last executing test programs:

10.443976066s ago: executing program 3:
syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x0, &(0x7f0000000000)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}, {@resgid}, {@jqfmt_vfsv1}, {@errors_remount}, {@nobh}, {@usrjquota, 0x2e}], [], 0x2e}, 0x6, 0x46f, &(0x7f0000000580)="$eJzs289vFFUcAPDvbLvlt62IP/ihVtHY+KOlBZWDF40mXExM9IDHWgpBCjW0JkKIVGPwaPgL1KOJf4EnvRj1pPGqiRcTY0IMF9GDGTO7M7C0u+v+ahfczycZeG/mTd/7zszbfTNvJ4CBNZ79k0Rsj4ifRiJGq9mbC4xX/7t29cLcX1cvzCWRpq/+kVTK/Xn1wlxRtNhvW56ZKEWUPkhib516l86dPzW7sDB/Ns9PLZ9+a2rp3PmnTp6ePTF/Yv7MzOHDhw5OP/vMzNM9iXNH1tY97y7u233k9csvzx29/Ma3n2frt+fba+OoGuu6zvEYv/lY1ng04tc0Tbuu41axoyadDPexIbRlKCKy01XO+n+MxlDcOHmj8dL7fW0csK7SNE03rVk7VCRWUuB/LIl+twDoj+KLPrv/LZYNHH703ZXnqzdAWdzX8qW6ZThKeZnyqvvbXhqPiKMrf3+cLVH3OQQAQG99mY1/nqw3/ivFPTXl7ojq3NBYRNwZETsj4q6I2BURd0dUyt4bEfe1Wf/4qvza8c8PWzoKrEXZ+O+5fG7r5vFfMfqLsaE8t6MSfzk5fnJh/kB+TCaivCnLTzep46sXf/yo0bba8V+2ZPUXY8G8Hb8Pr3pAd2x2ebabmGtdeS9iz3C9+JPrMwFJROyOiD0d/P3smJ18/LN9jbb/d/xN9GCeKf004rHq+V+JVfEXkubzk1ObY2H+wFRxVaz13feXXmlUf1fx90B2/rfWvf6vxz+W1M7XLrVfx6WfP2x4T9Pp9T+SvFZJj+Tr3pldXj47HTGSrKxdP3Nj3yJflM/in9hfv//vjPjnk3y/vRGRXcT3R8QDEfFg3vaHIuLhiNjfJP5vXnjkzc7jX19Z/MfaOv/tJ4ZOff1Fo/pbO/+HKqmJfE0rn3+tNrCbYwcAAAC3i1LlN/BJafJ6ulSanKz+hn9XbC0tLC4tP3F88e0zx6q/lR+Lcql40jVa8zx0On82XORnVuUPVp4bp2mabqnkJ+cWF9ZrTh1ozbYG/T/z21C/Wwesu7bm0Rq90QbclryvCYNL/4fB1Wr/L69zO4CN5/sfBle9/n8x4lofmgJsMN//MLj0fxhc+j8MLv0fBlI37/U3S+w80vHuaVe1b84D63D3X9blaDRLDG1gXb1MRKnupnJE3CItbJIo3RrNqCY2RUSrhS92emG3nejzBxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECP/BsAAP//cGjokQ==")
r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r0, &(0x7f0000000040)=""/104, 0x4d)

10.202299174s ago: executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b7030000ddffffff850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='ext4_ext_remove_space\x00', r0}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.time_recursive\x00', 0x275a, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r2, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='ext4_ext_remove_space\x00', r3}, 0x10)
write$cgroup_int(r1, &(0x7f0000000100), 0x1001)
ioctl$SIOCSIFHWADDR(r1, 0x4030582b, &(0x7f0000000000)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}})

10.154213851s ago: executing program 3:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d)
io_submit(0x0, 0x0, 0x0)
signalfd(0xffffffffffffffff, &(0x7f0000000100), 0x8)
signalfd(0xffffffffffffffff, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r5 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
fsmount(r5, 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x0, @val=@iter={0x0}}, 0x40)
socket$nl_route(0x10, 0x3, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000004c0)="c8", &(0x7f0000000380), 0x5, r6}, 0x38)

9.299801893s ago: executing program 3:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000c80)={'lo\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_FLOW_PLIMIT={0x8, 0x8}]}}]}, 0x38}}, 0x0)

9.289969935s ago: executing program 3:
r0 = io_uring_setup(0x1558, &(0x7f0000000080))
r1 = memfd_create(&(0x7f0000000180)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x05\x1d\xa1\xce\x8b\x19\xea\xef\xe3', 0x0)
r2 = dup(r1)
write$cgroup_pid(r2, &(0x7f0000000040), 0x12)
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4, 0x11, r1, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x13, 0x20000000, 0x2)

9.282071826s ago: executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10)
bind$bt_hci(r1, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x28)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r0, 0x400455c8, 0x0)

7.142633086s ago: executing program 4:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000380)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000d8ffffffb703000008000000b70400000000925e850000000800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000013007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r6}, 0x10)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}, {@metacopy_on}], [], 0x2c})
r7 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
linkat(r7, &(0x7f0000000180)='./file1\x00', r7, &(0x7f00000001c0)='./file3\x00', 0x0)
openat(r7, 0x0, 0x0, 0x0)
r8 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180), 0x802, 0x0)
write$uinput_user_dev(r8, &(0x7f0000000200)={'syz0\x00', {0x0, 0x0, 0x0, 0x2}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x45c)

6.27918941s ago: executing program 4:
open(&(0x7f0000000040)='./file0\x00', 0x40c5, 0x0)
open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
open(0x0, 0x0, 0x0)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={0x0}, 0x10)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000010100008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100))
r5 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="00000000000000008500000083000000bf0904000000000055090100000000009500000000000000bf91000000000000b7000000000000858800000084000000b7000000000000009500000000000000"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = syz_usb_connect$cdc_ncm(0x4, 0xf7, &(0x7f0000000780)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x0, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xe5, 0x2, 0x1, 0xfe, 0x20, 0x7, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x8, 0x24, 0x6, 0x0, 0x1, "1d9e4e"}, {0x5}, {0xd, 0x24, 0xf, 0x1, 0x7f, 0x7f, 0x0, 0x20}, {0x6, 0x24, 0x1a, 0xffff, 0x2}, [@mbim={0xc, 0x24, 0x1b, 0x400, 0x7af2, 0x6c, 0xff, 0x7, 0xba}, @mdlm_detail={0x69, 0x24, 0x13, 0x3f, "8bfb4a1b707ab75d06ac1b8fb9e51ba26a6b585ec01b4ee223dcf7fa68651f4c79695118482f06f214fb8625521e952c5a1c1739e90a0b38c58493de68e784230b4f5e8e7bdeae2084b161c6a02824e578bc1be838a6364a75bd2d22cbe300cfd6ecfa22e3"}, @mbim={0xc, 0x24, 0x1b, 0x6, 0x6, 0xe8, 0x0, 0x9, 0x1}, @obex={0x5, 0x24, 0x15, 0xfc00}]}, {{0x9, 0x5, 0x81, 0x3, 0x40, 0x6a, 0x9, 0x18}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x20, 0x40, 0x3, 0x5}}, {{0x9, 0x5, 0x3, 0x2, 0x3ff, 0x1, 0x3, 0x1}}}}}}}]}}, &(0x7f0000000e40)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x310, 0x4b, 0x6, 0x7f, 0xff}, 0x10, &(0x7f0000000240)=ANY=[@ANYBLOB="051aff00000300000000f0ff00000000"], 0x8, [{0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x443}}, {0x0, 0x0}, {0x34, &(0x7f0000000300)=@string={0x34, 0x3, "ede3361ac0d7714102141e52bfba9ba948a78077678a164a96bca2dc451a466c4197d7c5b0a621a920877d8c986850260b2e"}}, {0x0, 0x0}, {0x45, &(0x7f0000000900)=@string={0x45, 0x3, "2a5121119552e0fb88f34222b86a4bcc118241a4deeda74b7f985d11e637de8f768b3fe87ed35f831a21c3859fe0480ff5ca89543bc600466ac76d4ea693feee6ccfc7"}}, {0x4, &(0x7f0000000640)=@lang_id={0x4, 0x3, 0x404}}, {0x19, &(0x7f00000009c0)=ANY=[@ANYBLOB]}, {0x4, &(0x7f0000000a00)=@lang_id={0x4, 0x3, 0x424}}]})
syz_usb_control_io$cdc_ncm(r6, 0x0, &(0x7f0000001280)={0x44, &(0x7f0000001300)={0x0, 0x9, 0x6c, "6bb20701dc0c3c82f35a897f4b47e11779b6f32bcfdbf6818de1df0549d5e7b25305cae3f111ccbeb4074764a18e140376cb95177721fccab41b730b3c00fef523d251fad398125c6ec43ec40dbabdc8d9bbcf2fdc589870b17c5429651516da5cd7c55e0e76261e2538424f"}, &(0x7f00000010c0)={0x0, 0xa, 0x1}, &(0x7f0000001100)={0x0, 0x8, 0x1, 0x82}, &(0x7f0000001140)={0x20, 0x80, 0x1c, {0xd535, 0x8, 0x0, 0x1, 0xee1c, 0x8, 0x40, 0x8001, 0xfff, 0x2, 0x400, 0x9}}, &(0x7f0000001180)={0x20, 0x85, 0x4, 0x6}, &(0x7f00000011c0)={0x20, 0x83, 0x2, 0x1}, &(0x7f0000001200)={0x20, 0x87, 0x2, 0x401}, &(0x7f0000001240)={0x20, 0x89, 0x2, 0x1}})
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000a40)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000800000095000000000000009500a5050000000077d8f3b423cdac8d8000000000000020e16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f68a7d06d10bfe150a7487535f7866907dc6751dfb265a0e3ccae669e173a649c1cfd6587d452d46b7c57d77578f4c35235138d5521f9453559c3421eed73d5661cfeecf9c66c54c3b3ffe1b4ce25d7c983c044c03bf3ff03fe3e26e7a23129d6606fd28a7f9105f82317874b33d96b39fa4e045469989d552af6200000003a00000000000000abecc2f4a3799af2551ce935b0f327cb3f011a7d06602e2fd5234712596b696418f1623ed38ae89d24e14b40234756ddcebfba2f87925bfacba83109753f543ad027edd68149ee99eebc6f7d6dd4aed4afe1f44ccb19e810879b70a70900000000000000000000d7900a820b6327944e9a217b9800e02a92895614cd50cbf83a1ed25268816b004519c9c5cff097d8000000000009d27d753a30a147b24a48435bd8a568669596e9e08679b3ce48e90defb6670c3d6209000000c773713a66b223fa8b148871c8d31d24000025449f106b99893ed20fa7a050fbbef90327e827e513e9606800000000e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e69ee52b59d13182e1f24ed208ada12f7a1525320e71666f472a972d5eb1affb87ba55b2d72078e9f40b4ae7dc3b2aeb0d11cd22c35d32940f19dff00ffffffff080000ff003853e59de7621e348955735264f34b1046a1813668297a7edad187ef106ae7fcbb25090f17d0baadeb8ae190a1fb5a315f8347fb0379659500000000000000000000000000000000000000002fdf0193ec79c90ed210ebc2fbed6d4216770c1b0dec886b388d138c2b69c6aacb714e7264093061c660a5100b7cc165889eb94c8d7c77b6fa06f1a4f8e4a6b6cb37e319c5c22f276b03cae853f42b07ca0b03b1eb32a6b1a81cd511fd0b59d57a11c6a3ebf9731464ad21f07f618efc31023ac60007426162b57e803519954d7c956fda392fa84be38e937d36af1c35138e05a9e8d6dc0272de72c41500000000304402e22af23437126f330f8eb4075daaeae3134ece35cd86d95bd9836bd186c4b6565e967a4e3e86f299b7400994ba136b4eccf3b0f001a266c0d160b3ce1182001d64b52a5ce7f506295d59eea6903b84ffbabf5a5b91c1d6ecce8728a224aec66c610e3becd60a35e848c224f8251947eed20e2b612cb099bfe8924d33ba7f0691fed04a43e9c64b7a1e3165e86cdb9871c678a6bbb14821f441c6c14d1bd78d8ffdfea12c19ea04264335d60b6b7a7da6fb83f33101db32"], 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socketpair(0x28, 0x2, 0x0, 0x0)

3.196491607s ago: executing program 4:
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
r0 = gettid()
r1 = gettid()
tkill(r0, 0x12)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r2}, 0x0, &(0x7f0000000040)}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
tkill(r0, 0x1)
tkill(r1, 0x14)

3.185218068s ago: executing program 4:
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00'}, 0x10)
syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f0000000080)=ANY=[])

2.094612597s ago: executing program 1:
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000510700140000000000000001b7080000000000007b8af8ff00000000b7080000fcffffff7b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x7}, 0x48)

2.083476828s ago: executing program 1:
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x0, 0x0, 0x0, 0x4, 0xffffffffffffffff, 0x3}, 0x48)

1.81636243s ago: executing program 1:
r0 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014fa0000b7030000000008008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000020000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10)
r3 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r3, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r3, 0x0)
ioctl$ASHMEM_SET_NAME(r3, 0x40087708, &(0x7f00000007c0)='\x00\x00\x03\x06\x00\x00\x00\x05\x00x\x92\x12\xac\x06^\xbewV\xf3\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\x1fU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\a\x00\x00\x00\x00\x00\x00\x00\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|c\xfc\"\xee\xc4\x93Q\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x86\xee\xfb\xfdU\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f_D\xbdt/\'\xf6\xc3\x8c\xb8\vS\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16=\xcc\xb0\x1b7\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\xa9\x96\xf8/0Xd\xcf\xb9\xa2\x1d\x13\x8fC\xd2&\xd8\x9d\x8b\xe0E\xd2\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7T\xfb\xfc\xfauT\xf8\x9e\x86\xef.\xf6<\xbfB\xe7\x80\x1a\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x97\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\vE\x18\"\x87\xa0\xa9:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\x13Y\x86\xd8\xbfH\xc6\x9c\x8cs4\r\xcd\xd1\x83JT\xf9\xa2\x83?\xb3\x0f\xc6&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\xf4[n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\xa9]\xc2\\\xda<\xc8d.w\x9c\xaf4\xbb\xe8Co\xb3\xd8\x82\x92\xba+\x99PXB\xdc\xbay\xa0s<\x92k\vJTRW\xc26\x06\x10\x92\xc7\xa55\x9fZ\xff*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146%Z\x83H\xabF\x18<\x86h\x01=\x03i\xc4\t\x8e/\x12\a\xdf\xe7zU\x1d\x15\x0e\xc1?\xeau\xb4\x84x\x00\x00X\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd\x92\xd0}ur\xaag\xdb&e$\f\rrT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\x05\xfa\x99\x15\x87\x14\x13$\t\xa8?\xee\x94W\x8e\xe1\xcc\xc3U\x84\xc6]:\x9a|W\xec\x84\x18\bb\x82\x8f\xc0\xab\xe3a\x99\x17\x85\x9a\x05\xb1\x12K\\\xf2\xd5\b^[D~~\x84\\\xe4\x00')
ioctl$ASHMEM_SET_NAME(r3, 0x40087708, &(0x7f0000000b00)='\x00\x00\x03\v\x00\x00\x00\x01\x00x\x92\x12\xbc\x00\x00\xbb\x0642\x9c\x1a\xd1\xcbx\xb0\xd6\x1e\x10gQ\xca\x0e;\xf7\'\x8c\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn\x05\x00\x00\x00-<\r\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \xac\xc4K\x03\xfa\x13Vz\xbf\xe3c\x8d \x0f\xb1\xe9\xf2oci(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafd%\xf1\xdbjE\x01\xd1sD5hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\x851Y9OB\xdeB\xe1\x02-&\"1hS\x92\xe4$-\x02\x00\xe4\x8e\"\x85\xc9x\xef\x81E.r\x89\xe5\x00\x9e\x97\x96\xb8j\x81\xf0\xdca\xfb\xa6\xff\xff\xff\xff\x00\x00\x00\x00d\xf0\xf1j\x11\x12\xc0\xbb\xfdq~#\xf7\xa8\"$,\xf4\x84|\x89o\x00<\xa6-\xb0\xd3\x80\xbe\xcf\a\x00\xfc\xa6\xb1\x05\x94\x84l\xbfA\xeb\xd8\t\x00\x00\x00CvNhx461\x04N<\xedV\xcet\xaa~\xf3j\x94\xec\x92\x86uY\xf6\xb5\t?,~\xa67\\\xb9\xc9K\xf8\x9d\x96\xc0\xb5\xc7wF\x99\x12\x97T\x90.\x9c\xe3\x9a\xf1\xb9\x9c\x13\xbc\x19\xde/\xaahB\t\x97\a03\xcd\xb3\xc8\xd5l\x14!\xf9Xg2\x1d\xeeB\xccT\x0e\xd8\xef\xc8\xe9\xb4\xf3l\xc3\xf2\x998\xc8\xc2|2\xee\xb4W\x99f.\xeb\xe9\x05\xcbkz3+\xdd\xe1*8\x95@0t0\xad\xe3#\xd7\x19\xe7Q\xdfmI\xe5\x1e\xe4\x87\xc9\x8f\xa7\xe0\xd9v\xf6\x01\x9d\x8f`,\x1a8\x81I\x86l\x8f2\r:\xc1\x02\xd6Z%\xa7Ks\x8bUolS\x05\xbe\x97\x1fGe\x94\xa6\xa3\xab\xdb\r\x17\xff[\xb1\x00\xff\x7f\x00\x00\x00\x00')
close_range(r0, 0xffffffffffffffff, 0x0)

1.803330831s ago: executing program 1:
r0 = timerfd_create(0x0, 0x0)
timerfd_settime(r0, 0x3, &(0x7f0000000080)={{0x0, 0x3938700}, {0x77359400}}, 0x0)
clock_adjtime(0x0, &(0x7f0000000480)={0x7fffffffffffffff})

1.792731784s ago: executing program 1:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000002000000000000000000018190000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000e80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='ext4_request_inode\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0)

1.765973157s ago: executing program 1:
syz_mount_image$fuse(0x0, &(0x7f0000000c40)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f00000002c0), 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x128a877, &(0x7f0000000180)=ANY=[@ANYBLOB='size=2,nr_inodes=4'])
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
getsockopt$inet6_udp_int(r0, 0x11, 0x0, &(0x7f0000000080), &(0x7f00000001c0)=0x4)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="1201040000002f2057155081ed29010203010902120001000000000904"], 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f00000000c0)=@framed, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_usb_control_io(r1, &(0x7f0000000480)={0x2c, &(0x7f0000000300)={0x0, 0xa, 0xd4, {0xd4, 0x0, "da2f5ab4b4fe732ba36a822b38e2268fddfd08f9accd774f93265bca82b26765ea9a7d5fe2d2aae3c81035091ed0f6893f6873e42ae160f431b62bee2b97f11afc52d2de30d88d44b276ac2bbceaa4004a0274192e7dfae4e84028b65c4ec8084f33553ec7558444630a08c6310e407d2e6f2b51200468a97f450a242993ec3aaca61060c61af6be4576fa9d04a70ed971c160db047768ce5a90093ed6bcf82571359b5952cdc0a9d5d659a697518a180ac90dd2816b742e8673d58c300737ac325d623e4428f4319a908e81aab9adc79db0"}}, &(0x7f0000000400)={0x0, 0x3, 0x3c, @string={0x3c, 0x3, "5633e3b996e701fcd4062c38bde38fe8f9b372e3b0086e5f8ec7fc951a44bbc584b06088ca38c68c89e178cf9d3fd28274a3362cc74deab14776"}}, &(0x7f0000000580)={0x0, 0xf, 0x143, {0x5, 0xf, 0x143, 0x6, [@ss_container_id={0x14, 0x10, 0x4, 0x54, "68a497d73ea51ba50939f591fa11fc92"}, @ext_cap={0x7, 0x10, 0x2, 0x3c, 0x4, 0x6}, @ss_container_id={0x14, 0x10, 0x4, 0x1b, "d3a7036cbaaa2176042b569a3049a913"}, @generic={0xfa, 0x10, 0x1, "f3a4d31ef02423185533ae5e83661c12fb922faa8d282f11ff0dab1adefe86e213cbfb9de6eb9fc4f1e85a585014d5be9cfb5eb23dd9c2948777f46a9e7ae9fdc235721416017d2d08a7dc9c8941de3294d733a283cbd33e420fa58eb4ad52a6e46ea2cebf540fe4f7708813dedc3932ef3972461ef2a6bb25c3e1d8b739958c3d4b26999a6013a00587341f60683fe529a78bccd4d9fed2b5d7d23b907ed86fe9cd0ea8ab38accc80692b21a6c94cba1721a8101c3fca1be94c6acf4d2c82bdc2235d03f6dd5ac5b2f4d42951b335eb09513ad0adfda14e6482cecbe2a221ed8c75c0e627ebec97ac63f799509b1682e1c2735b791148"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x2, 0x2, 0x0, 0x4}, @wireless={0xb, 0x10, 0x1, 0x4, 0x0, 0xe6, 0x5, 0x4, 0xc1}]}}, &(0x7f0000000000)={0x20, 0x29, 0xf, {0xf, 0x29, 0x80, 0x80, 0x72, 0x6, "3705e5d7", "c0b3d4ca"}}, &(0x7f0000000100)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x3, 0x3, 0x8, 0xff, 0x2d, 0x5, 0xe9f2}}}, &(0x7f0000000c00)={0x84, &(0x7f00000007c0)={0x20, 0x9, 0x73, "ab906f77925b05ee0a1901f3044f6860bc3b378637867eab352e1dc023b34ce5b78ecb488f1d4de0cd00cfb2149cbf4e7f569ae14c8a1ff21d3b981f4a63555df38979c274eac9096dedd024c207b9fa922f8dd33502186104c0015a813b5f39b983a17f277999b10095b652d71cf8c97033cf"}, &(0x7f00000004c0)={0x0, 0xa, 0x1, 0x2f}, &(0x7f0000000700)={0x0, 0x8, 0x1, 0x7}, &(0x7f0000000740)={0x20, 0x0, 0x4}, &(0x7f0000000880)={0x20, 0x0, 0x8, {0xe0, 0x4, [0x0]}}, &(0x7f0000000940)={0x40, 0x7, 0x2, 0x4475}, &(0x7f0000000980)={0x40, 0x9, 0x1, 0x40}, &(0x7f00000009c0)={0x40, 0xb, 0x2, "d05d"}, &(0x7f0000000a00)={0x40, 0xf, 0x2, 0x5}, &(0x7f0000000a40)={0x40, 0x13, 0x6, @multicast}, &(0x7f0000000a80)={0x40, 0x17, 0x6, @local}, &(0x7f0000000ac0)={0x40, 0x19, 0x2, ',{'}, &(0x7f0000000b00)={0x40, 0x1a, 0x2, 0xaab5}, &(0x7f0000000b40)={0x40, 0x1c, 0x1, 0xfa}, &(0x7f0000000b80)={0x40, 0x1e, 0x1, 0xa2}, &(0x7f0000000bc0)={0x40, 0x21, 0x1}})

1.734429892s ago: executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(r2)
ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000080006064d564b"])

1.711806996s ago: executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setuid(r3)
setpriority(0x2, 0xff, 0x0)

1.702008867s ago: executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000002180)='net/rt_cache\x00')
pread64(r0, &(0x7f0000000400)=""/179, 0xb3, 0x8)

1.694718308s ago: executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10)
setresgid(0x0, 0x0, 0x0)

1.68615442s ago: executing program 0:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000090003206d0414c340000000000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000180000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000f0850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1}, 0x10)
syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f0000000600)=ANY=[@ANYBLOB='\x00\x00\f'], 0x0, 0x0, 0x0}, 0x0)

1.460465414s ago: executing program 4:
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x0, 0x0, 0x0, 0x4, 0xffffffffffffffff, 0x3}, 0x48)

1.450849236s ago: executing program 4:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x256c, 0x6d, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000001440)={0xfffffffffffffd87, 0x0, 0x0, &(0x7f00000013c0)={0x0, 0x22, 0x5, {[@local=@item_4={0x3, 0x2, 0x0, "741cb976"}]}}, 0x0}, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000001840)={0x24, 0x0, &(0x7f0000001740)={0x0, 0x3, 0x4, @lang_id={0x4}}, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000300)={0x24, 0x0, &(0x7f0000000200)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000180000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000f0850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1}, 0x10)
syz_read_part_table(0x5c3, &(0x7f00000005c0)="$eJzs2z9I22kYB/A31lBohw7XqVPbocPRpaVjM7QlSVsqhKiL3KCgiJgpghC5gKAHmkExgzi6iJDFP5Mxg5Oi4Czi4CE4uNyhi+BiDvG97e7wUI8rfD7w48n75vu+T54h4y/wXWsJvzebzUQIofnwrxPNfzjdWUtnvjzPfch3xMvCfPWXH64+Jv48HW99GdeHcb0w/6gxefY5WTtoP3/VvVlpid+PxufxYr3zDsbjni2ltp6MjRezU6XUwH62fDyxt9u2fJrO179Vqitfk596Y2471tZYh0IpjITB0BMKoRD6QvGO+s/Vjt5cPsvW1vrfX2Qa0xtvYy53yzlv2n/4xUxXtfzx9erT2Xel9Z38yYPrXOFv/l0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPy/LKW2noyNF7NTpdTAfrZ8PLG327Z8ms7Xv1WqK1+Tn3pjbjvW1liHQimMhMHQEwohEfpC8Y76z9WO3lw+y9bW+t9fZBrTG29jLnfLOW/af/jFTFe1/PH16tPZd6X1nfzJg+tc4eE9/QAAAAAAAAAAAAAAAAAAAAAIIaQzX57nPuQ7QkiEn0Jr+PG3n1uu9pvxffdEzL2M9TDuL8w/akyefU7WDtrPX3VvVn6N+6PxebxY7/zPh+Ff+yMAAP//17OV3g==")

338.119288ms ago: executing program 2:
r0 = inotify_init1(0x0)
r1 = fsopen(&(0x7f0000000040)='fuseblk\x00', 0x0)
r2 = socket$inet6(0xa, 0x3, 0x2c)
connect$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @empty}, 0x1c)
syz_emit_ethernet(0x36, &(0x7f0000000380)={@local, @broadcast, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "8152e4", 0x0, 0x2c, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast2}}}}, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
add_key(&(0x7f00000000c0)='asymmetric\x00', 0x0, &(0x7f00000002c0)="80", 0xfffff, 0xffffffffffffffff)
fsconfig$FSCONFIG_SET_FD(r1, 0x5, &(0x7f0000000240)='fuseblk\x00', 0x0, r1)
inotify_add_watch(r0, &(0x7f0000000040)='.\x00', 0xa)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
readv(r4, &(0x7f0000000400)=[{&(0x7f0000000340)=""/48, 0x30}], 0x1)
syz_mount_image$exfat(&(0x7f0000000280), &(0x7f00000000c0)='./file0\x00', 0x2008050, &(0x7f0000000140)=ANY=[], 0x3, 0x14fc, &(0x7f00000002c0)="$eJzs3Am4T9X3MPC19t6H62b4JpnP2uvwTYZNkoSSZEiSJCRzQpIkSZK4ZEpCEjLeJHPInG665nnInHTzkyRJSEjY73MbXv9+w+s3/V+///+uz/Ps5+51z1n7rHPX871neJ57v+06rHqjGlXqMzP8M/TvE/z1SxIAJADAQADIAQABAJTNWTZn+vYsGpP+qYOI/yYNZlztCsTVJP3P2KT/GZv0P2OT/mds0v+MTfqfsUn/MzbpvxAZ2qx818rIuEPe//8Pp/6VZLn+Zwj4tzZI//+30f/Q3tL/jE36n7FJ/zM26X9GFlztAsRVJp//jE36L0SG9m9/p7zh3NV+py3jHxhCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIcT/B+f8ZQYAfp9f7bqEEEIIIYQQQgjx7+Pfv9oVCCGEEEIIIYQQ4r8fggINBgLIBJkhAbJAIlwDWSEbZIccEINrISdcB7ngesgNeSAv5IP8UAAKQggEFhgiKASFIQ43QBG4EYpCMSgOJcBBSSgFN0FpuBnKwC1QFm6FcnAblIcKvxwz3Z1QGe6CKnA3VIVqUB1qwD1QE+6FWnAf1Ib7oQ48AHXhQagHD0F9aAAN4WFoBI9AY2gCTaEZNIcW0PIK+ck5/lr+i9ADXoKe0AuSoDf0gZehL/SD/jAABsIrMAhehcHwGgyBoTAMXofh8AaMgDdhJIyC0fAWjIGxMA7GwwSYCMnwNkyCd2AyvPtINpgK02A6zICZMAveg9kwB+bC+zAP5sMCSM6yCBbDEvgAlsKHkAIfwTL4GFJhOayAlbAKVsMaWAvrYD1sgI2wCTbDFtgK2+AT2A47YCfsgt2wB/bCp7APPoP98Dmk4Rf/YP7ZP+ZDNwQEVKjQoMFMmAkTMAETMRGzYlbMjtkxhjHMiTkxF+bC3Jgb82JeTML8WBALIiEhI2MhLIRxjGMRLIJFsSgWx+Lo0GEpLIWl8WYsg2WwLJbFclgOy2MFrIC34+1YCSthZayMVbAKVsWqWB2r4z14D96LtbAW1sbaWAfrYF2si/WwHtbH+tgQG2IjbISNsTE2xabYHJtjS2yJrbAVtsbW2BbbYjtsh+2xPXbADtgRO2In7ISdsTN2wS7YFbtiN3wBX8AX8UV8CV/CXlhV9cY+2Af7Yl/sjwNwAL6Cg/BVfBVfwyE4FIfh6/g6voEj8AyOxFE4GkdjJTUWx+F4ZDURkzEZM8MknIyTcQpOxak4HWfgTJyFs3A2zsE5+D7Ow/k4HxfiQlyMS3AJLsUPMQVTcBmexVRcjitwJa7C1bgK1+I6XIsbcCNuwM24GbfiVvwEP8EduAN34S7cg3vwU/wUP8PPcAimYRoewAN4EA/iITyEh/EwHsEjeBSP4jE8hsfxOJ7Ak3gKT+JpPI1n8CyeA4DzeB4v4AW8hJfSP/wqnVFGZVKZVIJKUIkqUWVVWVV2lV3FVEzlVDlVLpVL5Va5VV6VV+VX+VVBVVCRIsUqUoVUIRVXcVVEFVFFVVFVXBVXTjlVSpVSpVVpVUaVUWXVraqcuk2VVxVUG3e7ul1VUm1dZXWXqqKqqKqqmqquaqgaqqaqqWqpWqq2qq3qqDqqrnpQ1VO9sT82UOmdaaSGYmM1DJuqZqq5aqHewEdVKzUCW6s2qq16XI3CkdhetXId1FOqoxqHndQzajw+q7qoidhVPa+6qRdUd/Wi6qFau56ql5qCvVUfNR37qn6qvxqgZmM1ld6x6uo19WLmoWqYel0txjfUCPWmGqlGqdHqLTVGjVXj1Hg1QU1UyeptNUm9oyard9UUNVVNU9PVDDVTzVLvqdlqjpqr3lfz1Hy1QC1Ui9RitUR9oJaqD1WK+kgtUx+rVLVcrVAr1Sq1Wq1Ra9U6tV5tUBvVJrVZbVFb1Tb1idqudqidapfarfaovepTtU99pvarz1Wa+kIdUH9SB9WX6pD6Sh1WX6sj6ht1VH2rjqnv1HH1vTqhTqpT6gd1Wv2ozqiz6pz6SZ1XP6sL6qK6pLwCjVpprY0OdCadWSfoLDpRX6Oz6mw6u86hY/panVNfp3Pp63VunUfnNfl0fl1AF9ShJm0160gX0oV1XN+gi+gbdVFdTBfXJbTTJXUpfZMurW/WZfQtuqy+VZfTt+nyuoKu6EHfoSvpO3VlfZeuou/WVXU1XV3X0PfomvpeXUvfp2vr+3Ud/YCuqx/U9fRDur5uoBvqh3Uj/YhurJvoprqZbq5b6Jb6Ud1KP6Zb6za6rX5ct9NP6Pb6Sd1BP6U76qd1J/2M7qyf1V30c7qrfl530y/o7vqivqS97ql76STdW/fRL+u+up/urwfogfoVPUi/qgfr1/QQPVQP06/r4foNPUK/qUfqUXq0fkuP0WP1OD1eT9ATdbJ+W0/S7+jJ+l09RU/V0/R0PUPP1P1/W2nu35H/zl/JH/zL0bfqbfoTvV3v0Dv1Lr1b79F79V69T+/T+/V+nabT9AF9QB/UB/UhfUgf1of1EX1EH9VH9TF9TB/Xx/UJfVL/pH/Qp/WP+ow+q8/qn/R5fV5f+O1nAAaNMtoYE5hMJrNJMFlMornGZDXZTHaTw8TMtSanuc7kMteb3CaPyWvymfymgCloQkPGGjaRKWQKm7i5wRQxN5qippgpbkoYZ0qaUuamfzn/SvW1NC1NK9PKtDatTVvT1rQz7Ux70950MB1MR9PRdDKdTGfT2XQxXUxX09V0M91Md9Pd9DA9TE/T0ySZJNPHvGz6mn6mvxlgBppXzCAzyAw2g80QM8QMM8PMcDPcjDAjzEgz0ow2o80YM8aMM+PMBDPBJPscZpKZZCabyWaKmWKmDcxhZpgZZpaZZWab2WaumWvmmXlmgVlgFplFZolZYpaapSbFpJhlZplJNcvNcrPSrDSrzWqz1qw16816s9FsNJvNZpNqtpltZrvZbnaanWa32W32mr1mn9ln9pv9Js2kmQPmgDloDppD5pA5bA6bI+aIOWqOmmPmmDlujpsT5oQ5ZU6Z0+a0OWPOmHPmnDlvzpsL5oK5ZC6l3/YFKlCBCUyQKcgUJAQJQWKQGGQNsgbZg+xBLIgFOYOcQa7g+iB3kCfIG+QL8gcFgoJBGFBgAw6ioFBQOIgHNwRFghuDokGxoHhQInBByaBUcFNQOrg5KBPcEpQNbg3KBbcF5YMKQcXg9uCOoFJwZ1A5uCuoEtwdVA2qBdWDGsE9Qc3g3qBWcF9QO7g/qBM8ENQNHgzqBQ8F9YMGQcPg4aBR8EjQOGgSNA2aBc2DFkHLf+v63p/J85jrGfYKk8LeYZ/w5bBv2C/sHw4IB4avhIPCV8PB4WvhkHBoOCx8PRwevhGOCN8MR4ajwtHhW+GYcGw4LhwfTggnhsnh2+Gk8J1wcvhuOCWcGk4LpoczwpnhrPC9cHY4J5wbvh/OC+eHC8KF4aJwcYi/3hJDSvhRuCz8OEwNl4crwpXhqnB1uCZcG64L14cbwo3hpnBz2UG/7hpuD3eEO8Nd4e5wT7g3/DTcF34W7g8/D9PCL8ID4Z/Cg+GX4aHwq/Bw+HV4JPwmPBp+Gx4LvwuPh9+HJ8KT4anwh/B0+GN4Jjwbngt/Cs+HP4cXwovhpdCn39ynX97JkKFMlIkSKIESKZGyUlbKTtkpRjHKSTkpF+Wi3JSb8lJeyk/5qSAVpHRMTIWoEMUpTkWoCBWlolScipMjR6WoFJWm0lSGylBZKkvlqByVp/JUkSrSHXQH3Ul30l10F91Nd1M1qkY1qAbVpJpUi2pRbapNdagO1aW6VI/qUX2qTw2pITWiRtSYGlNTakrNqTm1pJbUilpRa2pNbakttaN21J7aUwfqQB2pI3WiTtSZOlMX6kJdqSt1o27UnbpTD+pBPaknJVES9aE+1Jf6Un/qTwNpIA2iQTSYBtMQGkLDaBgNp+E0gkbQSBpFo+ktGkNjaRyNpwk0kZIpmSbRJJpMk2kKTaFpNI1m0AyaRbNoNs2muTSX5tE8WkALaBEtoiW0hJbSUkqhFFpGyyiVUmkFraBVtIrW0BpaR+toA22gTbSJttAW2kbbaDttp520k3bTbtpLe2kf7aP9tJ/SKI0O0AE6SAfpEB2iw3SYjtAROkpH6Rgdo+N0nE7QCTpFp+g0naYzdIbO0Tk6Tz/TBbpIl8hTgs1iE+01NqvNZrPbHPbP47w2n81vC9iCNrS5bZ4/xGStLWqL2eK2hHW2pC1lb/qLuLytYCva2+0dtpK901a25W0W+K9xTXuvrWXvs7Xt/baGvecPcR37gK1rH7H1bBNb3zazDW0L28g+YhvbJrapbWab2xa2nX3CtrdP2g72KdvRPv0X8VL7oV1n19sNdqPdZz+z5+xP9qj91p63P9uetpcdaF+xg+yrdrB9zQ6xQ/8YA9jR9i07xo614+x4O8FO/It4mp1uZ9iZdpZ9z862c/4iXmI/sPNsil1gF9pFdvEvcXpNKfYju8x+bFPtcrvCrrSr7Gq7xq79v7WutJvtFrvV7rWf2u12h91pd9ndds8vcfp57Lef2zT7hT1iv7EH7Zf2kD1mD9uvf4nTz++Y/c4et9/bE/akPWV/sKftj/aMPfvL+aef+w/2or1kvQVGVqzZcMCZODMncBZO5Gs4K2fj7JyDY3wt5+TrOBdfz7k5D+flfJyfC3BBDpnYMnPEhbgwx/kGLsI3clEuxsW5BDsuyaX4Ji7NN3MZvoXL8q1cjm/j8lyBK/LtfAdX4ju5Mt/FVfhursrVuDrX4Hu4Jt/Ltfg+rs33cx1+gOvyg1yPH+L63IAb8sPciB/hxtyEm3Izbs4tuCU/yq34MW7NbbgtP87t+Aluz09yB36KO/LT3Imf4c78LHfh57grP8/d+AXuzi9yD36Je3IvTuLe3Idf5r7cj/vzAB7Ir/AgfpUH82s8hIfyMH6dh/MbPILf5JE8ikfzWzyGx/I4Hs8TeCIn89s8id/hyfwuT+GpPI2n8wyeybP4PZ7Nc3guv8/zeD4v4IW8iBfzEv6Al/KHnMIf8TL+mFN5Oa/glbyKV/MaXsvreD1v4I28iTfzFt7K2/gT3s47eCfv4t28h/fyp7yPP+P9/Dmn8Rd8gP/EB/lLPsRf8WH+mo/wN3yUv+Vj/B0f5+/5BJ/kU/wDn+Yf+Qyf5XP8E5/nn/kCX+RL7BkijFSkIxMFUaYoc5QQZYkSo2uirFG2KHuUI4pF10Y5o+uiXNH1Ue4oT5Q3yhfljwpEBaMwoshGHEVRoahwFI9uiIpEN0ZFo2JR8ahE5KKSUanopqh0dHNUJrolKhvdGpWLbovKRxWiitHt0R1RpejOqHJ0V1QlujuqGlWLqkc1onuimtG9Ua3ovqh2dH9UJnogqhs9GNWLHorqRw2ihtHDUaPokahx1CRqGjWLmkctopbRo1Gr6LGoddQmahs9HrWLnojaR09GHaKnoo7R05e3Fwt+vZr+2fakqHekf3tDdp9eFF8cXxL/IL40/mE8Jf5RfFn843hqfHl8RXxlfFV8dXxNfG18XXx9fEN8Y3xTfHN8S3xr3PsamcFh+oMwGBe4TC6zS3BZXKK7xmV12Vx2l8PF3LUup7vO5XLXu9wuj8vr8rn8roAr6EJHzjp2kSvkCru4u8EVcTe6oq6YK+5KOOdKulKuhWvpWrpW7jHX2rVxbd3j7nH3hHvCPZnwW+Guk3vGdXbPui7uOfece951cy+47u5F18O95Hq6Xi7JJbk+ro/r6/q6/q6/G+gGukFukBvsBrshbogb5oa54W64G+FGuJFupBvtRrsxbowb58a5CW6CS3bJbpKb5Ca7yW6Km+KmuWluhpvhZrlZbrab7ea6uW6em+cWuAVukVvklrglbqlb6lJcilvmlrlUl+pWuBVulVvl1rg1bp1b5za4DW6T2+S2uC1um9vmtrvtbqfb6Xa73W6v2+v2uX1uv9vv0lyaO+AOuIPuoDvkvnKH3dfuiPvGHXXfumPuO3fcfe9OuJPulPP6tPvRnXFn3Tn3kzvvfnYX3EV3yXmXHHs7Nin2Tmxy7N3YlNjU2LTY9NiM2MzYrNh7sdmxObG5sfdj82LzYwtiC2OLYotjS2IfxJbGPoylxD6KLYt9HEuNLY+tiK2MrYqtjnlfYHvkC/nCPu5v8EX8jb6oL+aL+xLe+ZK+lL/Jl/Y3+zL+Fl/W3+rL+dt8eV/BV/RNfFPfzDf3LXxL/6hv5R/zrX0b39Y/7tv5J3x7/6Tv4J/yHf3TvpN/xnf2z/ou/jnf1T8//7cu+x7+Jd/T9/JJvrfv41/2fX0/398P8AP9K36Qf9UP9q/5IX6oH+Zf98P9G36Ef9OP9KP8aP+WH+PH+nF+vJ/gJ/pk/7af5N/xk/27foqf6qf56X6Gn+ln+ff8bD/Hz/Xv+3l+vl/gF/pFfrFf4j/wS/2HPsV/5Jf5j32qX+5X+JV+lV/t1/i1fp1f7zf4jX6T3+y3+K1+m//Eb/c7/E6/y+/2e/xe/6nf5z/z+/3nPs1/4Q/4P/mD/kt/yH/lD/uv/RH/jT/qv/XH/Hf+uP/en/An/Sn/gz/tf/Rn/Fl/zv/kz/uf/QV/0V+Sv1kTQgghhPi76Cts7/1Xvqd+G+n6AEC2HfkO//mam3L/Ou+n9nWMAcBTvbo2+H00aJCUlPTbvqkagsILASB2OT8TXI6XQ1t4AjpAGyj9V+vrpyr+ct/3/1o/fitAIkCW33PSH48S4c/Xv/lvrN/kA77S+gsBiha+nJN+oN/jy+uX+Rvr72l3hfWzfJkM0Pq/5GSFy/Hl9UvBY/A0dPjDnkIIIYQQQgghxK/6qfPdrvR8m/58nt/8Me/3+ErP51dQ+V+tXwghhBBCCCGEEFf27Avdn3y0Q4c2nf83TzL/Z5TxHzBBAPgPKEMm//mTq/2bSQghhBBCCPHvdvmm/2pXIoQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCZFz//H8IU3/3zlf7HIUQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQoir7f8EAAD//7r2UdY=")
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
getsockopt$IP6T_SO_GET_ENTRIES(r5, 0x29, 0x41, &(0x7f0000000140)={'security\x00', 0x81, "e2f46055ad68a9bc4253129563ba67faa05e4e5c65b5e9b669046f66a096e31c4b2bb94f65d3f2fe2c3605b8126b939c0a0bbaf194c740dc7039993255ac83709eb3ab3e78d78f12f2d37f6afc73f197e2efc4b2ccc90ccecdddbe63bcbd7c9150a55030cd6727f7b2bb26205d63e4184e9c0e08815952a2b90b4bd148188f2ba8"}, &(0x7f0000000040)=0xa5)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000003400)={0x13, 0x0, &(0x7f0000003200), 0x0}, 0x90)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r8, &(0x7f0000000100), 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r8, 0x0)
r9 = signalfd(0xffffffffffffffff, &(0x7f0000000140), 0x8)
move_mount(r8, &(0x7f0000001800)='./file0/file0\x00', 0xffffffffffffffff, &(0x7f0000001cc0)='./file0/file0\x00', 0x54)
r10 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
dup(r10)
sendmsg$unix(r4, &(0x7f0000002080)={&(0x7f0000001840)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001c00)=[{&(0x7f00000018c0)="e618dddac136fff5550be3cf1821406a261024dcb1e4324993367bd98542da7939b71fd294cd722668e84f802dd89cef38e7faa4ad036ae78776c4df6e593439265d85f55cb274c0084a2ecc5e96cc751fb1e8", 0x53}], 0x1, &(0x7f0000001fc0)=[@rights={{0x2c, 0x1, 0x1, [r8, 0xffffffffffffffff, r4, 0xffffffffffffffff, r4, r5, r2]}}, @cred={{0x1c}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, r6, r1, r9, r2, r7]}}, @rights={{0x14, 0x1, 0x1, [r6]}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, r4, r4, r3, r5, r10, r6, r6]}}], 0xc0, 0x40000}, 0x40800)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)

261.48163ms ago: executing program 2:
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000510700140000000000000001b7080000000000007b8af8ff00000000b7080000fcffffff7b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x7}, 0x48)

252.484142ms ago: executing program 2:
syz_mount_image$exfat(&(0x7f0000000280), &(0x7f00000000c0)='./file2\x00', 0x3000cd0, &(0x7f0000000440)=ANY=[], 0x1, 0x1509, &(0x7f0000002d40)="$eJzs3Am4TmX3MPC17vveHDI8Sea97rV5kuEmSUJJMiRJEpI5IUmSJEkcMiUhCRlPkjlkTicd8zxkTjp5JUkSkinc33VUn7f3fft6p//n/b9n/a5rX+deZ++1nrXPup7z7L2v65xvuwyt1rB65XrMDP8M/esCf/6SCAAJADAAALIDQAAAZXKUyZG2P5PGxH/qRcT/kPrTr3YH4mqS+advMv/0Teafvsn80zeZf/om80/fZP7pm8xfiHRtZt5rZUu/mzz//19O/SvJ8vmfLuDv7ZD5/7fR/9DRMv/0Teafvsn80zeZf/pz5RYsuKp9iKtP3v/pm8xfiHTt3/5Mef3Zq/1MW7Z/YBNCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIf4/OOuvMADw6/pq9yWEEEIIIYQQQoh/H//+1e5ACCGEEEIIIYQQ//MQFGgwEEAGyAgJkAkywzWQBbJCNsgOMbgWcsB1kBOuh1yQG/JAXsgH+aEAhEBggSGCglAI4nADFIYboQgUhWJQHByUgJJwE5SCm6E03AJl4FYoC7dBOSh/+TXT3AmV4C6oDHdDFagK1aA63AM14F6oCfdBLbgfasMDUAcehLrwENSD+tAAHoaG8Ag0gsbQBJpCM2gOLf4gPyn738p/EbrDS9ADekIi9ILe8DL0gb7QD/rDAHgFBsKrMAheg8EwBIbC6zAM3oDh8CaMgJEwCt6C0TAGxsI4GA8TIAnehonwDkyCdx/JClNgKkyD6TADZsJ7MAtmwxx4H+bCPJgPSZkWwiJYDB/AEvgQkuEjWAofQwosg+WwAlbCKlgNa2AtrIP1sAE2wibYDFtgK3wC22A77ICdsAt2wx74FPbCZ7APPodU/OIfzD/z23zoioCAChUaNJgBM2ACJmBmzIxZMAtmw2wYwxjmwByYE3NiLsyFeTAPJmI+LIAFkJCQkbEgFsQ4xrEwFsYiWASLYTF06LAklsRSeNF7XxrLYBksi2WxHJbH8ng73o4VsSJWwkpYGStjFayC1bAa3oP34L1YE2tiLayFtbE21sE6WBfrYj2shw2wATbEhtgIG2ETbILNsBm2wBbYEltiK2yFbbANtsW22A7bYXtsjx2wA3bEjtgJO2Fn7IxdsAt2xRfwBXwRX8SX8CXsiVVUL+yNvbEP9sF+2B/74ys4EF/FV/E1HIxDcCi+jq/jGzgcT+MIHImjcBRWVGNwLI5DVhMwCZMwI0zESTgJJ+MUnILTcDrOwJk4E2fhbJyN7+NcnIfzcAEuwEW4GBfjEvwQkzEZl+IZTMFluBxX4EpchStxDa7FNbgeN+B63ISbcAtuwU/wE9yO23En7sTduBs/xU/xM/wMB2MqpuJ+3I8H8AAexIN4CA/hYTyMR/AIHsWjeAyP4XE8gSfxBJ7CU3gaz+BZADiP5/ECXsBLeCntza/SGGVUBpVBJagElVllVllUFpVNZVMxFVM5VA6VU+VUuVQulUflUflUPlVAFVCkSLGKVEFVUMVVXBVWhVURVUQVU8WUU06VVCVVKVVKlValVRl1qyqrblPlVHnV2t2ublcVVRtXSd2lKqvKqoqqqqqp6qq6qqFqqJqqpqqlaqnaqraqox5UdVUv7If1VdpkGqoh2EgNxSaqqWqmmqs38FHVUg3HVqq1aqMeVyNxBLZTLV179ZTqoMZiR/WMGofPqs5qAnZRz6uu6gXVTb2ouqtWrofqqSZjL9VbTcM+qq/qp/qrWVhVpU2smnpNvZhxiBqqXleL8A01XL2pRqiRapR6S41WY9RYNU6NVxNUknpbTVTvqEnqXTVZTVFT1TQ1Xc1QM9V7apaareao99VcNU+DWqAWqkVqsfpALVEfqmT1kVqqPlYpaplarlaolWqVWq3WqLVqnVqvNqiNapParLaoreoTtU1tVzvUTrVL7VZ71Kdqr/pM7VOfq1T1hdqv/qQOqC/VQfWVOqS+VofVN+qI+lYdVd+pY+p7dVydUCfVD+qU+lGdVmfUWXVOnVc/qQvqorqkvAKNWmmtjQ50Bp1RJ+hMOrO+RmfRWXU2nV3H9LU6h75O59TX61w6t85j8up8Or8uoENN2mrWkS6oC+m4vkEX1jfqIrqoLqaLa6dL6JL6Jl1K36xL61t0GX2rLqtv0+V0eV3Bg75DV9R36kr6Ll1Z362r6Kq6mq6u79E19L26pr5P19L369r6AV1HP6jr6od0PV1fN9AP64b6Ed1IN9ZNdFPdTDfXLfSjuqV+TLfSrXUb/bhuq5/Q7fSTur1+SnfQT+uO+hndST+rO+vndBf9vO6qX9Dd9EV9SXvdQ/fUibqX7q1f1n10X91P99cD9Ct6oH5VD9Kv6cF6iB6qX9fD9Bt6uH5Tj9Aj9Sj9lh6tx+ixepweryfoJP22nqjf0ZP0u3qynqKn6ml6up6h+/1Sac7fkf/O38gfdPnVt+it+hO9TW/XO/ROvUvv1nv0Hr1X79X79D6dqlP1fr1fH9AH9EF9UB/Sh/RhfVgf0Uf0UX1UH9PH9HF9Qp/TP+hT+kd9Wp/RZ/Q5fV6f1xd++RmAQaOMNsYEJoPJaBJMJpPZXGOymKwmm8luYuZak8NcZ3Ka600uk9vkMXlNPpPfFDChIWMNm8gUNIVM3NxgCpsbTRFT1BQzxY0zJUxJc9O/nP9H/bUwLUxL09K0Mq1MG9PGtDVtTTvTzrQ37U0H08F0NB1NJ9PJdDadTRfTxXQ1XU030810N91ND9PDJJpE09u8bPqYvqaf6W8GmFfMQDPQDDKDzGAz2Aw1Q80wM8wMN8PNCDPCjDKjzGgz2ow1Y814M94k+exmoploJplJZrKZbKYOyG6mm+lmpplpZplZZo6ZY+aauWa+mW8WmoVmsVlslpglJtkkm6VmqUkxy8wys8KsMKvMKrPGrDHrzDqzwWwwm8wmk2K2mq1mm9lmdpgdZpfZZfaYPWav2Wv2mX0m1aSa/Wa/OWAOmIPmoDlkDpnD5rA5Yo6Yo+aoOWaOmePmuDlpTppT5pQ5bU6bs+asOW/OmwvmgrlkLqVd9gUqUIEJTJAhyBAkBAlB5iBzkCXIEmQLsgWxIBbkCHIEOYPrg1xB7iBPkDfIF+QPCgRhQIENOIiCgkGhIB7cEBQObgyKBEWDYkHxwAUlgpLBTUGp4OagdHBLUCa4NSgb3BaUC8oHFYLbgzuCisGdQaXgrqBycHdQJagaVAuqB/cENYJ7g5rBfUGt4P6gdvBAUCd4MKgbPBTUC+oHDYKHg4bBI0GjoHHQJGgaNAuaBy3+rfW9P537Mdcj7Bkmhr3C3uHLYZ+wb9gv7B8OCF8JB4avhoPC18LB4ZBwaPh6OCx8IxwevhmOCEeGo8K3wtHhmHBsOC4cH04Ik8K3w4nhO+Gk8N1wcjglnBpMC6eHM8KZ4XvhrHB2OCd8P5wbzgvnhwvCheGiEH++JIbk8KNwafhxmBIuC5eHK8KV4apwdbgmXBuuC9eHG8KN4aYyA38+NNwWbg93hDvDXeHucE/4abg3/CzcF34epoZfhPvDP4UHwi/Dg+FX4aHw6/Bw+E14JPw2PBp+Fx4Lvw+PhyfCk+EP4anwx/B0eCY8G54Lz4c/hRfCi+Gl0Kdd3Kd9vJMhQxkoAyVQAmWmzJSFslA2ykYxilEOykE5KSflolyUh/JQPspHBagApWFiKkgFKU5xKkyFqQgVoWJUjBw5KkklqRSVotJUmspQGSpLZakclaMKVIHuoDvoTrqT7qK76G66m6pSVapO1akG1aCaVJNqUS2qTbWpDtWhulSX6lE9akANqCE1pEbUiJpQE2pGzagFtaCW1JJaUStqQ22oLbWldtSO2lN76kAdqCN1pE7UiTpTZ+pCXagrdaVu1I26U3fqQT0okRKpN/WmPtSH+lE/GkADaCANpEE0iAbTYBpKQ2kYDaPhNJxG0EgaRW/RaBpDY2kcjacJlERJNJEm0iSaRJNpMk2lqTSdptNMmkmzaBbNoTk0l+bSfJpPC2khLabFtISWUDIl01JaSimUQstpOa2klbSaVtNaWkvraT1tpI20mTbTVtpK22gb7aAdtIt20R7aQ3tpL+2jfZRKqbSf9tMBOkAH6SAdokN0mA7TETpCR+koHaNjdJyO00k6SafoFJ2m03SWztJ5+oku0EW6RJ4SbCab2V5js9isNpvNbv8yzmPz2nw2vy1gQ5vL5v5NTNbaIraoLWaLW2dL2JL2pr+Ky9nytoK93d5hK9o7bSVbzmaCP49r2HttTXufrWXvt9XtPb+Ja9sHbB37iK1rG9t6tqltYJvbhvYR28g2tk1sU9vMNrdt7RO2nX3StrdPJXSwT/95bNPiJfZDu9aus+vtBrvXfmbP2nP2iP3Wnrc/2R62px1gX7ED7at2kH3NDrZDfhsD2FH2LTvajrFj7Tg73k74q3iqnWan2xl2pn3PzrKz/ypebD+wc22ynW8X2IV20eU4radk+5Fdaj+2KXaZXW5X2JV2lV1t1/zfXlfYTXaz3WL32E/tNrvd7rA77S67+3Kcdh777Oc21X5hD9tv7AH7pT1oj9pD9uvLcdr5HbXf2WP2e3vcnrAn7Q/2lP3RnrZnLp9/2rn/YC/aS9ZbYGTFmg0HnIEzcgJn4sx8DWfhrJyNs3OMr+UcfB3n5Os5F+fmPJyX83F+LsAhE1tmjrggF+I438CF+UYuwkW5GBdnxyW4JN/EpfhmLs23cBm+lcvybVyOy3MFvp3v4Ip8J1fiu7gy381VuCpX4+p8D9fge7km38e1+H6uzQ9wHX6Q6/JDXI/rcwN+mBvyI9yIG3MTbsrNuDm34Ee5JT/Grbg1t+HHuS0/we34SW7PT3EHfpo78jPciZ/lzvwcd+HnuSu/wN34Re7OL3EP7smJ3It788vch/tyP+7PA/gVHsiv8iB+jQfzEB7Kr/MwfoOH85s8gkfyKH6LR/MYHsvjeDxP4CR+myfyOzyJ3+XJPIWn8jSezjN4Jr/Hs3g2z+H3eS7P4/m8gBfyIl7MH/AS/pCT+SNeyh9zCi/j5byCV/IqXs1reC2v4/W8gTfyJt7MW3grf8LbeDvv4J28i3fzHv6U9/JnvI8/51T+gvfzn/gAf8kH+Ss+xF/zYf6Gj/C3fJS/42P8PR/nE3ySf+BT/COf5jN8ls/xef6JL/BFvsSeIcJIRToyURBliDJGCVGmKHN0TZQlyhpli7JHsejaKEd0XZQzuj7KFeWO8kR5o3xR/qhAFEYU2YijKCoYFYri0Q1R4ejGqEhUNCoWFY9cVCIqGd0UlYpujkpHt0RlolujstFtUbmofFQhuj26I6oY3RlViu6KKkd3R1WiqlG1qHp0T1QjujeqGd0X1Yruj0pHD0R1ogejutFDUb2oftQgejhqGD0SNYoaR02iplGzqHnUIno0ahk9FrWKWkdtosejttETUbvoyah99FTUIXr6yv6iwc+fpn+xPzHqFelfnpDdpxfGF8UXxz+IL4l/GE+OfxRfGv84nhJfFl8eXxFfGV8VXx1fE18bXxdfH98Q3xjfFN8c3xL3vnpGcJh2IwzGBS6Dy+gSXCaX2V3jsrisLpvL7mLuWpfDXedyuutdLpfb5XF5XT6X3xVwoSNnHbvIFXSFXNzd4Aq7G10RV9QVc8WdcyVcSdfctXAtXEv3mGvlWrs27nH3uHvCPeGeTPilcdfRPeM6uWddZ/ece84977q6F1w396Lr7l5yPVxPl+gSXW/X2/VxfVw/188NcAPcQDfQDXKD3GA32A11Q90wN8wNd8PdCDfCjXKj3Gg32o11Y914N94luSQ30U10k9wkN9lNdlPdVDfdTXcz3Uw3y81yc9wcN9fNdfPdfLfQLXSL3WK3xC1xyS7ZLXVLXYpLccvdcrfSrXSr3Wq31q116916t9FtdJvdZrfVbXXb3Da3w+1wu9wut8ftcXvdXrfP7XOpLtXtd/vdAXfAHXRfuUPua3fYfeOOuG/dUfedO+a+d8fdCXfSeX3K/ehOuzPurDvnzruf3AV30V1y3iXF3o5NjL0TmxR7NzY5NiU2NTYtNj02IzYz9l5sVmx2bE7s/djc2LzY/NiC2MLYotji2AexJbEPY8mxj2JLYx/HUmLLYstjK2IrY6ti3uffFvmCvpCP+xt8YX+jL+KL+mK+uHe+hC/pb/Kl/M2+tL/Fl/G3+rL+Nl/Ol/cVfGPfxDf1zXxz38I/6lv6x3wr39q38Y/7tv4J384/6dv7p3wH/7Tv6J/xnfyzvrN/znfxz8/7Zcq+u3/J9/A9faLv5Xv7l30f39f38/39AP+KH+hf9YP8a36wH+KH+tf9MP+GH+7f9CP8SD/Kv+VH+zF+rB/nx/sJPsm/7Sf6d/wk/66f7Kf4qX6an+5n+Jn+PT/Lz/Zz/Pt+rp/n5/sFfqFf5Bf7D/wS/6FP9h/5pf5jn+KX+eV+hV/pV/nVfo1f69f59X6D3+g3+c1+i9/qP/Hb/Ha/w+/0u/xuv8d/6vf6z/w+/7lP9V/4/f5P/oD/0h/0X/lD/mt/2H/jj/hv/VH/nT/mv/fH/Ql/0v/gT/kf/Wl/xp/15/x5/5O/4C/6S/I3a0IIIYQQfxf9B/t7/Y3vqV+2NL0BIOv2vIf+subGXD+v+6q9HWIA8FTPLvV/3erXT0xM/OXYFA1BoQUAELuSnwGuxMugDTwB7aE1lPqb/fVVFS5f9/2/6sdvBcgMkOnXnLTbo1/jK/Vv/p36jT/g362/7Of6CwCKFLqSk1b41/hK/dK/U39329+vf7n/TF8mAbT6s5wscCW+Ur8kPAZPQ/vfHCmEEEIIIYQQQvysrzrf9Q/uPy/fn+czv837Nf6j+/M/UOlf7V8IIYQQQgghhBB/7NkXuj35aPv2rTv9Ny8y/me08R+wQAD4D2hDFv/5i6v9m0kIIYQQQgjx73blov9qdyKEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQqRf//x/CFN/98FX+xyFEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEKIq+3/BAAA//+0FVXr")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x107842, 0x0)
truncate(&(0x7f0000000100)='./file1\x00', 0xc88)
truncate(&(0x7f0000000080)='./file1\x00', 0xc00)
sendfile(r0, r0, 0x0, 0x80000000)

177.074273ms ago: executing program 2:
r0 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014fa0000b7030000000008008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000020000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10)
r3 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r3, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r3, 0x0)
ioctl$ASHMEM_SET_NAME(r3, 0x40087708, &(0x7f00000007c0)='\x00\x00\x03\x06\x00\x00\x00\x05\x00x\x92\x12\xac\x06^\xbewV\xf3\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\x1fU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\a\x00\x00\x00\x00\x00\x00\x00\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|c\xfc\"\xee\xc4\x93Q\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x86\xee\xfb\xfdU\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f_D\xbdt/\'\xf6\xc3\x8c\xb8\vS\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16=\xcc\xb0\x1b7\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\xa9\x96\xf8/0Xd\xcf\xb9\xa2\x1d\x13\x8fC\xd2&\xd8\x9d\x8b\xe0E\xd2\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7T\xfb\xfc\xfauT\xf8\x9e\x86\xef.\xf6<\xbfB\xe7\x80\x1a\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x97\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\vE\x18\"\x87\xa0\xa9:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\x13Y\x86\xd8\xbfH\xc6\x9c\x8cs4\r\xcd\xd1\x83JT\xf9\xa2\x83?\xb3\x0f\xc6&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\xf4[n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\xa9]\xc2\\\xda<\xc8d.w\x9c\xaf4\xbb\xe8Co\xb3\xd8\x82\x92\xba+\x99PXB\xdc\xbay\xa0s<\x92k\vJTRW\xc26\x06\x10\x92\xc7\xa55\x9fZ\xff*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146%Z\x83H\xabF\x18<\x86h\x01=\x03i\xc4\t\x8e/\x12\a\xdf\xe7zU\x1d\x15\x0e\xc1?\xeau\xb4\x84x\x00\x00X\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd\x92\xd0}ur\xaag\xdb&e$\f\rrT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\x05\xfa\x99\x15\x87\x14\x13$\t\xa8?\xee\x94W\x8e\xe1\xcc\xc3U\x84\xc6]:\x9a|W\xec\x84\x18\bb\x82\x8f\xc0\xab\xe3a\x99\x17\x85\x9a\x05\xb1\x12K\\\xf2\xd5\b^[D~~\x84\\\xe4\x00')
ioctl$ASHMEM_SET_NAME(r3, 0x40087708, &(0x7f0000000b00)='\x00\x00\x03\v\x00\x00\x00\x01\x00x\x92\x12\xbc\x00\x00\xbb\x0642\x9c\x1a\xd1\xcbx\xb0\xd6\x1e\x10gQ\xca\x0e;\xf7\'\x8c\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn\x05\x00\x00\x00-<\r\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \xac\xc4K\x03\xfa\x13Vz\xbf\xe3c\x8d \x0f\xb1\xe9\xf2oci(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafd%\xf1\xdbjE\x01\xd1sD5hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\x851Y9OB\xdeB\xe1\x02-&\"1hS\x92\xe4$-\x02\x00\xe4\x8e\"\x85\xc9x\xef\x81E.r\x89\xe5\x00\x9e\x97\x96\xb8j\x81\xf0\xdca\xfb\xa6\xff\xff\xff\xff\x00\x00\x00\x00d\xf0\xf1j\x11\x12\xc0\xbb\xfdq~#\xf7\xa8\"$,\xf4\x84|\x89o\x00<\xa6-\xb0\xd3\x80\xbe\xcf\a\x00\xfc\xa6\xb1\x05\x94\x84l\xbfA\xeb\xd8\t\x00\x00\x00CvNhx461\x04N<\xedV\xcet\xaa~\xf3j\x94\xec\x92\x86uY\xf6\xb5\t?,~\xa67\\\xb9\xc9K\xf8\x9d\x96\xc0\xb5\xc7wF\x99\x12\x97T\x90.\x9c\xe3\x9a\xf1\xb9\x9c\x13\xbc\x19\xde/\xaahB\t\x97\a03\xcd\xb3\xc8\xd5l\x14!\xf9Xg2\x1d\xeeB\xccT\x0e\xd8\xef\xc8\xe9\xb4\xf3l\xc3\xf2\x998\xc8\xc2|2\xee\xb4W\x99f.\xeb\xe9\x05\xcbkz3+\xdd\xe1*8\x95@0t0\xad\xe3#\xd7\x19\xe7Q\xdfmI\xe5\x1e\xe4\x87\xc9\x8f\xa7\xe0\xd9v\xf6\x01\x9d\x8f`,\x1a8\x81I\x86l\x8f2\r:\xc1\x02\xd6Z%\xa7Ks\x8bUolS\x05\xbe\x97\x1fGe\x94\xa6\xa3\xab\xdb\r\x17\xff[\xb1\x00\xff\x7f\x00\x00\x00\x00')
close_range(r0, 0xffffffffffffffff, 0x0)

127.241751ms ago: executing program 2:
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
chdir(&(0x7f0000000000)='./file0\x00')
creat(&(0x7f0000000040)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0)
readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)

17.761707ms ago: executing program 0:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000188500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x2d)
process_vm_readv(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x6, 0x4, 0x0, 0x8a}, 0x48)
bpf$PROG_BIND_MAP(0x23, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)

0s ago: executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000040007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='jbd2_update_log_tail\x00', r1}, 0x10)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x26e1, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r3}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000280)='jbd2_update_log_tail\x00', r4}, 0x10)
ioctl$TUNSETOFFLOAD(r2, 0x40086607, 0x20001419)

kernel console output (not intermixed with test programs):

nvalid bInterval 0, changing to 7
[  348.964359][ T1074] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  348.977117][ T1074] usb 5-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00
[  349.013066][ T1074] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  349.035830][ T1074] usb 5-1: config 0 descriptor??
[  349.098141][T11320] bridge0: port 2(bridge_slave_1) entered disabled state
[  349.105152][T11320] bridge0: port 1(bridge_slave_0) entered disabled state
[  349.148541][T11320] device wg2 left promiscuous mode
[  349.164079][T11334] IPv4: Oversized IP packet from 127.202.26.0
[  349.264670][T11324] loop3: detected capacity change from 0 to 40427
[  349.287756][T11324] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  349.295400][T11324] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  349.306020][T11324] F2FS-fs (loop3): Found nat_bits in checkpoint
[  349.346813][T11324] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  349.364557][   T30] audit: type=1400 audit(2000000036.960:17681): avc:  denied  { watch } for  pid=11347 comm="syz-executor.0" path="/root/syzkaller-testdir3325452176/syzkaller.yldL7b/740/file0" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  349.394707][T11324] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  349.409223][T11324] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  349.449097][T11340] loop1: detected capacity change from 0 to 40427
[  349.517769][T11340] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  349.517939][ T1074] sony 0003:054C:0268.006D: unknown main item tag 0x0
[  349.525319][T11340] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  349.526555][T11340] F2FS-fs (loop1): invalid crc_offset: 33558524
[  349.543610][ T1074] sony 0003:054C:0268.006D: hiddev96,hidraw0: USB HID v80.00 Device [HID 054c:0268] on usb-dummy_hcd.4-1/input0
[  349.547679][T11340] F2FS-fs (loop1): Found nat_bits in checkpoint
[  349.614442][ T1074] sony 0003:054C:0268.006D: failed to claim input
[  349.819027][T11340] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  349.833838][T11340] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  349.843109][ T1074] usb 5-1: USB disconnect, device number 38
[  349.929673][T11358] attempt to access beyond end of device
[  349.929673][T11358] loop1: rw=2049, want=45224, limit=40427
[  350.396664][T11379] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  350.480013][T11380] netlink: 'syz-executor.4': attribute type 27 has an invalid length.
[  350.585338][T11380] bridge0: port 3(syz_tun) entered disabled state
[  350.615851][T11380] bridge0: port 2(bridge_slave_1) entered disabled state
[  350.622909][T11380] bridge0: port 1(bridge_slave_0) entered disabled state
[  351.237816][T11391] loop1: detected capacity change from 0 to 2048
[  351.241693][ T1074] Bluetooth: hci0: command 0x1003 tx timeout
[  351.252030][ T1698] Bluetooth: hci0: sending frame failed (-49)
[  351.260820][T11394] SELinux: security_context_str_to_sid(system_u) failed for (dev ?, type ?) errno=-22
[  351.270602][T11394] SELinux: security_context_str_to_sid(system_u) failed for (dev incremental-fs, type incremental-fs) errno=-22
[  351.289323][T11391] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  351.302066][T11391] ext4 filesystem being mounted at /root/syzkaller-testdir2460466186/syzkaller.j0SzWh/84/file0 supports timestamps until 2038 (0x7fffffff)
[  351.833398][T11426] SELinux: security_context_str_to_sid(system_u) failed for (dev ?, type ?) errno=-22
[  351.847553][T11426] SELinux: security_context_str_to_sid(system_u) failed for (dev incremental-fs, type incremental-fs) errno=-22
[  351.933399][T11441] netlink: 492 bytes leftover after parsing attributes in process `syz-executor.1'.
[  352.057131][T11457] SELinux: security_context_str_to_sid(system_u) failed for (dev ?, type ?) errno=-22
[  352.066615][T11457] SELinux: security_context_str_to_sid(system_u) failed for (dev incremental-fs, type incremental-fs) errno=-22
[  352.619971][   T30] audit: type=1400 audit(2000000040.220:17682): avc:  denied  { write } for  pid=11478 comm="syz-executor.3" path="socket:[67362]" dev="sockfs" ino=67362 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  352.665373][   T30] audit: type=1400 audit(2000000040.220:17683): avc:  denied  { nlmsg_read } for  pid=11478 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  352.689561][T11482] loop3: detected capacity change from 0 to 256
[  353.316769][ T1074] Bluetooth: hci0: command 0x1001 tx timeout
[  353.323830][ T1698] Bluetooth: hci0: sending frame failed (-49)
[  353.453051][T11502] EXT4-fs (sda1): re-mounted. Opts: (null). Quota mode: none.
[  353.479117][T11505] SELinux: security_context_str_to_sid(system_u) failed for (dev ?, type ?) errno=-22
[  353.488930][T11505] SELinux: security_context_str_to_sid(system_u) failed for (dev incremental-fs, type incremental-fs) errno=-22
[  354.433827][T11531] netlink: 492 bytes leftover after parsing attributes in process `syz-executor.4'.
[  354.470130][T11533] EXT4-fs (sda1): re-mounted. Opts: (null). Quota mode: none.
[  355.396699][  T329] Bluetooth: hci0: command 0x1009 tx timeout
[  355.464698][T11563] loop1: detected capacity change from 0 to 131072
[  355.487709][T11563] F2FS-fs (loop1): Wrong segment_count / block_count (65567 > 16384)
[  355.505163][T11563] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  355.527968][T11563] F2FS-fs (loop1): Found nat_bits in checkpoint
[  355.589251][T11563] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  355.596202][T11563] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  355.627320][   T30] audit: type=1400 audit(2000000043.220:17684): avc:  denied  { rename } for  pid=11562 comm="syz-executor.1" name="file2" dev="loop1" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  355.672547][   T30] audit: type=1400 audit(2000000043.250:17685): avc:  denied  { read write } for  pid=11562 comm="syz-executor.1" name="file1" dev="overlay" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  355.695696][   T30] audit: type=1400 audit(2000000043.250:17686): avc:  denied  { open } for  pid=11562 comm="syz-executor.1" path="/root/syzkaller-testdir2460466186/syzkaller.j0SzWh/103/file0/file0/file1" dev="overlay" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  356.026934][   T30] audit: type=1400 audit(2000000043.260:17687): avc:  denied  { setattr } for  pid=11562 comm="syz-executor.1" name="#15" dev="loop1" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  356.063173][   T30] audit: type=1400 audit(2000000043.260:17688): avc:  denied  { link } for  pid=11562 comm="syz-executor.1" name="#15" dev="loop1" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  356.085557][   T30] audit: type=1400 audit(2000000043.390:17689): avc:  denied  { unlink } for  pid=10495 comm="syz-executor.1" name="file1" dev="loop1" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  356.373657][T11596] overlayfs: failed to resolve './file0': -2
[  356.731034][T11615] device batadv_slave_1 entered promiscuous mode
[  358.464207][T11685] loop1: detected capacity change from 0 to 256
[  358.578085][T11685] netlink: 276 bytes leftover after parsing attributes in process `syz-executor.1'.
[  358.688678][T11716] loop1: detected capacity change from 0 to 256
[  358.780813][T11716] exfat: Deprecated parameter 'utf8'
[  358.786324][T11716] exfat: Deprecated parameter 'namecase'
[  358.867477][T11716] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d)
[  359.772666][T11733] overlayfs: failed to resolve './file0': -2
[  359.962711][   T30] audit: type=1400 audit(2000000047.560:17690): avc:  denied  { mount } for  pid=11736 comm="syz-executor.4" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  360.433984][T11771] overlayfs: failed to resolve './file0': -2
[  360.710574][T11782] device batadv_slave_0 entered promiscuous mode
[  360.735047][T11748] loop1: detected capacity change from 0 to 131072
[  360.787606][T11748] F2FS-fs (loop1): Wrong segment_count / block_count (65567 > 16384)
[  360.788293][T11781] device batadv_slave_0 left promiscuous mode
[  360.795690][T11748] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  360.812489][T11748] F2FS-fs (loop1): Found nat_bits in checkpoint
[  360.854735][T11748] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  360.861687][T11748] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  361.031784][   T30] audit: type=1400 audit(2000000048.630:17691): avc:  denied  { wake_alarm } for  pid=11795 comm="syz-executor.2" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  361.211851][   T30] audit: type=1400 audit(2000000048.810:17692): avc:  denied  { nlmsg_write } for  pid=11812 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  361.240814][T11815] loop1: detected capacity change from 0 to 16
[  361.267637][T11815] erofs: (device loop1): mounted with root inode @ nid 36.
[  361.275296][T11815] erofs: (device loop1): z_erofs_extent_lookback: invalid lookback distance 0 @ nid 36
[  361.284826][T11815] erofs: (device loop1): z_erofs_readpage: failed to read, err [-117]
[  361.346342][T11827] device batadv_slave_0 entered promiscuous mode
[  361.386701][ T5395] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  361.439147][T11826] device batadv_slave_0 left promiscuous mode
[  361.806773][ T5395] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  361.825085][ T5395] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  361.837490][ T5395] usb 3-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00
[  361.846507][ T5395] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  361.855127][ T5395] usb 3-1: config 0 descriptor??
[  362.200193][   T26] Bluetooth: hci0: command 0x1003 tx timeout
[  362.206344][ T1698] Bluetooth: hci0: sending frame failed (-49)
[  362.353826][ T5395] sony 0003:054C:0268.006E: unknown main item tag 0x0
[  362.365132][ T5395] sony 0003:054C:0268.006E: hiddev96,hidraw0: USB HID v80.00 Device [HID 054c:0268] on usb-dummy_hcd.2-1/input0
[  362.377297][ T5395] sony 0003:054C:0268.006E: failed to claim input
[  362.555017][T11904] loop4: detected capacity change from 0 to 256
[  362.588499][   T26] usb 3-1: USB disconnect, device number 40
[  363.126379][T11919] syz-executor.2[11919] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  363.126439][T11919] syz-executor.2[11919] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  363.406714][ T5395] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  363.656662][ T5395] usb 3-1: Using ep0 maxpacket: 16
[  363.787033][ T5395] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  363.797956][ T5395] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  363.807520][ T5395] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  363.820174][ T5395] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  363.828947][ T5395] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  363.842177][ T5395] usb 3-1: config 0 descriptor??
[  363.969678][T11943] loop4: detected capacity change from 0 to 256
[  364.179047][T11943] loop4: detected capacity change from 0 to 2048
[  364.268370][T11955] loop4: detected capacity change from 0 to 256
[  364.278910][  T329] Bluetooth: hci0: command 0x1001 tx timeout
[  364.284936][ T1698] Bluetooth: hci0: sending frame failed (-49)
[  364.318158][ T5395] microsoft 0003:045E:07DA.006F: unbalanced collection at end of report description
[  364.328141][ T5395] microsoft 0003:045E:07DA.006F: parse failed
[  364.334025][ T5395] microsoft: probe of 0003:045E:07DA.006F failed with error -22
[  364.490765][T11957] overlayfs: failed to resolve './file0': -2
[  364.556511][  T329] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[  364.568120][   T26] usb 3-1: USB disconnect, device number 41
[  364.926759][  T329] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  364.937592][  T329] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  364.947136][  T329] usb 4-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00
[  364.955971][  T329] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  364.964312][  T329] usb 4-1: config 0 descriptor??
[  365.406703][  T328] usb 2-1: new high-speed USB device number 53 using dummy_hcd
[  365.447475][  T329] sony 0003:054C:0268.0070: unknown main item tag 0x0
[  365.455129][  T329] sony 0003:054C:0268.0070: hiddev96,hidraw0: USB HID v80.00 Device [HID 054c:0268] on usb-dummy_hcd.3-1/input0
[  365.466787][  T329] sony 0003:054C:0268.0070: failed to claim input
[  365.650159][  T429] usb 4-1: USB disconnect, device number 50
[  365.786802][  T328] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  365.797538][  T328] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  365.807104][  T328] usb 2-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00
[  365.815897][  T328] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  365.824333][  T328] usb 2-1: config 0 descriptor??
[  366.287805][  T328] hid-led 0003:0FC5:B080.0071: unknown main item tag 0x0
[  366.294701][  T328] hid-led 0003:0FC5:B080.0071: unknown main item tag 0x0
[  366.301588][  T328] hid-led 0003:0FC5:B080.0071: unknown main item tag 0x0
[  366.356746][ T1008] Bluetooth: hci0: command 0x1009 tx timeout
[  366.736776][  T328] hid-led: probe of 0003:0FC5:B080.0071 failed with error -71
[  366.744893][  T328] usb 2-1: USB disconnect, device number 53
[  367.801342][   T30] audit: type=1326 audit(2000000055.400:17693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12000 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2acf999ea9 code=0x0
[  367.902174][T12003] /dev/loop0: Can't open blockdev
[  368.066686][   T26] usb 4-1: new high-speed USB device number 51 using dummy_hcd
[  368.366294][T12008] loop1: detected capacity change from 0 to 2048
[  368.408689][T12008] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  368.466812][   T26] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  368.477692][   T26] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  368.487293][   T26] usb 4-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00
[  368.496190][   T26] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  368.554348][   T26] usb 4-1: config 0 descriptor??
[  368.926707][  T328] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[  368.954097][T12025] device syzkaller0 entered promiscuous mode
[  369.067474][   T26] sony 0003:054C:0268.0072: unknown main item tag 0x0
[  369.075042][   T26] sony 0003:054C:0268.0072: hiddev96,hidraw0: USB HID v80.00 Device [HID 054c:0268] on usb-dummy_hcd.3-1/input0
[  369.086894][   T26] sony 0003:054C:0268.0072: failed to claim input
[  369.270448][   T26] usb 4-1: USB disconnect, device number 51
[  369.286717][  T328] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  369.297474][  T328] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  369.306972][  T328] usb 3-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00
[  369.315864][  T328] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  369.336863][  T328] usb 3-1: config 0 descriptor??
[  369.817736][  T328] hid-led 0003:0FC5:B080.0073: unknown main item tag 0x0
[  369.824658][  T328] hid-led 0003:0FC5:B080.0073: unknown main item tag 0x0
[  369.831562][  T328] hid-led 0003:0FC5:B080.0073: unknown main item tag 0x0
[  370.256779][  T328] hid-led: probe of 0003:0FC5:B080.0073 failed with error -71
[  370.264772][  T328] usb 3-1: USB disconnect, device number 42
[  370.757956][   T30] audit: type=1326 audit(2000000058.360:17694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12049 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f040d2e4ea9 code=0x0
[  370.855208][T12051] /dev/loop0: Can't open blockdev
[  371.615486][T12060] netlink: 440 bytes leftover after parsing attributes in process `syz-executor.2'.
[  371.624739][T12060] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[  372.320367][   T30] audit: type=1400 audit(2000000059.920:17695): avc:  denied  { mounton } for  pid=12091 comm="syz-executor.0" path="/root/syzkaller-testdir3325452176/syzkaller.yldL7b/779/file0" dev="sda1" ino=1964 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=lnk_file permissive=1
[  372.658360][T12135] loop3: detected capacity change from 0 to 2048
[  372.672940][   T30] audit: type=1326 audit(2000000060.270:17696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12126 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2acf999ea9 code=0x0
[  372.717614][T12135] EXT4-fs error (device loop3): ext4_ext_check_inode:501: inode #2: comm syz-executor.3: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 5(5)
[  372.737340][T12135] EXT4-fs (loop3): get root inode failed
[  372.742844][T12135] EXT4-fs (loop3): mount failed
[  372.812931][T12087] loop1: detected capacity change from 0 to 131072
[  372.861913][T12087] F2FS-fs (loop1): Invalid log_blocksize (32), supports only 12
[  372.876660][T12087] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  372.894058][T10520] device syz_tun left promiscuous mode
[  372.899570][T10520] bridge0: port 3(syz_tun) entered disabled state
[  372.918491][T12087] F2FS-fs (loop1): Found nat_bits in checkpoint
[  373.000143][T12087] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  373.007158][T12087] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  373.016917][  T334] tipc: Disabling bearer <udp:s>
[  373.021865][  T334] tipc: Left network mode
[  373.338224][T12150] bridge0: port 1(bridge_slave_0) entered blocking state
[  373.345195][T12150] bridge0: port 1(bridge_slave_0) entered disabled state
[  373.352384][T12150] device bridge_slave_0 entered promiscuous mode
[  373.359324][T12150] bridge0: port 2(bridge_slave_1) entered blocking state
[  373.366226][T12150] bridge0: port 2(bridge_slave_1) entered disabled state
[  373.373722][T12150] device bridge_slave_1 entered promiscuous mode
[  373.459192][T12150] bridge0: port 2(bridge_slave_1) entered blocking state
[  373.466168][T12150] bridge0: port 2(bridge_slave_1) entered forwarding state
[  373.473274][T12150] bridge0: port 1(bridge_slave_0) entered blocking state
[  373.480037][T12150] bridge0: port 1(bridge_slave_0) entered forwarding state
[  373.511620][ T1008] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  373.521716][ T1008] bridge0: port 1(bridge_slave_0) entered disabled state
[  373.529311][ T1008] bridge0: port 2(bridge_slave_1) entered disabled state
[  373.546550][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  373.554805][   T26] bridge0: port 1(bridge_slave_0) entered blocking state
[  373.561682][   T26] bridge0: port 1(bridge_slave_0) entered forwarding state
[  373.570943][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  373.580657][   T26] bridge0: port 2(bridge_slave_1) entered blocking state
[  373.587522][   T26] bridge0: port 2(bridge_slave_1) entered forwarding state
[  373.620489][  T329] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  373.640653][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  373.665348][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  373.683590][T12150] device veth0_vlan entered promiscuous mode
[  373.691210][  T329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  373.702547][  T329] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  373.712321][  T329] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  373.729563][T12150] device veth1_macvtap entered promiscuous mode
[  373.736593][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  373.754953][  T429] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  373.828928][  T334] device bridge_slave_1 left promiscuous mode
[  373.835533][  T334] bridge0: port 2(bridge_slave_1) entered disabled state
[  373.842869][  T334] device bridge_slave_0 left promiscuous mode
[  373.851926][  T334] bridge0: port 1(bridge_slave_0) entered disabled state
[  373.860138][  T334] device veth1_macvtap left promiscuous mode
[  373.873908][  T334] device veth0_vlan left promiscuous mode
[  373.969046][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  374.020892][T12183] netlink: 116 bytes leftover after parsing attributes in process `syz-executor.1'.
[  374.836150][T12245] loop2: detected capacity change from 0 to 256
[  374.891873][T12246] loop3: detected capacity change from 0 to 256
[  374.944311][   T30] audit: type=1400 audit(2000000062.540:17697): avc:  denied  { create } for  pid=12244 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  375.251233][T12245] FAT-fs (loop2): error, fat_free: invalid cluster chain (i_pos 202)
[  375.259297][T12245] FAT-fs (loop2): Filesystem has been set read-only
[  375.292576][T12222] loop4: detected capacity change from 0 to 131072
[  375.309742][T12257] xt_policy: neither incoming nor outgoing policy selected
[  375.345776][T12222] F2FS-fs (loop4): Found nat_bits in checkpoint
[  375.387476][T12222] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  375.489935][T12284] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[  376.603528][T12322] syz-executor.3[12322] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  376.603690][T12322] syz-executor.3[12322] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  376.616235][T12322] syz-executor.3[12322] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  376.627982][T12322] syz-executor.3[12322] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  376.660239][T12324] loop3: detected capacity change from 0 to 256
[  376.750766][T12324] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 202)
[  376.758882][T12324] FAT-fs (loop3): Filesystem has been set read-only
[  376.791245][T12330] device pim6reg1 entered promiscuous mode
[  376.980648][T12334] loop1: detected capacity change from 0 to 40427
[  376.997887][T12348] syz-executor.4[12348] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  376.997954][T12348] syz-executor.4[12348] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  377.011985][T12334] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  377.031133][T12334] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  377.042661][T12348] syz-executor.4[12348] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  377.042723][T12348] syz-executor.4[12348] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  377.096303][T12334] F2FS-fs (loop1): Found nat_bits in checkpoint
[  377.141023][T12360] device pim6reg1 entered promiscuous mode
[  377.152861][T12334] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  377.159775][T12334] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  377.680262][T12377] netlink: 277 bytes leftover after parsing attributes in process `syz-executor.0'.
[  377.930061][T12388] syz-executor.3[12388] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  377.930131][T12388] syz-executor.3[12388] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  377.969383][T12390] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  378.010124][T12390] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  378.025593][T12390] loop1: detected capacity change from 0 to 1024
[  378.034581][T12397] device pim6reg1 entered promiscuous mode
[  378.056930][T12390] EXT4-fs (loop1): filesystem is read-only
[  378.062743][T12390] EXT4-fs (loop1): Unsupported blocksize for fs-verity
[  378.216662][   T60] usb 1-1: new high-speed USB device number 50 using dummy_hcd
[  378.225124][   T30] audit: type=1326 audit(2000000065.820:17698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12406 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f040d2e4ea9 code=0x7ffc0000
[  378.266756][   T30] audit: type=1326 audit(2000000065.850:17699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12406 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f040d2e4ea9 code=0x7ffc0000
[  378.328732][   T30] audit: type=1326 audit(2000000065.850:17700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12406 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f040d2e4ea9 code=0x7ffc0000
[  378.405850][   T30] audit: type=1326 audit(2000000065.850:17701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12406 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f040d2e4ea9 code=0x7ffc0000
[  378.526197][   T30] audit: type=1326 audit(2000000065.850:17702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12406 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f040d2e4ea9 code=0x7ffc0000
[  378.637025][   T30] audit: type=1326 audit(2000000065.850:17703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12406 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f040d2e4ea9 code=0x7ffc0000
[  378.751993][   T30] audit: type=1326 audit(2000000065.850:17704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12406 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f040d2e4ea9 code=0x7ffc0000
[  378.794649][   T30] audit: type=1326 audit(2000000065.850:17705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12406 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f040d2e2627 code=0x7ffc0000
[  378.819362][T12421] loop3: detected capacity change from 0 to 16
[  378.826124][   T30] audit: type=1326 audit(2000000065.850:17706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12406 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f040d2a8309 code=0x7ffc0000
[  378.854869][T12403] device vlan2 entered promiscuous mode
[  378.889306][T12421] erofs: (device loop3): mounted with root inode @ nid 36.
[  378.896769][T12424] bridge0: port 3(syz_tun) entered blocking state
[  378.907642][T12424] bridge0: port 3(syz_tun) entered disabled state
[  378.914573][T12424] device syz_tun entered promiscuous mode
[  378.920328][T12424] bridge0: port 3(syz_tun) entered blocking state
[  378.926554][T12424] bridge0: port 3(syz_tun) entered forwarding state
[  379.092365][   T60] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  379.160797][   T60] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  379.170539][   T60] usb 1-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00
[  379.179494][   T60] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  379.188121][   T60] usb 1-1: config 0 descriptor??
[  379.188327][T12459] bridge: RTM_NEWNEIGH with invalid ether address
[  379.306874][T12482] device vlan2 entered promiscuous mode
[  379.338488][T12473] SELinux:  Context   is not valid (left unmapped).
[  379.353439][T12473] SELinux: security_context_str_to_sid(sysadm_u) failed for (dev ?, type ?) errno=-22
[  379.370948][T12473] SELinux: security_context_str_to_sid(sysadm_u) failed for (dev incremental-fs, type incremental-fs) errno=-22
[  379.582634][T12499] bridge: RTM_NEWNEIGH with invalid ether address
[  379.623793][    C1] TCP: request_sock_TCP: Possible SYN flooding on port 2. Sending cookies.  Check SNMP counters.
[  379.795571][T12517] bridge0: port 3(syz_tun) entered blocking state
[  379.801939][T12517] bridge0: port 3(syz_tun) entered disabled state
[  379.808715][T12517] device syz_tun entered promiscuous mode
[  379.814378][T12517] bridge0: port 3(syz_tun) entered blocking state
[  379.820640][T12517] bridge0: port 3(syz_tun) entered forwarding state
[  379.914853][T12525] bridge: RTM_NEWNEIGH with invalid ether address
[  380.063515][T12553] bridge: RTM_NEWNEIGH with invalid ether address
[  380.082446][T12549] tipc: Started in network mode
[  380.088767][T12549] tipc: Node identity ac1414aa, cluster identity 4711
[  380.095493][T12549] tipc: New replicast peer: 100.1.1.1
[  380.101395][T12554] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  380.109112][T12549] tipc: Enabled bearer <udp:syz2>, priority 10
[  380.117509][T12554] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  380.129802][T12554] loop4: detected capacity change from 0 to 1024
[  380.177681][T12554] EXT4-fs (loop4): filesystem is read-only
[  380.183550][T12554] EXT4-fs (loop4): Unsupported blocksize for fs-verity
[  380.194644][   T30] kauditd_printk_skb: 175 callbacks suppressed
[  380.194659][   T30] audit: type=1326 audit(2000000067.790:17882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12567 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f040d2e4ea9 code=0x7ffc0000
[  380.224726][   T30] audit: type=1326 audit(2000000067.790:17883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12567 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f040d2e4ea9 code=0x7ffc0000
[  380.249153][   T30] audit: type=1326 audit(2000000067.790:17884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12567 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f040d2e4ea9 code=0x7ffc0000
[  380.293349][   T30] audit: type=1326 audit(2000000067.790:17885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12567 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f040d2e4ea9 code=0x7ffc0000
[  380.294728][T12562] SELinux: security_context_str_to_sid(sysadm_u) failed for (dev ?, type ?) errno=-22
[  380.338296][T12562] SELinux: security_context_str_to_sid(sysadm_u) failed for (dev incremental-fs, type incremental-fs) errno=-22
[  380.382646][   T30] audit: type=1326 audit(2000000067.790:17886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12567 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f040d2e4ea9 code=0x7ffc0000
[  380.419326][   T30] audit: type=1326 audit(2000000067.790:17887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12567 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f040d2e4ea9 code=0x7ffc0000
[  380.456757][   T30] audit: type=1326 audit(2000000067.790:17888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12567 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f040d2e4ea9 code=0x7ffc0000
[  380.481306][   T30] audit: type=1326 audit(2000000067.790:17889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12567 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f040d2e4ea9 code=0x7ffc0000
[  380.506762][   T30] audit: type=1326 audit(2000000067.790:17890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12567 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f040d2e4ea9 code=0x7ffc0000
[  380.534096][T12586] bridge: RTM_NEWNEIGH with invalid ether address
[  380.540493][   T30] audit: type=1326 audit(2000000067.800:17891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12567 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f040d2e4ea9 code=0x7ffc0000
[  380.793060][T12591] tipc: Started in network mode
[  380.798273][T12591] tipc: Node identity ac1414aa, cluster identity 4711
[  380.804935][T12591] tipc: New replicast peer: 100.1.1.1
[  380.810318][T12591] tipc: Enabled bearer <udp:syz2>, priority 10
[  380.819203][T12594] device pim6reg1 entered promiscuous mode
[  380.846734][   T60] usbhid 1-1:0.0: can't add hid device: -71
[  380.852612][   T60] usbhid: probe of 1-1:0.0 failed with error -71
[  380.859559][   T60] usb 1-1: USB disconnect, device number 50
[  380.931576][T12607] bridge0: port 1(syz_tun) entered blocking state
[  380.945102][T12607] bridge0: port 1(syz_tun) entered disabled state
[  380.960013][T12607] device syz_tun entered promiscuous mode
[  380.965784][T12607] bridge0: port 1(syz_tun) entered blocking state
[  380.972065][T12607] bridge0: port 1(syz_tun) entered forwarding state
[  381.072753][T12616] loop2: detected capacity change from 0 to 16
[  381.137699][T12616] erofs: (device loop2): mounted with root inode @ nid 36.
[  381.249952][ T3619] tipc: Node number set to 2886997162
[  381.263735][T12622] device pim6reg1 entered promiscuous mode
[  381.452033][T12641] loop4: detected capacity change from 0 to 256
[  381.792330][T12659] loop1: detected capacity change from 0 to 512
[  381.806690][    T6] tipc: Node number set to 2886997162
[  381.899744][T12659] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=remount-ro,. Quota mode: writeback.
[  381.910974][T12659] ext4 filesystem being mounted at /root/syzkaller-testdir2460466186/syzkaller.j0SzWh/198/file0 supports timestamps until 2038 (0x7fffffff)
[  382.556740][T12708] bpf_get_probe_write_proto: 6 callbacks suppressed
[  382.556761][T12708] syz-executor.3[12708] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  382.589695][T12708] syz-executor.3[12708] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  383.611733][T12753] loop3: detected capacity change from 0 to 256
[  383.900286][T12764] device pim6reg1 entered promiscuous mode
[  384.125195][T12766] loop2: detected capacity change from 0 to 40427
[  384.170509][T12749] loop1: detected capacity change from 0 to 131072
[  384.188174][T12766] F2FS-fs (loop2): Found nat_bits in checkpoint
[  384.234826][T12749] F2FS-fs (loop1): QUOTA feature is enabled, so ignore jquota_fmt
[  384.256867][T12749] F2FS-fs (loop1): invalid crc value
[  384.343581][T12749] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387)
[  384.346201][T12766] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  384.383780][T12749] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b
[  384.417177][T11120] attempt to access beyond end of device
[  384.417177][T11120] loop2: rw=524288, want=45072, limit=40427
[  384.505006][T11120] attempt to access beyond end of device
[  384.505006][T11120] loop2: rw=0, want=45072, limit=40427
[  384.718108][  T334] attempt to access beyond end of device
[  384.718108][  T334] loop2: rw=2049, want=40992, limit=40427
[  384.731759][T11120] bridge0: port 3(syz_tun) entered disabled state
[  384.739298][T11120] device syz_tun left promiscuous mode
[  384.744719][T11120] bridge0: port 3(syz_tun) entered disabled state
[  384.770652][T12793] loop3: detected capacity change from 0 to 256
[  384.807911][  T334] tipc: Disabling bearer <udp:syz2>
[  384.813358][  T334] tipc: Left network mode
[  384.829944][T12793] exFAT-fs (loop3): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d)
[  385.310733][T12776] loop4: detected capacity change from 0 to 131072
[  385.422008][T12776] F2FS-fs (loop4): Found nat_bits in checkpoint
[  385.452575][T12805] bridge0: port 1(bridge_slave_0) entered blocking state
[  385.470997][T12805] bridge0: port 1(bridge_slave_0) entered disabled state
[  385.479681][T12805] device bridge_slave_0 entered promiscuous mode
[  385.487510][T12776] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b
[  385.503358][T12805] bridge0: port 2(bridge_slave_1) entered blocking state
[  385.512009][T12805] bridge0: port 2(bridge_slave_1) entered disabled state
[  385.527080][T12805] device bridge_slave_1 entered promiscuous mode
[  385.541270][  T334] device bridge_slave_1 left promiscuous mode
[  385.557094][  T334] bridge0: port 2(bridge_slave_1) entered disabled state
[  385.590479][  T334] device bridge_slave_0 left promiscuous mode
[  385.627219][  T334] bridge0: port 1(bridge_slave_0) entered disabled state
[  385.646255][T12817] loop3: detected capacity change from 0 to 40427
[  385.658775][  T334] device veth1_macvtap left promiscuous mode
[  385.666779][  T334] device veth0_vlan left promiscuous mode
[  385.709784][T12817] F2FS-fs (loop3): Found nat_bits in checkpoint
[  385.846447][T12817] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  386.031934][T12150] attempt to access beyond end of device
[  386.031934][T12150] loop3: rw=524288, want=45072, limit=40427
[  386.171094][T12150] attempt to access beyond end of device
[  386.171094][T12150] loop3: rw=0, want=45072, limit=40427
[  386.215448][  T514] attempt to access beyond end of device
[  386.215448][  T514] loop3: rw=2049, want=40992, limit=40427
[  386.236201][T12150] bridge0: port 3(syz_tun) entered disabled state
[  386.244337][T12150] device syz_tun left promiscuous mode
[  386.249642][T12150] bridge0: port 3(syz_tun) entered disabled state
[  386.319606][T12842] bridge0: port 1(bridge_slave_0) entered blocking state
[  386.326521][T12842] bridge0: port 1(bridge_slave_0) entered disabled state
[  386.333898][T12842] device bridge_slave_0 entered promiscuous mode
[  386.340969][T12842] bridge0: port 2(bridge_slave_1) entered blocking state
[  386.347910][T12842] bridge0: port 2(bridge_slave_1) entered disabled state
[  386.355149][T12842] device bridge_slave_1 entered promiscuous mode
[  386.424627][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  386.439212][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  386.455909][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  386.467966][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  386.476047][   T26] bridge0: port 1(bridge_slave_0) entered blocking state
[  386.482913][   T26] bridge0: port 1(bridge_slave_0) entered forwarding state
[  386.490197][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  386.498545][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  386.506572][   T26] bridge0: port 2(bridge_slave_1) entered blocking state
[  386.513452][   T26] bridge0: port 2(bridge_slave_1) entered forwarding state
[  386.573819][  T334] tipc: Disabling bearer <udp:syz2>
[  386.583430][  T334] tipc: Left network mode
[  386.598349][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  386.611094][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  386.619960][  T334] tipc: Disabling bearer <udp:s>
[  386.624994][  T334] tipc: Left network mode
[  386.640430][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  386.653924][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  386.679277][T12805] device veth0_vlan entered promiscuous mode
[  386.691361][  T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  386.729575][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  386.737018][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  386.751022][T12805] device veth1_macvtap entered promiscuous mode
[  386.777827][  T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  386.800007][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  386.808649][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  386.816844][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  386.825073][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  386.883722][T12856] bridge0: port 1(bridge_slave_0) entered blocking state
[  386.894593][T12867] user requested TSC rate below hardware speed
[  386.901063][T12856] bridge0: port 1(bridge_slave_0) entered disabled state
[  386.927128][T12856] device bridge_slave_0 entered promiscuous mode
[  386.940986][T12856] bridge0: port 2(bridge_slave_1) entered blocking state
[  386.953332][T12856] bridge0: port 2(bridge_slave_1) entered disabled state
[  386.967236][T12856] device bridge_slave_1 entered promiscuous mode
[  386.974131][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  386.983014][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  386.997374][    T6] bridge0: port 1(bridge_slave_0) entered blocking state
[  387.004473][    T6] bridge0: port 1(bridge_slave_0) entered forwarding state
[  387.031692][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  387.041317][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  387.049319][T12875] loop2: detected capacity change from 0 to 512
[  387.051147][    T6] bridge0: port 2(bridge_slave_1) entered blocking state
[  387.055869][   T30] kauditd_printk_skb: 24 callbacks suppressed
[  387.055885][   T30] audit: type=1400 audit(2000000074.650:17916): avc:  denied  { append } for  pid=12874 comm="syz-executor.4" name="hwrng" dev="devtmpfs" ino=94 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1
[  387.062338][    T6] bridge0: port 2(bridge_slave_1) entered forwarding state
[  387.105408][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  387.113376][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  387.127172][   T30] audit: type=1400 audit(2000000074.730:17917): avc:  denied  { mounton } for  pid=12873 comm="syz-executor.2" path="/root/syzkaller-testdir599185833/syzkaller.z3ejxJ/2/file0" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=dir permissive=1
[  387.175135][  T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  387.184857][T12875] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  387.197470][T12875] ext4 filesystem being mounted at /root/syzkaller-testdir599185833/syzkaller.z3ejxJ/2/file0 supports timestamps until 2038 (0x7fffffff)
[  387.201330][T12842] device veth0_vlan entered promiscuous mode
[  387.218614][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  387.226514][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  387.233803][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  387.254175][T12842] device veth1_macvtap entered promiscuous mode
[  387.269998][  T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  387.278756][  T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  387.287213][  T328] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  387.319541][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  387.328022][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  387.336665][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  387.345016][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  387.386764][T12887] loop4: detected capacity change from 0 to 40427
[  387.415462][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  387.423711][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  387.441197][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  387.446542][T12887] F2FS-fs (loop4): Found nat_bits in checkpoint
[  387.449814][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  387.482208][    T6] bridge0: port 1(bridge_slave_0) entered blocking state
[  387.489090][    T6] bridge0: port 1(bridge_slave_0) entered forwarding state
[  387.499156][T12887] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  387.513651][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  387.525432][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  387.546828][T10605] attempt to access beyond end of device
[  387.546828][T10605] loop4: rw=524288, want=45072, limit=40427
[  387.558825][T10605] attempt to access beyond end of device
[  387.558825][T10605] loop4: rw=0, want=45072, limit=40427
[  387.559046][    T6] bridge0: port 2(bridge_slave_1) entered blocking state
[  387.576455][    T6] bridge0: port 2(bridge_slave_1) entered forwarding state
[  387.584310][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  387.595688][  T334] device bridge_slave_1 left promiscuous mode
[  387.606882][  T334] bridge0: port 2(bridge_slave_1) entered disabled state
[  387.627556][  T514] attempt to access beyond end of device
[  387.627556][  T514] loop4: rw=2049, want=40992, limit=40427
[  387.639559][  T334] device bridge_slave_0 left promiscuous mode
[  387.645604][  T334] bridge0: port 1(bridge_slave_0) entered disabled state
[  387.668863][  T334] device bridge_slave_1 left promiscuous mode
[  387.674823][  T334] bridge0: port 2(bridge_slave_1) entered disabled state
[  387.697183][  T334] device bridge_slave_0 left promiscuous mode
[  387.703208][  T334] bridge0: port 1(bridge_slave_0) entered disabled state
[  387.711330][  T334] device veth1_macvtap left promiscuous mode
[  387.719203][  T334] device veth0_vlan left promiscuous mode
[  388.000691][   T30] audit: type=1400 audit(2000000075.600:17918): avc:  denied  { unmount } for  pid=12805 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  388.510117][T12939] syz-executor.1[12939] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  388.510178][T12939] syz-executor.1[12939] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  388.542578][T10605] device syz_tun left promiscuous mode
[  388.559540][T10605] bridge0: port 3(syz_tun) entered disabled state
[  388.576748][  T429] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  388.584891][  T429] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  388.593165][  T429] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  388.649404][  T429] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  388.689037][T12856] device veth0_vlan entered promiscuous mode
[  388.696566][  T429] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  388.704853][  T429] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  388.714933][  T429] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  388.723957][  T429] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  389.037837][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  389.043701][T12946] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  389.056772][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  389.064136][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  389.072205][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  389.072408][T12946] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  389.083362][T12856] device veth1_macvtap entered promiscuous mode
[  389.103265][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  389.119438][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  389.137848][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  389.161968][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  389.181112][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  389.406918][T12950] bridge0: port 1(bridge_slave_0) entered blocking state
[  389.413872][T12950] bridge0: port 1(bridge_slave_0) entered disabled state
[  389.421420][T12950] device bridge_slave_0 entered promiscuous mode
[  389.450106][T12950] bridge0: port 2(bridge_slave_1) entered blocking state
[  389.459257][T12950] bridge0: port 2(bridge_slave_1) entered disabled state
[  389.473215][T12950] device bridge_slave_1 entered promiscuous mode
[  389.505117][  T334] tipc: Disabling bearer <udp:s>
[  389.516840][  T334] tipc: Left network mode
[  389.566132][T12958] bridge0: port 1(bridge_slave_0) entered blocking state
[  389.573507][T12958] bridge0: port 1(bridge_slave_0) entered disabled state
[  389.580997][T12958] device bridge_slave_0 entered promiscuous mode
[  389.588002][T12958] bridge0: port 2(bridge_slave_1) entered blocking state
[  389.594900][T12958] bridge0: port 2(bridge_slave_1) entered disabled state
[  389.602500][T12958] device bridge_slave_1 entered promiscuous mode
[  389.835918][  T329] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  389.842327][T12966] loop1: detected capacity change from 0 to 40427
[  389.843514][  T329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  389.879638][ T1008] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  389.888194][ T1008] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  389.896225][ T1008] bridge0: port 1(bridge_slave_0) entered blocking state
[  389.903113][ T1008] bridge0: port 1(bridge_slave_0) entered forwarding state
[  389.910440][T12966] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  389.911570][ T1008] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  389.926241][ T1008] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  389.934147][T12966] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  389.934319][ T1008] bridge0: port 2(bridge_slave_1) entered blocking state
[  389.948902][ T1008] bridge0: port 2(bridge_slave_1) entered forwarding state
[  389.956248][ T1008] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  389.964291][T12966] F2FS-fs (loop1): invalid crc value
[  389.964457][ T1008] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  389.984366][T12966] F2FS-fs (loop1): Found nat_bits in checkpoint
[  390.005801][  T329] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  390.015543][  T329] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  390.027052][T12966] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  390.028539][T12957] loop3: detected capacity change from 0 to 131072
[  390.034114][T12966] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  390.040764][  T329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  390.054992][  T329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  390.063261][  T329] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  390.071306][  T329] bridge0: port 1(bridge_slave_0) entered blocking state
[  390.078167][  T329] bridge0: port 1(bridge_slave_0) entered forwarding state
[  390.085375][  T329] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  390.093762][  T329] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  390.103556][  T329] bridge0: port 2(bridge_slave_1) entered blocking state
[  390.110431][  T329] bridge0: port 2(bridge_slave_1) entered forwarding state
[  390.127439][T12966] fuse: Unknown parameter './bus'
[  390.141948][ T1008] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  390.150211][  T514] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  390.154068][ T1008] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  390.162997][T12979] EXT4-fs warning (device sda1): verify_group_input:176: Cannot read last block (263169)
[  390.167903][ T1008] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  390.176561][  T514] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  390.183993][ T1008] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  390.200316][T12957] F2FS-fs (loop3): Found nat_bits in checkpoint
[  390.207009][ T1008] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  390.214457][ T1008] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  390.222328][ T1008] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  390.233357][T12950] device veth0_vlan entered promiscuous mode
[  390.260115][ T1008] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  390.267888][T12957] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b
[  390.291434][T12950] device veth1_macvtap entered promiscuous mode
[  390.305548][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  390.317351][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  390.325366][T12958] device veth0_vlan entered promiscuous mode
[  390.337478][ T1008] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  390.345107][ T1008] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  390.356526][  T429] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  390.365109][  T429] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  390.385694][T12982] incfs: Can't find or create .index dir in ./file0
[  390.393076][T12982] incfs: mount failed -14
[  390.400387][  T429] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  390.437040][  T429] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  390.450556][T12958] device veth1_macvtap entered promiscuous mode
[  390.471041][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  390.511172][  T334] device bridge_slave_1 left promiscuous mode
[  390.539902][  T334] bridge0: port 2(bridge_slave_1) entered disabled state
[  390.558536][T12991] sit: Dst spoofed 0.0.0.0/400:: -> 0.0.0.0/2002:0:54d3:7419::b586:0
[  390.566919][  T334] device bridge_slave_0 left promiscuous mode
[  390.572884][  T334] bridge0: port 1(bridge_slave_0) entered disabled state
[  390.600911][  T334] device bridge_slave_1 left promiscuous mode
[  390.607018][  T334] bridge0: port 2(bridge_slave_1) entered disabled state
[  390.628178][  T334] device bridge_slave_0 left promiscuous mode
[  390.651939][  T334] bridge0: port 1(bridge_slave_0) entered disabled state
[  390.668335][  T334] device veth1_macvtap left promiscuous mode
[  390.738611][T12992] loop1: detected capacity change from 0 to 256
[  390.755925][  T334] device veth0_vlan left promiscuous mode
[  390.810725][T12992] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xbe9e488b, utbl_chksum : 0xe619d30d)
[  390.869264][T12992] exFAT-fs (loop1): error, invalid access to FAT bad cluster (entry 0x00000005)
[  390.912674][T12992] exFAT-fs (loop1): Filesystem has been set read-only
[  391.013233][T12992] exFAT-fs (loop1): failed to initialize root inode
[  391.293152][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  391.348844][T13007] device syzkaller0 entered promiscuous mode
[  391.388185][ T1008] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  391.396539][ T1008] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  391.560199][T13019] kvm: pic: non byte write
[  391.567941][T13019] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (4194304 ns). Using initial count to start timer.
[  391.602457][T13026] loop2: detected capacity change from 0 to 512
[  391.656046][   T30] audit: type=1400 audit(2000000079.250:17919): avc:  denied  { ioctl } for  pid=13031 comm="syz-executor.1" path="/dev/cpu/0/msr" dev="devtmpfs" ino=85 ioctlcmd=0x63a0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  391.696505][T13026] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (3832!=33349)
[  391.717100][T13026] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a802e01c, mo2=0002]
[  391.725052][T13026] System zones: 1-12
[  391.729958][T13026] EXT4-fs (loop2): orphan cleanup on readonly fs
[  391.736559][T13026] EXT4-fs error (device loop2): ext4_read_inode_bitmap:168: comm syz-executor.2: Inode bitmap for bg 0 marked uninitialized
[  391.749848][T13026] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  391.761491][T13026] EXT4-fs (loop2): ext4_remount: Checksum for group 0 failed (3832!=33349)
[  391.780686][T13043] device syzkaller0 entered promiscuous mode
[  392.291440][T13070] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (4194304 ns). Using initial count to start timer.
[  392.292790][T13073] loop1: detected capacity change from 0 to 512
[  392.327962][T13073] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (3832!=33349)
[  392.344210][T13073] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a802e01c, mo2=0002]
[  392.352214][T13073] System zones: 1-12
[  392.356476][T13073] EXT4-fs (loop1): orphan cleanup on readonly fs
[  392.363259][T13073] EXT4-fs error (device loop1): ext4_read_inode_bitmap:168: comm syz-executor.1: Inode bitmap for bg 0 marked uninitialized
[  392.376286][T13073] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  392.388796][T13073] EXT4-fs (loop1): ext4_remount: Checksum for group 0 failed (3832!=33349)
[  392.469720][   T30] audit: type=1326 audit(2000000080.070:17920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13090 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cc8a81ea9 code=0x7ffc0000
[  392.531421][   T30] audit: type=1326 audit(2000000080.070:17921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13090 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6cc8a81ea9 code=0x7ffc0000
[  392.565401][   T30] audit: type=1326 audit(2000000080.070:17922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13090 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cc8a81ea9 code=0x7ffc0000
[  392.596953][   T30] audit: type=1326 audit(2000000080.070:17923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13090 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6cc8a81ea9 code=0x7ffc0000
[  392.621832][   T30] audit: type=1326 audit(2000000080.070:17924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13090 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cc8a81ea9 code=0x7ffc0000
[  392.646040][   T30] audit: type=1326 audit(2000000080.070:17925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13090 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6cc8a81ea9 code=0x7ffc0000
[  392.686874][   T30] audit: type=1326 audit(2000000080.070:17926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13090 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cc8a81ea9 code=0x7ffc0000
[  392.710861][   T30] audit: type=1326 audit(2000000080.070:17927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13090 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6cc8a81ea9 code=0x7ffc0000
[  392.787915][T13099] loop1: detected capacity change from 0 to 256
[  392.823039][T13089] loop3: detected capacity change from 0 to 256
[  392.870031][   T30] audit: type=1326 audit(2000000080.090:17928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13090 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cc8a81ea9 code=0x7ffc0000
[  392.995337][   T30] audit: type=1326 audit(2000000080.100:17929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13090 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=119 compat=0 ip=0x7f6cc8a81ea9 code=0x7ffc0000
[  393.035472][T13089] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xbe9e488b, utbl_chksum : 0xe619d30d)
[  393.054886][T13103] incfs: Can't find or create .index dir in ./file0
[  393.060297][T13089] exFAT-fs (loop3): error, invalid access to FAT bad cluster (entry 0x00000005)
[  393.070362][T13103] incfs: mount failed -14
[  393.070471][T13089] exFAT-fs (loop3): Filesystem has been set read-only
[  393.082000][T13089] exFAT-fs (loop3): failed to initialize root inode
[  393.581818][T13133] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  394.129057][T13146] loop4: detected capacity change from 0 to 256
[  394.171796][T13146] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xbe9e488b, utbl_chksum : 0xe619d30d)
[  394.188981][T13146] exFAT-fs (loop4): error, invalid access to FAT bad cluster (entry 0x00000005)
[  394.198088][T13146] exFAT-fs (loop4): Filesystem has been set read-only
[  394.205694][T13146] exFAT-fs (loop4): failed to initialize root inode
[  394.378994][T13172] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'.
[  394.407134][T13179] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
[  394.482485][T13180] loop3: detected capacity change from 0 to 256
[  394.776561][T13184] device syzkaller0 entered promiscuous mode
[  394.934848][T13196] loop1: detected capacity change from 0 to 40427
[  394.958313][T13196] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  394.965893][T13196] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  394.984111][T13196] F2FS-fs (loop1): invalid crc value
[  394.990790][T13196] F2FS-fs (loop1): Found nat_bits in checkpoint
[  395.032813][T13196] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  395.039894][T13196] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  395.083325][T13196] fuse: Unknown parameter './bus'
[  395.099447][  T514] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  395.108175][  T514] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  395.108421][T13221] loop4: detected capacity change from 0 to 512
[  395.163665][T13221] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (3832!=33349)
[  395.173706][T13221] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a802e01c, mo2=0002]
[  395.181560][T13221] System zones: 1-12
[  395.185792][T13221] EXT4-fs (loop4): orphan cleanup on readonly fs
[  395.191981][T13221] EXT4-fs error (device loop4): ext4_read_inode_bitmap:168: comm syz-executor.4: Inode bitmap for bg 0 marked uninitialized
[  395.204986][T13221] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  395.217027][T13221] EXT4-fs (loop4): ext4_remount: Checksum for group 0 failed (3832!=33349)
[  395.436543][T13246] syz-executor.1[13246] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  395.436701][T13246] syz-executor.1[13246] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  395.441234][T13234] loop4: detected capacity change from 0 to 40427
[  395.497311][T13234] F2FS-fs (loop4): Small segment_count (9 < 1 * 24)
[  395.503774][T13234] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  395.514636][T13234] F2FS-fs (loop4): Found nat_bits in checkpoint
[  395.546151][T13234] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  395.553016][T13234] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  395.569393][T13234] attempt to access beyond end of device
[  395.569393][T13234] loop4: rw=2049, want=53256, limit=40427
[  395.585679][T12958] attempt to access beyond end of device
[  395.585679][T12958] loop4: rw=2049, want=45104, limit=40427
[  395.611173][T13254] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  395.776751][  T429] usb 2-1: new high-speed USB device number 54 using dummy_hcd
[  395.833346][T13273] incfs: Can't find or create .index dir in ./file0
[  395.839957][T13273] incfs: mount failed -14
[  395.894411][T13285] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
[  396.192286][T13302] No source specified
[  396.328495][T13304] incfs: Can't find or create .index dir in ./file0
[  396.335509][T13304] incfs: mount failed -14
[  396.366761][ T3619] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  396.626708][ T3619] usb 5-1: Using ep0 maxpacket: 32
[  396.626796][  T429] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  396.642466][  T429] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  396.652175][  T429] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  396.661052][  T429] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  396.667387][T13307] loop3: detected capacity change from 0 to 40427
[  396.669799][  T429] usb 2-1: config 0 descriptor??
[  396.697651][T13307] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  396.705183][T13307] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  396.716109][T13307] F2FS-fs (loop3): Found nat_bits in checkpoint
[  396.746560][T13307] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  396.753519][T13307] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  396.753536][ T3619] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  396.771841][ T3619] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  396.781572][ T3619] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  396.790465][ T3619] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  396.799660][ T3619] usb 5-1: config 0 descriptor??
[  396.837657][ T3619] hub 5-1:0.0: USB hub found
[  396.846703][ T1008] usb 1-1: new high-speed USB device number 51 using dummy_hcd
[  396.989769][T13325] SELinux: security_context_str_to_sid(unconfined_u) failed for (dev ?, type ?) errno=-22
[  397.000089][T13325] SELinux: security_context_str_to_sid(unconfined_u) failed for (dev sda1, type ext4) errno=-22
[  397.206759][ T1008] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  397.217667][ T1008] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  397.227202][ T1008] usb 1-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  397.236044][ T1008] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  397.257094][ T1008] usb 1-1: config 0 descriptor??
[  397.316801][ T3619] hub 5-1:0.0: config failed, can't read hub descriptor (err -22)
[  397.737817][ T1008] lg-g15 0003:046D:C222.0075: item fetching failed at offset 10/11
[  397.745811][ T1008] lg-g15: probe of 0003:046D:C222.0075 failed with error -22
[  397.940412][ T1008] usb 1-1: USB disconnect, device number 51
[  398.036936][  T429] uclogic 0003:256C:006D.0074: interface is invalid, ignoring
[  398.244011][ T1008] usb 2-1: USB disconnect, device number 54
[  398.416706][  T429] usb 4-1: new high-speed USB device number 52 using dummy_hcd
[  398.697954][  T429] usb 4-1: Using ep0 maxpacket: 16
[  399.056740][ T3619] usbhid 5-1:0.0: can't add hid device: -71
[  399.062661][ T3619] usbhid: probe of 5-1:0.0 failed with error -71
[  399.116757][  T429] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  399.125783][  T429] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  399.134016][  T429] usb 4-1: Product: syz
[  399.137995][  T429] usb 4-1: Manufacturer: syz
[  399.142402][  T429] usb 4-1: SerialNumber: syz
[  399.147622][  T429] r8152-cfgselector 4-1: config 0 descriptor??
[  399.276801][ T3619] usb 5-1: reset high-speed USB device number 39 using dummy_hcd
[  399.316943][ T3619] usb 5-1: device reset changed ep0 maxpacket size!
[  399.323542][ T3619] usb 5-1: USB disconnect, device number 39
[  399.406773][  T429] r8152-cfgselector 4-1: Unknown version 0x0000
[  399.426743][  T429] r8152-cfgselector 4-1: Unknown version 0x0000
[  399.432852][  T429] r8152-cfgselector 4-1: bad CDC descriptors
[  399.456767][  T429] r8152-cfgselector 4-1: Unknown version 0x0000
[  399.463346][  T429] r8152-cfgselector 4-1: USB disconnect, device number 52
[  399.473713][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  399.473729][   T30] audit: type=1326 audit(2000000087.070:17934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13372 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cc8a81ea9 code=0x7ffc0000
[  399.506350][   T30] audit: type=1326 audit(2000000087.070:17935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13372 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cc8a81ea9 code=0x7ffc0000
[  399.530552][   T30] audit: type=1326 audit(2000000087.070:17936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13372 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6cc8a81ea9 code=0x7ffc0000
[  399.554598][   T30] audit: type=1326 audit(2000000087.100:17937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13372 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cc8a81ea9 code=0x7ffc0000
[  399.578886][   T30] audit: type=1326 audit(2000000087.100:17938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13372 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6cc8a81ea9 code=0x7ffc0000
[  399.602838][   T30] audit: type=1326 audit(2000000087.130:17939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13372 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cc8a81ea9 code=0x7ffc0000
[  399.626794][   T30] audit: type=1326 audit(2000000087.130:17940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13372 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f6cc8a7f627 code=0x7ffc0000
[  399.650667][   T30] audit: type=1326 audit(2000000087.130:17941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13372 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f6cc8a45309 code=0x7ffc0000
[  399.674620][   T30] audit: type=1326 audit(2000000087.130:17942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13372 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f6cc8a81ea9 code=0x7ffc0000
[  399.698705][   T30] audit: type=1326 audit(2000000087.130:17943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13372 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f6cc8a7f627 code=0x7ffc0000
[  399.726683][ T3619] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  399.823239][T13382] loop1: detected capacity change from 0 to 256
[  399.966426][T13388] loop1: detected capacity change from 0 to 256
[  400.015929][T13388] FAT-fs (loop1): Directory bread(block 64) failed
[  400.025149][T13388] FAT-fs (loop1): Directory bread(block 65) failed
[  400.038682][T13388] FAT-fs (loop1): Directory bread(block 66) failed
[  400.045036][T13388] FAT-fs (loop1): Directory bread(block 67) failed
[  400.051733][T13388] FAT-fs (loop1): Directory bread(block 68) failed
[  400.058147][T13388] FAT-fs (loop1): Directory bread(block 69) failed
[  400.064535][T13388] FAT-fs (loop1): Directory bread(block 70) failed
[  400.070877][T13388] FAT-fs (loop1): Directory bread(block 71) failed
[  400.084950][T13388] FAT-fs (loop1): Directory bread(block 72) failed
[  400.096741][T13388] FAT-fs (loop1): Directory bread(block 73) failed
[  400.622475][ T3619] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  400.639214][ T3619] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  400.703918][ T3619] usb 5-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  400.713042][ T3619] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  400.729471][ T3619] usb 5-1: config 0 descriptor??
[  400.744901][T13399] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13399 comm=syz-executor.0
[  401.166700][ T1008] usb 4-1: new high-speed USB device number 53 using dummy_hcd
[  401.243784][T13408] loop1: detected capacity change from 0 to 512
[  401.257670][ T3619] lg-g15 0003:046D:C222.0076: item fetching failed at offset 10/11
[  401.265557][ T3619] lg-g15: probe of 0003:046D:C222.0076 failed with error -22
[  401.274623][T13408] EXT4-fs (loop1): Ignoring removed mblk_io_submit option
[  401.281679][T13408] EXT4-fs (loop1): VFS: Can't find ext4 filesystem
[  401.370356][T13408] loop1: detected capacity change from 0 to 128
[  401.406682][ T1008] usb 4-1: Using ep0 maxpacket: 32
[  401.462180][ T3619] usb 5-1: USB disconnect, device number 40
[  401.526778][ T1008] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  401.537990][ T1008] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  401.548613][ T1008] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  401.557491][ T1008] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  401.566069][ T1008] usb 4-1: config 0 descriptor??
[  401.607157][ T1008] hub 4-1:0.0: USB hub found
[  401.625938][T13410] bridge0: port 1(bridge_slave_0) entered blocking state
[  401.633843][T13410] bridge0: port 1(bridge_slave_0) entered disabled state
[  401.641165][T13410] device bridge_slave_0 entered promiscuous mode
[  401.648072][T13410] bridge0: port 2(bridge_slave_1) entered blocking state
[  401.654952][T13410] bridge0: port 2(bridge_slave_1) entered disabled state
[  401.662258][T13410] device bridge_slave_1 entered promiscuous mode
[  401.723519][ T1442] bridge0: port 1(syz_tun) entered disabled state
[  401.737730][ T1442] device syz_tun left promiscuous mode
[  401.743127][ T1442] bridge0: port 1(syz_tun) entered disabled state
[  401.794082][T13410] bridge0: port 2(bridge_slave_1) entered blocking state
[  401.800942][T13410] bridge0: port 2(bridge_slave_1) entered forwarding state
[  401.808035][T13410] bridge0: port 1(bridge_slave_0) entered blocking state
[  401.814818][T13410] bridge0: port 1(bridge_slave_0) entered forwarding state
[  401.841237][T13417] bridge0: port 1(bridge_slave_0) entered blocking state
[  401.848190][T13417] bridge0: port 1(bridge_slave_0) entered disabled state
[  401.855424][T13417] device bridge_slave_0 entered promiscuous mode
[  401.862255][T13417] bridge0: port 2(bridge_slave_1) entered blocking state
[  401.869254][T13417] bridge0: port 2(bridge_slave_1) entered disabled state
[  401.876528][T13417] device bridge_slave_1 entered promiscuous mode
[  401.944771][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  401.952574][ T3619] bridge0: port 1(bridge_slave_0) entered disabled state
[  401.959849][ T3619] bridge0: port 2(bridge_slave_1) entered disabled state
[  401.984455][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  401.992804][ T3619] bridge0: port 1(bridge_slave_0) entered blocking state
[  401.999647][ T3619] bridge0: port 1(bridge_slave_0) entered forwarding state
[  402.010558][  T329] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  402.018575][  T329] bridge0: port 2(bridge_slave_1) entered blocking state
[  402.025401][  T329] bridge0: port 2(bridge_slave_1) entered forwarding state
[  402.043862][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  402.052275][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  402.086332][  T329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  402.094317][ T1008] hub 4-1:0.0: config failed, can't read hub descriptor (err -22)
[  402.109252][  T329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  402.116529][  T329] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  402.124646][  T329] bridge0: port 1(bridge_slave_0) entered blocking state
[  402.131505][  T329] bridge0: port 1(bridge_slave_0) entered forwarding state
[  402.138817][  T329] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  402.146824][  T329] bridge0: port 2(bridge_slave_1) entered blocking state
[  402.153652][  T329] bridge0: port 2(bridge_slave_1) entered forwarding state
[  402.170053][T13410] device veth0_vlan entered promiscuous mode
[  402.178185][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  402.186036][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  402.193377][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  402.200561][ T1008] usbhid 4-1:0.0: can't add hid device: -71
[  402.206357][ T1008] usbhid: probe of 4-1:0.0 failed with error -71
[  402.212861][ T3619] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  402.236295][  T329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  402.247127][ T1008] usb 4-1: USB disconnect, device number 53
[  402.254018][  T329] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  402.262996][T13410] device veth1_macvtap entered promiscuous mode
[  402.274682][  T329] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  402.286357][   T45] device bridge_slave_1 left promiscuous mode
[  402.292973][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[  402.301443][   T45] device bridge_slave_0 left promiscuous mode
[  402.308831][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[  402.317638][   T45] device veth1_macvtap left promiscuous mode
[  402.323704][   T45] device veth0_vlan left promiscuous mode
[  402.457954][ T5395] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  402.466892][ T5395] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  402.489154][  T429] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  402.500264][  T429] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  402.519679][T13417] device veth0_vlan entered promiscuous mode
[  402.525962][ T1008] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  402.535917][ T1008] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  402.560521][T13417] device veth1_macvtap entered promiscuous mode
[  402.564283][T13425] loop1: detected capacity change from 0 to 8192
[  402.571193][  T329] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  402.617178][T13425]  loop1: p2
[  402.618244][  T329] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  402.620365][T13425] loop1: p2 size 65536 extends beyond EOD, 
[  402.627563][  T329] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  402.638262][T13425] truncated
[  402.641865][  T329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  402.673554][  T329] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  402.696261][ T8546] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  402.708969][ T8546] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  402.739251][  T429] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  402.760068][  T429] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  403.160208][   T45] tipc: Disabling bearer <udp:syz1>
[  403.165513][   T45] tipc: Left network mode
[  403.185925][T13443] loop1: detected capacity change from 0 to 40427
[  403.221721][T13455] loop3: detected capacity change from 0 to 8192
[  403.237976][T13443] F2FS-fs (loop1): invalid crc value
[  403.244912][T13443] F2FS-fs (loop1): Found nat_bits in checkpoint
[  403.278336][T13455]  loop3: p2
[  403.281574][T13455] loop3: p2 size 65536 extends beyond EOD, truncated
[  403.309468][T13443] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  403.386583][T13479] loop4: detected capacity change from 0 to 512
[  403.427703][T13410] attempt to access beyond end of device
[  403.427703][T13410] loop1: rw=524288, want=45072, limit=40427
[  403.439051][T13410] attempt to access beyond end of device
[  403.439051][T13410] loop1: rw=0, want=45072, limit=40427
[  403.467276][  T514] attempt to access beyond end of device
[  403.467276][  T514] loop1: rw=2049, want=41088, limit=40427
[  403.490463][T13479] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  403.501669][T13479] ext4 filesystem being mounted at /root/syzkaller-testdir693843455/syzkaller.TklV1v/48/file0 supports timestamps until 2038 (0x7fffffff)
[  403.518878][T13479] EXT4-fs error (device loop4): ext4_do_update_inode:5191: inode #2: comm syz-executor.4: corrupted inode contents
[  403.531681][T13479] EXT4-fs error (device loop4): ext4_dirty_inode:6024: inode #2: comm syz-executor.4: mark_inode_dirty error
[  403.543364][T13479] EXT4-fs error (device loop4): ext4_do_update_inode:5191: inode #2: comm syz-executor.4: corrupted inode contents
[  403.572176][T13479] EXT4-fs error (device loop4): __ext4_ext_dirty:183: inode #2: comm syz-executor.4: mark_inode_dirty error
[  403.746861][ T1074] usb 4-1: new high-speed USB device number 54 using dummy_hcd
[  403.961581][T13500] loop4: detected capacity change from 0 to 8192
[  404.002938][T13501] bridge0: port 1(bridge_slave_0) entered blocking state
[  404.010170][T13500]  loop4: p2
[  404.010218][T13501] bridge0: port 1(bridge_slave_0) entered disabled state
[  404.013298][T13500] loop4: p2 size 65536 extends beyond EOD, truncated
[  404.020546][T13501] device bridge_slave_0 entered promiscuous mode
[  404.033964][T13501] bridge0: port 2(bridge_slave_1) entered blocking state
[  404.040978][T13501] bridge0: port 2(bridge_slave_1) entered disabled state
[  404.048219][T13501] device bridge_slave_1 entered promiscuous mode
[  404.059215][   T45] device bridge_slave_1 left promiscuous mode
[  404.065232][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[  404.156715][ T1074] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  404.166945][ T1074] usb 4-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d
[  404.175740][ T1074] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  404.184094][ T1074] usb 4-1: config 0 descriptor??
[  404.372690][T13501] bridge0: port 2(bridge_slave_1) entered blocking state
[  404.379665][T13501] bridge0: port 2(bridge_slave_1) entered forwarding state
[  404.386767][T13501] bridge0: port 1(bridge_slave_0) entered blocking state
[  404.393526][T13501] bridge0: port 1(bridge_slave_0) entered forwarding state
[  404.416509][T13522] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'.
[  404.425502][  T329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  404.438485][ T1008] usb 4-1: USB disconnect, device number 54
[  404.446137][  T329] bridge0: port 1(bridge_slave_0) entered disabled state
[  404.453713][T13522] loop4: detected capacity change from 0 to 1024
[  404.463057][  T329] bridge0: port 2(bridge_slave_1) entered disabled state
[  404.487622][T13522] EXT4-fs (loop4): Ignoring removed orlov option
[  404.494203][T13522] EXT4-fs (loop4): Test dummy encryption mode enabled
[  404.494635][  T329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  404.503373][T13522] EXT4-fs warning (device loop4): ext4_enable_quotas:6410: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  404.509075][  T329] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  404.531346][T13522] EXT4-fs (loop4): mount failed
[  404.536409][  T329] bridge0: port 1(bridge_slave_0) entered blocking state
[  404.543398][  T329] bridge0: port 1(bridge_slave_0) entered forwarding state
[  404.550568][  T329] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  404.558623][  T329] bridge0: port 2(bridge_slave_1) entered blocking state
[  404.565448][  T329] bridge0: port 2(bridge_slave_1) entered forwarding state
[  404.572738][  T329] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  404.580500][  T329] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  404.592865][T13501] device veth0_vlan entered promiscuous mode
[  404.599540][  T429] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  404.607370][  T429] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  404.615623][ T8546] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  404.622962][ T8546] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  404.636694][T13501] device veth1_macvtap entered promiscuous mode
[  404.643521][ T8546] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  404.651483][ T8546] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  404.659398][ T8546] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  404.672620][  T429] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  404.680656][  T429] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  404.688749][  T429] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  404.697011][  T429] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  404.776424][T13534] loop1: detected capacity change from 0 to 2048
[  404.799178][T13534] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
[  404.809229][T13534] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  404.820117][T13534] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 not in group (block 1)!
[  404.830227][T13534] EXT4-fs (loop1): group descriptors corrupted!
[  404.877204][ T1074] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  405.015891][T13550] loop3: detected capacity change from 0 to 256
[  405.340200][ T1074] usb 5-1: Using ep0 maxpacket: 16
[  405.347213][   T30] kauditd_printk_skb: 5914 callbacks suppressed
[  405.347228][   T30] audit: type=1326 audit(2000000092.950:23858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13545 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7d307f2ea9 code=0x0
[  405.405943][T13563] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[  405.516771][ T1074] usb 5-1: config 0 interface 0 altsetting 44 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  405.527799][ T1074] usb 5-1: config 0 interface 0 altsetting 44 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  405.540598][ T1074] usb 5-1: config 0 interface 0 has no altsetting 0
[  405.589125][T13577] loop3: detected capacity change from 0 to 512
[  405.617897][   T45] device bridge_slave_1 left promiscuous mode
[  405.623914][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[  405.631450][   T45] device bridge_slave_0 left promiscuous mode
[  405.637772][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[  405.639282][T13577] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  405.655602][T13577] ext4 filesystem being mounted at /root/syzkaller-testdir217573104/syzkaller.Qt1uSo/69/bus supports timestamps until 2038 (0x7fffffff)
[  405.669772][   T45] device veth1_macvtap left promiscuous mode
[  405.675849][   T45] device veth0_vlan left promiscuous mode
[  405.786758][ T1074] usb 5-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  406.393316][ T1074] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  406.474520][ T1074] usb 5-1: Product: syz
[  406.508010][ T1074] usb 5-1: Manufacturer: syz
[  406.558362][ T1074] usb 5-1: SerialNumber: syz
[  406.563770][ T1074] usb 5-1: config 0 descriptor??
[  406.623351][T13593] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[  406.924159][T13522] bridge0: port 2(bridge_slave_1) entered disabled state
[  406.931217][T13522] bridge0: port 1(bridge_slave_0) entered disabled state
[  406.966508][   T30] audit: type=1326 audit(2000000094.560:23859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13600 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6140b74ea9 code=0x0
[  407.475290][ T5395] usb 5-1: USB disconnect, device number 41
[  407.617107][   T30] audit: type=1326 audit(2000000095.180:23860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13607 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7d307f2ea9 code=0x0
[  407.774986][T13616] loop4: detected capacity change from 0 to 2048
[  407.827974][T13616] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
[  407.837623][T13616] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  407.848557][T13616] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 not in group (block 1)!
[  407.860261][T13616] EXT4-fs (loop4): group descriptors corrupted!
[  407.860801][T13620] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[  407.962392][T13631] loop4: detected capacity change from 0 to 256
[  408.024081][T13631] FAT-fs (loop4): Directory bread(block 64) failed
[  408.030479][T13631] FAT-fs (loop4): Directory bread(block 65) failed
[  408.036829][T13631] FAT-fs (loop4): Directory bread(block 66) failed
[  408.043130][T13631] FAT-fs (loop4): Directory bread(block 67) failed
[  408.049500][T13631] FAT-fs (loop4): Directory bread(block 68) failed
[  408.055785][T13631] FAT-fs (loop4): Directory bread(block 69) failed
[  408.062164][T13631] FAT-fs (loop4): Directory bread(block 70) failed
[  408.068483][T13631] FAT-fs (loop4): Directory bread(block 71) failed
[  408.074831][T13631] FAT-fs (loop4): Directory bread(block 72) failed
[  408.081154][T13631] FAT-fs (loop4): Directory bread(block 73) failed
[  408.669437][T13638] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'.
[  408.688190][T13638] loop1: detected capacity change from 0 to 1024
[  408.712899][T13634] loop3: detected capacity change from 0 to 40427
[  408.720050][T13638] EXT4-fs (loop1): Ignoring removed orlov option
[  408.726351][T13638] EXT4-fs (loop1): Test dummy encryption mode enabled
[  408.735200][T13638] EXT4-fs warning (device loop1): ext4_enable_quotas:6410: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  408.757596][T13634] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  408.765210][T13634] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  408.773922][T13638] EXT4-fs (loop1): mount failed
[  408.787292][T13634] F2FS-fs (loop3): Found nat_bits in checkpoint
[  408.875881][T13634] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  408.882832][T13634] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  408.904595][T13651] loop4: detected capacity change from 0 to 256
[  409.166745][  T429] usb 2-1: new high-speed USB device number 55 using dummy_hcd
[  409.178418][T13656] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[  409.317059][T13658] loop4: detected capacity change from 0 to 40427
[  409.357550][T13658] F2FS-fs (loop4): Invalid log sectorsize (2)
[  409.363490][T13658] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  409.373948][T13658] F2FS-fs (loop4): Found nat_bits in checkpoint
[  409.406906][T13658] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  409.413814][T13658] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  409.426658][  T429] usb 2-1: Using ep0 maxpacket: 16
[  409.437851][T12958] attempt to access beyond end of device
[  409.437851][T12958] loop4: rw=2049, want=45104, limit=40427
[  409.546810][  T429] usb 2-1: config 0 interface 0 altsetting 44 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  409.555296][T13671] SELinux: security_context_str_to_sid(root) failed for (dev ?, type ?) errno=-22
[  409.557784][   T30] audit: type=1400 audit(2000000097.150:23861): avc:  denied  { remount } for  pid=13670 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  409.567278][T13671] SELinux:  duplicate or incompatible mount options
[  409.586933][  T429] usb 2-1: config 0 interface 0 altsetting 44 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  409.656772][  T429] usb 2-1: config 0 interface 0 has no altsetting 0
[  409.725703][T13685] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[  409.743769][T13687] loop3: detected capacity change from 0 to 512
[  409.779778][T13687] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  409.793568][T13687] EXT4-fs error (device loop3): ext4_orphan_get:1397: inode #15: comm syz-executor.3: casefold flag without casefold feature
[  409.806869][T13687] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #12: comm syz-executor.3: casefold flag without casefold feature
[  409.820342][  T429] usb 2-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  409.829577][T13687] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #12: comm syz-executor.3: ea_inode with extended attributes
[  409.842375][  T429] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  409.850169][  T429] usb 2-1: Product: syz
[  409.854209][  T429] usb 2-1: Manufacturer: syz
[  409.854217][T13687] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor.3: error while reading EA inode 12 err=-117
[  409.858584][  T429] usb 2-1: SerialNumber: syz
[  409.859523][  T429] usb 2-1: config 0 descriptor??
[  409.880558][T13687] EXT4-fs (loop3): 1 orphan inode deleted
[  409.886107][T13687] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_nolock,delalloc,,errors=continue. Quota mode: none.
[  409.916723][ T1008] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  410.041548][T13695] SELinux: security_context_str_to_sid(root) failed for (dev ?, type ?) errno=-22
[  410.050807][T13695] SELinux:  duplicate or incompatible mount options
[  410.149497][T13638] bridge0: port 2(bridge_slave_1) entered disabled state
[  410.156521][T13638] bridge0: port 1(bridge_slave_0) entered disabled state
[  410.169631][T13707] sch_tbf: peakrate 8 is lower than or equals to rate 4294967294 !
[  410.616759][ T1008] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  410.627443][ T1008] usb 5-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d
[  410.636302][ T1008] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  410.645508][ T1008] usb 5-1: config 0 descriptor??
[  410.673101][ T5395] usb 2-1: USB disconnect, device number 55
[  410.692448][T13721] loop1: detected capacity change from 0 to 256
[  410.725342][T13727] SELinux: security_context_str_to_sid(root) failed for (dev ?, type ?) errno=-22
[  410.734587][T13727] SELinux:  duplicate or incompatible mount options
[  411.118118][   T30] audit: type=1326 audit(2000000098.530:23862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13734 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fed5de96ea9 code=0x0
[  411.152841][ T5395] usb 5-1: USB disconnect, device number 42
[  411.536698][ T1008] usb 4-1: new high-speed USB device number 55 using dummy_hcd
[  411.907168][ T1008] usb 4-1: Using ep0 maxpacket: 32
[  412.036937][ T1008] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  412.080654][ T1008] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  412.100488][ T1008] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  412.115891][ T1008] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  412.167126][ T1008] hub 4-1:4.0: USB hub found
[  412.196902][T13758] loop4: detected capacity change from 0 to 40427
[  412.237452][T13758] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  412.245028][T13758] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  412.255666][T13758] F2FS-fs (loop4): Found nat_bits in checkpoint
[  412.298999][T13758] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  412.305875][T13758] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  412.349866][   T30] audit: type=1326 audit(2000000099.950:23863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13774 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d307f2ea9 code=0x7ffc0000
[  412.373941][   T30] audit: type=1326 audit(2000000099.950:23864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13774 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d307f2ea9 code=0x7ffc0000
[  412.398021][   T30] audit: type=1326 audit(2000000099.950:23865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13774 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7d307f2ea9 code=0x7ffc0000
[  412.423997][   T30] audit: type=1326 audit(2000000100.020:23866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13774 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d307f2ea9 code=0x7ffc0000
[  412.447967][   T30] audit: type=1326 audit(2000000100.020:23867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13774 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d307f2ea9 code=0x7ffc0000
[  412.472036][ T1008] hub 4-1:4.0: config failed, hub doesn't have any ports! (err -19)
[  412.472039][   T30] audit: type=1326 audit(2000000100.020:23868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13774 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7d307f2ea9 code=0x7ffc0000
[  412.472071][   T30] audit: type=1326 audit(2000000100.020:23869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13774 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d307f2ea9 code=0x7ffc0000
[  412.531415][   T30] audit: type=1326 audit(2000000100.020:23870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13774 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f7d307f0627 code=0x7ffc0000
[  412.555595][   T30] audit: type=1326 audit(2000000100.020:23871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13774 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7d307b6309 code=0x7ffc0000
[  412.806797][    T6] usb 4-1: USB disconnect, device number 55
[  412.966757][ T5395] usb 1-1: new high-speed USB device number 52 using dummy_hcd
[  413.572582][T13807] loop1: detected capacity change from 0 to 1024
[  413.650792][T13807] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  413.679177][T13816] fscrypt: key with description 'fscrypt:0000111122223333' is too short (got 57 bytes, need 64+ bytes)
[  413.725655][T13826] loop1: detected capacity change from 0 to 256
[  413.733641][T13828] loop3: detected capacity change from 0 to 256
[  413.761176][T13828] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x4f8593fa, utbl_chksum : 0xe619d30d)
[  413.773303][ T5395] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  413.783752][ T5395] usb 1-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d
[  413.793132][ T5395] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  413.799991][T13826] loop1: detected capacity change from 0 to 256
[  413.801709][ T5395] usb 1-1: config 0 descriptor??
[  413.818547][T13826] exfat: Deprecated parameter 'codepage'
[  413.824236][T13826] exfat: Unknown parameter 'shortname'
[  413.881483][T13845] loop3: detected capacity change from 0 to 1024
[  413.913664][T13852] overlayfs: statfs failed on './file0'
[  413.948415][T13845] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  413.973700][T13861] loop4: detected capacity change from 0 to 256
[  414.010031][T13861] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x4f8593fa, utbl_chksum : 0xe619d30d)
[  414.052419][ T8546] usb 1-1: USB disconnect, device number 52
[  414.085626][T13874] loop4: detected capacity change from 0 to 256
[  414.180571][T13874] loop4: detected capacity change from 0 to 256
[  414.186684][ T5395] usb 2-1: new high-speed USB device number 56 using dummy_hcd
[  414.237241][T13874] exfat: Deprecated parameter 'codepage'
[  414.242725][T13874] exfat: Unknown parameter 'shortname'
[  414.339443][T13890] loop4: detected capacity change from 0 to 256
[  414.359541][T13890] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x4f8593fa, utbl_chksum : 0xe619d30d)
[  414.505439][T13909] loop3: detected capacity change from 0 to 256
[  414.546750][ T5395] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  414.557536][ T5395] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  414.567105][ T5395] usb 2-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00
[  414.576208][ T5395] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  414.584658][ T5395] usb 2-1: config 0 descriptor??
[  414.620037][T13909] loop3: detected capacity change from 0 to 256
[  414.654449][T13909] exfat: Deprecated parameter 'codepage'
[  414.661232][T13909] exfat: Unknown parameter 'shortname'
[  414.917461][T13935] loop3: detected capacity change from 0 to 16
[  414.967575][T13935] erofs: Unknown parameter 'ÿÿÿÿ01777777777777777777777
[  414.967575][T13935] 18446744073709551615!Z¡[òžÒÿo’Aÿ`i'
[  415.208026][ T5395] magicmouse 0003:05AC:0265.0077: unknown main item tag 0x0
[  415.215763][ T5395] magicmouse 0003:05AC:0265.0077: hidraw0: USB HID v0.00 Device [HID 05ac:0265] on usb-dummy_hcd.1-1/input0
[  415.259873][ T5395] usb 2-1: USB disconnect, device number 56
[  415.492603][T13954] fscrypt: key with description 'fscrypt:0000111122223333' is too short (got 57 bytes, need 64+ bytes)
[  415.513307][T13956] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[  415.653207][T13974] loop4: detected capacity change from 0 to 512
[  415.658879][T13976] loop3: detected capacity change from 0 to 256
[  415.701763][T13974] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2213: inode #11: comm syz-executor.4: corrupted in-inode xattr
[  415.709496][T13976] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x72684843, utbl_chksum : 0xe619d30d)
[  415.731411][T13974] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz-executor.4: couldn't read orphan inode 11 (err -117)
[  415.743700][T13974] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  415.766536][T13979] fscrypt: key with description 'fscrypt:0000111122223333' is too short (got 57 bytes, need 64+ bytes)
[  415.812521][T13985] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[  415.858069][T13996] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'.
[  415.873249][T13996] loop1: detected capacity change from 0 to 1024
[  415.979923][T13996] EXT4-fs (loop1): Ignoring removed orlov option
[  415.987788][T13996] EXT4-fs (loop1): Test dummy encryption mode enabled
[  416.003149][T13996] EXT4-fs warning (device loop1): ext4_enable_quotas:6410: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  416.027170][T13996] EXT4-fs (loop1): mount failed
[  416.356653][    T6] usb 2-1: new high-speed USB device number 57 using dummy_hcd
[  416.396702][ T5395] usb 1-1: new high-speed USB device number 53 using dummy_hcd
[  416.406671][   T26] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  416.597488][    T6] usb 2-1: Using ep0 maxpacket: 16
[  416.692534][T14021] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[  416.713915][T14023] futex_wake_op: syz-executor.3 tries to shift op by -1; fix this program
[  416.722520][    T6] usb 2-1: config 0 interface 0 altsetting 44 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  416.733527][    T6] usb 2-1: config 0 interface 0 altsetting 44 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  416.748234][    T6] usb 2-1: config 0 interface 0 has no altsetting 0
[  416.766812][ T5395] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  416.777603][ T5395] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  416.787236][ T5395] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  416.796144][ T5395] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  416.802006][T14027] loop3: detected capacity change from 0 to 512
[  416.804686][ T5395] usb 1-1: config 0 descriptor??
[  416.816792][   T26] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  416.827635][   T26] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  416.838264][   T26] usb 5-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00
[  416.838461][T14027] EXT4-fs (loop3): Ignoring removed nobh option
[  416.847139][   T26] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  416.862318][   T26] usb 5-1: config 0 descriptor??
[  416.862859][T14027] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -13
[  416.875565][T14027] EXT4-fs error (device loop3): ext4_clear_blocks:883: inode #13: comm syz-executor.3: attempt to clear invalid blocks 2 len 1
[  416.888957][T14027] EXT4-fs (loop3): Remounting filesystem read-only
[  416.895453][T14027] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  416.906760][    T6] usb 2-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  416.918590][    T6] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  416.918751][T14027] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz-executor.3: invalid indirect mapped block 1819239214 (level 0)
[  416.926348][    T6] usb 2-1: Product: syz
[  416.926365][    T6] usb 2-1: Manufacturer: syz
[  416.926381][    T6] usb 2-1: SerialNumber: syz
[  416.940770][T14027] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz-executor.3: invalid indirect mapped block 1819239214 (level 1)
[  416.945282][    T6] usb 2-1: config 0 descriptor??
[  416.949160][T14027] EXT4-fs (loop3): 1 truncate cleaned up
[  416.977569][T14027] EXT4-fs (loop3): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000100000,resgid=0x0000000000000000,jqfmt=vfsv1,errors=remount-ro,nobh,usrjquota=... Quota mode: writeback.
[  417.003799][T14027] EXT4-fs error (device loop3): htree_dirblock_to_tree:1111: inode #2: block 13: comm syz-executor.3: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0
[  417.023955][T14027] EXT4-fs (loop3): Remounting filesystem read-only
[  417.343294][   T26] magicmouse 0003:05AC:0265.0078: unknown main item tag 0x0
[  417.398260][   T26] magicmouse 0003:05AC:0265.0078: hidraw0: USB HID v0.00 Device [HID 05ac:0265] on usb-dummy_hcd.4-1/input0
[  417.558141][ T8546] usb 5-1: USB disconnect, device number 43
[  417.829611][ T8546] usb 2-1: USB disconnect, device number 57
[  417.961295][  T514] Bluetooth: hci0: Frame reassembly failed (-84)
[  418.246829][ T5395] uclogic 0003:256C:006D.0079: interface is invalid, ignoring
[  418.451503][ T5395] usb 1-1: USB disconnect, device number 53
[  418.967435][T14054] loop4: detected capacity change from 0 to 1024
[  418.979796][T14057] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[  419.049225][T14054] EXT4-fs error (device loop4): ext4_orphan_get:1423: comm syz-executor.4: bad orphan inode 2097152
[  419.060464][T14054] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  419.075148][   T30] kauditd_printk_skb: 3120 callbacks suppressed
[  419.075163][   T30] audit: type=1400 audit(2000000106.670:26992): avc:  denied  { setattr } for  pid=14053 comm="syz-executor.4" name="/" dev="loop4" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  419.113671][T14054] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'.
[  419.127981][T14060] bridge0: port 1(bridge_slave_0) entered blocking state
[  419.134838][T14060] bridge0: port 1(bridge_slave_0) entered disabled state
[  419.142168][T14060] device bridge_slave_0 entered promiscuous mode
[  419.152363][T14060] bridge0: port 2(bridge_slave_1) entered blocking state
[  419.160141][T14060] bridge0: port 2(bridge_slave_1) entered disabled state
[  419.168560][T14060] device bridge_slave_1 entered promiscuous mode
[  419.221728][T14060] bridge0: port 2(bridge_slave_1) entered blocking state
[  419.228692][T14060] bridge0: port 2(bridge_slave_1) entered forwarding state
[  419.235772][T14060] bridge0: port 1(bridge_slave_0) entered blocking state
[  419.242582][T14060] bridge0: port 1(bridge_slave_0) entered forwarding state
[  419.272358][  T329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  419.283717][  T329] bridge0: port 1(bridge_slave_0) entered disabled state
[  419.291428][  T329] bridge0: port 2(bridge_slave_1) entered disabled state
[  419.344709][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  419.381038][   T26] bridge0: port 1(bridge_slave_0) entered blocking state
[  419.387938][   T26] bridge0: port 1(bridge_slave_0) entered forwarding state
[  419.395958][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  419.404660][   T26] bridge0: port 2(bridge_slave_1) entered blocking state
[  419.411537][   T26] bridge0: port 2(bridge_slave_1) entered forwarding state
[  419.454464][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  419.486901][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  419.522910][T14060] device veth0_vlan entered promiscuous mode
[  419.533973][  T329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  419.542301][  T329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  419.550361][  T329] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  419.557714][  T329] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  419.571125][  T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  419.580155][T14060] device veth1_macvtap entered promiscuous mode
[  419.590474][  T329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  419.600921][ T5395] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  419.658166][  T334] device bridge_slave_1 left promiscuous mode
[  419.664264][  T334] bridge0: port 2(bridge_slave_1) entered disabled state
[  419.673729][  T334] device bridge_slave_0 left promiscuous mode
[  419.679824][  T334] bridge0: port 1(bridge_slave_0) entered disabled state
[  419.688695][  T334] device veth1_macvtap left promiscuous mode
[  419.694598][  T334] device veth0_vlan left promiscuous mode
[  419.716494][T14079] loop2: detected capacity change from 0 to 512
[  419.749547][T14079] EXT4-fs (loop2): Ignoring removed orlov option
[  419.755808][T14079] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  419.769101][T14079] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=6040e09c, mo2=0002]
[  419.777046][T14079] System zones: 1-12
[  419.781587][T14079] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #15: comm syz-executor.2: casefold flag without casefold feature
[  419.795135][T14079] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz-executor.2: missing EA_INODE flag
[  419.807248][T14079] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor.2: error while reading EA inode 12 err=-117
[  419.820193][T14079] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz-executor.2: missing EA_INODE flag
[  419.833194][T14079] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor.2: error while reading EA inode 12 err=-117
[  419.846262][T14079] EXT4-fs (loop2): 1 orphan inode deleted
[  419.851961][T14079] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_nolock,abort,debug_want_extra_isize=0x000000000000005c,debug,noinit_itable,errors=continue,usrjquota=,orlov,minixdf,resgid=0x0000000000000000,,errors=continue. Quota mode: none.
[  420.036731][ T8546] Bluetooth: hci0: command 0x1003 tx timeout
[  420.042861][T14044] Bluetooth: hci0: sending frame failed (-49)
[  420.971070][T14106] loop2: detected capacity change from 0 to 16
[  421.044622][T14110] loop1: detected capacity change from 0 to 1024
[  421.051809][T14106] erofs: (device loop2): mounted with root inode @ nid 36.
[  421.108522][T14110] EXT4-fs error (device loop1): ext4_orphan_get:1423: comm syz-executor.1: bad orphan inode 2097152
[  421.139176][T14110] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  421.283355][T14110] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[  421.393035][T14118] loop2: detected capacity change from 0 to 512
[  421.437932][T14118] EXT4-fs (loop2): Ignoring removed orlov option
[  421.444162][T14118] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  421.457811][T14118] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=6040e09c, mo2=0002]
[  421.465591][T14118] System zones: 1-12
[  421.470378][T14118] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #15: comm syz-executor.2: casefold flag without casefold feature
[  421.483873][T14118] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz-executor.2: missing EA_INODE flag
[  421.496397][T14118] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor.2: error while reading EA inode 12 err=-117
[  421.509118][T14118] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz-executor.2: missing EA_INODE flag
[  421.522801][T14118] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor.2: error while reading EA inode 12 err=-117
[  421.535851][T14118] EXT4-fs (loop2): 1 orphan inode deleted
[  421.541448][T14118] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_nolock,abort,debug_want_extra_isize=0x000000000000005c,debug,noinit_itable,errors=continue,usrjquota=,orlov,minixdf,resgid=0x0000000000000000,,errors=continue. Quota mode: none.
[  421.622932][T14139] loop2: detected capacity change from 0 to 16
[  421.735283][T14139] erofs: (device loop2): mounted with root inode @ nid 36.
[  422.126715][ T8546] Bluetooth: hci0: command 0x1001 tx timeout
[  422.132724][T14044] Bluetooth: hci0: sending frame failed (-49)
[  422.226687][   T26] usb 2-1: new high-speed USB device number 58 using dummy_hcd
[  422.485984][T14152] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[  422.586785][   T26] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  422.597542][   T26] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  422.607063][   T26] usb 2-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00
[  422.615885][   T26] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  422.624396][   T26] usb 2-1: config 0 descriptor??
[  423.107619][   T26] magicmouse 0003:05AC:0265.007A: unknown main item tag 0x0
[  423.115370][   T26] magicmouse 0003:05AC:0265.007A: hidraw0: USB HID v0.00 Device [HID 05ac:0265] on usb-dummy_hcd.1-1/input0
[  423.226683][  T329] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[  423.309687][   T26] usb 2-1: USB disconnect, device number 58
[  423.606888][  T329] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  423.632054][  T329] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  423.642508][  T329] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  423.651631][  T329] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  423.678488][  T329] usb 3-1: config 0 descriptor??
[  424.206673][ T8546] Bluetooth: hci0: command 0x1009 tx timeout
[  424.326758][ T5395] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  424.566640][ T5395] usb 5-1: Using ep0 maxpacket: 8
[  424.696861][ T5395] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[  424.705391][ T5395] usb 5-1: config 179 has no interface number 0
[  424.711763][ T5395] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  424.723283][ T5395] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  424.734881][ T5395] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  424.746202][ T5395] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  424.757995][ T5395] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  424.771666][ T5395] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  424.780738][ T5395] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  424.805363][T14170] loop2: detected capacity change from 0 to 2048
[  424.816752][T14189] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  424.857777][T14170] Alternate GPT is invalid, using primary GPT.
[  424.864223][T14170]  loop2: p1 p2 p3
[  424.916921][  T329] uclogic 0003:256C:006D.007B: failed retrieving string descriptor #100: -71
[  424.925794][  T329] uclogic 0003:256C:006D.007B: failed retrieving pen parameters: -71
[  424.934078][  T329] uclogic 0003:256C:006D.007B: failed probing pen v1 parameters: -71
[  424.942142][  T329] uclogic 0003:256C:006D.007B: failed probing parameters: -71
[  424.949418][  T329] uclogic: probe of 0003:256C:006D.007B failed with error -71
[  424.957627][  T329] usb 3-1: USB disconnect, device number 43
[  425.157113][   T30] audit: type=1326 audit(2000000112.760:26993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14232 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d307f2ea9 code=0x7ffc0000
[  425.181561][   T30] audit: type=1326 audit(2000000112.760:26994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14232 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d307f2ea9 code=0x7ffc0000
[  425.206024][   T30] audit: type=1326 audit(2000000112.760:26995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14232 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7d307f2ea9 code=0x7ffc0000
[  425.230503][   T30] audit: type=1326 audit(2000000112.780:26996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14232 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d307f2ea9 code=0x7ffc0000
[  425.255359][ T5395] usb 5-1: USB disconnect, device number 44
[  425.260910][   T30] audit: type=1326 audit(2000000112.810:26997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14232 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7d307f2ea9 code=0x7ffc0000
[  425.285423][   T30] audit: type=1326 audit(2000000112.830:26998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14232 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d307f2ea9 code=0x7ffc0000
[  425.286672][    C0] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  425.309568][   T30] audit: type=1326 audit(2000000112.830:26999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14232 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f7d307f0627 code=0x7ffc0000
[  425.342191][   T30] audit: type=1326 audit(2000000112.830:27000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14232 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7d307b6309 code=0x7ffc0000
[  425.366377][   T30] audit: type=1326 audit(2000000112.830:27001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14232 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f7d307f0627 code=0x7ffc0000
[  425.390391][   T30] audit: type=1326 audit(2000000112.830:27002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14232 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7d307b6309 code=0x7ffc0000
[  425.452435][T14247] syz-executor.1[14247] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  425.452513][T14247] syz-executor.1[14247] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  425.746728][ T8546] usb 2-1: new high-speed USB device number 59 using dummy_hcd
[  425.816702][  T329] usb 1-1: new high-speed USB device number 54 using dummy_hcd
[  426.006666][ T8546] usb 2-1: Using ep0 maxpacket: 32
[  426.056676][  T329] usb 1-1: Using ep0 maxpacket: 32
[  426.056752][ T5395] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[  426.176782][  T329] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  426.187535][  T329] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  426.197049][  T329] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  426.205879][  T329] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  426.247064][  T329] hub 1-1:4.0: USB hub found
[  426.346818][ T8546] usb 2-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed
[  426.355862][ T8546] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  426.365951][ T8546] usb 2-1: Product: syz
[  426.370134][ T8546] usb 2-1: Manufacturer: syz
[  426.374538][ T8546] usb 2-1: SerialNumber: syz
[  426.386863][ T8546] usb 2-1: config 0 descriptor??
[  426.457125][ T5395] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  426.476648][ T5395] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  426.486311][ T5395] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  426.495094][ T5395] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  426.503574][ T5395] usb 5-1: config 0 descriptor??
[  426.514886][  T329] hub 1-1:4.0: config failed, hub doesn't have any ports! (err -19)
[  426.826805][ T1008] usb 1-1: USB disconnect, device number 54
[  426.904849][T14290] loop2: detected capacity change from 0 to 256
[  426.927185][T14290] exfat: Unknown parameter '
[  426.927185][T14290] '
[  426.987697][T14294] loop2: detected capacity change from 0 to 256
[  427.030168][T14294] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d)
[  427.066770][ T8546] (unnamed net_device) (uninitialized): Assigned a random MAC address: 86:4e:a1:e9:1b:80
[  427.078083][ T8546] rtl8150 2-1:0.0: eth1: rtl8150 is detected
[  427.084343][ T8546] usb 2-1: USB disconnect, device number 59
[  427.114624][T14298] loop2: detected capacity change from 0 to 1024
[  427.147780][T14298] EXT4-fs (loop2): Ignoring removed orlov option
[  427.153992][T14298] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option
[  427.168440][T14298] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  427.199354][T14298] EXT4-fs error (device loop2): get_max_inline_xattr_value_size:69: inode #12: comm syz-executor.2: corrupt xattr in inline inode
[  427.217358][T14298] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2213: inode #12: comm syz-executor.2: corrupted in-inode xattr
[  427.237457][T14060] ==================================================================
[  427.245333][T14060] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xcd0/0xce0
[  427.253142][T14060] Read of size 4 at addr ffff888130015000 by task syz-executor.2/14060
[  427.261215][T14060] 
[  427.263397][T14060] CPU: 0 PID: 14060 Comm: syz-executor.2 Not tainted 5.15.149-syzkaller-00165-g85445b5a2107 #0
[  427.273539][T14060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  427.283446][T14060] Call Trace:
[  427.286566][T14060]  <TASK>
[  427.289364][T14060]  dump_stack_lvl+0x151/0x1b7
[  427.293852][T14060]  ? io_uring_drop_tctx_refs+0x190/0x190
2033/05/18 03:35:14 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF
[  427.299318][T14060]  ? panic+0x751/0x751
[  427.303226][T14060]  print_address_description+0x87/0x3b0
[  427.308610][T14060]  kasan_report+0x179/0x1c0
[  427.312947][T14060]  ? ext4_xattr_delete_inode+0xcd0/0xce0
[  427.318429][T14060]  ? ext4_xattr_delete_inode+0xcd0/0xce0
[  427.323883][T14060]  __asan_report_load4_noabort+0x14/0x20
[  427.329358][T14060]  ext4_xattr_delete_inode+0xcd0/0xce0
[  427.334648][T14060]  ? sb_end_intwrite+0x120/0x120
[  427.339419][T14060]  ? ext4_expand_extra_isize_ea+0x1bb0/0x1bb0
[  427.345325][T14060]  ? ext4_journal_check_start+0x16c/0x230
[  427.350874][T14060]  ? __kasan_check_read+0x11/0x20
[  427.355737][T14060]  ? ext4_inode_is_fast_symlink+0x295/0x3d0
[  427.361465][T14060]  ? ext4_evict_inode+0xb8d/0x14e0
[  427.366415][T14060]  ext4_evict_inode+0xea1/0x14e0
[  427.371185][T14060]  ? _raw_spin_unlock+0x4d/0x70
[  427.375879][T14060]  ? ext4_inode_is_fast_symlink+0x3d0/0x3d0
[  427.381598][T14060]  ? _raw_spin_unlock+0x4d/0x70
[  427.386286][T14060]  ? inode_io_list_del+0x18b/0x1a0
[  427.391233][T14060]  ? ext4_inode_is_fast_symlink+0x3d0/0x3d0
[  427.396966][T14060]  evict+0x2a3/0x63