, err=-117, ino=65535). Please run e2fsck to fix.
[ 1815.347409][T31044] EXT4-fs (loop1): Cannot turn on quotas: error -117
[ 1815.353928][T31044] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1815.559985][T29015] EXT4-fs (loop1): unmounting filesystem.
[ 1815.847880][T31064] loop2: detected capacity change from 0 to 256
[ 1815.855682][T30488] usb 1-1: new high-speed USB device number 56 using dummy_hcd
[ 1815.876839][T31064] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0xd3fc6e3e, utbl_chksum : 0xe619d30d)
[ 1815.898199][T31064] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186)
[ 1816.225740][T30488] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1816.236746][T30488] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1816.246497][T30488] usb 1-1: New USB device found, idVendor=056a, idProduct=00f8, bcdDevice= 0.00
[ 1816.255629][T30488] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1816.264130][T30488] usb 1-1: config 0 descriptor??
[ 1816.485380][T31070] loop3: detected capacity change from 0 to 40427
[ 1816.497914][T31070] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[ 1816.505642][T31070] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[ 1816.517328][T31070] F2FS-fs (loop3): Found nat_bits in checkpoint
[ 1816.548906][T31070] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[ 1816.560041][T31070] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[ 1816.567033][T31070] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1816.829780][T31078] binder: 31075:31078 ioctl 4018620d 0 returned -22
[ 1817.452615][T31086] loop1: detected capacity change from 0 to 512
[ 1817.647717][T31086] EXT4-fs (loop1): 1 orphan inode deleted
[ 1817.653316][T31086] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1817.662173][T31086] ext4 filesystem being mounted at /root/syzkaller-testdir2086313274/syzkaller.RyFL3f/107/file1 supports timestamps until 2038 (0x7fffffff)
[ 1818.432733][T29015] EXT4-fs error (device loop1): ext4_map_blocks:607: inode #2: block 3: comm syz-executor.1: lblock 0 mapped to illegal pblock 3 (length 1)
[ 1818.447356][T29015] EXT4-fs (loop1): Remounting filesystem read-only
[ 1818.456006][T29015] EXT4-fs (loop1): unmounting filesystem.
[ 1818.496495][T31102] loop4: detected capacity change from 0 to 256
[ 1818.543253][T31102] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0xd3fc6e3e, utbl_chksum : 0xe619d30d)
[ 1818.558052][T31102] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186)
[ 1818.585643][T30488] usbhid 1-1:0.0: can't add hid device: -71
[ 1818.591402][T30488] usbhid: probe of 1-1:0.0 failed with error -71
[ 1818.598005][T30488] usb 1-1: USB disconnect, device number 56
[ 1819.269820][   T28] kauditd_printk_skb: 129 callbacks suppressed
[ 1819.269844][   T28] audit: type=1326 audit(1718168834.769:108748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31108 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56dbe7cea9 code=0x7ffc0000
[ 1819.579886][   T28] audit: type=1326 audit(1718168834.809:108749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31108 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56dbe7cea9 code=0x7ffc0000
[ 1819.605095][   T28] audit: type=1326 audit(1718168834.809:108750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31108 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f56dbe7cea9 code=0x7ffc0000
[ 1819.630923][   T28] audit: type=1326 audit(1718168834.809:108751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31108 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56dbe7cea9 code=0x7ffc0000
[ 1819.655199][   T28] audit: type=1326 audit(1718168834.819:108752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31108 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f56dbe7cea9 code=0x7ffc0000
[ 1819.679544][   T28] audit: type=1326 audit(1718168834.819:108753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31108 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56dbe7cea9 code=0x7ffc0000
[ 1819.706109][   T28] audit: type=1326 audit(1718168834.819:108754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31108 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f56dbe7a627 code=0x7ffc0000
[ 1819.730319][   T28] audit: type=1326 audit(1718168834.819:108755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31108 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f56dbe402e9 code=0x7ffc0000
[ 1819.754642][T29976] device bridge_slave_1 left promiscuous mode
[ 1819.755701][   T28] audit: type=1326 audit(1718168834.819:108756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31108 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7f56dbe7cea9 code=0x7ffc0000
[ 1819.760770][T29976] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1819.784443][   T28] audit: type=1326 audit(1718168834.819:108757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31108 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f56dbe7a627 code=0x7ffc0000
[ 1819.816709][T29976] device bridge_slave_0 left promiscuous mode
[ 1819.823638][T29976] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1819.833485][T29976] device veth1_macvtap left promiscuous mode
[ 1819.840994][T29976] device veth0_vlan left promiscuous mode
[ 1819.976263][T31116] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1819.983416][T31116] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1819.995576][T31116] device bridge_slave_0 entered promiscuous mode
[ 1820.037414][T31116] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1820.052204][T31116] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1820.060332][T31116] device bridge_slave_1 entered promiscuous mode
[ 1820.170297][T31116] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1820.177194][T31116] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1820.184254][T31116] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1820.191057][T31116] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1820.223889][T30488] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1820.231616][T30488] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1820.238862][T30488] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1820.256361][T30488] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1820.264276][T30488] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1820.271069][T30488] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1820.279315][T30488] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1820.287500][T30488] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1820.294338][T30488] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1820.301697][T30488] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1820.309729][T30488] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1820.325514][T27718] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1820.334418][T27718] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1820.342467][T27718] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1820.350285][T27718] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1820.358843][T31116] device veth0_vlan entered promiscuous mode
[ 1820.376874][T31116] device veth1_macvtap entered promiscuous mode
[ 1820.383567][T16473] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1820.394500][T16473] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1820.404821][  T546] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1820.895740][T30488] usb 1-1: new high-speed USB device number 57 using dummy_hcd
[ 1820.972054][T31135] loop3: detected capacity change from 0 to 131072
[ 1821.011578][T31135] F2FS-fs (loop3): invalid crc value
[ 1821.026723][T31135] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387)
[ 1821.205691][T30488] usb 1-1: Using ep0 maxpacket: 32
[ 1821.399667][T30488] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1821.418150][T30488] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1821.425623][T31135] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b
[ 1821.445190][T30488] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[ 1821.519968][T30488] usb 1-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00
[ 1821.530389][T30488] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1821.539203][T30488] usb 1-1: config 0 descriptor??
[ 1821.616788][T31153] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=31153 comm=syz-executor.3
[ 1821.963379][T31158] loop4: detected capacity change from 0 to 512
[ 1822.065376][T31158] EXT4-fs (loop4): orphan cleanup on readonly fs
[ 1822.072454][T31158] EXT4-fs error (device loop4): ext4_quota_enable:6943: comm syz-executor.4: inode #65535: comm syz-executor.4: iget: illegal inode #
[ 1822.087043][T31158] EXT4-fs error (device loop4): ext4_quota_enable:6946: comm syz-executor.4: Bad quota inode: 65535, type: 2
[ 1822.099021][T31158] EXT4-fs warning (device loop4): ext4_enable_quotas:6987: Failed to enable quota tracking (type=2, err=-117, ino=65535). Please run e2fsck to fix.
[ 1822.170714][T31158] EXT4-fs (loop4): Cannot turn on quotas: error -117
[ 1822.177355][T31158] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 1822.187031][T30488] ntrig 0003:1B96:000A.0122: unknown main item tag 0x0
[ 1822.194101][T30488] ntrig 0003:1B96:000A.0122: unknown main item tag 0x0
[ 1822.200971][T30488] ntrig 0003:1B96:000A.0122: unknown main item tag 0x0
[ 1822.207800][T30488] ntrig 0003:1B96:000A.0122: unknown main item tag 0x0
[ 1822.243634][T30488] ntrig 0003:1B96:000A.0122: unknown main item tag 0x0
[ 1822.251279][T30488] ntrig 0003:1B96:000A.0122: hidraw0: USB HID v0.00 Device [HID 1b96:000a] on usb-dummy_hcd.0-1/input0
[ 1822.871968][T30488] usb 1-1: USB disconnect, device number 57
[ 1823.116880][T29634] EXT4-fs (loop4): unmounting filesystem.
[ 1823.446037][T31177] loop1: detected capacity change from 0 to 256
[ 1823.658638][T31177] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0xd3fc6e3e, utbl_chksum : 0xe619d30d)
[ 1823.972787][T31177] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186)
[ 1824.129495][T30488] usb 1-1: new high-speed USB device number 58 using dummy_hcd
[ 1824.324815][T31174] loop2: detected capacity change from 0 to 131072
[ 1824.375631][T30488] usb 1-1: Using ep0 maxpacket: 16
[ 1824.389408][T31174] F2FS-fs (loop2): invalid crc value
[ 1824.395762][T31174] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387)
[ 1824.415990][T31174] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b
[ 1824.495690][T30488] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1824.505777][T30488] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1824.518824][T30488] usb 1-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[ 1824.527755][T30488] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1824.538128][T30488] usb 1-1: config 0 descriptor??
[ 1824.597831][T30488] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[ 1824.665658][   T28] kauditd_printk_skb: 2208 callbacks suppressed
[ 1824.665720][   T28] audit: type=1107 audit(1718168840.079:110966): pid=31173 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg=''
[ 1825.160283][T31203] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1825.193436][T31203] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1825.927287][T31215] loop1: detected capacity change from 0 to 512
[ 1826.134653][T31215] EXT4-fs (loop1): orphan cleanup on readonly fs
[ 1826.142867][T31215] EXT4-fs error (device loop1): ext4_quota_enable:6943: comm syz-executor.1: inode #65535: comm syz-executor.1: iget: illegal inode #
[ 1826.157457][T31215] EXT4-fs error (device loop1): ext4_quota_enable:6946: comm syz-executor.1: Bad quota inode: 65535, type: 2
[ 1826.169896][T31215] EXT4-fs warning (device loop1): ext4_enable_quotas:6987: Failed to enable quota tracking (type=2, err=-117, ino=65535). Please run e2fsck to fix.
[ 1826.189411][T31215] EXT4-fs (loop1): Cannot turn on quotas: error -117
[ 1826.195987][T31215] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1826.252415][T31222] loop3: detected capacity change from 0 to 512
[ 1826.277230][T31222] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[ 1826.286105][T31222] ext4 filesystem being mounted at /root/syzkaller-testdir1735175918/syzkaller.T58mVu/96/file0 supports timestamps until 2038 (0x7fffffff)
[ 1826.305805][T31222] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 12: comm syz-executor.3: path /root/syzkaller-testdir1735175918/syzkaller.T58mVu/96/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[ 1826.331980][T31222] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 13: comm syz-executor.3: path /root/syzkaller-testdir1735175918/syzkaller.T58mVu/96/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0
[ 1826.359168][T31222] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 14: comm syz-executor.3: path /root/syzkaller-testdir1735175918/syzkaller.T58mVu/96/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[ 1826.386400][T31222] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 15: comm syz-executor.3: path /root/syzkaller-testdir1735175918/syzkaller.T58mVu/96/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[ 1826.411406][T31222] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 16: comm syz-executor.3: path /root/syzkaller-testdir1735175918/syzkaller.T58mVu/96/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0
[ 1826.437436][T31222] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 17: comm syz-executor.3: path /root/syzkaller-testdir1735175918/syzkaller.T58mVu/96/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[ 1826.462600][T31222] EXT4-fs error (device loop3): ext4_map_blocks:607: inode #2: block 18: comm syz-executor.3: lblock 23 mapped to illegal pblock 18 (length 1)
[ 1826.554746][T27718] usb 1-1: USB disconnect, device number 58
[ 1826.837261][T29464] EXT4-fs (loop3): unmounting filesystem.
[ 1826.920017][T31116] EXT4-fs (loop1): unmounting filesystem.
[ 1827.043292][T31232] futex_wake_op: syz-executor.3 tries to shift op by -1; fix this program
[ 1827.144719][T31238] loop4: detected capacity change from 0 to 256
[ 1827.165150][T31238] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0xd3fc6e3e, utbl_chksum : 0xe619d30d)
[ 1827.177221][T31238] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186)
[ 1827.395603][T27718] usb 2-1: new high-speed USB device number 67 using dummy_hcd
[ 1827.498407][T31240] loop3: detected capacity change from 0 to 131072
[ 1827.525991][T31240] F2FS-fs (loop3): invalid crc value
[ 1827.532492][T31240] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387)
[ 1827.677354][T31240] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b
[ 1827.805618][T27718] usb 2-1: Using ep0 maxpacket: 16
[ 1828.040389][   T28] audit: type=1107 audit(1718168843.539:110967): pid=31239 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg=''
[ 1828.296027][T27718] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00
[ 1828.315037][T27718] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1828.340009][T27718] usb 2-1: Product: syz
[ 1828.364151][T27718] usb 2-1: Manufacturer: syz
[ 1828.374988][T27718] usb 2-1: SerialNumber: syz
[ 1828.394488][T27718] usb 2-1: config 0 descriptor??
[ 1828.458173][T27718] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected
[ 1828.472045][T27718] usb 2-1: Detected FT232H
[ 1828.685669][T27718] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[ 1828.945699][T27718] ftdi_sio 2-1:0.0: GPIO initialisation failed: -5
[ 1828.952396][T27718] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0
[ 1829.146931][T30488] usb 2-1: USB disconnect, device number 67
[ 1829.153250][T30488] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[ 1829.164424][T30488] ftdi_sio 2-1:0.0: device disconnected
[ 1829.365406][T31276] loop4: detected capacity change from 0 to 512
[ 1829.374020][  T546] usb 1-1: new high-speed USB device number 59 using dummy_hcd
[ 1829.438358][T31276] EXT4-fs (loop4): orphan cleanup on readonly fs
[ 1829.445276][T31276] EXT4-fs error (device loop4): ext4_quota_enable:6943: comm syz-executor.4: inode #65535: comm syz-executor.4: iget: illegal inode #
[ 1829.459777][T31276] EXT4-fs error (device loop4): ext4_quota_enable:6946: comm syz-executor.4: Bad quota inode: 65535, type: 2
[ 1829.471783][T31276] EXT4-fs warning (device loop4): ext4_enable_quotas:6987: Failed to enable quota tracking (type=2, err=-117, ino=65535). Please run e2fsck to fix.
[ 1829.615628][  T546] usb 1-1: Using ep0 maxpacket: 16
[ 1829.642730][T31276] EXT4-fs (loop4): Cannot turn on quotas: error -117
[ 1829.649419][T31276] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 1829.735667][  T546] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1829.745754][  T546] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1829.758661][  T546] usb 1-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[ 1829.768162][  T546] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1829.777096][  T546] usb 1-1: config 0 descriptor??
[ 1829.816108][  T546] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[ 1829.969975][T31287] loop1: detected capacity change from 0 to 256
[ 1829.985341][T31287] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0xd3fc6e3e, utbl_chksum : 0xe619d30d)
[ 1829.997523][T31287] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186)
[ 1830.161296][T29634] EXT4-fs (loop4): unmounting filesystem.
[ 1830.216207][T31289] loop4: detected capacity change from 0 to 256
[ 1830.371965][T31293] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1830.380839][T31293] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1830.388490][T31294] Invalid ELF header magic: != ELF
[ 1831.039716][T31296] loop2: detected capacity change from 0 to 256
[ 1831.158739][T31296] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0xd3fc6e3e, utbl_chksum : 0xe619d30d)
[ 1831.183085][T31296] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186)
[ 1831.299788][T31291] loop3: detected capacity change from 0 to 131072
[ 1831.329268][T31291] F2FS-fs (loop3): invalid crc value
[ 1831.340995][T31291] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387)
[ 1831.390956][T31291] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b
[ 1831.635725][   T28] audit: type=1107 audit(1718168847.079:110968): pid=31290 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg=''
[ 1832.096915][ T2630] usb 1-1: USB disconnect, device number 59
[ 1832.874436][T31332] loop4: detected capacity change from 0 to 512
[ 1832.887777][T16473] usb 1-1: new high-speed USB device number 60 using dummy_hcd
[ 1832.910789][T31332] EXT4-fs (loop4): orphan cleanup on readonly fs
[ 1832.918466][T31332] EXT4-fs error (device loop4): ext4_quota_enable:6943: comm syz-executor.4: inode #65535: comm syz-executor.4: iget: illegal inode #
[ 1832.932793][T31332] EXT4-fs error (device loop4): ext4_quota_enable:6946: comm syz-executor.4: Bad quota inode: 65535, type: 2
[ 1832.945281][T31332] EXT4-fs warning (device loop4): ext4_enable_quotas:6987: Failed to enable quota tracking (type=2, err=-117, ino=65535). Please run e2fsck to fix.
[ 1833.131049][T31332] EXT4-fs (loop4): Cannot turn on quotas: error -117
[ 1833.137698][T31332] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 1833.249805][T31338] loop2: detected capacity change from 0 to 256
[ 1833.267409][T31338] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0xd3fc6e3e, utbl_chksum : 0xe619d30d)
[ 1833.280270][T31338] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186)
[ 1833.395589][T16473] usb 1-1: Using ep0 maxpacket: 16
[ 1833.506283][T31343] binder: 31340:31343 ioctl 4018620d 0 returned -22
[ 1833.736212][T29634] EXT4-fs (loop4): unmounting filesystem.
[ 1833.865776][T16473] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00
[ 1833.876078][T16473] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1833.884850][T16473] usb 1-1: Product: syz
[ 1833.889187][T16473] usb 1-1: Manufacturer: syz
[ 1833.893710][T16473] usb 1-1: SerialNumber: syz
[ 1833.899098][T16473] usb 1-1: config 0 descriptor??
[ 1833.946209][T16473] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected
[ 1833.953763][T16473] usb 1-1: Detected FT232H
[ 1833.964549][T31351] loop3: detected capacity change from 0 to 256
[ 1833.984074][T31351] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0xd3fc6e3e, utbl_chksum : 0xe619d30d)
[ 1833.996419][T31351] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186)
[ 1834.154379][T31349] loop4: detected capacity change from 0 to 131072
[ 1834.165634][T16473] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[ 1834.169557][T31349] F2FS-fs (loop4): invalid crc value
[ 1834.178719][T31349] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387)
[ 1834.201150][T31349] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b
[ 1834.253887][T31349] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=31349 comm=syz-executor.4
[ 1834.315683][ T2630] usb 2-1: new high-speed USB device number 68 using dummy_hcd
[ 1834.445698][T16473] ftdi_sio 1-1:0.0: GPIO initialisation failed: -5
[ 1834.452583][T16473] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0
[ 1834.605620][   T19] usb 3-1: new high-speed USB device number 62 using dummy_hcd
[ 1834.646557][  T546] usb 1-1: USB disconnect, device number 60
[ 1834.652726][  T546] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[ 1834.662093][  T546] ftdi_sio 1-1:0.0: device disconnected
[ 1834.675669][ T2630] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1834.686490][ T2630] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1834.696051][ T2630] usb 2-1: New USB device found, idVendor=056a, idProduct=00f8, bcdDevice= 0.00
[ 1834.704875][ T2630] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1834.713113][ T2630] usb 2-1: config 0 descriptor??
[ 1834.865668][T24347] usb 5-1: new high-speed USB device number 59 using dummy_hcd
[ 1834.875607][   T19] usb 3-1: Using ep0 maxpacket: 16
[ 1834.896853][T31368] loop3: detected capacity change from 0 to 256
[ 1834.911706][T31368] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0xd3fc6e3e, utbl_chksum : 0xe619d30d)
[ 1834.923768][T31368] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186)
[ 1835.005658][   T19] usb 3-1: config 0 has no interfaces?
[ 1835.144329][   T19] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[ 1835.153292][   T19] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1835.161674][   T19] usb 3-1: Product: syz
[ 1835.165769][   T19] usb 3-1: Manufacturer: syz
[ 1835.213370][   T19] r8152-cfgselector 3-1: config 0 descriptor??
[ 1835.445694][T24347] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1835.456662][T24347] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1835.466558][T24347] usb 5-1: New USB device found, idVendor=056a, idProduct=00f8, bcdDevice= 0.00
[ 1835.478547][T24347] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1835.487403][T24347] usb 5-1: config 0 descriptor??
[ 1835.841736][  T546] usb 3-1: USB disconnect, device number 62
[ 1836.777058][T31389] loop2: detected capacity change from 0 to 40427
[ 1836.788220][T31389] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[ 1836.795963][T31389] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[ 1836.806557][T31389] F2FS-fs (loop2): Found nat_bits in checkpoint
[ 1836.843968][T31389] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[ 1836.856888][T31389] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[ 1836.863799][T31389] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[ 1837.095627][ T2630] usbhid 2-1:0.0: can't add hid device: -71
[ 1837.101481][ T2630] usbhid: probe of 2-1:0.0 failed with error -71
[ 1837.103786][T31397] loop2: detected capacity change from 0 to 256
[ 1837.108474][ T2630] usb 2-1: USB disconnect, device number 68
[ 1837.123663][T31397] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0xd3fc6e3e, utbl_chksum : 0xe619d30d)
[ 1837.135749][T31397] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186)
[ 1837.194672][T31399] 9pnet_fd: Insufficient options for proto=fd
[ 1837.625661][T24347] usbhid 5-1:0.0: can't add hid device: -71
[ 1837.631598][T24347] usbhid: probe of 5-1:0.0 failed with error -71
[ 1837.638510][T24347] usb 5-1: USB disconnect, device number 59
[ 1838.565607][T24347] usb 3-1: new high-speed USB device number 63 using dummy_hcd
[ 1838.805596][T24347] usb 3-1: Using ep0 maxpacket: 16
[ 1839.072080][T31418] futex_wake_op: syz-executor.3 tries to shift op by -1; fix this program
[ 1839.085639][T24347] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00
[ 1839.094557][T24347] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1839.102432][T24347] usb 3-1: Product: syz
[ 1839.106379][T24347] usb 3-1: Manufacturer: syz
[ 1839.110751][T24347] usb 3-1: SerialNumber: syz
[ 1839.115890][T24347] usb 3-1: config 0 descriptor??
[ 1839.155968][T24347] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected
[ 1839.163582][T24347] usb 3-1: Detected FT232H
[ 1839.365744][T24347] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[ 1839.625709][T24347] ftdi_sio 3-1:0.0: GPIO initialisation failed: -5
[ 1839.632541][T24347] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0
[ 1839.725461][T31428] loop1: detected capacity change from 0 to 256
[ 1839.742273][T31428] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0xd3fc6e3e, utbl_chksum : 0xe619d30d)
[ 1839.754337][T31428] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186)
[ 1839.826532][ T2630] usb 3-1: USB disconnect, device number 63
[ 1839.832697][ T2630] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[ 1839.841951][ T2630] ftdi_sio 3-1:0.0: device disconnected
[ 1840.015610][T24347] usb 1-1: new high-speed USB device number 61 using dummy_hcd
[ 1840.208798][T31434] loop3: detected capacity change from 0 to 40427
[ 1840.221953][T31434] F2FS-fs (loop3): Invalid Fs Meta Ino: node(0) meta(2) root(0)
[ 1840.229506][T31434] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[ 1840.237961][T31434] F2FS-fs (loop3): invalid crc value
[ 1840.244333][T31434] F2FS-fs (loop3): Found nat_bits in checkpoint
[ 1840.267914][T31434] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[ 1840.274819][T31434] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[ 1840.292135][T31434] F2FS-fs (loop3): Unrecognized mount option "€" or missing value
[ 1840.375627][T24347] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1840.388365][T24347] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1840.397407][T24347] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1840.405788][T24347] usb 1-1: config 0 descriptor??
[ 1840.445947][T24347] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[ 1840.625718][T31445] loop3: detected capacity change from 0 to 512
[ 1840.793777][T31445] EXT4-fs (loop3): orphan cleanup on readonly fs
[ 1840.800360][T31445] EXT4-fs error (device loop3): ext4_quota_enable:6943: comm syz-executor.3: inode #65535: comm syz-executor.3: iget: illegal inode #
[ 1840.814439][T31445] EXT4-fs error (device loop3): ext4_quota_enable:6946: comm syz-executor.3: Bad quota inode: 65535, type: 2
[ 1840.826174][T31445] EXT4-fs warning (device loop3): ext4_enable_quotas:6987: Failed to enable quota tracking (type=2, err=-117, ino=65535). Please run e2fsck to fix.
[ 1840.841063][T31445] EXT4-fs (loop3): Cannot turn on quotas: error -117
[ 1840.847630][T31445] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[ 1841.265632][    T6] usb 2-1: new high-speed USB device number 69 using dummy_hcd
[ 1841.433105][T29464] EXT4-fs (loop3): unmounting filesystem.
[ 1841.482234][T31455] loop2: detected capacity change from 0 to 512
[ 1841.507532][T31455] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 1841.516386][T31455] ext4 filesystem being mounted at /root/syzkaller-testdir3059729094/syzkaller.m3ZGsy/260/file0 supports timestamps until 2038 (0x7fffffff)
[ 1841.532776][T31460] 9pnet_fd: Insufficient options for proto=fd
[ 1841.562374][T26653] EXT4-fs (loop2): unmounting filesystem.
[ 1841.685638][    T6] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1841.696409][    T6] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1841.705914][    T6] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1841.714754][    T6] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1841.722953][    T6] usb 2-1: config 0 descriptor??
[ 1842.785217][ T2630] usb 1-1: USB disconnect, device number 61
[ 1843.155605][    T6] uclogic 0003:256C:006D.0123: failed retrieving string descriptor #100: -71
[ 1843.169007][    T6] uclogic 0003:256C:006D.0123: failed retrieving pen parameters: -71
[ 1843.177284][    T6] uclogic 0003:256C:006D.0123: failed probing pen v1 parameters: -71
[ 1843.185219][    T6] uclogic 0003:256C:006D.0123: failed probing parameters: -71
[ 1843.192682][    T6] uclogic: probe of 0003:256C:006D.0123 failed with error -71
[ 1843.201524][    T6] usb 2-1: USB disconnect, device number 69
[ 1843.270352][T31482] loop3: detected capacity change from 0 to 256
[ 1843.341841][T31482] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0xd3fc6e3e, utbl_chksum : 0xe619d30d)
[ 1843.389208][T31482] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186)
[ 1844.135714][ T2630] usb 2-1: new high-speed USB device number 70 using dummy_hcd
[ 1844.467014][T31489] loop3: detected capacity change from 0 to 512
[ 1844.547392][T31489] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #16: comm syz-executor.3: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 19200(19200)
[ 1844.566448][T31489] EXT4-fs error (device loop3): ext4_orphan_get:1401: comm syz-executor.3: couldn't read orphan inode 16 (err -117)
[ 1844.578715][T31489] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[ 1844.587508][T31489] ext4 filesystem being mounted at /root/syzkaller-testdir1735175918/syzkaller.T58mVu/118/file1 supports timestamps until 2038 (0x7fffffff)
[ 1844.609764][   T28] audit: type=1400 audit(1718168860.109:110969): avc:  denied  { execute } for  pid=31488 comm="syz-executor.3" path="/root/syzkaller-testdir1735175918/syzkaller.T58mVu/118/file1/bus" dev="loop3" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[ 1844.675667][ T2630] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1844.686584][ T2630] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1844.696208][ T2630] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1844.705024][ T2630] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1844.713181][ T2630] usb 2-1: config 0 descriptor??
[ 1844.794542][T29464] EXT4-fs error (device loop3): ext4_map_blocks:607: inode #2: block 3: comm syz-executor.3: lblock 0 mapped to illegal pblock 3 (length 1)
[ 1844.811810][T29976] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Corrupt filesystem
[ 1844.821325][T29976] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm kworker/u4:3: mark_inode_dirty error
[ 1844.874091][T29976] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Corrupt filesystem
[ 1844.883735][T29976] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm kworker/u4:3: mark_inode_dirty error
[ 1844.895193][T29976] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 117
[ 1844.907395][T29976] EXT4-fs (loop3): This should not happen!! Data will be lost
[ 1844.907395][T29976] 
[ 1844.909946][T31498] 9pnet_fd: Insufficient options for proto=fd
[ 1844.917862][T29464] EXT4-fs (loop3): unmounting filesystem.
[ 1844.931844][T29464] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Corrupt filesystem
[ 1844.943115][T29464] EXT4-fs error (device loop3): ext4_quota_off:7041: inode #3: comm syz-executor.3: mark_inode_dirty error
[ 1845.195789][ T2630] hid (null): bogus close delimiter
[ 1845.342905][   T28] audit: type=1400 audit(1718168860.839:110970): avc:  denied  { read } for  pid=31507 comm="syz-executor.3" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 1845.364728][   T28] audit: type=1400 audit(1718168860.839:110971): avc:  denied  { open } for  pid=31507 comm="syz-executor.3" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 1845.388463][T30488] usb 1-1: new high-speed USB device number 62 using dummy_hcd
[ 1845.408621][T31507] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1845.415495][T31507] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1845.422703][T31507] device bridge_slave_0 entered promiscuous mode
[ 1845.429361][T31507] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1845.436412][T31507] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1845.443488][T31507] device bridge_slave_1 entered promiscuous mode
[ 1845.484165][T31507] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1845.491020][T31507] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1845.498088][T31507] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1845.504890][T31507] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1845.505628][  T626] usb 5-1: new high-speed USB device number 60 using dummy_hcd
[ 1845.528126][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1845.535488][    T6] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1845.543399][    T6] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1845.552115][T24347] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1845.560359][T24347] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1845.567207][T24347] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1845.586951][  T546] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1845.595318][  T546] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1845.603236][  T546] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1845.610068][  T546] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1845.617254][  T546] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1845.624934][  T546] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1845.644598][T31507] device veth0_vlan entered promiscuous mode
[ 1845.651231][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1845.661447][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1845.667639][T30488] usb 1-1: Using ep0 maxpacket: 16
[ 1845.668969][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1845.685911][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1845.694969][T31507] device veth1_macvtap entered promiscuous mode
[ 1845.695667][ T2630] usb 2-1: string descriptor 0 read error: -71
[ 1845.705139][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1845.719343][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1845.725832][ T2630] uclogic 0003:256C:006D.0124: failed retrieving string descriptor #200: -71
[ 1845.736844][ T2630] uclogic 0003:256C:006D.0124: failed retrieving pen parameters: -71
[ 1845.744815][ T2630] uclogic 0003:256C:006D.0124: failed probing pen v2 parameters: -71
[ 1845.754137][ T2630] uclogic 0003:256C:006D.0124: failed probing parameters: -71
[ 1845.761661][ T2630] uclogic: probe of 0003:256C:006D.0124 failed with error -71
[ 1845.770119][ T2630] usb 2-1: USB disconnect, device number 70
[ 1845.825630][T30488] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 1845.875638][  T626] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1845.886599][  T626] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1845.896233][  T626] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1845.896494][T25010] device bridge_slave_1 left promiscuous mode
[ 1845.904983][  T626] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1845.905600][T30488] usb 1-1: config 0 has no interfaces?
[ 1845.921241][T25010] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1845.924059][  T626] usb 5-1: config 0 descriptor??
[ 1845.951991][T25010] device bridge_slave_0 left promiscuous mode
[ 1845.971369][T25010] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1846.004413][T25010] device veth1_macvtap left promiscuous mode
[ 1846.020330][T25010] device veth0_vlan left promiscuous mode
[ 1846.079068][  T626] usbhid 5-1:0.0: can't add hid device: -22
[ 1846.089357][  T626] usbhid: probe of 5-1:0.0 failed with error -22
[ 1846.196101][T30488] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1846.209064][T30488] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1846.244050][T30488] usb 1-1: Product: syz
[ 1846.252920][T30488] usb 1-1: Manufacturer: syz
[ 1846.266674][T30488] usb 1-1: SerialNumber: syz
[ 1846.278686][T30488] usb 1-1: config 0 descriptor??
[ 1846.663234][T30488] usb 1-1: USB disconnect, device number 62
[ 1848.141723][T31543] loop1: detected capacity change from 0 to 256
[ 1848.182023][T31537] loop2: detected capacity change from 0 to 40427
[ 1848.211395][T31537] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[ 1848.231414][T31537] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[ 1848.287192][T31537] F2FS-fs (loop2): Found nat_bits in checkpoint
[ 1848.489328][T31537] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[ 1848.525791][T31537] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[ 1848.536408][T31550] Invalid ELF header magic: != ELF
[ 1848.537406][T31537] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[ 1848.683028][T31530] loop3: detected capacity change from 0 to 131072
[ 1848.709383][T31530] F2FS-fs (loop3): invalid crc value
[ 1848.716039][T31530] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387)
[ 1848.757937][T31530] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b
[ 1848.975687][   T28] audit: type=1107 audit(1718168864.449:110972): pid=31529 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg=''
[ 1849.040885][T30488] usb 5-1: USB disconnect, device number 60
[ 1849.162300][T31560] futex_wake_op: syz-executor.2 tries to shift op by -1; fix this program
[ 1849.661623][T31570] loop4: detected capacity change from 0 to 512
[ 1849.937811][T31570] EXT4-fs (loop4): orphan cleanup on readonly fs
[ 1849.944818][T31570] EXT4-fs error (device loop4): ext4_quota_enable:6943: comm syz-executor.4: inode #65535: comm syz-executor.4: iget: illegal inode #
[ 1849.959103][T31570] EXT4-fs error (device loop4): ext4_quota_enable:6946: comm syz-executor.4: Bad quota inode: 65535, type: 2
[ 1849.971045][T31570] EXT4-fs warning (device loop4): ext4_enable_quotas:6987: Failed to enable quota tracking (type=2, err=-117, ino=65535). Please run e2fsck to fix.
[ 1850.088280][T31570] EXT4-fs (loop4): Cannot turn on quotas: error -117
[ 1850.094821][T31570] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 1850.320810][T29634] EXT4-fs (loop4): unmounting filesystem.
[ 1850.593750][T31590] binder: 31582:31590 ioctl 4018620d 0 returned -22
[ 1850.635671][  T546] usb 1-1: new high-speed USB device number 63 using dummy_hcd
[ 1851.045940][  T546] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 384
[ 1851.056125][  T546] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[ 1851.145862][  T546] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1851.155229][  T546] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1851.163275][  T546] usb 1-1: SerialNumber: syz
[ 1851.225884][T31581] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1851.420784][T31598] loop1: detected capacity change from 0 to 256
[ 1851.448197][T31581] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1851.776463][T31605] Invalid ELF header magic: != ELF
[ 1851.907769][  T546] cdc_ether 1-1:1.0 wwan0: register 'cdc_ether' at usb-dummy_hcd.0-1, Mobile Broadband Network Device, 42:42:42:42:42:42
[ 1851.945585][T31578] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[ 1852.104927][T31604] loop4: detected capacity change from 0 to 131072
[ 1852.112327][  T546] usb 1-1: USB disconnect, device number 63
[ 1852.118482][  T546] cdc_ether 1-1:1.0 wwan0: unregister 'cdc_ether' usb-dummy_hcd.0-1, Mobile Broadband Network Device
[ 1852.129210][ T2630] usb 3-1: new high-speed USB device number 64 using dummy_hcd
[ 1852.138377][T31604] F2FS-fs (loop4): invalid crc value
[ 1852.144887][T31604] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387)
[ 1852.166157][T31604] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b
[ 1852.332948][   T28] audit: type=1107 audit(1718168867.829:110973): pid=31603 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg=''
[ 1852.545639][T31578] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1852.555659][ T2630] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1852.556406][T31578] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1852.567186][ T2630] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1852.576656][T31578] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1852.576682][T31578] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1852.577292][T31578] usb 4-1: config 0 descriptor??
[ 1852.586750][ T2630] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1852.632708][ T2630] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1852.641487][ T2630] usb 3-1: config 0 descriptor??
[ 1852.686193][ T2630] usbhid 3-1:0.0: can't add hid device: -22
[ 1852.691996][ T2630] usbhid: probe of 3-1:0.0 failed with error -22
[ 1852.906585][T31617] binder: 31613:31617 ioctl 4018620d 0 returned -22
[ 1853.405752][T31578] usb 4-1: string descriptor 0 read error: -71
[ 1853.425637][T31578] uclogic 0003:256C:006D.0125: failed retrieving string descriptor #200: -71
[ 1853.434291][T31578] uclogic 0003:256C:006D.0125: failed retrieving pen parameters: -71
[ 1853.442183][T31578] uclogic 0003:256C:006D.0125: failed probing pen v2 parameters: -71
[ 1853.450063][T31578] uclogic 0003:256C:006D.0125: failed probing parameters: -71
[ 1853.457422][T31578] uclogic: probe of 0003:256C:006D.0125 failed with error -71
[ 1853.465429][T31578] usb 4-1: USB disconnect, device number 47
[ 1854.245456][T31639] binder: 31634:31639 ioctl 4018620d 0 returned -22
[ 1854.289012][T31578] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[ 1854.410729][T31641] 9pnet_fd: Insufficient options for proto=fd
[ 1854.737163][ T2630] usb 3-1: USB disconnect, device number 64
[ 1854.775731][T31578] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1854.786573][T31578] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1854.796278][T31578] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1854.805205][T31578] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1854.815235][T31578] usb 4-1: config 0 descriptor??
[ 1854.905905][T31649] futex_wake_op: syz-executor.2 tries to shift op by -1; fix this program
[ 1855.147714][T31647] loop1: detected capacity change from 0 to 40427
[ 1855.170585][T31647] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[ 1855.178247][T31647] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[ 1855.189237][T31647] F2FS-fs (loop1): invalid crc value
[ 1855.199237][T31647] F2FS-fs (loop1): Found nat_bits in checkpoint
[ 1855.271190][T31647] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[ 1855.790874][T31647] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[ 1856.453387][T31671] loop4: detected capacity change from 0 to 512
[ 1856.709357][T31671] EXT4-fs (loop4): orphan cleanup on readonly fs
[ 1856.717768][T31671] EXT4-fs error (device loop4): ext4_quota_enable:6943: comm syz-executor.4: inode #65535: comm syz-executor.4: iget: illegal inode #
[ 1856.731929][T31671] EXT4-fs error (device loop4): ext4_quota_enable:6946: comm syz-executor.4: Bad quota inode: 65535, type: 2
[ 1856.743572][T31671] EXT4-fs warning (device loop4): ext4_enable_quotas:6987: Failed to enable quota tracking (type=2, err=-117, ino=65535). Please run e2fsck to fix.
[ 1856.757502][T31653] loop2: detected capacity change from 0 to 131072
[ 1856.764771][T31671] EXT4-fs (loop4): Cannot turn on quotas: error -117
[ 1856.771337][T31671] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 1856.783197][T31653] F2FS-fs (loop2): invalid crc value
[ 1856.789753][T31653] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387)
[ 1856.810775][T31653] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b
[ 1856.984013][   T28] audit: type=1107 audit(1718168872.479:110974): pid=31650 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg=''
[ 1857.155648][T31578] uclogic 0003:256C:006D.0126: failed retrieving string descriptor #100: -71
[ 1857.164290][T31578] uclogic 0003:256C:006D.0126: failed retrieving pen parameters: -71
[ 1857.176626][T31578] uclogic 0003:256C:006D.0126: failed probing pen v1 parameters: -71
[ 1857.184748][T31578] uclogic 0003:256C:006D.0126: failed probing parameters: -71
[ 1857.192143][T31578] uclogic: probe of 0003:256C:006D.0126 failed with error -71
[ 1857.200199][T31578] usb 4-1: USB disconnect, device number 48
[ 1857.270877][T29634] EXT4-fs (loop4): unmounting filesystem.
[ 1857.355682][ T8183] usb 1-1: new high-speed USB device number 64 using dummy_hcd
[ 1857.449764][T31688] 9pnet_fd: Insufficient options for proto=fd
[ 1857.605582][ T8183] usb 1-1: Using ep0 maxpacket: 32
[ 1857.677155][T31696] loop4: detected capacity change from 0 to 512
[ 1857.740075][T31696] EXT4-fs (loop4): orphan cleanup on readonly fs
[ 1857.747758][T31696] EXT4-fs error (device loop4): ext4_quota_enable:6943: comm syz-executor.4: inode #65535: comm syz-executor.4: iget: illegal inode #
[ 1857.762312][T31696] EXT4-fs error (device loop4): ext4_quota_enable:6946: comm syz-executor.4: Bad quota inode: 65535, type: 2
[ 1857.774495][T31696] EXT4-fs warning (device loop4): ext4_enable_quotas:6987: Failed to enable quota tracking (type=2, err=-117, ino=65535). Please run e2fsck to fix.
[ 1857.798735][T31696] EXT4-fs (loop4): Cannot turn on quotas: error -117
[ 1857.805354][T31696] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 1857.925699][ T8183] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1857.936429][ T8183] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1857.946004][T31578] usb 3-1: new high-speed USB device number 65 using dummy_hcd
[ 1857.953367][ T8183] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[ 1857.966319][ T8183] usb 1-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00
[ 1857.975225][ T8183] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1857.983609][ T8183] usb 1-1: config 0 descriptor??
[ 1858.102908][T31701] binder: 31698:31701 ioctl 4018620d 0 returned -22
[ 1858.385661][T31578] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1858.396469][T31578] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1858.406078][T31578] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1858.414890][T31578] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1858.423312][T31578] usb 3-1: config 0 descriptor??
[ 1858.435431][T31705] loop1: detected capacity change from 0 to 256
[ 1858.456673][ T8183] ntrig 0003:1B96:000A.0127: unknown main item tag 0x0
[ 1858.463626][ T8183] ntrig 0003:1B96:000A.0127: unknown main item tag 0x0
[ 1858.470565][ T8183] ntrig 0003:1B96:000A.0127: unknown main item tag 0x0
[ 1858.477976][T31578] usbhid 3-1:0.0: can't add hid device: -22
[ 1858.483780][ T8183] ntrig 0003:1B96:000A.0127: unknown main item tag 0x0
[ 1858.484090][T29634] EXT4-fs (loop4): unmounting filesystem.
[ 1858.490484][T31578] usbhid: probe of 3-1:0.0 failed with error -22
[ 1858.502360][ T8183] ntrig 0003:1B96:000A.0127: unknown main item tag 0x0
[ 1858.510824][ T8183] ntrig 0003:1B96:000A.0127: hidraw0: USB HID v0.00 Device [HID 1b96:000a] on usb-dummy_hcd.0-1/input0
[ 1858.656379][T31710] Invalid ELF header magic: != ELF
[ 1858.866616][  T626] usb 1-1: USB disconnect, device number 64
[ 1858.945609][ T8183] usb 5-1: new high-speed USB device number 61 using dummy_hcd
[ 1859.134574][T31716] binder: 31712:31716 ioctl 4018620d 0 returned -22
[ 1859.415695][ T8183] usb 5-1: Using ep0 maxpacket: 16
[ 1859.651206][ T8183] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1859.762224][ T8183] usb 5-1: config 0 has no interfaces?
[ 1860.025761][ T8183] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1860.037755][ T8183] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1860.053832][ T8183] usb 5-1: Product: syz
[ 1860.061982][ T8183] usb 5-1: Manufacturer: syz
[ 1860.068063][ T8183] usb 5-1: SerialNumber: syz
[ 1860.078328][ T8183] usb 5-1: config 0 descriptor??
[ 1860.115922][T31719] loop1: detected capacity change from 0 to 131072
[ 1860.136133][T31719] F2FS-fs (loop1): invalid crc value
[ 1860.142368][T31719] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387)
[ 1860.163022][T31719] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b
[ 1860.337662][   T28] audit: type=1107 audit(1718168875.829:110975): pid=31717 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg=''
[ 1860.373609][  T626] usb 5-1: USB disconnect, device number 61
[ 1860.492219][T31578] usb 3-1: USB disconnect, device number 65
[ 1860.787157][T31741] 9pnet_fd: Insufficient options for proto=fd
[ 1861.339531][T31753] binder: 31744:31753 ioctl 4018620d 0 returned -22
[ 1861.447750][T31757] loop3: detected capacity change from 0 to 512
[ 1861.558124][T31759] binder: 31754:31759 ioctl 4018620d 0 returned -22
[ 1861.854924][T31757] EXT4-fs (loop3): orphan cleanup on readonly fs
[ 1861.862482][T31757] EXT4-fs error (device loop3): ext4_quota_enable:6943: comm syz-executor.3: inode #65535: comm syz-executor.3: iget: illegal inode #
[ 1861.877134][T31757] EXT4-fs error (device loop3): ext4_quota_enable:6946: comm syz-executor.3: Bad quota inode: 65535, type: 2
[ 1861.888806][T31757] EXT4-fs warning (device loop3): ext4_enable_quotas:6987: Failed to enable quota tracking (type=2, err=-117, ino=65535). Please run e2fsck to fix.
[ 1861.903711][T31757] EXT4-fs (loop3): Cannot turn on quotas: error -117
[ 1861.910277][T31757] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[ 1862.539852][T31507] EXT4-fs (loop3): unmounting filesystem.
[ 1864.069577][   T28] audit: type=1400 audit(1718168879.569:110976): avc:  denied  { bind } for  pid=31777 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1864.089702][   T28] audit: type=1400 audit(1718168879.569:110977): avc:  denied  { listen } for  pid=31777 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1864.454971][   T28] audit: type=1326 audit(1718168879.949:110978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31793 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f560047cea9 code=0x7ffc0000
[ 1864.483709][   T28] audit: type=1326 audit(1718168879.949:110979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31793 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f560047cea9 code=0x7ffc0000
[ 1864.507877][   T28] audit: type=1326 audit(1718168879.949:110980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31793 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f560047baa0 code=0x7ffc0000
[ 1864.531998][   T28] audit: type=1326 audit(1718168879.949:110981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31793 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f560047e637 code=0x7ffc0000
[ 1864.556064][   T28] audit: type=1326 audit(1718168879.949:110982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31793 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f560047cea9 code=0x7ffc0000
[ 1864.580912][   T28] audit: type=1326 audit(1718168879.949:110983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31793 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f560047e637 code=0x7ffc0000
[ 1864.605243][   T28] audit: type=1326 audit(1718168879.949:110984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31793 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f560047bd9a code=0x7ffc0000
[ 1864.970573][T31806] device veth0_vlan left promiscuous mode
[ 1864.976740][T31806] device veth0_vlan entered promiscuous mode
[ 1865.027819][T31578] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1865.259775][T31578] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1865.267125][T31578] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1866.324308][T31848] device pim6reg1 entered promiscuous mode
[ 1866.705507][T31856] netlink: 'syz-executor.1': attribute type 4 has an invalid length.
[ 1866.779852][T31854] netlink: 'syz-executor.1': attribute type 4 has an invalid length.
[ 1867.084089][   T28] kauditd_printk_skb: 6 callbacks suppressed
[ 1867.084104][   T28] audit: type=1400 audit(1718168882.579:110991): avc:  denied  { read } for  pid=31867 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 1868.072222][   T28] audit: type=1326 audit(1718168883.569:110992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31909 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc60027cea9 code=0x7ffc0000
[ 1868.096495][   T28] audit: type=1326 audit(1718168883.569:110993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31909 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc60027cea9 code=0x7ffc0000
[ 1868.120572][   T28] audit: type=1326 audit(1718168883.569:110994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31909 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=333 compat=0 ip=0x7fc60027cea9 code=0x7ffc0000
[ 1868.146588][   T28] audit: type=1326 audit(1718168883.569:110995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31909 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc60027cea9 code=0x7ffc0000
[ 1868.171289][   T28] audit: type=1326 audit(1718168883.569:110996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31909 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc60027cea9 code=0x7ffc0000
[ 1868.195517][   T28] audit: type=1326 audit(1718168883.569:110997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31909 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc60027baa0 code=0x7ffc0000
[ 1868.222616][   T28] audit: type=1326 audit(1718168883.569:110998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31909 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc60027cc0b code=0x7ffc0000
[ 1868.263733][   T28] audit: type=1326 audit(1718168883.569:110999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31909 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc60027cc0b code=0x7ffc0000
[ 1868.290255][   T28] audit: type=1326 audit(1718168883.569:111000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31909 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc60027cc0b code=0x7ffc0000
[ 1868.388429][T31578] usb 2-1: new high-speed USB device number 71 using dummy_hcd
[ 1868.401558][T31919] loop2: detected capacity change from 0 to 256
[ 1868.785672][T31578] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1868.796494][T31578] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1868.806093][T31578] usb 2-1: New USB device found, idVendor=046d, idProduct=c29a, bcdDevice= 0.00
[ 1868.815272][T31578] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1868.823729][T31578] usb 2-1: config 0 descriptor??
[ 1869.445455][T31957] 9pnet_fd: Insufficient options for proto=fd
[ 1870.025609][   T19] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[ 1870.226626][T31975] ==================================================================
[ 1870.234499][T31975] BUG: KASAN: stack-out-of-bounds in hash+0x465/0xc20
[ 1870.241098][T31975] Read of size 4 at addr ffffc90003e4f5a0 by task syz-executor.4/31975
[ 1870.245671][T31976] BUG: unable to handle page fault for address: ffffc90003e60000
[ 1870.249164][T31975] 
[ 1870.249172][T31975] CPU: 1 PID: 31975 Comm: syz-executor.4 Not tainted 6.1.78-syzkaller-00002-g65aed0e2f758 #0
[ 1870.256717][T31976] #PF: supervisor read access in kernel mode
[ 1870.258886][T31975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 1870.268866][T31976] #PF: error_code(0x0000) - not-present page
[ 1870.274682][T31975] Call Trace:
[ 1870.274691][T31975]  <TASK>
[ 1870.284579][T31976] PGD 100000067 
[ 1870.290394][T31975]  dump_stack_lvl+0x151/0x1b7
[ 1870.293515][T31976] P4D 100000067 
[ 1870.296295][T31975]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 1870.299676][T31976] PUD 100154067 
[ 1870.304191][T31975]  ? _printk+0xd1/0x111
[ 1870.307577][T31976] PMD 12cdf0067 
[ 1870.312873][T31975]  ? __virt_addr_valid+0xc3/0x2f0
[ 1870.316257][T31976] PTE 0
[ 1870.320248][T31975]  print_report+0x158/0x4e0
[ 1870.323632][T31976] Oops: 0000 [#1] PREEMPT SMP KASAN
[ 1870.328493][T31975]  ? __virt_addr_valid+0xc3/0x2f0
[ 1870.331099][T31976] CPU: 0 PID: 31976 Comm: syz-executor.0 Not tainted 6.1.78-syzkaller-00002-g65aed0e2f758 #0
[ 1870.335438][T31975]  ? kasan_addr_to_slab+0xd/0x80
[ 1870.340471][T31976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 1870.345333][T31975]  ? hash+0x465/0xc20
[ 1870.355319][T31976] RIP: 0010:hash+0x2a4/0xc20
[ 1870.360094][T31975]  kasan_report+0x13c/0x170
[ 1870.369982][T31976] Code: 00 00 00 fc ff df 0f b6 04 10 84 c0 0f 85 ff 00 00 00 4a 8d 7c 36 03 48 89 f8 48 c1 e8 03 0f b6 04 10 84 c0 0f 85 17 01 00 00 <46> 03 3c 36 4a 8d 7c 36 04 48 89 f8 48 c1 e8 03 0f b6 04 10 84 c0
[ 1870.373806][T31975]  ? hash+0x465/0xc20
[ 1870.378225][T31976] RSP: 0018:ffffc90003e5f4a8 EFLAGS: 00010286
[ 1870.382568][T31975]  __asan_report_load_n_noabort+0xf/0x20
[ 1870.402009][T31976] 
[ 1870.402015][T31976] RAX: 0000000000000000 RBX: 000000005db25dd7 RCX: ffffffff8191dbf5
[ 1870.405832][T31975]  hash+0x465/0xc20
[ 1870.411729][T31976] RDX: dffffc0000000000 RSI: ffffc90003e5f568 RDI: ffffc90003e60003
[ 1870.417197][T31975]  bloom_map_peek_elem+0xac/0x1a0
[ 1870.419365][T31976] RBP: ffffc90003e5f4e8 R08: 00000000fffff55a R09: ffffffff8792e008
[ 1870.427181][T31975]  bpf_prog_00798911c748094f+0x3a/0x3e
[ 1870.430823][T31976] R10: ffffffff8792e018 R11: ffffffff8792e010 R12: 00000000fe93587d
[ 1870.438634][T31975]  bpf_trace_run8+0x299/0x330
[ 1870.443495][T31976] R13: 00000000fffff55a R14: 0000000000000a98 R15: 000000007d62df14
[ 1870.451309][T31975]  ? bpf_trace_run7+0x370/0x370
[ 1870.456602][T31976] FS:  00007f56dcc216c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 1870.464421][T31975]  ? ext4_reserve_inode_write+0x2b3/0x360
[ 1870.468927][T31976] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1870.476742][T31975]  ? inode_doinit_with_dentry+0x10f/0x1070
[ 1870.481527][T31976] CR2: ffffc90003e60000 CR3: 000000010fc76000 CR4: 00000000003506b0
[ 1870.490299][T31975]  __bpf_trace_jbd2_handle_stats+0x4a/0x60
[ 1870.495849][T31976] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1870.502270][T31975]  jbd2_journal_stop+0xc11/0xc70
[ 1870.507910][T31976] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1870.515722][T31975]  ? jbd2_journal_start_reserved+0x410/0x410
[ 1870.521368][T31976] Call Trace:
[ 1870.521375][T31976]  <TASK>
[ 1870.529173][T31975]  ? _raw_spin_unlock+0x4c/0x70
[ 1870.533947][T31976]  ? __die_body+0x62/0xb0
[ 1870.541760][T31975]  __ext4_journal_stop+0x111/0x1c0
[ 1870.547584][T31976]  ? __die+0x7e/0x90
[ 1870.550701][T31975]  ext4_create+0x2f4/0x550
[ 1870.553477][T31976]  ? page_fault_oops+0x7f9/0xa90
[ 1870.558165][T31975]  ? ext4_lookup+0x740/0x740
[ 1870.562333][T31976]  ? kernelmode_fixup_or_oops+0x270/0x270
[ 1870.567280][T31975]  ? selinux_inode_create+0x22/0x30
[ 1870.571010][T31976]  ? is_prefetch+0x47a/0x6d0
[ 1870.575263][T31975]  ? security_inode_create+0xbc/0x100
[ 1870.580034][T31976]  ? chksum_update+0x48/0xa0
[ 1870.584460][T31975]  ? ext4_lookup+0x740/0x740
[ 1870.590020][T31976]  ? crypto_shash_setkey+0x2c0/0x2c0
[ 1870.595050][T31975]  path_openat+0x12ee/0x2d60
[ 1870.599476][T31976]  ? __find_get_block+0xd38/0x1180
[ 1870.604691][T31975]  ? do_filp_open+0x480/0x480
[ 1870.609114][T31976]  ? kernelmode_fixup_or_oops+0x21b/0x270
[ 1870.613540][T31975]  do_filp_open+0x230/0x480
[ 1870.618658][T31976]  ? __bad_area_nosemaphore+0xcf/0x620
[ 1870.623085][T31975]  ? vfs_tmpfile+0x480/0x480
[ 1870.628031][T31976]  ? __jbd2_journal_temp_unlink_buffer+0x392/0x440
[ 1870.632552][T31975]  ? alloc_fd+0x4fa/0x5a0
[ 1870.638100][T31976]  ? bad_area_nosemaphore+0x2d/0x40
[ 1870.642444][T31975]  do_sys_openat2+0x13f/0x850
[ 1870.647732][T31976]  ? do_kern_addr_fault+0x69/0x80
[ 1870.652162][T31975]  ? __ia32_sys_get_robust_list+0x90/0x90
[ 1870.658499][T31976]  ? exc_page_fault+0x513/0x700
[ 1870.662662][T31975]  ? do_sys_open+0x220/0x220
[ 1870.667700][T31976]  ? asm_exc_page_fault+0x27/0x30
[ 1870.672211][T31975]  ? __sys_bpf+0x4f5/0x7f0
[ 1870.677072][T31976]  ? hash+0x3d5/0xc20
[ 1870.682627][T31975]  ? __se_sys_futex+0x35e/0x3c0
[ 1870.687312][T31976]  ? hash+0x2a4/0xc20
[ 1870.691739][T31975]  __x64_sys_openat+0x243/0x290
[ 1870.696600][T31976]  ? hash+0x3d5/0xc20
[ 1870.700853][T31975]  ? __ia32_sys_open+0x270/0x270
[ 1870.704672][T31976]  bloom_map_peek_elem+0xac/0x1a0
[ 1870.709358][T31975]  ? switch_fpu_return+0xe/0x10
[ 1870.713179][T31976]  bpf_prog_00798911c748094f+0x3a/0x3e
[ 1870.717863][T31975]  ? exit_to_user_mode_prepare+0x7e/0xa0
[ 1870.721683][T31976]  bpf_trace_run8+0x299/0x330
[ 1870.726458][T31975]  do_syscall_64+0x3d/0xb0
[ 1870.731317][T31976]  ? bpf_trace_run7+0x370/0x370
[ 1870.736006][T31975]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1870.741297][T31976]  ? ext4_reserve_inode_write+0x2b3/0x360
[ 1870.746766][T31975] RIP: 0033:0x7fc963a7cea9
[ 1870.751280][T31976]  ? inode_doinit_with_dentry+0x10f/0x1070
[ 1870.755532][T31975] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 1870.760220][T31976]  __bpf_trace_jbd2_handle_stats+0x4a/0x60
[ 1870.765947][T31975] RSP: 002b:00007fc962df70c8 EFLAGS: 00000246
[ 1870.771503][T31976]  jbd2_journal_stop+0xc11/0xc70
[ 1870.775754][T31975]  ORIG_RAX: 0000000000000101
[ 1870.781400][T31976]  ? jbd2_journal_start_reserved+0x410/0x410
[ 1870.800838][T31975] RAX: ffffffffffffffda RBX: 00007fc963bb3f80 RCX: 00007fc963a7cea9
[ 1870.806482][T31976]  ? _raw_spin_unlock+0x4c/0x70
[ 1870.812383][T31975] RDX: 000000000000275a RSI: 0000000020000080 RDI: ffffffffffffff9c
[ 1870.817156][T31976]  __ext4_journal_stop+0x111/0x1c0
[ 1870.821668][T31975] RBP: 00007fc963aebff4 R08: 0000000000000000 R09: 0000000000000000
[ 1870.827485][T31976]  ext4_create+0x2f4/0x550
[ 1870.835301][T31975] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1870.839985][T31976]  ? ext4_lookup+0x740/0x740
[ 1870.847794][T31975] R13: 000000000000000b R14: 00007fc963bb3f80 R15: 00007ffd841d4868
[ 1870.852744][T31976]  ? selinux_inode_create+0x22/0x30
[ 1870.860558][T31975]  </TASK>
[ 1870.864806][T31976]  ? security_inode_create+0xbc/0x100
[ 1870.872618][T31975] 
[ 1870.872624][T31975] The buggy address belongs to stack of task syz-executor.4/31975
[ 1870.877042][T31976]  ? ext4_lookup+0x740/0x740
[ 1870.884854][T31975]  and is located at offset 0 in frame:
[ 1870.889891][T31976]  path_openat+0x12ee/0x2d60
[ 1870.892753][T31975]  bpf_trace_run8+0x0/0x330
[ 1870.897969][T31976]  ? do_filp_open+0x480/0x480
[ 1870.900130][T31975] 
[ 1870.900135][T31975] This frame has 1 object:
[ 1870.907772][T31976]  do_filp_open+0x230/0x480
[ 1870.912196][T31975]  [32, 96) 'args'
[ 1870.917577][T31976]  ? vfs_tmpfile+0x480/0x480
[ 1870.922001][T31975] 
[ 1870.922009][T31975] The buggy address belongs to the virtual mapping at
[ 1870.922009][T31975]  [ffffc90003e48000, ffffc90003e51000) created by:
[ 1870.922009][T31975]  copy_process+0x5c3/0x3530
[ 1870.926352][T31976]  ? alloc_fd+0x4fa/0x5a0
[ 1870.930856][T31975] 
[ 1870.930863][T31975] The buggy address belongs to the physical page:
[ 1870.933036][T31976]  do_sys_openat2+0x13f/0x850
[ 1870.937293][T31975] page:ffffea00043c8f40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10f23d
[ 1870.941624][T31976]  ? do_sys_open+0x220/0x220
[ 1870.945178][T31975] flags: 0x4000000000000000(zone=1)
[ 1870.949604][T31976]  ? __this_cpu_preempt_check+0x13/0x20
[ 1870.951785][T31975] raw: 4000000000000000 0000000000000000 dead000000000122 0000000000000000
[ 1870.969217][T31976]  ? xfd_validate_state+0x6f/0x170
[ 1870.973392][T31975] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 1870.975557][T31976]  ? restore_fpregs_from_fpstate+0xfc/0x230
[ 1870.981802][T31975] page dumped because: kasan: bad access detected
[ 1870.986319][T31976]  __x64_sys_openat+0x243/0x290
[ 1870.996397][T31975] page_owner tracks the page as allocated
[ 1871.000813][T31976]  ? __ia32_sys_open+0x270/0x270
[ 1871.005846][T31975] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102dc2(GFP_HIGHUSER|__GFP_NOWARN|__GFP_ZERO), pid 31973, tgid 31973 (syz-executor.4), ts 1870223825992, free_ts 1870019688012
[ 1871.011227][T31976]  ? switch_fpu_return+0xe/0x10
[ 1871.019645][T31975]  post_alloc_hook+0x213/0x220
[ 1871.024593][T31976]  ? exit_to_user_mode_prepare+0x7e/0xa0
[ 1871.033011][T31975]  prep_new_page+0x1b/0x110
[ 1871.038741][T31976]  do_syscall_64+0x3d/0xb0
[ 1871.044989][T31975]  get_page_from_freelist+0x27ea/0x2870
[ 1871.049679][T31976]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 1871.055230][T31975]  __alloc_pages+0x3a1/0x780
[ 1871.060006][T31976]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1871.078838][T31975]  __vmalloc_node_range+0x89b/0x1540
[ 1871.083527][T31976] RIP: 0033:0x7f56dbe7cea9
[ 1871.088125][T31975]  dup_task_struct+0x3d6/0x7d0
[ 1871.093594][T31976] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 1871.097934][T31975]  copy_process+0x5c3/0x3530
[ 1871.102189][T31976] RSP: 002b:00007f56dcc210c8 EFLAGS: 00000246
[ 1871.107569][T31975]  kernel_clone+0x229/0x890
[ 1871.113208][T31976]  ORIG_RAX: 0000000000000101
[ 1871.117635][T31975]  __x64_sys_clone3+0x35c/0x390
[ 1871.123368][T31976] RAX: ffffffffffffffda RBX: 00007f56dbfb4050 RCX: 00007f56dbe7cea9
[ 1871.128483][T31975]  do_syscall_64+0x3d/0xb0
[ 1871.132737][T31976] RDX: 000000000000275a RSI: 0000000020000040 RDI: ffffffffffffff9c
[ 1871.137336][T31975]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1871.156779][T31976] RBP: 00007f56dbeebff4 R08: 0000000000000000 R09: 0000000000000000
[ 1871.161205][T31975] page last free stack trace:
[ 1871.161212][T31975]  free_unref_page_prepare+0x83d/0x850
[ 1871.167107][T31976] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1871.171448][T31975]  free_unref_page+0xb2/0x5c0
[ 1871.175960][T31976] R13: 000000000000006e R14: 00007f56dbfb4050 R15: 00007ffd2273b768
[ 1871.180646][T31975]  __free_pages+0x61/0xf0
[ 1871.188465][T31976]  </TASK>
[ 1871.192717][T31975]  __free_slab+0xce/0x1a0
[ 1871.200524][T31976] Modules linked in:
[ 1871.206253][T31975]  __unfreeze_partials+0x165/0x1a0
[ 1871.218587][T31976] CR2: ffffc90003e60000
[ 1871.223093][T31975]  put_cpu_partial+0xa9/0x100
[ 1871.228391][T31976] ---[ end trace 0000000000000000 ]---
[ 1871.236196][T31975]  __slab_free+0x1c8/0x280
[ 1871.240709][T31976] RIP: 0010:hash+0x2a4/0xc20
[ 1871.248521][T31975]  ___cache_free+0xc6/0xd0
[ 1871.252689][T31976] Code: 00 00 00 fc ff df 0f b6 04 10 84 c0 0f 85 ff 00 00 00 4a 8d 7c 36 03 48 89 f8 48 c1 e8 03 0f b6 04 10 84 c0 0f 85 17 01 00 00 <46> 03 3c 36 4a 8d 7c 36 04 48 89 f8 48 c1 e8 03 0f b6 04 10 84 c0
[ 1871.255551][T31975]  qlist_free_all+0xc5/0x140
[ 1871.259719][T31976] RSP: 0018:ffffc90003e5f4a8 EFLAGS: 00010286
[ 1871.263450][T31975]  kasan_quarantine_reduce+0x15a/0x180
[ 1871.268396][T31976] 
[ 1871.268402][T31976] RAX: 0000000000000000 RBX: 000000005db25dd7 RCX: ffffffff8191dbf5
[ 1871.272389][T31975]  __kasan_slab_alloc+0x24/0x80
[ 1871.276904][T31976] RDX: dffffc0000000000 RSI: ffffc90003e5f568 RDI: ffffc90003e60003
[ 1871.282196][T31975]  slab_post_alloc_hook+0x53/0x2c0
[ 1871.286449][T31976] RBP: ffffc90003e5f4e8 R08: 00000000fffff55a R09: ffffffff8792e008
[ 1871.290876][T31975]  kmem_cache_alloc+0x175/0x2c0
[ 1871.295133][T31976] R10: ffffffff8792e018 R11: ffffffff8792e010 R12: 00000000fe93587d
[ 1871.314576][T31975]  jbd2__journal_start+0x150/0x720
[ 1871.318998][T31976] R13: 00000000fffff55a R14: 0000000000000a98 R15: 000000007d62df14
[ 1871.324899][T31975]  __ext4_journal_start_sb+0x24d/0x4b0
[ 1871.330195][T31976] FS:  00007f56dcc216c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 1871.332363][T31975]  ext4_evict_inode+0x9c5/0x1550
[ 1871.340175][T31976] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1871.344866][T31975] 
[ 1871.352675][T31976] CR2: ffffc90003e60000 CR3: 000000010fc76000 CR4: 00000000003506b0
[ 1871.357621][T31975] Memory state around the buggy address:
[ 1871.357632][T31975]  ffffc90003e4f480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1871.365434][T31976] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1871.370123][T31975]  ffffc90003e4f500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1871.377936][T31976] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1871.382884][T31975] >ffffc90003e4f580: 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00 00
[ 1871.390693][T31976] Kernel panic - not syncing: Fatal exception
[ 1871.395987][T31975]                                ^
[ 1871.396000][T31975]  ffffc90003e4f600: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[ 1871.396011][T31975]  ffffc90003e4f680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1871.396019][T31975] ==================================================================
[ 1871.396228][T31976] Kernel Offset: disabled
[ 1871.509802][T31976] Rebooting in 86400 seconds..