last executing test programs:

14.130411243s ago: executing program 4:
syz_mount_image$fuse(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x0)
creat(&(0x7f000000b200)='./file0/../file0/file0\x00', 0x0)
lchown(&(0x7f0000000800)='./file0\x00', r0, 0xee01)
setxattr$system_posix_acl(&(0x7f0000000680)='./file0/../file0\x00', &(0x7f00000000c0)='system.posix_acl_access\x00', &(0x7f00000001c0)=ANY=[@ANYBLOB="020000000100000000000000040000000000000008000000", @ANYRES32=0xee01, @ANYBLOB="100003000006000020"], 0x2c, 0x0)
open(&(0x7f0000000040)='./file0/../file0/file0\x00', 0x0, 0x0)

14.121902164s ago: executing program 4:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000440)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x20, 0x29, 0xf, {0xf, 0x29, 0x0, 0x0, 0x0, 0x0, "c87e01cd", "920252f1"}}, 0x0}, 0x0)

11.964783095s ago: executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000800007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000400)='jbd2_handle_stats\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='cpuset.memory_pressure_enabled\x00', 0x26e1, 0x0)

11.922734402s ago: executing program 4:
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f00000007c0)='./file0\x00', 0x10, &(0x7f00000014c0), 0x1, 0x793, &(0x7f0000001700)="$eJzs3c1rXFUbAPDnTpKmb9r3TV4QbF0FBA2UTkyNrYKLigsRLBR0bTtMpqFmkimZSWlCoBYR3AhaXAi66dqPunPrx1b/Bd2ISEvVtFhxISN3PjqTZiadtvloze8Htz3n3jM595l77zln5h7mBrBjjab/ZCL2R8R7ScRwY30SEQO1VH/E0Xq5myvL+XRJolp99bekVubGynI+2l6T2tPI7IuIb96OOJBZW295cWkmVywW5hv58crsmfHy4tLB07O56cJ0Ye7wxOTkoSPPHBncuFj/+H5p79X3X3ry86N/vfXo5Xe/TeJo7G1sa49jo4zGaOM9GUjfwlVe3OjKtlmy3TvAPUkvzb76VR77Yzj6aqne9F4SAHiQnI+IKgCwwyT6fwDYYZrfA9xYWc6nS/X89n4fsdWuvRARu+vxN+9v1rf0N+7Z7a7dBx26kay635FExMgG1D8aER9/+fqn6RKbdB8SoJM3L0TEyZHRZvvfan+SNXMW6nqfkPFUD2VGb8tr/2DrfJWOf55tjf9a11/m1vgnOox/Bjtcu/diNGJXe37t9Z+5sgHVdJWO/54faM1tu9kWf8NIXyP339qYbyA5dbpYSNu2/0XEWAwMpvmJdeoYu/739VUr+lrJ9vHf7xff+CStP/2/VSJzpf+2JncqV8ndb9xN1y5EPNbfKf7k1vFPuox/j/dYx8vPvfNRt21p/Gm8zWV1/Js/q6x6KeKJ6Bx/U7Le/MTD47XTYbx5UnTwxU8fDnWrv/34p0taf/OzwFZIj//Q+vGPJO3zNct3X8d3l4a/7rbtzvF3Pv93Ja/V0s3G41yuUpmfiNiVvLJ2/aHWa5v5Zvk0/rHHO1//653/6WfCkz3G33/118/uPf7NlcY/dVfH/+4Tl2/O9HWrv7fjP1lLjTXW9NL+9bqD9/PeAQAAAAAAAAAAAAAAAAAAAAAAAECvMhGxN5JM9lY6k8lm68/wfiSGMsVSuXLgVGlhbipqz8oeiYFM86cuh9t+D3Wi8Xv4zfyh2/JPR8T/I+KDwf/U8tl8qTi13cEDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQMOeLs//T/0yuN17BwBsmt13LHG9sCU7AgBsmTv3/wDAv43+HwB2Hv0/AOw8+n8A2Hn0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGyy48eOpUv1z5XlfJqfOru4MFM6e3CqUJ7Jzi7ks/nS/JnsdKk0XSxk86XZtpf+0OnvFUulM5Mxt3BuvFIoV8bLi0snZksLc5UTp2dz04UThYEtiwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeldeXJrJFYuFeYmHJVEdrh+6B2V/Nj/x88Ef961X5qLTeOMT290yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwc/gkAAP//skMoxA==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000001740)={0x9c02}, 0x8)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000004000000000000000000850000002300000095"], &(0x7f0000000180)='GPL\x00', 0x4, 0x8f, &(0x7f00000002c0)=""/143}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000380)='sched_switch\x00', r3}, 0x10)
r4 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
write$FUSE_NOTIFY_STORE(r4, &(0x7f0000000000)=ANY=[@ANYBLOB='1'], 0x31)

10.973710407s ago: executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$nl_generic(0x11, 0x3, 0x10)
syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x2b, 0x0, 0x0, 0x0, 0x2, 0x0, @rand_addr, @multicast1}, @address_request}}}}, 0x0)
sendmsg(r2, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x2c, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f0800", 0x3e}], 0x2, 0x0, 0x0, 0x11000000}, 0x0)

10.930525293s ago: executing program 4:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000580)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES16], 0x0)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
unshare(0x60600)
fcntl$setstatus(r1, 0x4, 0x6000)
vmsplice(r2, &(0x7f0000000240)=[{&(0x7f0000001340)="e6", 0xfffffeff}], 0x1, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r3, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0)
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000240)=0x1, 0x4)
shutdown(r3, 0x1)
connect$inet(r3, &(0x7f00000006c0)={0x2, 0x0, @dev}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000140)=0x1, 0x4)
sendmmsg$inet(r3, &(0x7f0000000500)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000700)="a8", 0x1}], 0x1}}], 0x1, 0x4004441)
r4 = epoll_create(0x3)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000080))
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0xf, {[@global=@item_4={0x3, 0x1, 0x0, "9b4d3948"}, @main=@item_012={0x1, 0x0, 0x8, "9f"}, @local=@item_4={0x3, 0x2, 0x0, "6d011fe4"}, @main=@item_012={0x2, 0x0, 0xb, "1a79"}]}}, 0x0}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r5 = syz_open_dev$hiddev(&(0x7f0000000d40), 0x0, 0x0)
ioctl$HIDIOCGUSAGE(r5, 0x4018480c, 0x0)

5.096543299s ago: executing program 2:
io_submit(0x0, 0x1, &(0x7f0000000380)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}])
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=ANY=[@ANYBLOB="440000001000390400"/20, @ANYRES32=r1, @ANYBLOB="00000000000000001c0016801800018014000a0000000783"], 0x44}}, 0x0)

5.056253955s ago: executing program 2:
unshare(0x22000600)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f00000000c0), 0x10)

5.046996556s ago: executing program 2:
r0 = memfd_create(&(0x7f0000002840)='\x1aj~\x97\xc1\x00\x00\x00\xff\x00\x00\x00\x7f\xef_\xd3\xdc=f.z=\x80=8\x1f\x14\xa2&\xbam\v\xa9\f\xf5\x17t\xc9\x80\xf4\xa1\xeb\x907L\x7f \xe3\x19\xcb\xbf\xfc\x00\x00\x00\x00\x15\x00\x00\x00\x00\x00\x00\x00\x00h}\x00\x135V\xd9\xe0\xb0\x17\x01g\xff?\xc8\xfb3\x93\xbc\xcf\xf2\x95\xbeYd,\xb3\x17\xb0L\xe841(\"\xc2K\x11\x81\xef.m\xf7@\xb1\xf9\xee\xce\\\xd9\x03\nHNzF``\xa0\xc4}P\xb3\b\x0e\xcd\x86\'qb\x9a\xce\"\xfb\xd6\x91\'\x9b~\xcd\xfd\xaa\n\xea\x8dC\x9aQ\n\xce\"\x9cN\xed0\xf0\xc2x\x93h\xe8\\\x18\xd26\xe7\x8d4\x06\xf0\xe3M\xe5\x91\x0f\x85\x97gla\x06\xe1\xba\x1a\x1d \n\fr\xae\x12M\xcb6\xe0\x15\xd5d\x16\xc3\xdf\xa2\x04wB\xd0\x18\xa4\x17|\vH\xf5\xb0\xb5\xc7\x9f`Fz\xa3x\x99\xe17\xd2vAW\xe5\x18)9\xba\xa68A\xf8y\xe6\xac\xda\xc7u\xa9\x00{:\x01\xee,\a:\x06\xad{\x80\xfd\xc7\"\x95\x0f\xe3\x86\x19\xc3\xd2\xf7\x18\xf8\xed\x8b\"\xd8\x8f\xde`\xb0D\xfd\x84\xa3\xd7\xf3R\x8d\x88\xdaJ\xb0\xf8^\xd4>\xc7e\xab\x8f+\xda\x9b\xae\xf2\xca\xb9\xde\xb5\x8f\xdb\xba}\x7f\xf8\xe5i,m\b\xf0\xc7\xe9R\x9cY$\xcb\x00/!Z\xeb\x9bE\xf2\xb9\xcc\xf0\x9c\x02\xfc\x9c\x91q\xba|\x80n\x1f\xffG\xc3\x13\xe7v\xa7\x95md\x0f\xa5\x06\v^n\x84d5o\x02\xb3.\x8dc\x18\xe0\xc2\x9b\xe1D\x0fB] \xdfJGr\xdbc,\xef82%\x97\xe4;u\xa9\xe5\xef*n\xf613\x17\x80[\x90]\xef\xc1\x8e\rD\xd2\xe0\x8c\xf2\x00\x00\x00\x00\x00\x00\x00Gs\xab\x1e\xa13\x93\x8d\x04U\xf5\xb8Th9s3\xc9\xbf\xe5My$\x99.\xf0\xd5\xc8\xb1\xfc4\xe7\x83z\x11a\xb7\xebY\x1d\xcd\x81N\xed\xbd\xa5\xce\xa0f\xe5q2\xbc#w\xe4_\x8a-\xad\xc2/_\xe6\nE\xeb\x9c\x96\xf4`\xa2\x06\xe0^\xfb\x99\xbb}\xfb\x052_\x83*B\xf1\xf0\x95\xd2K\xd6\xe5\xb1\x1a\x02,\xbe\xf5\xd0\xd4\xa1A\xf3!\n\xc6b\xeb\x92\xea\xd8\xe1$\xbbUO\x1fS\x02\x9e\xa7|i:\xb1\xf60\xf6M\xe6,\x81=F\xa1\xca\x06\x0e\x14\x89/\xa7\"\x17-h9\x176\x9d\x04\x1el\xdcp\x89\x1b \x93f\x9a\x10\xd9\xa2Y\b\xfalA\xe1\x1bI\xb9\xf8\xa0\xb0\xc2\x04\xedO\n\vj&\xb5\x04\xc3{Yt\xf4rS^\x0e$\xe9\x05\xcd\x9b\x84\x14`\xed\x9e\xbbh\x81h\xf2\xe7\xe2DO\x1a\xe9\xc1\x1cu\xa5\xbd\x90\xbb\x03\xd5\x00\xf2\x83T\xe4\x0eF\x7f\x85\xb5\xe9CJ<F<\xb2a', 0x0)
write(r0, &(0x7f0000000080)="0600", 0x2)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000800)=ANY=[], 0x2c)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0)
sendfile(r0, r0, &(0x7f0000001000), 0x200000ffff)
syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00'}, 0x10)
mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f000001a000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x33, &(0x7f000002eff0)={0x85c, &(0x7f0000000000)=[{}]}, 0x10)

4.007176586s ago: executing program 2:
r0 = syz_usb_connect(0x0, 0x10b, &(0x7f0000000000)=ANY=[@ANYBLOB="05010900b24b6a10e6040300770100000001090224000b010000000904000302ccd4280009050b02000000040009058a02"], 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r3}, 0x10)
syz_usb_control_io(r0, 0x0, 0x0)

1.792578036s ago: executing program 2:
unshare(0x22000600)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f00000000c0), 0x10)

1.783357547s ago: executing program 2:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000fc850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000002c0000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r5}, 0x10)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000000c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}, {@metacopy_on}], [], 0x2c})
r7 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
r8 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000580)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
renameat2(r7, &(0x7f0000000380)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', r8, &(0x7f0000000040)='./file1\x00', 0x2)
ioctl$KVM_SET_CLOCK(r3, 0x4188aec6, &(0x7f0000000040))
socket(0x10, 0x3, 0x9)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000040000000000000000000018110000", @ANYRES8=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00}, 0x90)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r9}, 0x10)
openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r10 = syz_usb_connect(0x0, 0x10b, &(0x7f0000000000)=ANY=[@ANYBLOB="05010900b24b6a10e6040300770100000001090224000b010000000904000302ccd4280009050b02000000040009058a02"], 0x0)
syz_usb_control_io(r10, 0x0, 0x0)

902.561722ms ago: executing program 1:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000100000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kmem_cache_free\x00', r0}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
close(r2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$unix(r2, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32=r3], 0x18}, 0x0)
sendmsg$inet(r2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="54000000000000000000000400000000000000600000000100010001000000010000000700000007442cc05000000000000000010000ee06000000080000000100000e4a0000002000650e0300000005000000080000000030000000000000000100000001"], 0x88}, 0x0)
close(r3)
close(r1)

884.705245ms ago: executing program 1:
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000740)='cgroup2\x00', 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000100)='./bus\x00', 0x100000, &(0x7f0000000200)=ANY=[], 0x1, 0x0, 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
getdents(r0, 0xfffffffffffffffd, 0x58)

858.089659ms ago: executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=@framed={{}, [@ringbuf_output={{0x18, 0x2, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x43}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r1}, 0x10)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0, 0x0)
mount$bind(&(0x7f0000000080)='./file0\x00', &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x2081c80, 0x0)
mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x25840, 0x0)
move_mount(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', r2, &(0x7f00000000c0)='./file0/file0\x00', 0x0)

739.865307ms ago: executing program 1:
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x2, 0x4, 0x2}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r2}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5}, 0x48)

642.833292ms ago: executing program 1:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa10000000000000701000078ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
socket$packet(0x11, 0x3, 0x300)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f00000010c0)=0x5, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000001c0)={'bridge0\x00', <r3=>0x0})
setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000180)=0x8, 0x4)
setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4)
sendto$packet(r2, &(0x7f00000000c0)="3f03fe7f0300120006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r3, 0x1, 0x0, 0x6, @multicast}, 0x14)

631.538984ms ago: executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0xfff)
syz_emit_ethernet(0x4a, &(0x7f00000003c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000001e40)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a505000000007751e841cca555077e3a159110193dd2ff1fa7c3205bfedbe9d8f3bd23cd78a07e32fe0231368b2264f9c504b2f1f65515b2e1a38d522be18bd10a48b043ccc42646d25dfd73d06d7535f7866925d86751dfced1fd8accae669e173a659c1cfd6587d47578f4c35235138d5521f9453559c35da860e8efbcbfb42c30d294a55e1c46680bee88956f2b3599f455c7a3a49a01010000009f2f0517e4ca0e1803a20000000013d4e21b3336f1ae0796f23526ec0fd97f7325eac34c4dfafe7cc03b0864009d2e7d7ff6ff72ba8972b122b09789d99b3d0524f39d5ae913b2d22eb2c09244ba5dbe9180950f76f7049db5cb19d7962fed44e00f39ed8c13a11fa798de504e2865cd81f2b77fdd76c677f812d249c8130b018d4300000020000000db3947c85c3a9027ce9e856fa8b7fb05000000000000593d60abc9b3e67d127e56f3d3759dcfeb820634fd4d419efaefc74305b2bea2000600000051fcf5d62205561b6efaad206335a309f7b9e01446a6285f4665a7fe3cda2349f8bf400100000000000000f435f28fbeda75cf971f54a9698cf3270f420ee83f2d9babe7b922401639ce3c4ff0850a8e078374909413f3fbd3ced3285252dc81a46ef7ce29484dc6b6adfd7a4db730fc594609654d97836f171b766ffd7526847a6bfda9c648e8aa5c558aa6d463ec9d840f3914909187b6b0776952be71b0417d33d3ab25493418ba0fbacf768e07c1a939d31f606085b9e3efc93b0f58d5ec37494d9d10d76e603129e9a726579ac7d672cacd581b7ca77b3610b7403930fd42051d4b7443e5b49c000000000000007d6173050027791c9c1e04ad3711a66da2254a6f911b1469c62a6e1e3f9c1715c009a58e6eadac8f61b45853673df72dc813f7454ae22d79ac48034282f03040889500000000179dcf66d93907cedd49e0c5752f755849953957143a0335d2f62acbf18b251ce63b29fe177745448ccc925770fac12cf9e291200df6bb669d5a57dd74df817ef2f8698f710c359afe73947afebdf5536e4db8b0231d0cbc798766ec60586f14b44775bc9d250e4515cb83275d3b495fa90000e69a68b47ac4595463e1442d88e0606a060000cc914fae896ab129ccdf8792a8435972c8391d132a2fcbd40e865d62cc7c4200000000000000000000000000000800002a77fbbccfdb1ab3d8434905f09726b8145ea99c7640faab578dc98a6134df0a10a54ce7e7ddbb709a27d977d1f91ab9ee940700009594c9a50961b7fcc56d82584dc8254df7c411fa61353a6897c4f3b9f152fdf6f2ab47adb29aefecce96c94f360e129c9f2af569c794b68b2ead404bcdd4aa9cb6a128e1ad45fd4030e1e69adf4986b7860f3122d59c079f0f9a1732f691590f45512aec4ed2413f66cac7dd022301741c576dea82005b166d6c3b9ed0c297ac197a92188a618745e78dca0b3c62f1601243089d9c687563382b0b88a7d80fd7bf7fae8a690f52db1464d29b1b926414cd35705c89662c585e32c881d917b74f027674dbc017499ba15a2e2900000000000000000000000000007b593ecbdd162fee9f239a3c615b3e9a3fb0af254bdd247a5a5abdbc0123c950eec0f1800b295be71418dd65de15e11beef9630499c70fce74135a7c7c8e818b79b85ff65d59d89492d7a663d3f25651e252ab49d358eac853ffe182ee37a5db085a072647719cb8604ba2e0b80af3f1867bd8fb6afca671437e0a5a9d5a088436739262d894986882ec0fb419a377ef47f4920a5de6d8de0d3090b4cb6b773e825442d351f980eed0d997a4d98a5121e941b145e2186546c646128a3e69f52fcad83a026def90b9eb55f4a0a2251bbae428c6c017b5a47f1580831a7ce232857e6aa9e777e99da1a3ad03fdc93fa7ed96228deac5e3bce983971041297a6ba18783a2edc7e3901cc891035872c61e7ea375b0902be0c5cc7fdef968ba1ca17ce5e11f2f384cd28c1194f56d3cf074e8ba4e60e84dc2f352c3cd170581aee0c93ca8ceff84cda40325d340759e79e5c4bcec227e37f7ec2193c78877fb319ec1f2d4dcf1d46a15cde1d6cecce6ecdb0c0a3413394d51341a7b3606ad8c29b6dbf6be3265b528c3208de35161bfe19678df43a45b314e5a0f8754cfaf4f9d3fdf9c8f7b7c296bf2e632d25ba8ee6369b362a8e4c9dff176d482d32249c93680a04f6464f184acfd0376662fee9e1031e569248db9bc724cdd97976a4d7c5c5172d1383fa1e442f68a14b747a9f2597bf115dd0111fe8ba3584a43176f33bd39a408f8648b19839bba9cc47624ea19e46dbbdf0faf591bcdc8613828a0c5a40c04ae34bbf4a0e27828b0c7cb9d7a7455db030425a4bd69cf6dcb4b1d066f8ef4ea1c710e05819df82d5cc94ace6b41c2de37a2eaf24f24b3d9a7dd4d197d51407be3e90000000000000000dbc0b0d6e11ccb71437ebea7ad01d5b93a7a0561e4a1b3fa1aa9c75f3aaec4ace1b6201a3e007b657be62df59133b4d8f0f145d9fc954cc7792077268bf0977e2a699722ce3dbb97248b8a8a771dd0f7d9c97e6587524a44fd6d49330ccbc39ca277b84f7f0a39759ef0b42388bd69fe341a925e8cdc5d7b2d6ddb7331a081bd0672bf4d02255de095a179e51bf5492d4e89c3cbad59db725c0dd7e35cbd9887175286a37d7621a361eb830cc5b842b11b5d040ccceb254d6a0c9c43718d0816bb2465928e236101b8cd46b5ef9cb930378a9249cbb41bcde9bb78d71c512153d2f1d765b56d2e5ef3e3d34975787646630051074c9706747fda873ccfdb394fc269c8cfadc0a52c3402f392a38052f859ab56"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000240)='kmem_cache_free\x00', r1}, 0x10)
syz_emit_ethernet(0x4a, &(0x7f0000000840)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10}}}}}}}, 0x0)

620.336155ms ago: executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000240)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_opaque(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./bus\x00', 0x0)
setxattr$trusted_overlay_origin(&(0x7f0000000200)='./file0\x00', &(0x7f0000000080), &(0x7f0000000100), 0x2, 0x0)
mount$overlay(0x0, &(0x7f0000000180)='./bus\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000300)={[{@workdir={'workdir', 0x3d, './bus'}}, {@index_on}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file1'}}]})

606.210017ms ago: executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
r2 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x802)
write$evdev(r2, &(0x7f0000000000), 0x100000008)
ioctl$EVIOCGBITSND(r2, 0x40044581, 0x0)

437.972514ms ago: executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x8, &(0x7f00000038c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da97e22f4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d41737"], 0x0}, 0x90)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x0, 0x0, 0x9}, 0x48)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="6800000010000304000000000000000000007400", @ANYRES32=r3, @ANYBLOB="0000000000000400480012800b00010062726964676500003800028008001d00000000000500240000000000050016"], 0x68}}, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x9, 0x4, 0x4, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001480)={&(0x7f0000000040)='ext4_da_release_space\x00', r7}, 0x10)
write$cgroup_int(r5, &(0x7f0000000240), 0x12)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1008002, &(0x7f0000000600)={[{@grpquota}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x84}}, {@resuid}, {@max_batch_time={'max_batch_time', 0x3d, 0x3}}, {}, {@jqfmt_vfsold}, {@nouser_xattr}, {@data_err_abort}]}, 0x1, 0x5ea, &(0x7f0000001200)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUO0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTbaUu3P6Ywn0+ydOa9nb43bL/73r55bzaAyupP/6lF7I2IySSiN5mdz2uPLLN/7nn3//n0TPpIol5/868kkiwtf36S/ezJDu6KiF9+TmJP29Jyp2auXhidmBi/ku0PTl+cHJyauXro/MXRc+Pnxi8Nvzx8/NjRY8eHDrd0XtcK0k7d+OCj3s9H3vn+23+ToR9+H0nixL7XsicuPI+N0h/9jf+TZGlWz/GNLqwkbdnfycKXOGkvsUKsSf76dUTEM9EbbfHgxeuNz14vtXLApqonEXWgohLxDxWV9wPyz/aLPwfXSumVAFvh3sm5AYCl8d8+NzYYXY2xgZ33k1g4rJNERGsjc812RcSd2yM3zt4euRGbNA4HFJu9HhHPFsV/0oj/vuiKvkb815riP+0XnM5+pulvtFj+4qFi8Q9bZy7+uxbHf3dk1wb7GlfxiuP/3QXx/16L5fc/2Hy/uyn+u1s/KQAAAAAAAKioWycj4qWi6/+1+fk/UTD/pyciTmxA+f2L9pde/6/d3YBigAL3Tka8Wjj/t5bP/u1ry7aeaMwH6EjOnp8YPxwRT0bEwejYke4PrVDGoS/2fLNcXn82/y9/pOXfyeYCZvW4276j+Zix0enR9Z43EHHvesS+wvm/yXz7nxS0/+n7weRDlrHnhZunl8tbPf6BzVL/LuJAYfv/4K4Vycr35xhs9AcG817BUs998uWPy5Xfavy7xQSsX9r+71w5/vuShffrmVp7GUdm2uvL5bXa/+9M3mrccqYzS/t4dHr6ylBEZ3KqLU1tSh9ee53hcZTHQx4vafwffH7l8b+i/n93RMwu+t3J381rinNP/9fzx3L10f+H8qTxP7am9n/tG8M3+34qLr32kO3/0UZbfzBLMf4Hc77Ow7SzOb0gHNuLsra6vgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwOKhFxK5IagPz27XawEBET0Q8FTtrE5enpl88e/nDS2NpXuP7/2v5N/32zu0n+ff/9y3YH160fyQidkfEV23djf2BM5cnxso+eQAAAAAAAAAAAAAAAAAAANgmepZZ/5/6s63s2gGbrr3sCgClWRD/eZP/a1l1AbaW9h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwWNm9/9ZvSUTMvtLdeKQ6s7yOUmsGbLZa2RUASuMWP1Bdpv5AdfmMDySr5Hcte9BqR65k8sw6DgYAAAAAAAAAAACAyjmw1/p/qCrr/6G6rP+H6srX/+8vuR7A1vMZH4hVVvIXrv9f9SgAAAAAAAAAAAAAYCNNzVy9MDoxMX7lkd84sd7f8/Z2OIut3ajX69fSv4LtUp9HfCOfCr9d6rNoI1/r93BHlfeeBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANPs/AAD//7IxJMs=")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001480)={&(0x7f0000000040)='ext4_da_release_space\x00', r8}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f00000000c0)={[{@quota}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80}}, {@barrier_val={'barrier', 0x3d, 0x3}}, {@stripe={'stripe', 0x3d, 0x4}}, {@block_validity}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}]}, 0x3, 0x434, &(0x7f0000000940)="$eJzs289vFFUcAPDvzLZFKNiK+IOCWkVj44+WFlQOXjSaeNDERA94rG0hlYUaWhMhjVZj8GhIvBuPJv4FnvRi1JOJV70bEmJ6AT2tmd2ZdrvdLW3ZdtH9fJKB92be5n2/O/N238zrBtC1hrN/koj9EfF7RAzUqmsbDNf+u7m8OPX38uJUEpXKW38l1XY3lheniqbF6/rzykgakX6WxJEm/c5funxuslyeuZjXxxbOvz82f+nys7PnJ8/OnJ25MHHq1MkT4y88P/FcW/LMYrox9NHc0cOvvXP1janTV9/9+dukyL8hjzYZ3ujgE5VKm7vrrAN15aSng4GwJaWIyE5Xb3X8D0QpVk/eQLz6aUeDA3ZUpVKp9Lc+vFQB/seS6HQEQGcUX/TZ/W+x7dLU445w/aXaDVCW9818qx3piTRv09twf9tOwxFxeumfr7ItduY5BADAGt9n859nms3/0ri/rt3d+drQYETcExEHI+LeiDgUEfdFVNs+EBEPbrH/xkWS9fOf9Nq2EtukbP73Yr62tXb+V8z+YrCU1w5U8+9NzsyWZ47n78lI9O7J6uMb9PHDK7990epY/fwv27L+i7lgHse1nj1rXzM9uTB5OznXu/5JxFBPs/yTlZWAJCIOR8TQNvuYfeqbo62O3Tr/DbRhnanydcSTtfO/FA35F5KN1yfH7oryzPGx4qpY75dfr7zZqv/byr8NsvO/r+n1v5L/YFK/Xju/9T6u/PF5y3ua7V7/fcnb1XJfvu/DyYWFi+MRfcnrtaDr90+svraoF+2z/EeONR//B2P1nTgSEdlF/FBEPBwRj+SxPxoRj0XEsQ3y/+nlx9/bfv47K8t/ekvnf7XQF417mhdK5378bk2ng1vJPzv/J6ulkXzPZj7/NhPX9q5mAAAA+O9JI2J/JOnoSjlNR0drfy9/KPal5bn5hafPzH1wYbr2G4HB6E2LJ10Ddc9Dx/Pb+qI+0VA/kT83/rK0t1ofnZorT3c6eehy/S3Gf+bPUqejA3ac32tB9zL+oXsZ/9C9jH/oXk3G/95OxAHsvmbf/x93IA5g9zWMf8t+0EXc/0P3Mv6hexn/0JXm98atfySvoLCuEOkdEYbCDhU6/ckEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQHv8GAAD//5LX5s8=")
r9 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
write$binfmt_elf64(r9, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}}, 0x40)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="0f01cab9800000c00f3235004000000f30f30fbd6900b80000c0fe0f23c80f21f835080040000f23f866b868000f00d81c009a08000000a60066ba6100ecb900060000b807000000ba000000000f309aa00000008700", 0x56}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

244.595233ms ago: executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001000)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x14, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

238.217164ms ago: executing program 3:
r0 = creat(&(0x7f0000000400)='./bus\x00', 0x0)
r1 = open(&(0x7f0000000200)='./bus\x00', 0x0, 0x0)
r2 = inotify_init()
inotify_add_watch(r2, &(0x7f0000000080)='./bus\x00', 0x260003ee)
ftruncate(r0, 0x10000)
dup3(r1, r0, 0x0)
finit_module(r1, 0x0, 0x0)

213.084908ms ago: executing program 3:
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x5bbf91a1e7f99074, &(0x7f0000000000))
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000003c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x3})
ioctl$UFFDIO_ZEROPAGE(r0, 0x8010aa01, &(0x7f0000000380)={{&(0x7f00007db000/0x2000)=nil, 0x2000}})
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0)
mlock(&(0x7f0000ff9000/0x7000)=nil, 0x7000)

201.85076ms ago: executing program 3:
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
pipe(&(0x7f0000000480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write(r1, &(0x7f0000000340), 0x11000)
mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000001780), 0x0, &(0x7f0000001c00)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000040))
vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
openat$bsg(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='ext4_ext_remove_space\x00', r5}, 0x10)
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, &(0x7f0000000640)={{{@in6=@mcast2, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0xa, 0x10, 0x0, 0x3b, 0x0, 0xee01}, {}, {0x0, 0xfffffffffffffffe}, 0x0, 0x0, 0x1}, {{@in6=@empty, 0x0, 0x32}, 0x0, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}}, 0xe8)
sendto$inet6(r6, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @dev}, 0x1c)
accept4$packet(0xffffffffffffffff, &(0x7f0000000440)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000480)=0x14, 0x80000)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r7, 0x1, 0x5, &(0x7f0000000080)=0x5, 0x4)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000200)={'veth0_to_team\x00', <r8=>0x0})
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000080)='./file1\x00', 0x0, &(0x7f0000000240)=ANY=[], 0x1, 0x1208, &(0x7f0000001540)="$eJzs3E9rHGUcB/BftoltU/NHrdX2oA968TQ0OXgSJEgKkj1IbYRWEKZ2osuOu8vOElhRW09eBd+FePQmiG8gF1+Dt1w89iCOsNM/id2qBc029vO5zI/5zXef52FhYZZ5Zv+Nrz/p7lTZTj6K1txctAYR6XaKFK2466Wt5nj12tZGu715OaVLG1fWXk8pLb/84/uffffKT6Mz732//MPJ2Fv9YP/X9V/2zu2d3//9ysedKnWq1OuPUp6u9/uj/HpZnIhO1c1Seqcs8qpInV5VDA/2007ZHwzGKe/dWFocDIuqSnlvnLrFOI36aTQcp/yjvNNLWZalpcXgoRb+/uT2t7fruo6o64V4Kuq6rk/HYpyJp2MpluNWRDwTz8ZzcTaej3PxQrwY5ydXHdUSAAAAAAAAAAAAAAAAAAAA4MnwV/v/V2LV/n8AAAAAAAAAAAAAAAAAAAA4Au9evba10W5vXk7pVET51e727nZzbPobO9GJMoq4GCvxW0x2/zea+tLb7c2LaWI1vixv3snf3N0+cTi/NnmdwJ38/KR3N7/W5NPh/MlYPJhfj5U4O3389Sn5hW8iXnv1QD6Llfj5w+hHGTcmY9/Pf7GW0lu3mjnFvfEvTK4DAACA/4Ms3TP1/j3LHtZv8o/w/8Cf7u/n48L8bNdORDX+tJuXZTE8XJx64Izinxet/+iTW/GYLPC4Facfj2kcq2LWv0wchftf+qxnAgAAAAAAAAAAwKP4154ZjLmIB1vzMeXJsjfj82w2qwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgD/YgWMBAAAAAGH+1ml0bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwE0BAAD//7PKyQ8=")
r9 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
mkdirat(r9, &(0x7f0000000180)='./bus\x00', 0x0)
r10 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
mkdirat(r10, &(0x7f0000000280)='./bus/file0\x00', 0x0)
renameat2(r9, &(0x7f00000004c0)='./bus/file0\x00', r10, &(0x7f0000000500)='./file2\x00', 0x2)
sendmmsg$inet(r7, &(0x7f0000002240)=[{{&(0x7f0000000040)={0x2, 0x4e21, @multicast1}, 0x10, 0x0, 0x0, &(0x7f00000000c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r8, @local, @multicast2}}}], 0x20}}], 0x1, 0x0)
socket$nl_audit(0x10, 0x3, 0x9)
statx(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x4000, 0x400, &(0x7f00000005c0))

90.638757ms ago: executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000100000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kmem_cache_free\x00', r0}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
close(r2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$unix(r2, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32=r3], 0x18}, 0x0)
sendmsg$inet(r2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="54000000000000000000000400000000000000600000000100010001000000010000000700000007442cc05000000000000000010000ee06000000080000000100000e4a0000002000650e0300000005000000080000000030000000000000000100000001"], 0x88}, 0x0)
close(r3)
close(r1)

79.137878ms ago: executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
syz_emit_ethernet(0x4de, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa9cd7361987d486dd60ecea6604a82900fe8000000000000089750e6b000000aaff020000000000000000000000000001"], 0x0)

26.203607ms ago: executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=@framed={{}, [@ringbuf_output={{0x18, 0x2, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x43}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r1}, 0x10)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0, 0x0)
mount$bind(&(0x7f0000000080)='./file0\x00', &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x2081c80, 0x0)
mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x25840, 0x0)
move_mount(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', r2, &(0x7f00000000c0)='./file0/file0\x00', 0x0)

2.16678ms ago: executing program 3:
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x2, 0x4, 0x2}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r2}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5}, 0x48)

0s ago: executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa10000000000000701000078ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
socket$packet(0x11, 0x3, 0x300)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f00000010c0)=0x5, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000001c0)={'bridge0\x00', <r3=>0x0})
setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000180)=0x8, 0x4)
setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4)
sendto$packet(r2, &(0x7f00000000c0)="3f03fe7f0300120006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r3, 0x1, 0x0, 0x6, @multicast}, 0x14)

kernel console output (not intermixed with test programs):

507] 
[  896.579469][T29507] EXT4-fs (loop2): Total free blocks count 0
[  896.585210][T29507] EXT4-fs (loop2): Free/Dirty block details
[  896.591125][T29507] EXT4-fs (loop2): free_blocks=65280
[  896.596338][T29507] EXT4-fs (loop2): dirty_blocks=23
[  896.601254][T29507] EXT4-fs (loop2): Block reservation details
[  896.606991][T29507] EXT4-fs (loop2): i_reserved_data_blocks=32
[  896.613283][T29512] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 31 with error 28
[  896.625510][T29512] EXT4-fs (loop2): This should not happen!! Data will be lost
[  896.625510][T29512] 
[  896.626535][T28443] arvo 0003:1E7D:30D4.00A0: unknown main item tag 0x0
[  896.641670][T28443] arvo 0003:1E7D:30D4.00A0: item fetching failed at offset 5/7
[  896.649888][T28443] arvo 0003:1E7D:30D4.00A0: parse failed
[  896.655451][T28443] arvo: probe of 0003:1E7D:30D4.00A0 failed with error -22
[  896.728087][ T1866] usb 2-1: new high-speed USB device number 66 using dummy_hcd
[  896.768339][   T63] usb 1-1: new high-speed USB device number 88 using dummy_hcd
[  896.855273][T12164] usb 5-1: USB disconnect, device number 80
[  896.988178][ T1866] usb 2-1: Using ep0 maxpacket: 8
[  897.031607][   T63] usb 1-1: Using ep0 maxpacket: 16
[  897.118109][ T1866] usb 2-1: config 0 has no interfaces?
[  897.272891][T29546] device syz_tun entered promiscuous mode
[  897.278691][T29546] device macsec1 entered promiscuous mode
[  897.285574][T29546] device syz_tun left promiscuous mode
[  897.291548][ T1866] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  897.300979][ T1866] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  897.308908][ T1866] usb 2-1: Product: syz
[  897.313207][ T1866] usb 2-1: Manufacturer: syz
[  897.317671][ T1866] usb 2-1: SerialNumber: syz
[  897.322721][ T1866] usb 2-1: config 0 descriptor??
[  897.334813][   T63] usb 1-1: New USB device found, idVendor=07c4, idProduct=a400, bcdDevice=b6.03
[  897.343744][   T63] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  897.351657][   T63] usb 1-1: Product: syz
[  897.355652][   T63] usb 1-1: Manufacturer: syz
[  897.360114][   T63] usb 1-1: SerialNumber: syz
[  897.365105][   T63] usb 1-1: config 0 descriptor??
[  897.411449][   T63] usb-storage 1-1:0.0: USB Mass Storage device detected
[  897.419012][   T63] usb-storage 1-1:0.0: Quirks match for vid 07c4 pid a400: 18
[  897.514173][T29558] loop4: detected capacity change from 0 to 512
[  897.575157][T29558] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  897.586081][T29558] ext4 filesystem being mounted at /root/syzkaller-testdir2577455920/syzkaller.PpPFMf/17/file0 supports timestamps until 2038 (0x7fffffff)
[  897.605088][   T63] usb 2-1: USB disconnect, device number 66
[  897.620524][T29557] EXT4-fs (loop4): re-mounted. Opts: (null). Quota mode: writeback.
[  897.630995][ T7516] usb 1-1: USB disconnect, device number 88
[  897.730103][   T30] audit: type=1400 audit(2000000429.623:115184): avc:  denied  { create } for  pid=29562 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  897.803712][T29577] loop2: detected capacity change from 0 to 512
[  897.837128][T29577] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 2178, start 8e210000)
[  897.847274][T29577] FAT-fs (loop2): Filesystem has been set read-only
[  898.592717][T28443] usb 3-1: new high-speed USB device number 82 using dummy_hcd
[  898.684382][T29612] syz-executor.3[29612] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  898.684466][T29612] syz-executor.3[29612] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  899.192760][T29616] loop4: detected capacity change from 0 to 40427
[  899.211827][T29622] loop0: detected capacity change from 0 to 128
[  899.233409][T29616] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  899.241071][T29616] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  899.241080][T29622] device bridge_slave_0 left promiscuous mode
[  899.244006][T29616] F2FS-fs (loop4): Found nat_bits in checkpoint
[  899.249245][T29622] bridge0: port 1(bridge_slave_0) entered disabled state
[  899.268182][T28443] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  899.278948][T28443] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  899.281615][T29616] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  899.295824][T29622] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  899.296556][T28443] usb 3-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00
[  899.312035][T29616] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  899.331202][T28443] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  899.341372][T28443] usb 3-1: config 0 descriptor??
[  899.485453][   T30] audit: type=1326 audit(2000000431.248:115185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29634 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6b12d6c0a9 code=0x0
[  899.707516][T26384] usb 5-1: new high-speed USB device number 81 using dummy_hcd
[  899.855772][T29643] bridge0: port 1(bridge_slave_0) entered blocking state
[  899.863438][T28443] arvo 0003:1E7D:30D4.00A1: unknown main item tag 0x0
[  899.863646][T29643] bridge0: port 1(bridge_slave_0) entered disabled state
[  899.870349][T28443] arvo 0003:1E7D:30D4.00A1: item fetching failed at offset 5/7
[  899.884590][T28443] arvo 0003:1E7D:30D4.00A1: parse failed
[  899.885064][T29643] device bridge_slave_0 entered promiscuous mode
[  899.890037][T28443] arvo: probe of 0003:1E7D:30D4.00A1 failed with error -22
[  899.906756][T29643] bridge0: port 2(bridge_slave_1) entered blocking state
[  899.913711][T29643] bridge0: port 2(bridge_slave_1) entered disabled state
[  899.920937][T29643] device bridge_slave_1 entered promiscuous mode
[  899.967448][T26384] usb 5-1: Using ep0 maxpacket: 32
[  899.973181][T29643] bridge0: port 2(bridge_slave_1) entered blocking state
[  899.980066][T29643] bridge0: port 2(bridge_slave_1) entered forwarding state
[  899.987196][T29643] bridge0: port 1(bridge_slave_0) entered blocking state
[  899.994052][T29643] bridge0: port 1(bridge_slave_0) entered forwarding state
[  900.022211][T28443] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  900.029765][T28443] bridge0: port 1(bridge_slave_0) entered disabled state
[  900.037291][T28443] bridge0: port 2(bridge_slave_1) entered disabled state
[  900.049473][T12526] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  900.057821][T12526] bridge0: port 1(bridge_slave_0) entered blocking state
[  900.064754][T12526] bridge0: port 1(bridge_slave_0) entered forwarding state
[  900.087721][ T7516] usb 3-1: USB disconnect, device number 82
[  900.087748][T12526] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  900.101609][T12526] bridge0: port 2(bridge_slave_1) entered blocking state
[  900.108381][T26384] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  900.111709][T12526] bridge0: port 2(bridge_slave_1) entered forwarding state
[  900.122992][T26384] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[  900.143718][T26384] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  900.154706][T26384] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  900.163370][T26384] usb 5-1: config 0 descriptor??
[  900.163634][T12526] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  900.176240][T12526] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  900.185254][T29632] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[  900.206415][T26384] hub 5-1:0.0: USB hub found
[  900.206691][  T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  900.223339][T29643] device veth0_vlan entered promiscuous mode
[  900.230186][  T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  900.238196][  T348] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  900.246518][  T348] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  900.263929][  T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  900.273920][T29643] device veth1_macvtap entered promiscuous mode
[  900.285227][T28443] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  900.296996][    T8] device bridge_slave_1 left promiscuous mode
[  900.303047][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[  900.310532][    T8] device bridge_slave_0 left promiscuous mode
[  900.317160][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[  900.326447][    T8] device veth1_macvtap left promiscuous mode
[  900.332496][    T8] device veth0_vlan left promiscuous mode
[  900.392233][   T30] audit: type=1326 audit(2000000432.069:115186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29634 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b12d6c0a9 code=0x7fc00000
[  900.416307][   T30] audit: type=1326 audit(2000000432.069:115187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29634 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f6b12d6c0a9 code=0x7fc00000
[  900.442702][   T30] audit: type=1326 audit(2000000432.069:115188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29634 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b12d6c0a9 code=0x7fc00000
[  900.466800][   T30] audit: type=1326 audit(2000000432.069:115189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29634 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b12d6c0a9 code=0x7fc00000
[  900.492537][   T30] audit: type=1326 audit(2000000432.069:115190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29634 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b12d6c0a9 code=0x7fc00000
[  900.517508][   T30] audit: type=1326 audit(2000000432.069:115191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29634 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b12d6c0a9 code=0x7fc00000
[  900.542150][T12526] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  900.548926][   T30] audit: type=1326 audit(2000000432.069:115192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29634 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b12d6c0a9 code=0x7fc00000
[  900.574357][   T30] audit: type=1326 audit(2000000432.069:115193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29634 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b12d6c0a9 code=0x7fc00000
[  901.237049][T29669] loop2: detected capacity change from 0 to 128
[  901.360251][T29681] input: syz1 as /devices/virtual/input/input115
[  901.569744][T29710] input: syz1 as /devices/virtual/input/input116
[  901.722641][ T7516] usb 3-1: new high-speed USB device number 83 using dummy_hcd
[  902.166963][ T7516] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  902.186351][ T7516] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  902.197570][ T7516] usb 3-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00
[  902.206374][ T7516] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  902.214884][ T7516] usb 3-1: config 0 descriptor??
[  902.557086][T24256] usb 2-1: new high-speed USB device number 67 using dummy_hcd
[  902.720440][ T7516] arvo 0003:1E7D:30D4.00A2: unknown main item tag 0x0
[  902.727710][ T7516] arvo 0003:1E7D:30D4.00A2: item fetching failed at offset 5/7
[  902.729826][T29734] syz-executor.4[29734] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  902.738286][T29734] syz-executor.4[29734] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  902.833328][T24256] usb 2-1: Using ep0 maxpacket: 16
[  902.956836][ T7516] arvo 0003:1E7D:30D4.00A2: parse failed
[  902.962348][ T7516] arvo: probe of 0003:1E7D:30D4.00A2 failed with error -22
[  902.969549][T26384] hub 5-1:0.0: config failed, can't read hub descriptor (err -22)
[  902.978913][ T7516] usb 3-1: USB disconnect, device number 83
[  903.109423][T26384] usbhid 5-1:0.0: can't add hid device: -71
[  903.115203][T26384] usbhid: probe of 5-1:0.0 failed with error -71
[  903.153370][T26384] usb 5-1: USB disconnect, device number 81
[  903.196192][T24256] usb 2-1: New USB device found, idVendor=07c4, idProduct=a400, bcdDevice=b6.03
[  903.205163][T24256] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  903.213885][T24256] usb 2-1: Product: syz
[  903.220047][T24256] usb 2-1: Manufacturer: syz
[  903.225922][T24256] usb 2-1: SerialNumber: syz
[  903.231532][T24256] usb 2-1: config 0 descriptor??
[  903.272317][T24256] usb-storage 2-1:0.0: USB Mass Storage device detected
[  903.279910][T24256] usb-storage 2-1:0.0: Quirks match for vid 07c4 pid a400: 18
[  903.493301][T26384] usb 2-1: USB disconnect, device number 67
[  903.581544][T29762] input: syz1 as /devices/virtual/input/input117
[  903.904838][   T30] kauditd_printk_skb: 61 callbacks suppressed
[  903.904854][   T30] audit: type=1326 audit(2000000435.327:115255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29745 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f917d4560a9 code=0x7fc00000
[  903.935080][   T30] audit: type=1326 audit(2000000435.327:115256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29745 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f917d4560a9 code=0x7fc00000
[  903.960922][   T30] audit: type=1326 audit(2000000435.327:115257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29745 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f917d4560a9 code=0x7fc00000
[  903.995552][   T30] audit: type=1326 audit(2000000435.327:115258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29745 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f917d4560a9 code=0x7fc00000
[  904.019795][  T331] usb 1-1: new high-speed USB device number 89 using dummy_hcd
[  904.027241][   T30] audit: type=1326 audit(2000000435.327:115259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29745 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f917d4560a9 code=0x7fc00000
[  904.054588][   T30] audit: type=1326 audit(2000000435.327:115260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29745 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f917d4560a9 code=0x7fc00000
[  904.080832][   T30] audit: type=1326 audit(2000000435.327:115261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29745 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f917d4560a9 code=0x7fc00000
[  904.105214][   T30] audit: type=1326 audit(2000000435.327:115262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29745 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f917d4560a9 code=0x7fc00000
[  904.129959][   T30] audit: type=1326 audit(2000000435.327:115263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29745 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f917d4560a9 code=0x7fc00000
[  904.154098][   T30] audit: type=1326 audit(2000000435.327:115264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29745 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f917d4560a9 code=0x7fc00000
[  904.453324][  T331] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  904.464256][  T331] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  904.473906][  T331] usb 1-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00
[  904.483910][  T331] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  904.492781][  T331] usb 1-1: config 0 descriptor??
[  904.525262][T29797] syz-executor.2[29797] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  904.525323][T29797] syz-executor.2[29797] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  904.853723][T12526] usb 3-1: new full-speed USB device number 84 using dummy_hcd
[  905.017593][  T331] arvo 0003:1E7D:30D4.00A3: unknown main item tag 0x0
[  905.024219][  T331] arvo 0003:1E7D:30D4.00A3: item fetching failed at offset 5/7
[  905.032225][  T331] arvo 0003:1E7D:30D4.00A3: parse failed
[  905.037862][  T331] arvo: probe of 0003:1E7D:30D4.00A3 failed with error -22
[  905.046680][T29812] syz-executor.1[29812] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  905.046766][T29812] syz-executor.1[29812] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  905.189253][T29823] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  905.215106][T29823] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  905.229169][T29823] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  905.248612][  T348] usb 1-1: USB disconnect, device number 89
[  905.276335][T24256] usb 4-1: new high-speed USB device number 86 using dummy_hcd
[  905.297982][T12526] usb 3-1: not running at top speed; connect to a high speed hub
[  905.384637][T12526] usb 3-1: config 0 has no interfaces?
[  905.536304][T24256] usb 4-1: Using ep0 maxpacket: 16
[  905.614818][T12526] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  905.625626][T12526] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  905.633616][T12526] usb 3-1: Product: syz
[  905.645224][T12526] usb 3-1: Manufacturer: syz
[  905.651187][T12526] usb 3-1: SerialNumber: syz
[  905.700662][T12526] usb 3-1: config 0 descriptor??
[  905.883090][T24256] usb 4-1: New USB device found, idVendor=07c4, idProduct=a400, bcdDevice=b6.03
[  905.892009][T24256] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  905.900098][T24256] usb 4-1: Product: syz
[  905.904110][T24256] usb 4-1: Manufacturer: syz
[  905.908552][T24256] usb 4-1: SerialNumber: syz
[  905.913636][T24256] usb 4-1: config 0 descriptor??
[  905.959259][T24256] usb-storage 4-1:0.0: USB Mass Storage device detected
[  905.962505][T14238] usb 3-1: USB disconnect, device number 84
[  905.978365][T24256] usb-storage 4-1:0.0: Quirks match for vid 07c4 pid a400: 18
[  906.179094][T24256] usb 4-1: USB disconnect, device number 86
[  906.580954][T29849] netlink: 276 bytes leftover after parsing attributes in process `syz-executor.1'.
[  907.325399][T29868] bridge0: port 1(bridge_slave_0) entered blocking state
[  907.332525][T29868] bridge0: port 1(bridge_slave_0) entered disabled state
[  907.339857][T29868] device bridge_slave_0 entered promiscuous mode
[  907.347713][T29868] bridge0: port 2(bridge_slave_1) entered blocking state
[  907.354706][T29868] bridge0: port 2(bridge_slave_1) entered disabled state
[  907.362385][T29868] device bridge_slave_1 entered promiscuous mode
[  907.444591][T29868] bridge0: port 2(bridge_slave_1) entered blocking state
[  907.451466][T29868] bridge0: port 2(bridge_slave_1) entered forwarding state
[  907.458587][T29868] bridge0: port 1(bridge_slave_0) entered blocking state
[  907.465337][T29868] bridge0: port 1(bridge_slave_0) entered forwarding state
[  907.509227][T24256] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  907.521357][T24256] bridge0: port 1(bridge_slave_0) entered disabled state
[  907.529589][T24256] bridge0: port 2(bridge_slave_1) entered disabled state
[  907.592919][T29877] overlayfs: failed to create directory ./file0/work (errno: 126); mounting read-only
[  907.708221][T24256] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  907.716713][T24256] bridge0: port 1(bridge_slave_0) entered blocking state
[  907.719758][T29879] input: syz1 as /devices/virtual/input/input119
[  907.723604][T24256] bridge0: port 1(bridge_slave_0) entered forwarding state
[  907.745885][  T348] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  907.754091][  T348] bridge0: port 2(bridge_slave_1) entered blocking state
[  907.760976][  T348] bridge0: port 2(bridge_slave_1) entered forwarding state
[  907.777511][   T63] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  907.790957][  T348] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  907.805162][T26384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  907.820196][  T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  907.828221][  T348] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  907.835775][  T348] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  907.845151][T29868] device veth0_vlan entered promiscuous mode
[  907.859879][  T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  907.869818][T29868] device veth1_macvtap entered promiscuous mode
[  907.881470][  T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  907.894504][T26384] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  908.007824][    T8] device bridge_slave_1 left promiscuous mode
[  908.014950][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[  908.022277][T26384] Bluetooth: hci0: command 0x1003 tx timeout
[  908.028901][T29894] Bluetooth: hci0: sending frame failed (-49)
[  908.035680][    T8] device bridge_slave_0 left promiscuous mode
[  908.041762][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[  908.050279][    T8] device veth1_macvtap left promiscuous mode
[  908.056126][    T8] device veth0_vlan left promiscuous mode
[  908.234019][T28443] usb 3-1: new full-speed USB device number 85 using dummy_hcd
[  908.570766][T29913] netlink: 276 bytes leftover after parsing attributes in process `syz-executor.3'.
[  909.891800][T28443] usb 3-1: not running at top speed; connect to a high speed hub
[  909.999981][T28443] usb 3-1: config 0 has no interfaces?
[  910.184514][ T1866] Bluetooth: hci1: command 0x1003 tx timeout
[  910.190556][T29894] Bluetooth: hci1: sending frame failed (-49)
[  910.216701][T28443] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  910.225579][T28443] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  910.233688][T28443] usb 3-1: Product: syz
[  910.237683][T28443] usb 3-1: Manufacturer: syz
[  910.242123][T28443] usb 3-1: SerialNumber: syz
[  910.247173][T28443] usb 3-1: config 0 descriptor??
[  910.271014][ T1866] Bluetooth: hci0: command 0x1001 tx timeout
[  910.276974][T29894] Bluetooth: hci0: sending frame failed (-49)
[  910.522369][T28443] usb 3-1: USB disconnect, device number 85
[  910.804322][T29958] netlink: 'syz-executor.1': attribute type 5 has an invalid length.
[  910.833690][T29964] syz-executor.1[29964] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  910.833753][T29964] syz-executor.1[29964] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  912.437656][ T1866] Bluetooth: hci1: command 0x1001 tx timeout
[  912.455116][T29894] Bluetooth: hci1: sending frame failed (-49)
[  912.524364][ T1866] Bluetooth: hci0: command 0x1009 tx timeout
[  913.500409][   T30] kauditd_printk_skb: 30 callbacks suppressed
[  913.500424][   T30] audit: type=1326 audit(2000000444.179:115295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29976 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48ab8200a9 code=0x7ffc0000
[  913.542264][   T30] audit: type=1326 audit(2000000444.179:115296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29976 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48ab8200a9 code=0x7ffc0000
[  913.567341][   T30] audit: type=1326 audit(2000000444.207:115297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29976 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=131 compat=0 ip=0x7f48ab8200a9 code=0x7ffc0000
[  913.594428][   T30] audit: type=1326 audit(2000000444.207:115298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29976 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48ab8200a9 code=0x7ffc0000
[  913.618912][   T30] audit: type=1326 audit(2000000444.207:115299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29976 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48ab8200a9 code=0x7ffc0000
[  913.685355][   T30] audit: type=1400 audit(2000000444.354:115300): avc:  denied  { ioctl } for  pid=29991 comm="syz-executor.1" path="socket:[167346]" dev="sockfs" ino=167346 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  913.768627][T30005] netlink: 'syz-executor.1': attribute type 5 has an invalid length.
[  914.389019][T30035] netlink: 'syz-executor.1': attribute type 5 has an invalid length.
[  914.628268][T30056] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.1'.
[  914.684491][T30059] netlink: 'syz-executor.2': attribute type 5 has an invalid length.
[  914.691218][T24256] Bluetooth: hci1: command 0x1009 tx timeout
[  914.762514][T30062] bridge0: port 1(bridge_slave_0) entered blocking state
[  914.769793][T30062] bridge0: port 1(bridge_slave_0) entered disabled state
[  914.777142][T30062] device bridge_slave_0 entered promiscuous mode
[  914.784357][T30062] bridge0: port 2(bridge_slave_1) entered blocking state
[  914.791416][T30062] bridge0: port 2(bridge_slave_1) entered disabled state
[  914.799008][T30062] device bridge_slave_1 entered promiscuous mode
[  914.849557][T30062] bridge0: port 2(bridge_slave_1) entered blocking state
[  914.856437][T30062] bridge0: port 2(bridge_slave_1) entered forwarding state
[  914.863588][T30062] bridge0: port 1(bridge_slave_0) entered blocking state
[  914.870463][T30062] bridge0: port 1(bridge_slave_0) entered forwarding state
[  914.894146][T14238] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  914.901625][T14238] bridge0: port 1(bridge_slave_0) entered disabled state
[  914.909525][T14238] bridge0: port 2(bridge_slave_1) entered disabled state
[  914.931115][T14238] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  914.939125][T14238] bridge0: port 1(bridge_slave_0) entered blocking state
[  914.945980][T14238] bridge0: port 1(bridge_slave_0) entered forwarding state
[  914.953213][T14238] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  914.961213][T14238] bridge0: port 2(bridge_slave_1) entered blocking state
[  914.968053][T14238] bridge0: port 2(bridge_slave_1) entered forwarding state
[  914.975387][T14238] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  914.983410][T14238] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  915.003187][T28443] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  915.019467][T24256] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  915.028774][T24256] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  915.036236][T24256] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  915.047123][T30062] device veth0_vlan entered promiscuous mode
[  915.061589][ T1866] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  915.071768][T30062] device veth1_macvtap entered promiscuous mode
[  915.088188][ T1866] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  915.100295][T28443] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  915.260085][T30101] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.2'.
[  915.308548][T30113] loop2: detected capacity change from 0 to 256
[  915.354507][T30117] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  915.444267][T30129] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.1'.
[  915.526659][   T30] audit: type=1400 audit(2000000446.053:115301): avc:  denied  { getopt } for  pid=30143 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  915.621513][T30156] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.1'.
[  915.798635][T30162] loop2: detected capacity change from 0 to 40427
[  915.818782][   T10] device bridge_slave_1 left promiscuous mode
[  915.824740][   T10] bridge0: port 2(bridge_slave_1) entered disabled state
[  915.832356][   T10] device bridge_slave_0 left promiscuous mode
[  915.838347][   T10] bridge0: port 1(bridge_slave_0) entered disabled state
[  915.848820][   T10] device veth1_macvtap left promiscuous mode
[  915.849982][T30162] F2FS-fs (loop2): Found nat_bits in checkpoint
[  915.854748][   T10] device veth0_vlan left promiscuous mode
[  915.884249][T30162] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  915.895710][   T30] audit: type=1326 audit(2000000446.394:115302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30161 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9ddf9650a9 code=0x0
[  916.568209][T23697] attempt to access beyond end of device
[  916.568209][T23697] loop2: rw=2049, want=45104, limit=40427
[  917.171474][T30233] overlayfs: failed to create directory ./file0/work (errno: 126); mounting read-only
[  917.398786][T30241] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[  917.529727][T14238] usb 3-1: new full-speed USB device number 86 using dummy_hcd
[  917.789748][ T1866] usb 1-1: new high-speed USB device number 90 using dummy_hcd
[  917.963183][T14238] usb 3-1: not running at top speed; connect to a high speed hub
[  918.049823][T14238] usb 3-1: config 0 has no interfaces?
[  918.082352][ T1866] usb 1-1: Using ep0 maxpacket: 16
[  918.101006][T30270] 9pnet: bogus RWRITE count (2 > 1)
[  918.223235][T14238] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  918.232247][T14238] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  918.240275][T14238] usb 3-1: Product: syz
[  918.244406][T14238] usb 3-1: Manufacturer: syz
[  918.249246][T14238] usb 3-1: SerialNumber: syz
[  918.254428][T14238] usb 3-1: config 0 descriptor??
[  918.340561][T30295] 9pnet: bogus RWRITE count (2 > 1)
[  918.461648][ T1866] usb 1-1: New USB device found, idVendor=07c4, idProduct=a400, bcdDevice=b6.03
[  918.470565][ T1866] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  918.478427][ T1866] usb 1-1: Product: syz
[  918.483134][ T1866] usb 1-1: Manufacturer: syz
[  918.487610][ T1866] usb 1-1: SerialNumber: syz
[  918.492639][ T1866] usb 1-1: config 0 descriptor??
[  918.508378][   T30] audit: type=1326 audit(2000000448.803:115303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30317 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f48ab8200a9 code=0x0
[  918.534807][T14238] usb 3-1: USB disconnect, device number 86
[  918.559359][ T1866] usb-storage 1-1:0.0: USB Mass Storage device detected
[  918.566900][ T1866] usb-storage 1-1:0.0: Quirks match for vid 07c4 pid a400: 18
[  918.778704][ T1866] usb 1-1: USB disconnect, device number 90
[  919.095832][T30323] 9pnet: bogus RWRITE count (2 > 1)
[  919.614675][    T8] Bluetooth: hci0: Frame reassembly failed (-84)
[  919.765238][T30378] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'.
[  919.775082][T30378] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'.
[  919.838480][T30392] syz-executor.3[30392] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  919.838568][T30392] syz-executor.3[30392] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  919.889055][T30399] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[  920.167575][T30408] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.4'.
[  920.177408][T30408] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.4'.
[  920.210132][T30414] xt_CT: You must specify a L4 protocol and not use inversions on it
[  920.295167][T30421] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[  920.312509][   T30] audit: type=1400 audit(2000000450.465:115304): avc:  denied  { mounton } for  pid=30409 comm="syz-executor.4" path="/root/syzkaller-testdir2577455920/syzkaller.PpPFMf/49/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=file permissive=1
[  920.441630][T30423] syz-executor.3[30423] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  920.441693][T30423] syz-executor.3[30423] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  920.579035][T30435] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.0'.
[  920.601079][T30435] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.0'.
[  920.636015][T30442] xt_CT: You must specify a L4 protocol and not use inversions on it
[  920.751729][T30452] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[  920.854586][T30458] loop0: detected capacity change from 0 to 2048
[  920.872513][T30462] syz-executor.3[30462] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  920.872573][T30462] syz-executor.3[30462] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  920.893900][T30464] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'.
[  920.915722][T30464] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'.
[  920.938717][T30458] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  920.952802][T30458] ext4 filesystem being mounted at /root/syzkaller-testdir377108947/syzkaller.CnVLBT/126/file0 supports timestamps until 2038 (0x7fffffff)
[  920.976702][T30474] xt_CT: You must specify a L4 protocol and not use inversions on it
[  921.045316][T30488] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[  921.053337][T30491] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'.
[  921.108887][T30500] syz-executor.4[30500] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  921.108962][T30500] syz-executor.4[30500] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  921.122114][T30500] syz-executor.4[30500] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  921.134038][T30500] syz-executor.4[30500] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  921.365062][T24256] usb 4-1: new high-speed USB device number 87 using dummy_hcd
[  921.657595][T24256] usb 4-1: Using ep0 maxpacket: 16
[  921.798486][T25318] Bluetooth: hci0: command 0x1003 tx timeout
[  921.805908][   T47] Bluetooth: hci0: sending frame failed (-49)
[  921.820245][T24256] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[  921.835636][T24256] usb 4-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  921.844589][T24256] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  921.853537][T24256] usb 4-1: config 0 descriptor??
[  922.160805][T30545] loop4: detected capacity change from 0 to 512
[  922.211167][T30545] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  922.222669][T30545] EXT4-fs (loop4): 1 truncate cleaned up
[  922.228177][T30545] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  922.602122][T30550] UDC core: couldn't find an available UDC or it's busy: -16
[  922.615068][T30550] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  922.647717][T30550] UDC core: couldn't find an available UDC or it's busy: -16
[  922.678848][T30550] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  922.758855][T24256] hid-generic 0003:0158:0100.00A4: unknown main item tag 0x1
[  922.766180][T24256] hid-generic 0003:0158:0100.00A4: unexpected long global item
[  922.773852][T24256] hid-generic: probe of 0003:0158:0100.00A4 failed with error -22
[  922.934170][T30556] xt_CT: You must specify a L4 protocol and not use inversions on it
[  924.034364][T30591] xt_CT: You must specify a L4 protocol and not use inversions on it
[  924.052484][T12051] Bluetooth: hci0: command 0x1001 tx timeout
[  924.058668][   T47] Bluetooth: hci0: sending frame failed (-49)
[  924.345047][T12051] usb 4-1: USB disconnect, device number 87
[  924.736288][T30626] futex_wake_op: syz-executor.3 tries to shift op by -1; fix this program
[  925.092826][   T30] audit: type=1326 audit(2000000454.886:115305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=30642 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f52dd54f0a9 code=0x0
[  925.363801][T30650] 9pnet: Unknown protocol version 9p2000.ڴ>;1��gˏӟ?�u
[  925.374799][T30650] cgroup: Bad value for 'name'
[  925.398658][T30650] 9pnet: Could not find request transport: rd��n����|�Jm
[  925.436807][T30650] SELinux:  Context system_u:object_r:systemd_passwd_agent_exec_t:s0 is not valid (left unmapped).
[  925.495049][   T30] audit: type=1400 audit(2000000455.255:115306): avc:  denied  { relabelto } for  pid=30646 comm="syz-executor.4" name="bus" dev="sda1" ino=1995 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:systemd_passwd_agent_exec_t:s0"
[  925.557333][   T30] audit: type=1400 audit(2000000455.301:115307): avc:  denied  { unlink } for  pid=28708 comm="syz-executor.4" name="bus" dev="sda1" ino=1995 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:systemd_passwd_agent_exec_t:s0"
[  925.839611][  T332] usb 4-1: new high-speed USB device number 88 using dummy_hcd
[  925.928648][T30665] SELinux: security_context_str_to_sid(root) failed for (dev ?, type ?) errno=-22
[  925.956561][T30665] SELinux: security_context_str_to_sid(root) failed for (dev 9p, type 9p) errno=-22
[  926.099594][  T332] usb 4-1: Using ep0 maxpacket: 16
[  926.234493][   T30] audit: type=1400 audit(2000000455.910:115308): avc:  denied  { setopt } for  pid=30672 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  926.405058][ T7516] Bluetooth: hci0: command 0x1009 tx timeout
[  926.478968][  T332] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[  926.485651][T30679] futex_wake_op: syz-executor.1 tries to shift op by -1; fix this program
[  926.490121][  T332] usb 4-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  926.516258][  T332] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  926.528830][  T332] usb 4-1: config 0 descriptor??
[  926.587684][T30681] loop7: detected capacity change from 1036 to 972
[  927.939609][T30693] UDC core: couldn't find an available UDC or it's busy: -16
[  927.952581][T30693] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  927.985618][T30684] UDC core: couldn't find an available UDC or it's busy: -16
[  927.996080][T30684] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  928.065459][  T332] hid-generic 0003:0158:0100.00A5: unknown main item tag 0x1
[  928.074320][  T332] hid-generic 0003:0158:0100.00A5: unexpected long global item
[  928.081932][  T332] hid-generic: probe of 0003:0158:0100.00A5 failed with error -22
[  928.763333][T30775] raw_sendmsg: syz-executor.1 forgot to set AF_INET. Fix it!
[  928.925196][T30797] loop4: detected capacity change from 0 to 256
[  928.978029][T30797] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d)
[  929.945748][T30809] loop0: detected capacity change from 0 to 256
[  929.957103][T28443] usb 4-1: USB disconnect, device number 88
[  929.987061][T30809] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  930.006294][T30809] __nla_validate_parse: 1 callbacks suppressed
[  930.006315][T30809] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.0'.
[  930.021434][T30809] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.0'.
[  930.046204][   T30] audit: type=1400 audit(2000000459.455:115309): avc:  denied  { create } for  pid=30814 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  930.181658][T30839] loop0: detected capacity change from 0 to 256
[  930.272830][T30839] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d)
[  930.300589][T30848] loop4: detected capacity change from 0 to 256
[  931.764566][T30848] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  931.803382][T30848] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.4'.
[  932.004341][T30848] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.4'.
[  932.041296][T30875] loop2: detected capacity change from 0 to 1024
[  932.075940][T30875] EXT4-fs (loop2): Test dummy encryption mode enabled
[  932.105632][T30875] EXT4-fs (loop2): Ignoring removed orlov option
[  932.146142][T30875] EXT4-fs (loop2): mounted filesystem without journal. Opts: test_dummy_encryption,debug_want_extra_isize=0x0000000000000084,stripe=0x0000000000000007,commit=0x0000000000000005,orlov,barrier=0x0000000000000005,max_batch_time=0x0000000000000000,data_err=abort,,errors=continue. Quota mode: writeback.
[  932.704329][T30904] loop2: detected capacity change from 0 to 256
[  932.786434][T30904] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  932.830455][T30904] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'.
[  932.968637][T30904] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'.
[  933.195950][T30906] bridge0: port 1(bridge_slave_0) entered blocking state
[  933.210831][T30906] bridge0: port 1(bridge_slave_0) entered disabled state
[  933.218282][T30906] device bridge_slave_0 entered promiscuous mode
[  933.228265][T30906] bridge0: port 2(bridge_slave_1) entered blocking state
[  933.235270][T30906] bridge0: port 2(bridge_slave_1) entered disabled state
[  933.245177][T30906] device bridge_slave_1 entered promiscuous mode
[  933.674297][T30906] bridge0: port 2(bridge_slave_1) entered blocking state
[  933.681188][T30906] bridge0: port 2(bridge_slave_1) entered forwarding state
[  933.688355][T30906] bridge0: port 1(bridge_slave_0) entered blocking state
[  933.695316][T30906] bridge0: port 1(bridge_slave_0) entered forwarding state
[  933.780048][T26384] bridge0: port 1(bridge_slave_0) entered disabled state
[  933.788133][T26384] bridge0: port 2(bridge_slave_1) entered disabled state
[  933.826961][T26384] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  935.134098][T26384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  935.187253][T30947] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3
[  935.203146][ T7516] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  935.218313][ T7516] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  935.227492][ T7516] bridge0: port 1(bridge_slave_0) entered blocking state
[  935.234394][ T7516] bridge0: port 1(bridge_slave_0) entered forwarding state
[  935.258268][T29916] device bridge_slave_1 left promiscuous mode
[  935.274859][T29916] bridge0: port 2(bridge_slave_1) entered disabled state
[  935.303452][T29916] device bridge_slave_0 left promiscuous mode
[  935.309873][T29916] bridge0: port 1(bridge_slave_0) entered disabled state
[  935.319028][T29916] device veth1_macvtap left promiscuous mode
[  935.325097][T29916] device veth0_vlan left promiscuous mode
[  936.059563][T30963] input: syz0 as /devices/virtual/input/input125
[  936.251333][T14238] usb 3-1: new high-speed USB device number 87 using dummy_hcd
[  936.403439][T30968] syz-executor.1 (30968): attempted to duplicate a private mapping with mremap.  This is not supported.
[  936.426287][T28443] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  936.434582][T28443] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  936.442812][T28443] bridge0: port 2(bridge_slave_1) entered blocking state
[  936.449679][T28443] bridge0: port 2(bridge_slave_1) entered forwarding state
[  936.457053][T28443] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  936.465220][T28443] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  936.473441][T28443] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  936.481537][T28443] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  936.512530][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  936.522054][  T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  936.522150][T14238] usb 3-1: Using ep0 maxpacket: 16
[  936.542047][T30906] device veth0_vlan entered promiscuous mode
[  936.550764][T28443] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  936.561207][T28443] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  936.572402][T28443] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  936.579911][T28443] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  936.661113][T28443] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  936.670548][T28443] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  936.681049][T30906] device veth1_macvtap entered promiscuous mode
[  936.687626][T14238] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[  936.699165][T30958] loop0: detected capacity change from 0 to 131072
[  936.983547][T30958] F2FS-fs (loop0): invalid crc value
[  937.225721][T14238] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  937.235124][T14238] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  937.244141][T14238] usb 3-1: config 0 descriptor??
[  937.249689][T28443] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  937.257792][T28443] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  937.259202][T30958] F2FS-fs (loop0): Found nat_bits in checkpoint
[  937.266511][T28443] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  937.282032][T28443] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  937.290333][T28443] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  937.333206][T30958] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[  937.368643][T30958] devpts: called with bogus options
[  938.064144][T31015] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3
[  938.101040][T31020] loop0: detected capacity change from 0 to 2048
[  938.147748][T31020]  loop0: p1 < > p4
[  938.152482][T31020] loop0: p4 size 8388608 extends beyond EOD, truncated
[  938.563297][T31018] UDC core: couldn't find an available UDC or it's busy: -16
[  938.591541][T31018] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  938.599618][T31018] UDC core: couldn't find an available UDC or it's busy: -16
[  938.606969][T31018] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  938.638407][T14238] hid-generic 0003:0158:0100.00A6: unknown main item tag 0x1
[  938.653524][T14238] hid-generic 0003:0158:0100.00A6: unexpected long global item
[  938.683943][T14238] hid-generic: probe of 0003:0158:0100.00A6 failed with error -22
[  938.699229][   T30] audit: type=1326 audit(2000000467.439:115310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31029 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b12d6c0a9 code=0x7ffc0000
[  938.750836][   T30] audit: type=1326 audit(2000000467.439:115311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31029 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f6b12d6c0a9 code=0x7ffc0000
[  938.804220][   T30] audit: type=1326 audit(2000000467.439:115312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31029 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b12d6c0a9 code=0x7ffc0000
[  938.896418][   T30] audit: type=1326 audit(2000000467.485:115313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31029 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b12d6c0a9 code=0x7ffc0000
[  940.282255][T31063] device pim6reg1 entered promiscuous mode
[  940.342453][  T497] usb 3-1: USB disconnect, device number 87
[  940.572586][T31034] loop0: detected capacity change from 0 to 131072
[  940.672864][T31034] F2FS-fs (loop0): Wrong segment_count / block_count (65567 > 16384)
[  940.687599][T31034] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  940.714818][T31034] F2FS-fs (loop0): Found nat_bits in checkpoint
[  940.794956][T31034] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  940.802046][T31034] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  940.835354][T31099] bpf_get_probe_write_proto: 12 callbacks suppressed
[  940.835376][T31099] syz-executor.1[31099] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  940.843019][T31099] syz-executor.1[31099] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  940.856513][T31099] syz-executor.1[31099] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  940.868493][T31099] syz-executor.1[31099] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  941.278417][T26384] usb 4-1: new high-speed USB device number 89 using dummy_hcd
[  941.314583][T31112] loop4: detected capacity change from 0 to 512
[  941.355887][T31112] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  941.420472][T31112] EXT4-fs error (device loop4): ext4_orphan_get:1397: inode #17: comm syz-executor.4: iget: bad i_size value: -6917529027641081756
[  941.435442][T31112] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz-executor.4: couldn't read orphan inode 17 (err -117)
[  941.448699][T31112] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  941.469162][   T30] audit: type=1400 audit(2000000469.995:115314): avc:  denied  { watch_reads } for  pid=31111 comm="syz-executor.4" path="/root/syzkaller-testdir3703366428/syzkaller.tHwB0E/11/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0" dev="loop4" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  941.507270][T31112] EXT4-fs error (device loop4): ext4_readdir:260: inode #12: block 13: comm syz-executor.4: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=12, rec_len=0, size=4096 fake=0
[  941.560041][T26384] usb 4-1: Using ep0 maxpacket: 16
[  941.572395][T31123] loop0: detected capacity change from 0 to 128
[  941.604189][T31123] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  941.633345][T31123] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  941.690190][T26384] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[  941.706949][T26384] usb 4-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  941.716902][T26384] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  941.727311][T26384] usb 4-1: config 0 descriptor??
[  941.755098][  T460] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  941.767751][T31129] syz-executor.2[31129] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  941.767836][T31129] syz-executor.2[31129] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  941.781159][T31129] syz-executor.2[31129] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  941.793036][T31129] syz-executor.2[31129] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  941.867359][   T30] audit: type=1326 audit(2000000470.364:115315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31136 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52dd54f0a9 code=0x7ffc0000
[  941.957578][   T30] audit: type=1326 audit(2000000470.364:115316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31136 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f52dd54f0a9 code=0x7ffc0000
[  942.025376][   T30] audit: type=1326 audit(2000000470.401:115317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31136 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52dd54f0a9 code=0x7ffc0000
[  942.101892][   T30] audit: type=1326 audit(2000000470.401:115318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31136 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=98 compat=0 ip=0x7f52dd54f0a9 code=0x7ffc0000
[  942.177259][   T30] audit: type=1326 audit(2000000470.401:115319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31136 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52dd54f0a9 code=0x7ffc0000
[  942.273892][T31141] loop0: detected capacity change from 0 to 40427
[  942.341138][T31141] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  942.351011][T31141] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  942.370553][T31141] F2FS-fs (loop0): invalid crc value
[  942.391896][T31141] F2FS-fs (loop0): Found nat_bits in checkpoint
[  942.462275][T31141] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  942.484732][T31141] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  942.546616][T31153] UDC core: couldn't find an available UDC or it's busy: -16
[  942.569420][T31153] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  942.689426][T31153] UDC core: couldn't find an available UDC or it's busy: -16
[  942.718034][T31153] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  943.005958][T29916] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  943.006864][T26384] hid-generic 0003:0158:0100.00A7: unknown main item tag 0x1
[  943.015885][T29916] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  943.075274][T26384] hid-generic 0003:0158:0100.00A7: unexpected long global item
[  943.103584][T26384] hid-generic: probe of 0003:0158:0100.00A7 failed with error -22
[  943.202364][T31133] loop4: detected capacity change from 0 to 131072
[  943.261912][T31133] F2FS-fs (loop4): Wrong segment_count / block_count (65567 > 16384)
[  943.272169][T31133] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  943.304814][T31133] F2FS-fs (loop4): Found nat_bits in checkpoint
[  943.360970][T31178] loop0: detected capacity change from 0 to 512
[  943.371348][T31133] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  943.378240][T31133] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  943.420189][T31178] EXT4-fs error (device loop0): ext4_xattr_block_get:546: inode #2: comm syz-executor.0: corrupted xattr block 255
[  943.445481][T31178] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -117
[  943.462394][T31178] EXT4-fs (loop0): mounted filesystem without journal. Opts: data_err=abort,noblock_validity,dioread_lock,init_itable,auto_da_alloc,grpjquota=.noload,barrier=0x0000000000000007,jqfmt=vfsv1,grpid,,,errors=continue. Quota mode: writeback.
[  943.535476][T31178] EXT4-fs error (device loop0): ext4_xattr_block_get:546: inode #2: comm syz-executor.0: corrupted xattr block 255
[  943.559982][T31178] SELinux: (dev loop0, type ext4) getxattr errno 117
[  944.117551][T31189] loop0: detected capacity change from 0 to 40427
[  944.150622][T31189] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  944.160985][T31189] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  944.188621][T31189] F2FS-fs (loop0): Found nat_bits in checkpoint
[  944.251388][T31189] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  944.268618][T31189] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  944.303355][T31189] attempt to access beyond end of device
[  944.303355][T31189] loop0: rw=2049, want=45104, limit=40427
[  944.386380][T12051] usb 4-1: USB disconnect, device number 89
[  944.487795][T31207] tipc: Failed to remove unknown binding: 66,1,1/0:282169267/282169269
[  944.509395][T31207] tipc: Failed to remove unknown binding: 66,1,1/0:282169267/282169269
[  944.517559][T31207] tipc: Failed to remove unknown binding: 66,1,1/0:282169267/282169269
[  944.564399][   T30] audit: type=1326 audit(2000000472.857:115320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31215 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b12d6c0a9 code=0x7ffc0000
[  944.594370][   T30] audit: type=1326 audit(2000000472.857:115321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31215 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6b12d6c0a9 code=0x7ffc0000
[  944.623468][   T30] audit: type=1326 audit(2000000472.875:115322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31215 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b12d6c0a9 code=0x7ffc0000
[  944.649594][   T30] audit: type=1326 audit(2000000472.884:115323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31215 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b12d6c0a9 code=0x7ffc0000
[  944.777863][   T30] audit: type=1326 audit(2000000472.884:115324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31215 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=98 compat=0 ip=0x7f6b12d6c0a9 code=0x7ffc0000
[  944.821221][   T30] audit: type=1326 audit(2000000472.884:115325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31215 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b12d6c0a9 code=0x7ffc0000
[  945.080578][   T30] audit: type=1326 audit(2000000472.884:115326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31215 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b12d6c0a9 code=0x7ffc0000
[  945.229877][T31225] loop2: detected capacity change from 0 to 40427
[  945.276202][  T497] usb 5-1: new high-speed USB device number 82 using dummy_hcd
[  945.516984][T31225] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  945.532387][T31225] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  945.546159][T31225] F2FS-fs (loop2): Found nat_bits in checkpoint
[  945.584497][T31225] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  945.591528][T31225] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  945.672720][T31225] attempt to access beyond end of device
[  945.672720][T31225] loop2: rw=2049, want=45104, limit=40427
[  945.785396][  T497] usb 5-1: Using ep0 maxpacket: 16
[  945.915558][  T497] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[  945.927071][  T497] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  945.936018][  T497] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  946.144943][  T497] usb 5-1: config 0 descriptor??
[  946.222332][   T30] audit: type=1326 audit(2000000473.378:115327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31253 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ddf9650a9 code=0x7ffc0000
[  946.261252][   T30] audit: type=1326 audit(2000000473.378:115328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31253 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ddf9650a9 code=0x7ffc0000
[  946.261641][T31258] tipc: Failed to remove unknown binding: 66,1,1/0:2124565964/2124565966
[  946.285588][   T30] audit: type=1326 audit(2000000473.406:115329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31253 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9ddf9650a9 code=0x7ffc0000
[  946.329534][T31258] tipc: Failed to remove unknown binding: 66,1,1/0:2124565964/2124565966
[  946.337804][T31258] tipc: Failed to remove unknown binding: 66,1,1/0:2124565964/2124565966
[  946.512029][T31271] loop0: detected capacity change from 0 to 256
[  946.562799][T31256] overlayfs: invalid redirect (./file1)
[  946.621442][T31271] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  947.035111][T31291] tipc: Failed to remove unknown binding: 66,1,1/0:163043559/163043561
[  947.097763][T31292] tipc: Failed to remove unknown binding: 66,1,1/0:163043559/163043561
[  947.134686][T31292] tipc: Failed to remove unknown binding: 66,1,1/0:163043559/163043561
[  947.251290][T31279] UDC core: couldn't find an available UDC or it's busy: -16
[  947.259200][T31279] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  947.279983][T31279] UDC core: couldn't find an available UDC or it's busy: -16
[  947.289483][T31279] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  947.356433][  T497] hid-generic 0003:0158:0100.00A8: unknown main item tag 0x1
[  947.372093][  T497] hid-generic 0003:0158:0100.00A8: unexpected long global item
[  947.381862][  T497] hid-generic: probe of 0003:0158:0100.00A8 failed with error -22
[  948.351512][T31301] loop2: detected capacity change from 0 to 512
[  948.536894][T31301] EXT4-fs error (device loop2): ext4_xattr_block_get:546: inode #2: comm syz-executor.2: corrupted xattr block 255
[  948.595558][T31301] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117
[  948.622243][T31301] EXT4-fs (loop2): mounted filesystem without journal. Opts: data_err=abort,noblock_validity,dioread_lock,init_itable,auto_da_alloc,grpjquota=.noload,barrier=0x0000000000000007,jqfmt=vfsv1,grpid,,,errors=continue. Quota mode: writeback.
[  948.680922][T31301] EXT4-fs error (device loop2): ext4_xattr_block_get:546: inode #2: comm syz-executor.2: corrupted xattr block 255
[  948.707333][T31301] SELinux: (dev loop2, type ext4) getxattr errno 117
[  948.838641][T31316] loop2: detected capacity change from 0 to 256
[  948.854790][T31309] loop0: detected capacity change from 0 to 40427
[  948.918260][T31309] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  948.927166][T31316] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  948.941185][T31309] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  948.966431][T31309] F2FS-fs (loop0): invalid crc value
[  949.006676][T31309] F2FS-fs (loop0): Found nat_bits in checkpoint
[  949.142305][T31309] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  949.159987][T31309] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  949.272654][T31309] overlayfs: invalid redirect (./file1)
[  949.293519][  T460] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  949.305367][  T460] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  949.382680][T31323] loop2: detected capacity change from 0 to 40427
[  949.416139][T31323] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  949.546238][T31323] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  949.568692][T31323] F2FS-fs (loop2): invalid crc value
[  950.738938][T31323] F2FS-fs (loop2): Found nat_bits in checkpoint
[  950.748625][  T497] usb 5-1: USB disconnect, device number 82
[  950.887273][T31323] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  950.913613][T31323] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  951.106696][T31368] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[  951.121800][T31368] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[  951.184458][T31368] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=31368 comm=syz-executor.0
[  952.533410][T31378] loop0: detected capacity change from 0 to 256
[  952.800718][T31378] exFAT-fs (loop0): failed to load upcase table (idx : 0x00011a37, chksum : 0xd675b107, utbl_chksum : 0xe619d30d)
[  953.022532][   T30] kauditd_printk_skb: 13 callbacks suppressed
[  953.022548][   T30] audit: type=1326 audit(2000000478.670:115343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31403 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b12d6c0a9 code=0x7ffc0000
[  953.081610][   T30] audit: type=1326 audit(2000000478.670:115344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31403 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b12d6c0a9 code=0x7ffc0000
[  953.106209][   T30] audit: type=1326 audit(2000000478.698:115345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31403 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6b12d6c0a9 code=0x7ffc0000
[  953.168015][   T30] audit: type=1326 audit(2000000478.698:115346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31403 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b12d6c0a9 code=0x7ffc0000
[  953.202107][   T30] audit: type=1326 audit(2000000478.698:115347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31403 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b12d6c0a9 code=0x7ffc0000
[  953.238787][   T30] audit: type=1326 audit(2000000478.698:115348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31403 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6b12d6c0a9 code=0x7ffc0000
[  953.263153][   T30] audit: type=1326 audit(2000000478.716:115349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31403 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b12d6c0a9 code=0x7ffc0000
[  953.288538][T31425] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  953.300398][   T30] audit: type=1326 audit(2000000478.716:115350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31403 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b12d6c0a9 code=0x7ffc0000
[  953.324899][T31425] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[  953.334118][   T30] audit: type=1326 audit(2000000478.716:115351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31403 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6b12d6c0a9 code=0x7ffc0000
[  953.367444][   T30] audit: type=1326 audit(2000000478.716:115352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31403 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b12d6c0a9 code=0x7ffc0000
[  953.392496][T31425] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=31425 comm=syz-executor.2
[  953.424839][T31431] device pim6reg1 entered promiscuous mode
[  953.533736][T31443] loop2: detected capacity change from 0 to 1024
[  953.577664][T31454] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[  953.587406][T31454] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[  953.612681][T31454] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=31454 comm=syz-executor.3
[  953.649706][T31443] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  953.718880][T31473] device pim6reg1 entered promiscuous mode
[  953.816241][T31496] loop0: detected capacity change from 0 to 512
[  953.881873][T31496] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  953.908615][T31496] EXT4-fs (loop0): 1 truncate cleaned up
[  953.915628][T31484] loop4: detected capacity change from 0 to 40427
[  953.916601][T31496] EXT4-fs (loop0): mounted filesystem without journal. Opts: debug_want_extra_isize=0x000000000000002e,min_batch_time=0x0000000000000fff,inode_readahead_blks=0x0000000000000080,stripe=0x0000000000004000,errors=remount-ro,max_batch_time=0x0000000000000004,. Quota mode: none.
[  953.953315][T31496] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.0: corrupted in-inode xattr
[  953.973622][T31496] EXT4-fs (loop0): Remounting filesystem read-only
[  953.980184][T31496] EXT4-fs warning (device loop0): ext4_xattr_set_entry:1745: inode #15: comm syz-executor.0: unable to update i_inline_off
[  953.994620][T31484] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  954.002472][T31484] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  954.014946][T31484] F2FS-fs (loop4): invalid crc value
[  954.031875][T31484] F2FS-fs (loop4): Found nat_bits in checkpoint
[  954.046928][T31516] device pim6reg1 entered promiscuous mode
[  954.072283][T31484] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  954.079253][T31484] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  954.263643][T31562] device pim6reg1 entered promiscuous mode
[  954.373976][T31581] loop4: detected capacity change from 0 to 1024
[  954.445557][T31581] EXT4-fs warning (device loop4): ext4_enable_quotas:6410: Failed to enable quota tracking (type=2, err=-13, ino=12). Please run e2fsck to fix.
[  954.466684][T31581] EXT4-fs (loop4): mount failed
[  954.510269][T31559] loop2: detected capacity change from 0 to 40427
[  954.540081][T31559] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  954.547637][T31559] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  954.557239][T31559] F2FS-fs (loop2): invalid crc value
[  954.575571][T31559] F2FS-fs (loop2): Found nat_bits in checkpoint
[  954.611548][T31559] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  954.618485][T31559] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  954.652240][T31607] device pim6reg1 entered promiscuous mode
[  954.723644][  T497] usb 1-1: new high-speed USB device number 91 using dummy_hcd
[  954.793905][T31625] overlayfs: failed to resolve './file0': -2
[  954.966174][T31650] netlink: 200 bytes leftover after parsing attributes in process `syz-executor.4'.
[  955.157073][  T497] usb 1-1: Using ep0 maxpacket: 32
[  955.289719][T31679] loop2: detected capacity change from 0 to 512
[  955.322270][T31679] EXT4-fs error (device loop2): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor.2: inline data xattr refers to an external xattr inode
[  955.337852][T31679] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz-executor.2: couldn't read orphan inode 12 (err -117)
[  955.352251][T31679] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=continue,,errors=continue. Quota mode: none.
[  955.366975][T31679] syz-executor.2[31679] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  955.367084][T31679] syz-executor.2[31679] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  955.460471][  T497] usb 1-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed
[  955.481330][  T497] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  955.489208][  T497] usb 1-1: Product: syz
[  955.493194][  T497] usb 1-1: Manufacturer: syz
[  955.497574][  T497] usb 1-1: SerialNumber: syz
[  955.555388][T31691] fuse: Unknown parameter '��'
[  955.772028][  T497] usb 1-1: config 0 descriptor??
[  956.115380][T31708] loop4: detected capacity change from 0 to 40427
[  956.166160][T31708] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  956.173725][T31708] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  956.182999][T31708] F2FS-fs (loop4): invalid crc value
[  956.189825][T31708] F2FS-fs (loop4): Found nat_bits in checkpoint
[  956.239698][T31708] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  956.259780][T31708] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  956.408367][T31755] loop2: detected capacity change from 0 to 512
[  956.428566][T31760] syz-executor.1[31760] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  956.428650][T31760] syz-executor.1[31760] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  956.449018][T31755] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  956.482494][T31755] EXT4-fs (loop2): 1 truncate cleaned up
[  956.487966][T31755] EXT4-fs (loop2): mounted filesystem without journal. Opts: debug_want_extra_isize=0x000000000000002e,min_batch_time=0x0000000000000fff,inode_readahead_blks=0x0000000000000080,stripe=0x0000000000004000,errors=remount-ro,max_batch_time=0x0000000000000004,. Quota mode: none.
[  956.521055][T31755] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.2: corrupted in-inode xattr
[  956.533034][  T497] (unnamed net_device) (uninitialized): Assigned a random MAC address: 3e:c2:14:9c:48:92
[  956.542070][T31763] loop4: detected capacity change from 0 to 1024
[  956.544870][  T497] rtl8150 1-1:0.0: eth1: rtl8150 is detected
[  956.549516][T31755] EXT4-fs (loop2): Remounting filesystem read-only
[  956.561205][T31755] EXT4-fs warning (device loop2): ext4_xattr_set_entry:1745: inode #15: comm syz-executor.2: unable to update i_inline_off
[  956.576939][T31763] EXT4-fs warning (device loop4): ext4_enable_quotas:6410: Failed to enable quota tracking (type=2, err=-13, ino=12). Please run e2fsck to fix.
[  956.592640][T31763] EXT4-fs (loop4): mount failed
[  956.675300][T31766] fuse: Unknown parameter '��
[  956.675300][T31766] '
[  956.768217][  T348] usb 1-1: USB disconnect, device number 91
[  957.035202][T31784] loop4: detected capacity change from 0 to 512
[  957.065841][T31784] EXT4-fs warning (device loop4): ext4_multi_mount_protect:326: fsck is running on the filesystem
[  957.079926][T31784] EXT4-fs warning (device loop4): ext4_multi_mount_protect:326: MMP failure info: last update time: 1669132786, last update node: dvyukov-desk.muc.corp.google.com, last update device: loop4
[  957.192936][T31789] loop2: detected capacity change from 0 to 40427
[  957.235886][T31789] F2FS-fs (loop2): invalid crc value
[  957.242387][T31789] F2FS-fs (loop2): Found nat_bits in checkpoint
[  957.278532][T31789] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  957.418170][T31800] overlayfs: failed to resolve './file0': -2
[  957.692252][  T348] usb 1-1: new high-speed USB device number 92 using dummy_hcd
[  957.700754][T31794] loop4: detected capacity change from 0 to 40427
[  957.739255][  T460] attempt to access beyond end of device
[  957.739255][  T460] loop2: rw=2049, want=45104, limit=40427
[  957.747821][T31794] F2FS-fs (loop4): Found nat_bits in checkpoint
[  957.773107][T31794] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  957.785489][T31794] attempt to access beyond end of device
[  957.785489][T31794] loop4: rw=10241, want=45104, limit=40427
[  957.797219][T31794] attempt to access beyond end of device
[  957.797219][T31794] loop4: rw=2049, want=45112, limit=40427
[  957.808515][T31808] attempt to access beyond end of device
[  957.808515][T31808] loop4: rw=2049, want=45120, limit=40427
[  957.819770][T31794] attempt to access beyond end of device
[  957.819770][T31794] loop4: rw=2049, want=45128, limit=40427
[  958.093161][  T348] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  958.114764][  T348] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  958.124350][  T348] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  958.141545][  T348] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  958.225522][T31828] loop2: detected capacity change from 0 to 512
[  958.226121][  T348] usb 1-1: config 0 descriptor??
[  958.280262][T31828] EXT4-fs error (device loop2): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor.2: inline data xattr refers to an external xattr inode
[  958.444817][T31834] overlayfs: statfs failed on './file0'
[  958.529695][T31828] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz-executor.2: couldn't read orphan inode 12 (err -117)
[  958.542152][T31828] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=continue,,errors=continue. Quota mode: none.
[  958.556745][T31828] syz-executor.2[31828] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  958.556833][T31828] syz-executor.2[31828] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  958.770174][T31836] fuse: Unknown parameter '��'
[  958.821670][  T348] hid (null): bogus close delimiter
[  959.073488][  T348] usb 1-1: language id specifier not provided by device, defaulting to English
[  959.286549][T31849] loop2: detected capacity change from 0 to 40427
[  959.370738][T31849] F2FS-fs (loop2): Found nat_bits in checkpoint
[  959.433461][T31849] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  959.459366][T31849] attempt to access beyond end of device
[  959.459366][T31849] loop2: rw=10241, want=45104, limit=40427
[  959.470874][T31849] attempt to access beyond end of device
[  959.470874][T31849] loop2: rw=2049, want=45112, limit=40427
[  959.482679][T31849] attempt to access beyond end of device
[  959.482679][T31849] loop2: rw=2049, want=45120, limit=40427
[  959.521856][T23697] attempt to access beyond end of device
[  959.521856][T23697] loop2: rw=2049, want=45128, limit=40427
[  959.735877][T31872] overlayfs: statfs failed on './file0'
[  959.920221][T31876] loop2: detected capacity change from 0 to 512
[  959.970419][T31876] EXT4-fs error (device loop2): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor.2: inline data xattr refers to an external xattr inode
[  959.985777][T31876] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz-executor.2: couldn't read orphan inode 12 (err -117)
[  959.998185][T31876] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=continue,,errors=continue. Quota mode: none.
[  960.012665][T31876] syz-executor.2[31876] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  960.012756][T31876] syz-executor.2[31876] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  960.097576][  T348] uclogic 0003:256C:006D.00A9: v1 buttonpad probing failed: -71
[  960.109429][T31863] loop4: detected capacity change from 0 to 131072
[  960.117337][  T348] uclogic 0003:256C:006D.00A9: failed probing parameters: -71
[  960.131137][  T348] uclogic: probe of 0003:256C:006D.00A9 failed with error -71
[  960.140552][  T348] usb 1-1: USB disconnect, device number 92
[  960.174387][T31863] F2FS-fs (loop4): Test dummy encryption mode enabled
[  960.182077][T31863] F2FS-fs (loop4): invalid crc value
[  960.308814][T31879] fuse: Unknown parameter '��'
[  960.415425][T31863] F2FS-fs (loop4): Found nat_bits in checkpoint
[  960.453763][T31863] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  960.899331][T14238] usb 5-1: new high-speed USB device number 83 using dummy_hcd
[  960.933027][T31907] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  961.159250][T14238] usb 5-1: Using ep0 maxpacket: 16
[  961.289373][T14238] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[  961.300583][T14238] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  961.309462][T14238] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  961.310975][  T348] usb 3-1: new high-speed USB device number 88 using dummy_hcd
[  961.319314][T14238] usb 5-1: config 0 descriptor??
[  961.519690][T31922] device pim6reg1 entered promiscuous mode
[  961.561786][T31924] syz-executor.1[31924] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  961.561858][T31924] syz-executor.1[31924] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  961.764197][T31933] fuse: Unknown parameter '��
[  961.764197][T31933] '
[  961.864097][  T348] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  961.912272][  T348] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  961.937228][  T348] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  961.951810][  T348] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  961.960623][  T348] usb 3-1: config 0 descriptor??
[  962.020234][T31938] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[  962.166071][T31945] loop0: detected capacity change from 0 to 2048
[  962.192145][T31934] UDC core: couldn't find an available UDC or it's busy: -16
[  962.199624][T31934] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  962.217255][T31945] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  962.222392][T31932] UDC core: couldn't find an available UDC or it's busy: -16
[  962.234901][T31932] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  962.256955][T14238] hid-generic 0003:0158:0100.00AA: unknown main item tag 0x1
[  962.264400][T14238] hid-generic 0003:0158:0100.00AA: unexpected long global item
[  962.272017][T14238] hid-generic: probe of 0003:0158:0100.00AA failed with error -22
[  962.904212][  T348] hid (null): bogus close delimiter
[  963.141931][  T348] usb 3-1: language id specifier not provided by device, defaulting to English
[  963.926944][  T348] uclogic 0003:256C:006D.00AB: v1 buttonpad probing failed: -71
[  963.941751][  T348] uclogic 0003:256C:006D.00AB: failed probing parameters: -71
[  963.949784][  T348] uclogic: probe of 0003:256C:006D.00AB failed with error -71
[  963.961308][  T348] usb 3-1: USB disconnect, device number 88
[  963.993689][T14238] usb 5-1: USB disconnect, device number 83
[  964.055954][T31978] loop0: detected capacity change from 0 to 256
[  964.077256][T31978] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x4f8593fa, utbl_chksum : 0xe619d30d)
[  964.168782][T31983] 9pnet: Unknown protocol version 9p2000.ڴ>;1��gˏӟ?�u
[  964.517494][T31983] cgroup: Bad value for 'name'
[  964.548256][T31983] 9pnet: Could not find request transport: rd��n����|�Jm
[  964.674566][T31983] loop4: detected capacity change from 0 to 512
[  964.697120][T31987] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  964.732342][T31983] EXT4-fs (loop4): orphan cleanup on readonly fs
[  964.739769][T31983] EXT4-fs (loop4): 1 orphan inode deleted
[  964.746082][T31983] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  964.965877][T32008] loop2: detected capacity change from 0 to 512
[  965.022412][T32008] EXT4-fs (loop2): Ignoring removed nobh option
[  965.028681][T32008] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  965.051106][T32008] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,nobh,max_batch_time=0x00000000000003ff,nojournal_checksum,usrquota,dioread_nolock,nodiscard,. Quota mode: writeback.
[  965.071061][T32008] ext4 filesystem being mounted at /root/syzkaller-testdir2682230206/syzkaller.vV4LTD/757/file0 supports timestamps until 2038 (0x7fffffff)
[  965.088861][T32008] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor.2: bg 0: block 224: padding at end of block bitmap is not set
[  965.103944][T32008] EXT4-fs (loop2): Remounting filesystem read-only
[  965.113745][T32008] EXT4-fs error (device loop2) in ext4_evict_inode:258: Readonly filesystem
[  965.136830][  T460] __quota_error: 24 callbacks suppressed
[  965.136849][  T460] Quota error (device loop2): dquot_write_dquot: Can't write quota structure (error -30). Quota may get out of sync!
[  965.154605][  T460] Quota error (device loop2): dquot_write_dquot: Can't write quota structure (error -30). Quota may get out of sync!
[  965.222019][T14238] usb 1-1: new high-speed USB device number 93 using dummy_hcd
[  965.330407][  T348] usb 2-1: new high-speed USB device number 68 using dummy_hcd
[  965.339389][T32026] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  965.482068][T14238] usb 1-1: Using ep0 maxpacket: 16
[  965.514588][T28443] usb 3-1: new high-speed USB device number 89 using dummy_hcd
[  965.612799][T14238] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[  965.633726][T14238] usb 1-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  965.642870][T14238] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  965.667219][T14238] usb 1-1: config 0 descriptor??
[  965.742181][  T348] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  965.752929][  T348] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  965.765719][  T348] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  965.774569][  T348] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  965.783091][  T348] usb 2-1: config 0 descriptor??
[  965.904667][T28443] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  965.915524][T28443] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  965.925070][T28443] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  965.934358][T28443] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  965.943078][T28443] usb 3-1: config 0 descriptor??
[  966.295613][  T348] plantronics 0003:047F:FFFF.00AC: No inputs registered, leaving
[  966.304281][  T348] plantronics 0003:047F:FFFF.00AC: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  966.393766][T32040] UDC core: couldn't find an available UDC or it's busy: -16
[  966.401039][T32040] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  966.409169][T32040] UDC core: couldn't find an available UDC or it's busy: -16
[  966.416457][T32040] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  966.427179][T14238] hid-generic 0003:0158:0100.00AD: unknown main item tag 0x1
[  966.434491][T14238] hid-generic 0003:0158:0100.00AD: unexpected long global item
[  966.441952][T14238] hid-generic: probe of 0003:0158:0100.00AD failed with error -22
[  966.449909][T28443] hid (null): bogus close delimiter
[  966.521173][T32045] 9pnet: Unknown protocol version 9p2000.ڴ>;1��gˏӟ?�u
[  966.531303][T32045] cgroup: Bad value for 'name'
[  966.566459][T32045] 9pnet: Could not find request transport: rd��n����|�Jm
[  966.591962][T32045] loop4: detected capacity change from 0 to 512
[  966.694939][T32045] EXT4-fs (loop4): orphan cleanup on readonly fs
[  966.702608][T32045] EXT4-fs (loop4): 1 orphan inode deleted
[  966.708284][T28443] usb 3-1: language id specifier not provided by device, defaulting to English
[  966.717517][T32045] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  967.459247][T32057] loop4: detected capacity change from 0 to 2048
[  967.475698][T28443] uclogic 0003:256C:006D.00AE: v1 buttonpad probing failed: -71
[  967.483496][T28443] uclogic 0003:256C:006D.00AE: failed probing parameters: -71
[  967.490804][T28443] uclogic: probe of 0003:256C:006D.00AE failed with error -71
[  967.499219][T28443] usb 3-1: USB disconnect, device number 89
[  967.520906][T32057] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  967.696388][T32070] device syzkaller0 entered promiscuous mode
[  968.071452][T11747] usb 5-1: new high-speed USB device number 84 using dummy_hcd
[  968.195565][T31350] usb 1-1: USB disconnect, device number 93
[  968.295611][   T30] audit: type=1326 audit(2000000491.958:115377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32097 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9ddf9650a9 code=0x0
[  968.580772][T11747] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  968.591530][T11747] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  968.601053][T11747] usb 5-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[  968.609929][T11747] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  968.618384][T11747] usb 5-1: config 0 descriptor??
[  969.134374][T11747] hid-thrustmaster 0003:044F:B65D.00AF: unbalanced collection at end of report description
[  969.144438][T11747] hid-thrustmaster 0003:044F:B65D.00AF: parse failed with error -22
[  969.152281][T11747] hid-thrustmaster: probe of 0003:044F:B65D.00AF failed with error -22
[  969.294207][T32119] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  969.353420][T11747] usb 5-1: USB disconnect, device number 84
[  969.433743][T32125] loop0: detected capacity change from 0 to 256
[  969.475343][T32125] FAT-fs (loop0): Directory bread(block 64) failed
[  969.482256][T32125] FAT-fs (loop0): Directory bread(block 65) failed
[  969.488698][T32125] FAT-fs (loop0): Directory bread(block 66) failed
[  969.495356][T32125] FAT-fs (loop0): Directory bread(block 67) failed
[  969.501810][T32125] FAT-fs (loop0): Directory bread(block 68) failed
[  969.508251][T32125] FAT-fs (loop0): Directory bread(block 69) failed
[  969.515820][T32125] FAT-fs (loop0): Directory bread(block 70) failed
[  969.527329][T32125] FAT-fs (loop0): Directory bread(block 71) failed
[  969.538477][T32125] FAT-fs (loop0): Directory bread(block 72) failed
[  969.546559][T32125] FAT-fs (loop0): Directory bread(block 73) failed
[  969.564252][T32125] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  969.635086][   T30] audit: type=1326 audit(2000000493.204:115378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32134 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6b12d6c0a9 code=0x0
[  969.667027][T32138] loop2: detected capacity change from 0 to 512
[  969.686724][T32138] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  969.697011][T32138] EXT4-fs (loop2): orphan cleanup on readonly fs
[  969.704428][T32138] EXT4-fs (loop2): 1 truncate cleaned up
[  969.710207][T29916] Quota error (device loop2): free_dqentry: Quota structure has offset to other block (1) than it should (5)
[  969.721920][T32138] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpjquota=,noblock_validity,discard,barrier=0x0000000000000003,noinit_itable,noinit_itable,noauto_da_alloc,resgid=0x0000000000000000,resgid=0x000000000000ee002,errors=continue. Quota mode: writeback.
[  970.643484][T32168] loop0: detected capacity change from 0 to 512
[  970.683559][T32168] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[  970.694487][T32168] EXT4-fs (loop0): orphan cleanup on readonly fs
[  970.702508][T32168] EXT4-fs (loop0): 1 truncate cleaned up
[  970.715054][T29916] Quota error (device loop0): free_dqentry: Quota structure has offset to other block (1) than it should (5)
[  970.727049][T32168] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpjquota=,noblock_validity,discard,barrier=0x0000000000000003,noinit_itable,noinit_itable,noauto_da_alloc,resgid=0x0000000000000000,resgid=0x000000000000ee002,errors=continue. Quota mode: writeback.
[  970.954571][   T30] audit: type=1326 audit(2000000494.423:115379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32182 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6b12d6c0a9 code=0x0
[  971.159209][T28443] usb 3-1: new high-speed USB device number 90 using dummy_hcd
[  971.592550][T28443] usb 3-1: Using ep0 maxpacket: 32
[  971.744325][T28443] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  971.755087][T28443] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  971.764583][T28443] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  971.773448][T28443] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  971.781858][T28443] usb 3-1: config 0 descriptor??
[  971.831345][T28443] hub 3-1:0.0: USB hub found
[  971.910240][T32204] loop0: detected capacity change from 0 to 512
[  971.939994][T32204] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[  971.950405][T32204] EXT4-fs (loop0): orphan cleanup on readonly fs
[  971.957861][T32204] EXT4-fs (loop0): 1 truncate cleaned up
[  971.964643][T29916] Quota error (device loop0): free_dqentry: Quota structure has offset to other block (1) than it should (5)
[  971.976374][T32204] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpjquota=,noblock_validity,discard,barrier=0x0000000000000003,noinit_itable,noinit_itable,noauto_da_alloc,resgid=0x0000000000000000,resgid=0x000000000000ee002,errors=continue. Quota mode: writeback.
[  972.118301][T32207] loop0: detected capacity change from 0 to 2048
[  972.145795][T32207]  loop0: p1 p3
[  972.149195][T32207] loop0: p1 size 33024 extends beyond EOD, truncated
[  972.156093][T28443] hub 3-1:0.0: config failed, hub doesn't have any ports! (err -19)
[  972.156226][T32207] loop0: p3 start 4284289 is beyond EOD, truncated
[  972.271249][T32215] xt_bpf: check failed: parse error
[  972.667331][T32238] loop4: detected capacity change from 0 to 2048
[  972.686874][T28443] usbhid 3-1:0.0: can't add hid device: -71
[  972.692691][T28443] usbhid: probe of 3-1:0.0 failed with error -71
[  972.708870][T32238]  loop4: p1 p3
[  972.712266][T32238] loop4: p1 size 33024 extends beyond EOD, truncated
[  972.719199][T32238] loop4: p3 start 4284289 is beyond EOD, truncated
[  972.741293][T28443] usb 3-1: USB disconnect, device number 90
[  972.833203][T32244] loop4: detected capacity change from 0 to 256
[  972.862984][T32244] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 196)
[  973.084873][T32263] loop2: detected capacity change from 0 to 2048
[  973.131419][T32263]  loop2: p1 p3
[  973.134759][T32263] loop2: p1 size 33024 extends beyond EOD, truncated
[  973.141710][T32263] loop2: p3 start 4284289 is beyond EOD, truncated
[  973.255200][   T30] audit: type=1326 audit(2000000496.546:115380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32269 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ddf9650a9 code=0x7ffc0000
[  973.279329][   T30] audit: type=1326 audit(2000000496.546:115381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32269 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ddf9650a9 code=0x7ffc0000
[  973.325110][   T30] audit: type=1326 audit(2000000496.546:115382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32269 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9ddf9650a9 code=0x7ffc0000
[  973.351836][   T30] audit: type=1326 audit(2000000496.546:115383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32269 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ddf9650a9 code=0x7ffc0000
[  973.377729][   T30] audit: type=1326 audit(2000000496.546:115384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32269 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ddf9650a9 code=0x7ffc0000
[  973.401952][   T30] audit: type=1326 audit(2000000496.546:115385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32269 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9ddf9650a9 code=0x7ffc0000
[  973.427034][   T30] audit: type=1326 audit(2000000496.564:115386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32269 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ddf9650a9 code=0x7ffc0000
[  973.620325][T32285] loop2: detected capacity change from 0 to 2048
[  973.672744][  T497] usb 1-1: new high-speed USB device number 94 using dummy_hcd
[  973.675664][T32285] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  974.120267][  T497] usb 1-1: Using ep0 maxpacket: 32
[  974.122853][T32296] 9pnet: Unknown protocol version 9p2000.ڴ>;1��gˏӟ?�u
[  974.155835][T32296] cgroup: Bad value for 'name'
[  974.174880][T32296] 9pnet: Could not find request transport: rd��n����|�Jm
[  974.197897][T32296] loop4: detected capacity change from 0 to 512
[  974.264628][T32296] EXT4-fs (loop4): orphan cleanup on readonly fs
[  974.276813][T32296] EXT4-fs (loop4): 1 orphan inode deleted
[  974.315882][T32296] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  974.431209][  T497] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  974.441958][  T497] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  974.451475][  T497] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  974.460318][  T497] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  974.468800][  T497] usb 1-1: config 0 descriptor??
[  974.530600][  T497] hub 1-1:0.0: USB hub found
[  974.853718][  T497] hub 1-1:0.0: config failed, hub doesn't have any ports! (err -19)
[  974.881239][T32317] loop2: detected capacity change from 0 to 1024
[  974.930555][T32317] EXT4-fs (loop2): Test dummy encryption mode enabled
[  974.937634][T32317] EXT4-fs (loop2): Ignoring removed orlov option
[  974.945687][T32317] EXT4-fs (loop2): mounted filesystem without journal. Opts: test_dummy_encryption,debug_want_extra_isize=0x0000000000000084,stripe=0x0000000000000007,commit=0x0000000000000005,orlov,barrier=0x0000000000000005,max_batch_time=0x0000000000000000,data_err=abort,,errors=continue. Quota mode: writeback.
[  975.344167][T32326] loop2: detected capacity change from 0 to 40427
[  975.385461][T32326] F2FS-fs (loop2): Invalid Fs Meta Ino: node(1) meta(2) root(0)
[  975.392970][T32326] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  975.402159][T32326] F2FS-fs (loop2): invalid crc value
[  975.409082][T32326] F2FS-fs (loop2): Found nat_bits in checkpoint
[  975.427923][  T497] usbhid 1-1:0.0: can't add hid device: -71
[  975.433686][  T497] usbhid: probe of 1-1:0.0 failed with error -71
[  975.434772][T32326] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  975.446776][T32326] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  975.456863][T32326] attempt to access beyond end of device
[  975.456863][T32326] loop2: rw=2049, want=45104, limit=40427
[  975.480039][T23697] attempt to access beyond end of device
[  975.480039][T23697] loop2: rw=2049, want=45112, limit=40427
[  975.482319][  T497] usb 1-1: USB disconnect, device number 94
[  975.706409][T32350] loop0: detected capacity change from 0 to 1024
[  975.743558][T32350] EXT4-fs (loop0): Test dummy encryption mode enabled
[  975.750213][T32350] EXT4-fs (loop0): Ignoring removed orlov option
[  975.758372][T32350] EXT4-fs (loop0): mounted filesystem without journal. Opts: test_dummy_encryption,debug_want_extra_isize=0x0000000000000084,stripe=0x0000000000000007,commit=0x0000000000000005,orlov,barrier=0x0000000000000005,max_batch_time=0x0000000000000000,data_err=abort,,errors=continue. Quota mode: writeback.
[  976.177405][T32298] usb 3-1: new high-speed USB device number 91 using dummy_hcd
[  976.188112][T32368] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[  976.199130][T32368] device veth2 entered promiscuous mode
[  976.543777][T28443] usb 5-1: new high-speed USB device number 85 using dummy_hcd
[  976.641397][T32298] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  976.652129][T32298] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  976.661657][T32298] usb 3-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  976.670512][T32298] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  976.679087][T32298] usb 3-1: config 0 descriptor??
[  976.825472][T28443] usb 5-1: Using ep0 maxpacket: 32
[  976.922672][T32382] loop0: detected capacity change from 0 to 1024
[  976.977268][T28443] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  976.978375][T32382] EXT4-fs (loop0): Test dummy encryption mode enabled
[  976.988059][T28443] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  976.994705][T32382] EXT4-fs (loop0): Ignoring removed orlov option
[  977.004241][T28443] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  977.013073][T32382] EXT4-fs (loop0): mounted filesystem without journal. Opts: test_dummy_encryption,debug_want_extra_isize=0x0000000000000084,stripe=0x0000000000000007,commit=0x0000000000000005,orlov,barrier=0x0000000000000005,max_batch_time=0x0000000000000000,data_err=abort,,errors=continue. Quota mode: writeback.
[  977.019177][T28443] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  977.055675][T28443] usb 5-1: config 0 descriptor??
[  977.096746][T28443] hub 5-1:0.0: USB hub found
[  977.173159][T32298] lg-g15 0003:046D:C222.00B0: item fetching failed at offset 7/11
[  977.181312][T32298] lg-g15: probe of 0003:046D:C222.00B0 failed with error -22
[  977.455287][T11747] usb 3-1: USB disconnect, device number 91
[  977.627277][T28443] hub 5-1:0.0: config failed, hub doesn't have any ports! (err -19)
[  977.974007][T28443] usbhid 5-1:0.0: can't add hid device: -71
[  977.979827][T28443] usbhid: probe of 5-1:0.0 failed with error -71
[  978.021027][T28443] usb 5-1: USB disconnect, device number 85
[  978.169258][T32047] plantronics 0003:047F:FFFF.00AC: timeout initializing reports
[  978.190969][T11747] usb 2-1: USB disconnect, device number 68
[  978.291464][T32405] loop2: detected capacity change from 0 to 40427
[  978.334275][T32405] F2FS-fs (loop2): Invalid Fs Meta Ino: node(1) meta(2) root(0)
[  978.341850][T32405] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  978.351161][T32405] F2FS-fs (loop2): invalid crc value
[  978.358374][T32405] F2FS-fs (loop2): Found nat_bits in checkpoint
[  978.380513][T32405] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  978.387578][T32405] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  978.408392][T32405] attempt to access beyond end of device
[  978.408392][T32405] loop2: rw=2049, want=45104, limit=40427
[  978.458279][T32426] loop4: detected capacity change from 0 to 2048
[  978.464928][T23697] attempt to access beyond end of device
[  978.464928][T23697] loop2: rw=2049, want=45112, limit=40427
[  978.495831][T32426] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  978.547647][ T1866] usb 1-1: new high-speed USB device number 95 using dummy_hcd
[  979.328178][T32298] usb 2-1: new high-speed USB device number 69 using dummy_hcd
[  979.339114][ T1866] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  979.349935][ T1866] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  979.359642][ T1866] usb 1-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[  979.368537][ T1866] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  979.392154][ T1866] usb 1-1: config 0 descriptor??
[  979.553508][T32451] loop2: detected capacity change from 0 to 512
[  979.590939][T32451] EXT4-fs error (device loop2): mb_free_blocks:1865: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt.
[  979.605539][T32451] EXT4-fs (loop2): Remounting filesystem read-only
[  979.611927][T32451] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz-executor.2: invalid indirect mapped block 1 (level 1)
[  979.625585][T32451] EXT4-fs (loop2): 1 truncate cleaned up
[  979.631093][T32451] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,sysvgroups,. Quota mode: none.
[  979.729127][T32437] usb 5-1: new high-speed USB device number 86 using dummy_hcd
[  979.750780][T32298] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  979.761584][T32298] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  979.771167][T32298] usb 2-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  979.780060][T32298] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  979.788457][T32298] usb 2-1: config 0 descriptor??
[  979.903577][ T1866] hid-thrustmaster 0003:044F:B65D.00B1: unbalanced collection at end of report description
[  979.913560][ T1866] hid-thrustmaster 0003:044F:B65D.00B1: parse failed with error -22
[  979.921347][ T1866] hid-thrustmaster: probe of 0003:044F:B65D.00B1 failed with error -22
[  980.119166][T32437] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  980.123225][ T7516] usb 1-1: USB disconnect, device number 95
[  980.129950][T32437] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  980.148298][T32437] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  980.157562][T32437] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  980.166538][T32437] usb 5-1: config 0 descriptor??
[  980.293357][T32298] lg-g15 0003:046D:C222.00B2: item fetching failed at offset 7/11
[  980.301242][T32298] lg-g15: probe of 0003:046D:C222.00B2 failed with error -22
[  980.512317][T32298] usb 2-1: USB disconnect, device number 69
[  980.683382][T32437] plantronics 0003:047F:FFFF.00B3: No inputs registered, leaving
[  980.692079][T32437] plantronics 0003:047F:FFFF.00B3: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  981.148408][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  981.148424][   T30] audit: type=1326 audit(2000000503.819:115391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32487 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6b12d6c0a9 code=0x0
[  982.365409][T32545] loop0: detected capacity change from 0 to 40427
[  982.407100][T32545] F2FS-fs (loop0): invalid crc value
[  982.413552][T32545] F2FS-fs (loop0): Found nat_bits in checkpoint
[  982.436472][T32545] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  982.450868][T28506] attempt to access beyond end of device
[  982.450868][T28506] loop0: rw=2049, want=45104, limit=40427
[  982.528583][T32551] loop0: detected capacity change from 0 to 256
[  982.758355][   T30] audit: type=1326 audit(2000000505.314:115392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32559 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6b12d6c0a9 code=0x0
[  982.914205][T32581] loop2: detected capacity change from 0 to 256
[  983.676767][T32610] bridge0: port 1(bridge_slave_0) entered blocking state
[  983.684246][T32610] bridge0: port 1(bridge_slave_0) entered disabled state
[  983.692196][T32610] device bridge_slave_0 entered promiscuous mode
[  983.702790][T32610] bridge0: port 2(bridge_slave_1) entered blocking state
[  983.712307][T32610] bridge0: port 2(bridge_slave_1) entered disabled state
[  983.721201][T32610] device bridge_slave_1 entered promiscuous mode
[  983.727969][T32631] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[  983.840101][T32610] bridge0: port 2(bridge_slave_1) entered blocking state
[  983.846994][T32610] bridge0: port 2(bridge_slave_1) entered forwarding state
[  983.854145][T32610] bridge0: port 1(bridge_slave_0) entered blocking state
[  983.861011][T32610] bridge0: port 1(bridge_slave_0) entered forwarding state
[  983.895709][T11747] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  983.904477][T11747] bridge0: port 1(bridge_slave_0) entered disabled state
[  983.916023][T11747] bridge0: port 2(bridge_slave_1) entered disabled state
[  983.939295][T32437] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  983.947797][T32437] bridge0: port 1(bridge_slave_0) entered blocking state
[  983.954673][T32437] bridge0: port 1(bridge_slave_0) entered forwarding state
[  983.962022][T32437] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  983.970680][T32437] bridge0: port 2(bridge_slave_1) entered blocking state
[  983.977567][T32437] bridge0: port 2(bridge_slave_1) entered forwarding state
[  984.006111][T32437] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  984.019792][T32437] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  984.042250][T11747] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  984.057415][T32610] device veth0_vlan entered promiscuous mode
[  984.066094][T32437] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  984.077985][T32437] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  984.087226][T32437] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  984.108020][  T497] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  984.118271][T32610] device veth1_macvtap entered promiscuous mode
[  984.140815][T28443] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  984.156581][T32298] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  984.190375][T32663] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  984.222495][   T10] device bridge_slave_1 left promiscuous mode
[  984.247978][   T10] bridge0: port 2(bridge_slave_1) entered disabled state
[  984.272657][   T10] device bridge_slave_0 left promiscuous mode
[  984.289924][   T10] bridge0: port 1(bridge_slave_0) entered disabled state
[  984.302304][   T10] device veth1_macvtap left promiscuous mode
[  984.313458][   T10] device veth0_vlan left promiscuous mode
[  984.322445][T32673] loop2: detected capacity change from 0 to 256
[  985.193340][T32690] device pim6reg1 entered promiscuous mode
[  985.297804][T32697] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  985.324902][T32699] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'.
[  985.362671][T32699] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  985.786910][   T10] device bridge_slave_1 left promiscuous mode
[  985.792928][   T10] bridge0: port 2(bridge_slave_1) entered disabled state
[  985.812714][   T10] device bridge_slave_0 left promiscuous mode
[  985.821868][   T10] bridge0: port 1(bridge_slave_0) entered disabled state
[  985.841321][   T10] device veth1_macvtap left promiscuous mode
[  985.847273][   T10] device veth0_vlan left promiscuous mode
[  986.266653][T32733] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'.
[  986.340754][T32733] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  986.821313][T32749] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'.
[  986.828403][T12526] usb 3-1: new high-speed USB device number 92 using dummy_hcd
[  987.107248][T12526] usb 3-1: Using ep0 maxpacket: 16
[  987.145413][T32764] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'.
[  987.167148][T32764] loop0: detected capacity change from 0 to 1024
[  987.206814][T32764] EXT4-fs (loop0): Quota format mount options ignored when QUOTA feature is enabled
[  987.216150][T32764] EXT4-fs (loop0): Mount option "nouser_xattr" will be removed by 3.5
[  987.216150][T32764] Contact linux-ext4@vger.kernel.org if you think we should keep it.
[  987.216150][T32764] 
[  987.234471][T32764] EXT4-fs (loop0): unsupported descriptor size 6720
[  987.237351][T12526] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 11
[  987.250104][T12526] usb 3-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0
[  987.259675][T12526] usb 3-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0
[  987.269201][T12526] usb 3-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0
[  987.278777][T12526] usb 3-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0
[  987.295011][T12526] usb 3-1: config 1 interface 0 has no altsetting 0
[  987.301519][T12526] usb 3-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77
[  987.310420][T12526] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  987.331395][T32767] bridge0: port 1(bridge_slave_0) entered blocking state
[  987.338726][T32767] bridge0: port 1(bridge_slave_0) entered disabled state
[  987.345938][T32767] device bridge_slave_0 entered promiscuous mode
[  987.353002][T32767] bridge0: port 2(bridge_slave_1) entered blocking state
[  987.356823][T12526] ums-sddr09 3-1:1.0: USB Mass Storage device detected
[  987.366581][T32767] bridge0: port 2(bridge_slave_1) entered disabled state
[  987.373980][T32767] device bridge_slave_1 entered promiscuous mode
[  987.450039][T32764] loop0: detected capacity change from 0 to 512
[  987.457777][  T310] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'.
[  987.484611][T32767] bridge0: port 2(bridge_slave_1) entered blocking state
[  987.494044][T32767] bridge0: port 2(bridge_slave_1) entered forwarding state
[  987.506611][T32767] bridge0: port 1(bridge_slave_0) entered blocking state
[  987.515965][T32767] bridge0: port 1(bridge_slave_0) entered forwarding state
[  987.535647][T32764] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  987.553716][T32764] EXT4-fs (loop0): 1 truncate cleaned up
[  987.559195][T32764] EXT4-fs (loop0): mounted filesystem without journal. Opts: quota,inode_readahead_blks=0x0000000000000080,barrier=0x0000000000000003,stripe=0x0000000000000004,block_validity,debug_want_extra_isize=0x000000000000002e,,errors=continue. Quota mode: writeback.
[  987.563771][T28443] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  987.594412][T32764] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.0: corrupted in-inode xattr
[  987.706180][T32764] EXT4-fs warning (device loop0): ext4_xattr_set_entry:1745: inode #15: comm syz-executor.0: unable to update i_inline_off
[  987.719583][T32764] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.0: corrupted in-inode xattr
[  987.762356][T12526] scsi host1: usb-storage 3-1:1.0
[  987.846195][T28443] bridge0: port 1(bridge_slave_0) entered disabled state
[  987.853714][T28443] bridge0: port 2(bridge_slave_1) entered disabled state
[  987.865640][  T319] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  987.866987][T12526] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  987.881722][T12526] bridge0: port 1(bridge_slave_0) entered blocking state
[  987.888609][T12526] bridge0: port 1(bridge_slave_0) entered forwarding state
[  987.906349][T32437] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  987.914797][T32437] bridge0: port 2(bridge_slave_1) entered blocking state
[  987.921666][T32437] bridge0: port 2(bridge_slave_1) entered forwarding state
[  987.936904][T12526] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  987.953106][T28443] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  987.962593][T12526] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  987.985024][T12526] usb 3-1: USB disconnect, device number 92
[  987.998722][T32767] device veth0_vlan entered promiscuous mode
[  988.005391][T32298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  988.013687][T32298] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  988.021513][T32298] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  988.036996][T32767] device veth1_macvtap entered promiscuous mode
[  988.044916][T28443] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  988.060680][T28443] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  988.069415][T28443] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  988.121567][  T321] loop0: detected capacity change from 0 to 40427
[  988.170637][   T10] device bridge_slave_1 left promiscuous mode
[  988.171194][  T321] F2FS-fs (loop0): invalid crc value
[  988.176631][   T10] bridge0: port 2(bridge_slave_1) entered disabled state
[  988.189245][   T10] device bridge_slave_0 left promiscuous mode
[  988.190393][  T321] F2FS-fs (loop0): Found nat_bits in checkpoint
[  988.195447][   T10] bridge0: port 1(bridge_slave_0) entered disabled state
[  988.209707][   T10] device veth1_macvtap left promiscuous mode
[  988.216469][   T10] device veth0_vlan left promiscuous mode
[  988.256059][  T321] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  988.297224][T28506] attempt to access beyond end of device
[  988.297224][T28506] loop0: rw=2049, want=45104, limit=40427
[  988.511473][  T341] device syzkaller0 entered promiscuous mode
[  988.542238][   T30] audit: type=1400 audit(2000000510.649:115393): avc:  denied  { relabelfrom } for  pid=340 comm="syz-executor.3" name="NETLINK" dev="sockfs" ino=180774 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  988.587031][  T341] SELinux:  Context system_u:object_r:mouse_device_t:s0 is not valid (left unmapped).
[  988.597355][   T30] audit: type=1400 audit(2000000510.705:115394): avc:  denied  { relabelto } for  pid=340 comm="syz-executor.3" name="NETLINK" dev="sockfs" ino=180774 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=netlink_netfilter_socket permissive=1 trawcon="system_u:object_r:mouse_device_t:s0"
[  989.041283][  T357] bridge0: port 1(bridge_slave_0) entered blocking state
[  989.048349][  T357] bridge0: port 1(bridge_slave_0) entered disabled state
[  989.055950][  T357] device bridge_slave_0 entered promiscuous mode
[  989.063367][  T357] bridge0: port 2(bridge_slave_1) entered blocking state
[  989.070637][  T357] bridge0: port 2(bridge_slave_1) entered disabled state
[  989.077891][  T357] device bridge_slave_1 entered promiscuous mode
[  989.327468][T11747] usb 3-1: new high-speed USB device number 93 using dummy_hcd
[  989.379902][  T357] bridge0: port 2(bridge_slave_1) entered blocking state
[  989.386770][  T357] bridge0: port 2(bridge_slave_1) entered forwarding state
[  989.393936][  T357] bridge0: port 1(bridge_slave_0) entered blocking state
[  989.400766][  T357] bridge0: port 1(bridge_slave_0) entered forwarding state
[  989.436111][T12526] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  989.444295][T12526] bridge0: port 1(bridge_slave_0) entered disabled state
[  989.452261][T12526] bridge0: port 2(bridge_slave_1) entered disabled state
[  989.472138][T32437] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  989.482331][T32437] bridge0: port 1(bridge_slave_0) entered blocking state
[  989.488651][  T366] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  989.489215][T32437] bridge0: port 1(bridge_slave_0) entered forwarding state
[  989.504287][T32437] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  989.512597][T32437] bridge0: port 2(bridge_slave_1) entered blocking state
[  989.519476][T32437] bridge0: port 2(bridge_slave_1) entered forwarding state
[  989.537243][T12526] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  989.545522][T12526] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  989.553804][T12526] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  989.562288][T12526] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  989.581925][T25619] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  989.595160][T25619] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  989.607457][  T357] device veth0_vlan entered promiscuous mode
[  989.614264][T28443] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  989.622447][T28443] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  989.631796][T11747] usb 3-1: Using ep0 maxpacket: 16
[  989.646329][  T357] device veth1_macvtap entered promiscuous mode
[  989.654066][T25619] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  989.661401][T25619] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  989.669124][T25619] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  989.677266][T25619] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  989.685275][T25619] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  989.703918][T12526] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  989.712204][T12526] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  989.738006][T28443] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  989.751628][T28443] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  989.761954][T11747] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 11
[  989.777507][T11747] usb 3-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0
[  989.792620][T11747] usb 3-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0
[  989.808969][T11747] usb 3-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0
[  989.824273][T11747] usb 3-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0
[  989.840633][T11747] usb 3-1: config 1 interface 0 has no altsetting 0
[  989.850488][T11747] usb 3-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77
[  989.859715][T11747] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  989.934315][T11747] ums-sddr09 3-1:1.0: USB Mass Storage device detected
[  989.956004][  T374] bridge0: port 1(bridge_slave_0) entered blocking state
[  989.963879][  T374] bridge0: port 1(bridge_slave_0) entered disabled state
[  989.971353][  T374] device bridge_slave_0 entered promiscuous mode
[  989.979434][  T379] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'.
[  989.989469][  T374] bridge0: port 2(bridge_slave_1) entered blocking state
[  990.000980][  T374] bridge0: port 2(bridge_slave_1) entered disabled state
[  990.011694][  T374] device bridge_slave_1 entered promiscuous mode
[  990.023011][   T10] device bridge_slave_1 left promiscuous mode
[  990.028976][   T10] bridge0: port 2(bridge_slave_1) entered disabled state
[  990.046936][   T10] device veth1_macvtap left promiscuous mode
[  990.058674][   T10] device veth0_vlan left promiscuous mode
[  990.066204][  T379] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  990.144143][  T387] Invalid ELF header magic: != ELF
[  990.167632][T11747] scsi host1: usb-storage 3-1:1.0
[  990.307968][  T374] bridge0: port 2(bridge_slave_1) entered blocking state
[  990.314858][  T374] bridge0: port 2(bridge_slave_1) entered forwarding state
[  990.322007][  T374] bridge0: port 1(bridge_slave_0) entered blocking state
[  990.328875][  T374] bridge0: port 1(bridge_slave_0) entered forwarding state
[  990.371478][T25619] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  990.380059][T25619] bridge0: port 1(bridge_slave_0) entered disabled state
[  990.383438][T12526] usb 3-1: USB disconnect, device number 93
[  990.393007][T25619] bridge0: port 2(bridge_slave_1) entered disabled state
[  990.412147][T28443] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  990.420153][T28443] bridge0: port 1(bridge_slave_0) entered blocking state
[  990.426995][T28443] bridge0: port 1(bridge_slave_0) entered forwarding state
[  990.434255][T28443] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  990.442239][T28443] bridge0: port 2(bridge_slave_1) entered blocking state
[  990.449082][T28443] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1092.078780][    C0] watchdog: BUG: soft lockup - CPU#0 stuck for 111s! [syz-executor.3:403]
[ 1092.087103][    C0] Modules linked in:
[ 1092.090836][    C0] CPU: 0 PID: 403 Comm: syz-executor.3 Tainted: G        W         5.15.150-syzkaller-00330-g9044d25b8ff5 #0
[ 1092.102291][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 1092.112188][    C0] RIP: 0010:__pv_queued_spin_lock_slowpath+0x5be/0xc40
[ 1092.118871][    C0] Code: dc c6 03 00 48 8b 44 24 10 0f b6 04 10 84 c0 0f 85 48 01 00 00 48 8b 44 24 08 c6 00 01 bb 00 80 ff ff eb 06 f3 90 ff c3 74 5e <41> 0f b6 44 15 00 84 c0 75 36 41 80 3f 00 75 ea 4c 89 ff be 02 00
[ 1092.138830][    C0] RSP: 0018:ffffc9000115e8c0 EFLAGS: 00000286
[ 1092.144736][    C0] RAX: 0000000000000000 RBX: 00000000ffff874b RCX: ffffffff8154fbbf
[ 1092.152542][    C0] RDX: dffffc0000000000 RSI: 0000000000000003 RDI: ffff888114efd858
[ 1092.160354][    C0] RBP: ffffc9000115e9b0 R08: dffffc0000000000 R09: ffffed10229dfb0c
[ 1092.168164][    C0] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881f7038ad4
[ 1092.176062][    C0] R13: 1ffff110229dfb0b R14: 1ffff1103ee00001 R15: ffff888114efd858
[ 1092.183877][    C0] FS:  00007fcc46e3b6c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 1092.192641][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1092.199063][    C0] CR2: 0000001b31d28000 CR3: 0000000138c4f000 CR4: 00000000003506b0
[ 1092.206878][    C0] Call Trace:
[ 1092.210002][    C0]  <IRQ>
[ 1092.212696][    C0]  ? show_regs+0x58/0x60
[ 1092.216767][    C0]  ? watchdog_timer_fn+0x4b1/0x5f0
[ 1092.221716][    C0]  ? proc_watchdog_cpumask+0xd0/0xd0
[ 1092.226836][    C0]  ? __hrtimer_run_queues+0x41a/0xad0
[ 1092.232050][    C0]  ? hrtimer_interrupt+0xaa0/0xaa0
[ 1092.236989][    C0]  ? clockevents_program_event+0x22f/0x300
[ 1092.242635][    C0]  ? ktime_get_update_offsets_now+0x2ba/0x2d0
[ 1092.248538][    C0]  ? hrtimer_interrupt+0x40c/0xaa0
[ 1092.253486][    C0]  ? __sysvec_apic_timer_interrupt+0xfd/0x3c0
[ 1092.259383][    C0]  ? sysvec_apic_timer_interrupt+0x95/0xc0
[ 1092.265025][    C0]  </IRQ>
[ 1092.267800][    C0]  <TASK>
[ 1092.270577][    C0]  ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 1092.276567][    C0]  ? __pv_queued_spin_lock_slowpath+0x65f/0xc40
[ 1092.282646][    C0]  ? __pv_queued_spin_lock_slowpath+0x5be/0xc40
[ 1092.288720][    C0]  ? __pv_queued_spin_unlock_slowpath+0x310/0x310
[ 1092.294968][    C0]  _raw_spin_lock_bh+0x139/0x1b0
[ 1092.299741][    C0]  ? _raw_spin_lock_irq+0x1b0/0x1b0
[ 1092.304774][    C0]  ? sock_hash_bucket_hash+0x31c/0x7e0
[ 1092.310071][    C0]  sock_hash_delete_elem+0xb1/0x2f0
[ 1092.315108][    C0]  bpf_prog_2c29ac5cdc6b1842+0x3a/0x9fc
[ 1092.320485][    C0]  bpf_trace_run4+0x13f/0x270
[ 1092.324997][    C0]  ? bpf_trace_run3+0x250/0x250
[ 1092.329688][    C0]  __bpf_trace_mm_page_alloc+0xbf/0xf0
[ 1092.334979][    C0]  __alloc_pages+0x3cb/0x8f0
[ 1092.339409][    C0]  ? prep_new_page+0x110/0x110
[ 1092.344003][    C0]  ? __bpf_trace_mm_page_alloc+0xbf/0xf0
[ 1092.349473][    C0]  ? stack_trace_save+0x113/0x1c0
[ 1092.354335][    C0]  __stack_depot_save+0x38d/0x470
[ 1092.359192][    C0]  stack_depot_save+0xe/0x10
[ 1092.363617][    C0]  save_stack+0x104/0x1e0
[ 1092.367784][    C0]  ? __reset_page_owner+0x190/0x190
[ 1092.372819][    C0]  ? post_alloc_hook+0x1a3/0x1b0
[ 1092.377593][    C0]  ? prep_new_page+0x1b/0x110
[ 1092.382105][    C0]  ? get_page_from_freelist+0x3550/0x35d0
[ 1092.387662][    C0]  ? __alloc_pages+0x27e/0x8f0
[ 1092.392260][    C0]  ? __stack_depot_save+0x38d/0x470
[ 1092.397293][    C0]  ? kasan_set_track+0x5d/0x70
[ 1092.401894][    C0]  ? kasan_set_free_info+0x23/0x40
[ 1092.406840][    C0]  ? ____kasan_slab_free+0x126/0x160
[ 1092.411963][    C0]  ? __kasan_slab_free+0x11/0x20
[ 1092.416734][    C0]  ? slab_free_freelist_hook+0xbd/0x190
[ 1092.422115][    C0]  ? kfree+0xc8/0x220
[ 1092.425936][    C0]  ? sock_map_unref+0x352/0x4d0
[ 1092.430621][    C0]  ? sock_hash_delete_elem+0x274/0x2f0
[ 1092.435917][    C0]  ? bpf_prog_2c29ac5cdc6b1842+0x3a/0x9fc
[ 1092.441471][    C0]  ? bpf_trace_run4+0x13f/0x270
[ 1092.446155][    C0]  ? __bpf_trace_mm_page_alloc+0xbf/0xf0
[ 1092.451629][    C0]  __set_page_owner+0x28/0x2e0
[ 1092.456225][    C0]  ? kernel_init_free_pages+0xda/0xf0
[ 1092.461432][    C0]  post_alloc_hook+0x1a3/0x1b0
[ 1092.466044][    C0]  prep_new_page+0x1b/0x110
[ 1092.470374][    C0]  get_page_from_freelist+0x3550/0x35d0
[ 1092.475762][    C0]  ? lruvec_init+0x150/0x150
[ 1092.480185][    C0]  ? __alloc_pages+0x8f0/0x8f0
[ 1092.484781][    C0]  ? __alloc_pages_bulk+0xe40/0xe40
[ 1092.489822][    C0]  ? stack_trace_save+0x1c0/0x1c0
[ 1092.494954][    C0]  __alloc_pages+0x27e/0x8f0
[ 1092.499382][    C0]  ? prep_new_page+0x110/0x110
[ 1092.503978][    C0]  ? stack_trace_save+0x113/0x1c0
[ 1092.508836][    C0]  ? stack_trace_snprint+0xf0/0xf0
[ 1092.513783][    C0]  __stack_depot_save+0x38d/0x470
[ 1092.518658][    C0]  ? kfree+0xc8/0x220
[ 1092.522461][    C0]  kasan_set_track+0x5d/0x70
[ 1092.526888][    C0]  ? kasan_set_track+0x4b/0x70
[ 1092.531485][    C0]  ? kasan_set_free_info+0x23/0x40
[ 1092.536432][    C0]  ? ____kasan_slab_free+0x126/0x160
[ 1092.541554][    C0]  ? __kasan_slab_free+0x11/0x20
[ 1092.546328][    C0]  ? slab_free_freelist_hook+0xbd/0x190
[ 1092.551709][    C0]  ? kfree+0xc8/0x220
[ 1092.555527][    C0]  ? sock_map_unref+0x352/0x4d0
[ 1092.560216][    C0]  ? sock_hash_delete_elem+0x274/0x2f0
[ 1092.565514][    C0]  ? bpf_prog_2c29ac5cdc6b1842+0x3a/0x9fc
[ 1092.571063][    C0]  ? bpf_trace_run4+0x13f/0x270
[ 1092.575749][    C0]  ? __bpf_trace_mm_page_alloc+0xbf/0xf0
[ 1092.581217][    C0]  ? __alloc_pages+0x3cb/0x8f0
[ 1092.585817][    C0]  ? kmalloc_order+0x4a/0x160
[ 1092.590330][    C0]  ? kmalloc_order_trace+0x1a/0xb0
[ 1092.595279][    C0]  ? __kmalloc+0x19c/0x270
[ 1092.599533][    C0]  ? bpf_map_area_alloc+0x4c/0xf0
[ 1092.604480][    C0]  ? htab_map_alloc+0xab2/0x1440
[ 1092.609251][    C0]  ? map_create+0x411/0x2050
[ 1092.613678][    C0]  ? __sys_bpf+0x296/0x760
[ 1092.617931][    C0]  ? __x64_sys_bpf+0x7c/0x90
[ 1092.622357][    C0]  ? do_syscall_64+0x3d/0xb0
[ 1092.626782][    C0]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1092.632693][    C0]  ? prep_compound_page+0x271/0x4a0
[ 1092.637720][    C0]  kasan_set_free_info+0x23/0x40
[ 1092.642495][    C0]  ____kasan_slab_free+0x126/0x160
[ 1092.647442][    C0]  __kasan_slab_free+0x11/0x20
[ 1092.652040][    C0]  slab_free_freelist_hook+0xbd/0x190
[ 1092.657259][    C0]  ? sock_map_unref+0x352/0x4d0
[ 1092.661935][    C0]  kfree+0xc8/0x220
[ 1092.665583][    C0]  sock_map_unref+0x352/0x4d0
[ 1092.670096][    C0]  sock_hash_delete_elem+0x274/0x2f0
[ 1092.675218][    C0]  bpf_prog_2c29ac5cdc6b1842+0x3a/0x9fc
[ 1092.680596][    C0]  bpf_trace_run4+0x13f/0x270
[ 1092.685109][    C0]  ? bpf_trace_run3+0x250/0x250
[ 1092.689811][    C0]  __bpf_trace_mm_page_alloc+0xbf/0xf0
[ 1092.695097][    C0]  __alloc_pages+0x3cb/0x8f0
[ 1092.699520][    C0]  ? prep_new_page+0x110/0x110
[ 1092.704112][    C0]  ? pcpu_memcg_post_alloc_hook+0x1b1/0x260
[ 1092.709847][    C0]  ? get_random_u32+0x368/0x660
[ 1092.714531][    C0]  ? get_random_u64+0x5c0/0x5c0
[ 1092.719222][    C0]  kmalloc_order+0x4a/0x160
[ 1092.723558][    C0]  kmalloc_order_trace+0x1a/0xb0
[ 1092.728331][    C0]  __kmalloc+0x19c/0x270
[ 1092.732410][    C0]  ? __alloc_percpu_gfp+0x27/0x30
[ 1092.737272][    C0]  bpf_map_area_alloc+0x4c/0xf0
[ 1092.741959][    C0]  htab_map_alloc+0xab2/0x1440
[ 1092.746560][    C0]  map_create+0x411/0x2050
[ 1092.750811][    C0]  __sys_bpf+0x296/0x760
[ 1092.754889][    C0]  ? bpf_link_show_fdinfo+0x2d0/0x2d0
[ 1092.760106][    C0]  ? __kasan_check_read+0x11/0x20
[ 1092.764988][    C0]  __x64_sys_bpf+0x7c/0x90
[ 1092.769210][    C0]  do_syscall_64+0x3d/0xb0
[ 1092.773464][    C0]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1092.779198][    C0] RIP: 0033:0x7fcc47ac10a9
[ 1092.783447][    C0] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 1092.802884][    C0] RSP: 002b:00007fcc46e3b0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1092.811128][    C0] RAX: ffffffffffffffda RBX: 00007fcc47bf7f80 RCX: 00007fcc47ac10a9
[ 1092.818940][    C0] RDX: 0000000000000048 RSI: 00000000200009c0 RDI: 0000000000000000
[ 1092.826752][    C0] RBP: 00007fcc47b30074 R08: 0000000000000000 R09: 0000000000000000
[ 1092.834562][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1092.842374][    C0] R13: 000000000000000b R14: 00007fcc47bf7f80 R15: 00007ffff22443b8
[ 1092.850212][    C0]  </TASK>
[ 1092.853060][    C0] Sending NMI from CPU 0 to CPUs 1:
[ 1092.858115][    C1] NMI backtrace for cpu 1
[ 1092.858129][    C1] CPU: 1 PID: 346 Comm: syz-executor.2 Tainted: G        W         5.15.150-syzkaller-00330-g9044d25b8ff5 #0
[ 1092.858148][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 1092.858158][    C1] RIP: 0010:kvm_wait+0x147/0x180
[ 1092.858178][    C1] Code: 4c 89 e8 48 c1 e8 03 42 0f b6 04 20 84 c0 44 8b 74 24 1c 75 34 41 0f b6 45 00 44 38 f0 75 10 66 90 0f 00 2d 4b 02 f3 03 fb f4 <e9> 24 ff ff ff fb e9 1e ff ff ff 44 89 e9 80 e1 07 38 c1 7c a3 4c
[ 1092.858191][    C1] RSP: 0018:ffffc9000028f280 EFLAGS: 00000246
[ 1092.858206][    C1] RAX: 0000000000000001 RBX: 1ffff92000051e54 RCX: 1ffffffff0d1aa9c
[ 1092.858216][    C1] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffff8881f7138ad4
[ 1092.858227][    C1] RBP: ffffc9000028f330 R08: dffffc0000000000 R09: ffffed103ee2715b
[ 1092.858239][    C1] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[ 1092.858249][    C1] R13: ffff8881f7138ad4 R14: 0000000000000001 R15: 1ffff92000051e58
[ 1092.858260][    C1] FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 1092.858273][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1092.858285][    C1] CR2: 0000001b31d27000 CR3: 0000000111a76000 CR4: 00000000003506a0
[ 1092.858299][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1092.858308][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1092.858318][    C1] Call Trace:
[ 1092.858324][    C1]  <NMI>
[ 1092.858332][    C1]  ? show_regs+0x58/0x60
[ 1092.858349][    C1]  ? nmi_cpu_backtrace+0x29f/0x300
[ 1092.858373][    C1]  ? nmi_trigger_cpumask_backtrace+0x270/0x270
[ 1092.858392][    C1]  ? kvm_wait+0x147/0x180
[ 1092.858406][    C1]  ? kvm_wait+0x147/0x180
[ 1092.858419][    C1]  ? nmi_cpu_backtrace_handler+0xc/0x20
[ 1092.858436][    C1]  ? nmi_handle+0xa8/0x280
[ 1092.858452][    C1]  ? kvm_wait+0x147/0x180
[ 1092.858466][    C1]  ? default_do_nmi+0x69/0x160
[ 1092.858483][    C1]  ? exc_nmi+0xaf/0x120
[ 1092.858498][    C1]  ? end_repeat_nmi+0x16/0x31
[ 1092.858517][    C1]  ? kvm_wait+0x147/0x180
[ 1092.858531][    C1]  ? kvm_wait+0x147/0x180
[ 1092.858545][    C1]  ? kvm_wait+0x147/0x180
[ 1092.858559][    C1]  </NMI>
[ 1092.858564][    C1]  <TASK>
[ 1092.858569][    C1]  ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 1092.858585][    C1]  ? kvm_arch_para_hints+0x30/0x30
[ 1092.858602][    C1]  __pv_queued_spin_lock_slowpath+0x41b/0xc40
[ 1092.858621][    C1]  ? get_page_from_freelist+0x3550/0x35d0
[ 1092.858640][    C1]  ? __pv_queued_spin_unlock_slowpath+0x310/0x310
[ 1092.858660][    C1]  _raw_spin_lock_bh+0x139/0x1b0
[ 1092.858678][    C1]  ? _raw_spin_lock_irq+0x1b0/0x1b0
[ 1092.858696][    C1]  ? sock_hash_bucket_hash+0x31c/0x7e0
[ 1092.858716][    C1]  sock_hash_delete_elem+0xb1/0x2f0
[ 1092.858735][    C1]  bpf_prog_2c29ac5cdc6b1842+0x3a/0x9fc
[ 1092.858749][    C1]  bpf_trace_run4+0x13f/0x270
[ 1092.858767][    C1]  ? bpf_trace_run3+0x250/0x250
[ 1092.858786][    C1]  __bpf_trace_mm_page_alloc+0xbf/0xf0
[ 1092.858803][    C1]  __alloc_pages+0x3cb/0x8f0
[ 1092.858818][    C1]  ? page_remove_rmap+0xe36/0x1420
[ 1092.858833][    C1]  ? prep_new_page+0x110/0x110
[ 1092.858848][    C1]  ? page_remove_rmap+0xebe/0x1420
[ 1092.858865][    C1]  ? page_add_file_rmap+0x8e0/0x8e0
[ 1092.858879][    C1]  ? mark_page_accessed+0x56b/0xbf0
[ 1092.858895][    C1]  __get_free_pages+0x10/0x30
[ 1092.858911][    C1]  __tlb_remove_page_size+0x178/0x300
[ 1092.858930][    C1]  unmap_page_range+0x1226/0x1ed0
[ 1092.858944][    C1]  ? call_rcu+0x135/0x1310
[ 1092.858960][    C1]  ? put_task_struct_rcu_user+0x58/0x90
[ 1092.858983][    C1]  ? mmu_notifier_invalidate_range_end+0xe0/0xe0
[ 1092.858998][    C1]  ? __pagevec_lru_add+0xcde/0xd70
[ 1092.859014][    C1]  ? __mmu_notifier_invalidate_range_start+0x5f0/0x670
[ 1092.859033][    C1]  ? uprobe_munmap+0x18d/0x450
[ 1092.859051][    C1]  unmap_vmas+0x389/0x560
[ 1092.859066][    C1]  ? unmap_page_range+0x1ed0/0x1ed0
[ 1092.859083][    C1]  ? tlb_gather_mmu_fullmm+0x165/0x210
[ 1092.859101][    C1]  exit_mmap+0x3e4/0x940
[ 1092.859118][    C1]  ? exit_aio+0x25e/0x3c0
[ 1092.859131][    C1]  ? vm_brk+0x30/0x30
[ 1092.859146][    C1]  ? mutex_unlock+0xb2/0x260
[ 1092.859164][    C1]  ? uprobe_clear_state+0x2cd/0x320
[ 1092.859182][    C1]  __mmput+0x95/0x310
[ 1092.859201][    C1]  mmput+0x5b/0x170
[ 1092.859216][    C1]  do_exit+0xb9c/0x2ca0
[ 1092.859229][    C1]  ? __kasan_check_read+0x11/0x20
[ 1092.859245][    C1]  ? preempt_schedule_common+0xbe/0xf0
[ 1092.859262][    C1]  ? put_task_struct+0x80/0x80
[ 1092.859277][    C1]  ? __kasan_check_write+0x14/0x20
[ 1092.859292][    C1]  ? preempt_schedule_thunk+0x16/0x18
[ 1092.859310][    C1]  do_group_exit+0x141/0x310
[ 1092.859326][    C1]  __x64_sys_exit_group+0x3f/0x40
[ 1092.859341][    C1]  do_syscall_64+0x3d/0xb0
[ 1092.859356][    C1]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1092.859376][    C1] RIP: 0033:0x7f9ddf9650a9
[ 1092.859387][    C1] Code: Unable to access opcode bytes at RIP 0x7f9ddf96507f.
[ 1092.859395][    C1] RSP: 002b:00007ffc3ce595e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 1092.859410][    C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f9ddf9650a9
[ 1092.859420][    C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1092.859430][    C1] RBP: 0000000000000001 R08: 0000000000000007 R09: 0000000000000000
[ 1092.859439][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1092.859449][    C1] R13: 0000000000000000 R14: 00007ffc3ce596c0 R15: 0000000000000001
[ 1092.859463][    C1]  </TASK>
[ 1098.808040][    C0] rcu: INFO: rcu_preempt self-detected stall on CPU
[ 1098.814469][    C0] rcu: 	0-...!: (1 GPs behind) idle=ae3/1/0x4000000000000000 softirq=128095/128097 fqs=22 last_accelerate: fa32/2142 dyntick_enabled: 1
[ 1098.828172][    C0] 	(t=10001 jiffies g=144565 q=401)
[ 1098.833197][    C0] rcu: rcu_preempt kthread timer wakeup didn't happen for 9957 jiffies! g144565 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
[ 1098.845351][    C0] rcu: 	Possible timer handling issue on cpu=1 timer-softirq=48254
[ 1098.853074][    C0] rcu: rcu_preempt kthread starved for 9960 jiffies! g144565 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1
[ 1098.864269][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[ 1098.874076][    C0] rcu: RCU grace-period kthread stack dump:
[ 1098.879805][    C0] task:rcu_preempt     state:I stack:27976 pid:   14 ppid:     2 flags:0x00004000
[ 1098.888834][    C0] Call Trace:
[ 1098.891959][    C0]  <TASK>
[ 1098.894739][    C0]  __schedule+0xccc/0x1590
[ 1098.898989][    C0]  ? __sched_text_start+0x8/0x8
[ 1098.903672][    C0]  ? del_timer_sync+0x1bc/0x230
[ 1098.908363][    C0]  ? __kasan_check_write+0x14/0x20
[ 1098.913307][    C0]  schedule+0x11f/0x1e0
[ 1098.917315][    C0]  schedule_timeout+0x18c/0x370
[ 1098.922076][    C0]  ? __kasan_check_write+0x14/0x20
[ 1098.927033][    C0]  ? _raw_spin_lock_irqsave+0xf9/0x210
[ 1098.932323][    C0]  ? console_conditional_schedule+0x30/0x30
[ 1098.938043][    C0]  ? update_process_times+0x200/0x200
[ 1098.943249][    C0]  ? prepare_to_swait_event+0x308/0x320
[ 1098.948632][    C0]  rcu_gp_fqs_loop+0x2af/0xf80
[ 1098.953237][    C0]  ? dyntick_save_progress_counter+0x1e0/0x1e0
[ 1098.959220][    C0]  ? rcu_gp_init+0xc30/0xc30
[ 1098.963677][    C0]  ? _raw_spin_unlock_irq+0x4e/0x70
[ 1098.968681][    C0]  ? rcu_gp_init+0x9cf/0xc30
[ 1098.973107][    C0]  rcu_gp_kthread+0xa4/0x350
[ 1098.977532][    C0]  ? _raw_spin_lock+0x1b0/0x1b0
[ 1098.982225][    C0]  ? wake_nocb_gp+0x1e0/0x1e0
[ 1098.986734][    C0]  ? __kasan_check_read+0x11/0x20
[ 1098.991598][    C0]  ? __kthread_parkme+0xb2/0x200
[ 1098.996365][    C0]  kthread+0x421/0x510
[ 1099.000271][    C0]  ? wake_nocb_gp+0x1e0/0x1e0
[ 1099.004784][    C0]  ? kthread_blkcg+0xd0/0xd0
[ 1099.009209][    C0]  ret_from_fork+0x1f/0x30
[ 1099.013466][    C0]  </TASK>
[ 1099.016333][    C0] rcu: Stack dump where RCU GP kthread last ran:
[ 1099.022497][    C0] Sending NMI from CPU 0 to CPUs 1:
[ 1099.027546][    C1] NMI backtrace for cpu 1
[ 1099.027559][    C1] CPU: 1 PID: 346 Comm: syz-executor.2 Tainted: G        W    L    5.15.150-syzkaller-00330-g9044d25b8ff5 #0
[ 1099.027577][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 1099.027586][    C1] RIP: 0010:kvm_wait+0x147/0x180
[ 1099.027605][    C1] Code: 4c 89 e8 48 c1 e8 03 42 0f b6 04 20 84 c0 44 8b 74 24 1c 75 34 41 0f b6 45 00 44 38 f0 75 10 66 90 0f 00 2d 4b 02 f3 03 fb f4 <e9> 24 ff ff ff fb e9 1e ff ff ff 44 89 e9 80 e1 07 38 c1 7c a3 4c
[ 1099.027618][    C1] RSP: 0018:ffffc9000028f280 EFLAGS: 00000246
[ 1099.027634][    C1] RAX: 0000000000000001 RBX: 1ffff92000051e54 RCX: 1ffffffff0d1aa9c
[ 1099.027645][    C1] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffff8881f7138ad4
[ 1099.027655][    C1] RBP: ffffc9000028f330 R08: dffffc0000000000 R09: ffffed103ee2715b
[ 1099.027667][    C1] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[ 1099.027678][    C1] R13: ffff8881f7138ad4 R14: 0000000000000001 R15: 1ffff92000051e58
[ 1099.027694][    C1] FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 1099.027708][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1099.027719][    C1] CR2: 0000001b31d27000 CR3: 0000000111a76000 CR4: 00000000003506a0
[ 1099.027734][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1099.027743][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1099.027754][    C1] Call Trace:
[ 1099.027759][    C1]  <NMI>
[ 1099.027767][    C1]  ? show_regs+0x58/0x60
[ 1099.027784][    C1]  ? nmi_cpu_backtrace+0x29f/0x300
[ 1099.027803][    C1]  ? nmi_trigger_cpumask_backtrace+0x270/0x270
[ 1099.027822][    C1]  ? kvm_wait+0x147/0x180
[ 1099.027835][    C1]  ? kvm_wait+0x147/0x180
[ 1099.027850][    C1]  ? nmi_cpu_backtrace_handler+0xc/0x20
[ 1099.027866][    C1]  ? nmi_handle+0xa8/0x280
[ 1099.027882][    C1]  ? kvm_wait+0x147/0x180
[ 1099.027895][    C1]  ? kvm_wait+0x147/0x180
[ 1099.027909][    C1]  ? default_do_nmi+0x69/0x160
[ 1099.027925][    C1]  ? exc_nmi+0xaf/0x120
[ 1099.027939][    C1]  ? end_repeat_nmi+0x16/0x31
[ 1099.027958][    C1]  ? kvm_wait+0x147/0x180
[ 1099.027972][    C1]  ? kvm_wait+0x147/0x180
[ 1099.027986][    C1]  ? kvm_wait+0x147/0x180
[ 1099.028000][    C1]  </NMI>
[ 1099.028005][    C1]  <TASK>
[ 1099.028010][    C1]  ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 1099.028026][    C1]  ? kvm_arch_para_hints+0x30/0x30
[ 1099.028043][    C1]  __pv_queued_spin_lock_slowpath+0x41b/0xc40
[ 1099.028063][    C1]  ? get_page_from_freelist+0x3550/0x35d0
[ 1099.028081][    C1]  ? __pv_queued_spin_unlock_slowpath+0x310/0x310
[ 1099.028101][    C1]  _raw_spin_lock_bh+0x139/0x1b0
[ 1099.028118][    C1]  ? _raw_spin_lock_irq+0x1b0/0x1b0
[ 1099.028136][    C1]  ? sock_hash_bucket_hash+0x31c/0x7e0
[ 1099.028156][    C1]  sock_hash_delete_elem+0xb1/0x2f0
[ 1099.028175][    C1]  bpf_prog_2c29ac5cdc6b1842+0x3a/0x9fc
[ 1099.028188][    C1]  bpf_trace_run4+0x13f/0x270
[ 1099.028206][    C1]  ? bpf_trace_run3+0x250/0x250
[ 1099.028224][    C1]  __bpf_trace_mm_page_alloc+0xbf/0xf0
[ 1099.028242][    C1]  __alloc_pages+0x3cb/0x8f0
[ 1099.028257][    C1]  ? page_remove_rmap+0xe36/0x1420
[ 1099.028272][    C1]  ? prep_new_page+0x110/0x110
[ 1099.028287][    C1]  ? page_remove_rmap+0xebe/0x1420
[ 1099.028303][    C1]  ? page_add_file_rmap+0x8e0/0x8e0
[ 1099.028317][    C1]  ? mark_page_accessed+0x56b/0xbf0
[ 1099.028334][    C1]  __get_free_pages+0x10/0x30
[ 1099.028350][    C1]  __tlb_remove_page_size+0x178/0x300
[ 1099.028369][    C1]  unmap_page_range+0x1226/0x1ed0
[ 1099.028384][    C1]  ? call_rcu+0x135/0x1310
[ 1099.028398][    C1]  ? put_task_struct_rcu_user+0x58/0x90
[ 1099.028421][    C1]  ? mmu_notifier_invalidate_range_end+0xe0/0xe0
[ 1099.028438][    C1]  ? __pagevec_lru_add+0xcde/0xd70
[ 1099.028453][    C1]  ? __mmu_notifier_invalidate_range_start+0x5f0/0x670
[ 1099.028471][    C1]  ? uprobe_munmap+0x18d/0x450
[ 1099.028490][    C1]  unmap_vmas+0x389/0x560
[ 1099.028505][    C1]  ? unmap_page_range+0x1ed0/0x1ed0
[ 1099.028522][    C1]  ? tlb_gather_mmu_fullmm+0x165/0x210
[ 1099.028540][    C1]  exit_mmap+0x3e4/0x940
[ 1099.028556][    C1]  ? exit_aio+0x25e/0x3c0
[ 1099.028570][    C1]  ? vm_brk+0x30/0x30
[ 1099.028584][    C1]  ? mutex_unlock+0xb2/0x260
[ 1099.028601][    C1]  ? uprobe_clear_state+0x2cd/0x320
[ 1099.028620][    C1]  __mmput+0x95/0x310
[ 1099.028636][    C1]  mmput+0x5b/0x170
[ 1099.028650][    C1]  do_exit+0xb9c/0x2ca0
[ 1099.028664][    C1]  ? __kasan_check_read+0x11/0x20
[ 1099.028680][    C1]  ? preempt_schedule_common+0xbe/0xf0
[ 1099.028703][    C1]  ? put_task_struct+0x80/0x80
[ 1099.028718][    C1]  ? __kasan_check_write+0x14/0x20
[ 1099.028734][    C1]  ? preempt_schedule_thunk+0x16/0x18
[ 1099.028752][    C1]  do_group_exit+0x141/0x310
[ 1099.028768][    C1]  __x64_sys_exit_group+0x3f/0x40
[ 1099.028783][    C1]  do_syscall_64+0x3d/0xb0
[ 1099.028798][    C1]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1099.028813][    C1] RIP: 0033:0x7f9ddf9650a9
[ 1099.028824][    C1] Code: Unable to access opcode bytes at RIP 0x7f9ddf96507f.
[ 1099.028832][    C1] RSP: 002b:00007ffc3ce595e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 1099.028847][    C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f9ddf9650a9
[ 1099.028858][    C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1099.028867][    C1] RBP: 0000000000000001 R08: 0000000000000007 R09: 0000000000000000
[ 1099.028877][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1099.028886][    C1] R13: 0000000000000000 R14: 00007ffc3ce596c0 R15: 0000000000000001
[ 1099.028901][    C1]  </TASK>
[ 1099.029548][    C0] NMI backtrace for cpu 0
[ 1099.543464][    C0] CPU: 0 PID: 403 Comm: syz-executor.3 Tainted: G        W    L    5.15.150-syzkaller-00330-g9044d25b8ff5 #0
[ 1099.554830][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 1099.567050][    C0] Call Trace:
[ 1099.576387][    C0]  <IRQ>
[ 1099.579428][    C0]  dump_stack_lvl+0x151/0x1b7
[ 1099.584297][    C0]  ? io_uring_drop_tctx_refs+0x190/0x190
[ 1099.592962][    C0]  ? ttwu_do_wakeup+0x187/0x430
[ 1099.598087][    C0]  dump_stack+0x15/0x17
[ 1099.602172][    C0]  nmi_cpu_backtrace+0x2f7/0x300
[ 1099.607039][    C0]  ? nmi_trigger_cpumask_backtrace+0x270/0x270
[ 1099.613022][    C0]  ? _raw_spin_lock_irqsave+0xf9/0x210
[ 1099.618326][    C0]  ? _raw_spin_lock+0x1b0/0x1b0
[ 1099.622996][    C0]  ? arch_trigger_cpumask_backtrace+0x20/0x20
[ 1099.628895][    C0]  nmi_trigger_cpumask_backtrace+0x15d/0x270
[ 1099.634710][    C0]  ? arch_trigger_cpumask_backtrace+0x20/0x20
[ 1099.640612][    C0]  arch_trigger_cpumask_backtrace+0x10/0x20
[ 1099.646340][    C0]  rcu_dump_cpu_stacks+0x1d8/0x330
[ 1099.651289][    C0]  print_cpu_stall+0x315/0x5f0
[ 1099.655889][    C0]  rcu_sched_clock_irq+0x989/0x12f0
[ 1099.660922][    C0]  ? rcu_boost_kthread_setaffinity+0x340/0x340
[ 1099.666911][    C0]  ? hrtimer_run_queues+0x15f/0x440
[ 1099.671945][    C0]  update_process_times+0x198/0x200
[ 1099.676995][    C0]  tick_sched_timer+0x188/0x240
[ 1099.681663][    C0]  ? tick_setup_sched_timer+0x480/0x480
[ 1099.687047][    C0]  __hrtimer_run_queues+0x41a/0xad0
[ 1099.692079][    C0]  ? hrtimer_interrupt+0xaa0/0xaa0
[ 1099.697024][    C0]  ? clockevents_program_event+0x22f/0x300
[ 1099.702669][    C0]  ? ktime_get_update_offsets_now+0x2ba/0x2d0
[ 1099.708569][    C0]  hrtimer_interrupt+0x40c/0xaa0
[ 1099.713346][    C0]  __sysvec_apic_timer_interrupt+0xfd/0x3c0
[ 1099.719070][    C0]  sysvec_apic_timer_interrupt+0x95/0xc0
[ 1099.724541][    C0]  </IRQ>
[ 1099.727314][    C0]  <TASK>
[ 1099.730092][    C0]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 1099.735918][    C0] RIP: 0010:kvm_wait+0x147/0x180
[ 1099.742074][    C0] Code: 4c 89 e8 48 c1 e8 03 42 0f b6 04 20 84 c0 44 8b 74 24 1c 75 34 41 0f b6 45 00 44 38 f0 75 10 66 90 0f 00 2d 4b 02 f3 03 fb f4 <e9> 24 ff ff ff fb e9 1e ff ff ff 44 89 e9 80 e1 07 38 c1 7c a3 4c
[ 1099.761687][    C0] RSP: 0018:ffffc9000115e800 EFLAGS: 00000246
[ 1099.767592][    C0] RAX: 0000000000000003 RBX: 1ffff9200022bd04 RCX: ffffffff8154fbbf
[ 1099.775397][    C0] RDX: dffffc0000000000 RSI: 0000000000000003 RDI: ffff888114efd858
[ 1099.783215][    C0] RBP: ffffc9000115e8b0 R08: dffffc0000000000 R09: ffffed10229dfb0c
[ 1099.791020][    C0] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[ 1099.798833][    C0] R13: ffff888114efd858 R14: 0000000000000003 R15: 1ffff9200022bd08
[ 1099.806650][    C0]  ? __pv_queued_spin_lock_slowpath+0x65f/0xc40
[ 1099.812724][    C0]  ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 1099.818716][    C0]  ? kvm_arch_para_hints+0x30/0x30
[ 1099.823656][    C0]  ? __pv_queued_spin_lock_slowpath+0x65f/0xc40
[ 1099.829825][    C0]  __pv_queued_spin_lock_slowpath+0x6bc/0xc40
[ 1099.835723][    C0]  ? __pv_queued_spin_unlock_slowpath+0x310/0x310
[ 1099.841969][    C0]  _raw_spin_lock_bh+0x139/0x1b0
[ 1099.846743][    C0]  ? _raw_spin_lock_irq+0x1b0/0x1b0
[ 1099.851797][    C0]  ? sock_hash_bucket_hash+0x31c/0x7e0
[ 1099.857072][    C0]  sock_hash_delete_elem+0xb1/0x2f0
[ 1099.862108][    C0]  bpf_prog_2c29ac5cdc6b1842+0x3a/0x9fc
[ 1099.867485][    C0]  bpf_trace_run4+0x13f/0x270
[ 1099.871998][    C0]  ? bpf_trace_run3+0x250/0x250
[ 1099.876687][    C0]  __bpf_trace_mm_page_alloc+0xbf/0xf0
[ 1099.881986][    C0]  __alloc_pages+0x3cb/0x8f0
[ 1099.886404][    C0]  ? prep_new_page+0x110/0x110
[ 1099.891005][    C0]  ? __bpf_trace_mm_page_alloc+0xbf/0xf0
[ 1099.896472][    C0]  ? stack_trace_save+0x113/0x1c0
[ 1099.901333][    C0]  __stack_depot_save+0x38d/0x470
[ 1099.906193][    C0]  stack_depot_save+0xe/0x10
[ 1099.910616][    C0]  save_stack+0x104/0x1e0
[ 1099.914784][    C0]  ? __reset_page_owner+0x190/0x190
[ 1099.919817][    C0]  ? post_alloc_hook+0x1a3/0x1b0
[ 1099.924590][    C0]  ? prep_new_page+0x1b/0x110
[ 1099.929104][    C0]  ? get_page_from_freelist+0x3550/0x35d0
[ 1099.934659][    C0]  ? __alloc_pages+0x27e/0x8f0
[ 1099.939258][    C0]  ? __stack_depot_save+0x38d/0x470
[ 1099.944292][    C0]  ? kasan_set_track+0x5d/0x70
[ 1099.948892][    C0]  ? kasan_set_free_info+0x23/0x40
[ 1099.953840][    C0]  ? ____kasan_slab_free+0x126/0x160
[ 1099.958961][    C0]  ? __kasan_slab_free+0x11/0x20
[ 1099.963735][    C0]  ? slab_free_freelist_hook+0xbd/0x190
[ 1099.969115][    C0]  ? kfree+0xc8/0x220
[ 1099.972932][    C0]  ? sock_map_unref+0x352/0x4d0
[ 1099.977621][    C0]  ? sock_hash_delete_elem+0x274/0x2f0
[ 1099.982919][    C0]  ? bpf_prog_2c29ac5cdc6b1842+0x3a/0x9fc
[ 1099.988469][    C0]  ? bpf_trace_run4+0x13f/0x270
[ 1099.993156][    C0]  ? __bpf_trace_mm_page_alloc+0xbf/0xf0
[ 1099.998628][    C0]  __set_page_owner+0x28/0x2e0
[ 1100.003225][    C0]  ? kernel_init_free_pages+0xda/0xf0
[ 1100.008432][    C0]  post_alloc_hook+0x1a3/0x1b0
[ 1100.013034][    C0]  prep_new_page+0x1b/0x110
[ 1100.017372][    C0]  get_page_from_freelist+0x3550/0x35d0
[ 1100.022759][    C0]  ? lruvec_init+0x150/0x150
[ 1100.027179][    C0]  ? __alloc_pages+0x8f0/0x8f0
[ 1100.031779][    C0]  ? __alloc_pages_bulk+0xe40/0xe40
[ 1100.036814][    C0]  ? stack_trace_save+0x1c0/0x1c0
[ 1100.041673][    C0]  __alloc_pages+0x27e/0x8f0
[ 1100.046100][    C0]  ? prep_new_page+0x110/0x110
[ 1100.050702][    C0]  ? stack_trace_save+0x113/0x1c0
[ 1100.055565][    C0]  ? stack_trace_snprint+0xf0/0xf0
[ 1100.060510][    C0]  __stack_depot_save+0x38d/0x470
[ 1100.065369][    C0]  ? kfree+0xc8/0x220
[ 1100.069185][    C0]  kasan_set_track+0x5d/0x70
[ 1100.073773][    C0]  ? kasan_set_track+0x4b/0x70
[ 1100.078449][    C0]  ? kasan_set_free_info+0x23/0x40
[ 1100.083398][    C0]  ? ____kasan_slab_free+0x126/0x160
[ 1100.088519][    C0]  ? __kasan_slab_free+0x11/0x20
[ 1100.093291][    C0]  ? slab_free_freelist_hook+0xbd/0x190
[ 1100.098671][    C0]  ? kfree+0xc8/0x220
[ 1100.102489][    C0]  ? sock_map_unref+0x352/0x4d0
[ 1100.107176][    C0]  ? sock_hash_delete_elem+0x274/0x2f0
[ 1100.112475][    C0]  ? bpf_prog_2c29ac5cdc6b1842+0x3a/0x9fc
[ 1100.118025][    C0]  ? bpf_trace_run4+0x13f/0x270
[ 1100.122711][    C0]  ? __bpf_trace_mm_page_alloc+0xbf/0xf0
[ 1100.128179][    C0]  ? __alloc_pages+0x3cb/0x8f0
[ 1100.132785][    C0]  ? kmalloc_order+0x4a/0x160
[ 1100.137294][    C0]  ? kmalloc_order_trace+0x1a/0xb0
[ 1100.142240][    C0]  ? __kmalloc+0x19c/0x270
[ 1100.146493][    C0]  ? bpf_map_area_alloc+0x4c/0xf0
[ 1100.151352][    C0]  ? htab_map_alloc+0xab2/0x1440
[ 1100.156127][    C0]  ? map_create+0x411/0x2050
[ 1100.160552][    C0]  ? __sys_bpf+0x296/0x760
[ 1100.164813][    C0]  ? __x64_sys_bpf+0x7c/0x90
[ 1100.169232][    C0]  ? do_syscall_64+0x3d/0xb0
[ 1100.173658][    C0]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1100.179569][    C0]  ? prep_compound_page+0x271/0x4a0
[ 1100.184594][    C0]  kasan_set_free_info+0x23/0x40
[ 1100.189372][    C0]  ____kasan_slab_free+0x126/0x160
[ 1100.194316][    C0]  __kasan_slab_free+0x11/0x20
[ 1100.198914][    C0]  slab_free_freelist_hook+0xbd/0x190
[ 1100.204123][    C0]  ? sock_map_unref+0x352/0x4d0
[ 1100.208902][    C0]  kfree+0xc8/0x220
[ 1100.212669][    C0]  sock_map_unref+0x352/0x4d0
[ 1100.217666][    C0]  sock_hash_delete_elem+0x274/0x2f0
[ 1100.224321][    C0]  bpf_prog_2c29ac5cdc6b1842+0x3a/0x9fc
[ 1100.229996][    C0]  bpf_trace_run4+0x13f/0x270
[ 1100.236054][    C0]  ? bpf_trace_run3+0x250/0x250
[ 1100.241640][    C0]  __bpf_trace_mm_page_alloc+0xbf/0xf0
[ 1100.247833][    C0]  __alloc_pages+0x3cb/0x8f0
[ 1100.252324][    C0]  ? prep_new_page+0x110/0x110
[ 1100.256902][    C0]  ? pcpu_memcg_post_alloc_hook+0x1b1/0x260
[ 1100.262639][    C0]  ? get_random_u32+0x368/0x660
[ 1100.267323][    C0]  ? get_random_u64+0x5c0/0x5c0
[ 1100.272003][    C0]  kmalloc_order+0x4a/0x160
[ 1100.276342][    C0]  kmalloc_order_trace+0x1a/0xb0
[ 1100.281118][    C0]  __kmalloc+0x19c/0x270
[ 1100.285196][    C0]  ? __alloc_percpu_gfp+0x27/0x30
[ 1100.290059][    C0]  bpf_map_area_alloc+0x4c/0xf0
[ 1100.294745][    C0]  htab_map_alloc+0xab2/0x1440
[ 1100.299345][    C0]  map_create+0x411/0x2050
[ 1100.303600][    C0]  __sys_bpf+0x296/0x760
[ 1100.307776][    C0]  ? bpf_link_show_fdinfo+0x2d0/0x2d0
[ 1100.312978][    C0]  ? __kasan_check_read+0x11/0x20
[ 1100.317839][    C0]  __x64_sys_bpf+0x7c/0x90
[ 1100.322088][    C0]  do_syscall_64+0x3d/0xb0
[ 1100.326342][    C0]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1100.332071][    C0] RIP: 0033:0x7fcc47ac10a9
[ 1100.336327][    C0] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 1100.355851][    C0] RSP: 002b:00007fcc46e3b0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1100.364096][    C0] RAX: ffffffffffffffda RBX: 00007fcc47bf7f80 RCX: 00007fcc47ac10a9
[ 1100.371908][    C0] RDX: 0000000000000048 RSI: 00000000200009c0 RDI: 0000000000000000
[ 1100.379718][    C0] RBP: 00007fcc47b30074 R08: 0000000000000000 R09: 0000000000000000
[ 1100.387530][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1100.397338][    C0] R13: 000000000000000b R14: 00007fcc47bf7f80 R15: 00007ffff22443b8
[ 1100.407017][    C0]  </TASK>