last executing test programs:

7.82967045s ago: executing program 3 (id=3595):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x840, &(0x7f0000000540)={[{@test_dummy_encryption}]}, 0x1, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=")
mkdir(&(0x7f00000002c0)='./bus\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x2d)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
r4 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'syz_tun\x00', <r5=>0x0})
r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="180200000000000000000000000000008500000017000000950000000000000060bda108010da26a15544b2a4c738e0fa0f897aa278b325764f2dcd6b865984f599ffe6cad199d36bc80e98b17249acf845992d69cc4a092d0655f0e225d2f568bd76a618d10b49d26440819e5f1e36c54"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r6, r5, 0x25, 0x0, @void}, 0x10)
syz_emit_ethernet(0xfdef, &(0x7f0000000a40)=ANY=[], 0x0)

7.643315157s ago: executing program 3 (id=3597):
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000188500000083000000bf0900000000000055"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffa)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.io_serviced_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000080), 0x10010)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000005, 0x10012, r1, 0x0)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000300)='\x00\x00\x00\x06\x00\x00\x00\x01\x00x\x92\x12\xbc\x00\x00\xbb\x0642\x9c\x1a\xd1\xcbx\xb0\xd6\x1e\x10gQ\xca\x0e;\xf7\'\x8c\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn\x05\x00\x00\x00-<\r\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \xac\xc4K\x03\xfa\x13Vz\xbf\xe3c\x8d \x0f\xb1\xe9\xf2oci(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafd%\xf1\xdbjE\x01\xd1sD5hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\x851Y9OB\xdeB\xe1\x02-&\"1hS\x92\xe4$-\x02\x00\xe4\x8e\"\x85\xc9x\xef\x81E.r\x89\xe5\x00\x9e\x97\x96\xb8j\x81\xf0\xdca\xfb\xa6\xff\xff\xff\xff\x00\x00\x00\x00d\xf0\xf1j\x11\x12\xc0\xbb\xfdq~#\xf7\xa8\"$,\xf4\x84|\x89o\x00<\xa6-\xb0\xd3\x80\xbe\xcf\a\x00\xfc\xa6\xb1\x05\x94\x84l\xbfA\xeb\xd8\t\x00\x00\x00CvNhx461\x04N<\xedV\xcet\xaa~\xf3j\x94\xec\x92\x86uY\xf6\xb5\t?,~\xa67\\\xb9\xc9K\xf8\x9d\x96\xc0\xb5\xc7wF\x99\x12\x97T\x90.\x9c\xe3\x9a\xf1\xb9\x9c\x13\xbc\x19\xde/\xaahB\t\x97\a03\xcd\xb3\xc8\xd5l\x14!\xf9Xg2\x1d\xeeB\xccT\x0e\xd8\xef\xc8\xe9\xb4\xf3l\xc3\xf2\x998\xc8\xc2|2\xee\xb4W\x99f.\xeb\xe9\x05\xcbkz3+\xdd\xe1*8\x95@0t0\xad\xe3#\xd7\x19\xe7Q\xdfmI\xe5\x1e\xe4\x87\xc9\x8f\xa7\xe0\xd9v\xf6\x01\x9d\x8f`,\x1a8\x81I\x86l\x8f2\r:\xc1\x02\xd6Z%\xa7Ks\x8bUolS\x05\xbe\x97\x1fGe\x94\xa6\xa3\xab\xdb\r\x17\xff[\xb1\x00\xff\x7f\x00\x00\x00\x00')

7.590445711s ago: executing program 3 (id=3598):
syz_usb_connect(0x0, 0x2d, &(0x7f0000000800)=ANY=[@ANYBLOB="12010000256930108205050088000002030109021b000100000000090402000191baf20509050b020004"], 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)

7.273645118s ago: executing program 0 (id=3600):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r0, 0x28, 0x1, &(0x7f0000000380)=0xffffffff00000041, 0x8)
bind$vsock_stream(r0, &(0x7f0000000940), 0x10)
listen(r0, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
writev(r1, &(0x7f00000002c0)=[{&(0x7f0000000080)='?', 0x20000081}], 0x1)
writev(r1, &(0x7f0000000200)=[{&(0x7f00000003c0)="cdf61d2c26b1", 0x6}], 0x1)

7.112819012s ago: executing program 0 (id=3601):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000f2fc850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000400)='rcu_utilization\x00', r1}, 0x10)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

6.648873152s ago: executing program 0 (id=3602):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000090003206d0414c340000000000109022400010000a000090400000103010100092100080001220100090581", @ANYRES64], 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
syz_open_procfs(0x0, 0x0)
write$selinux_access(0xffffffffffffffff, &(0x7f00000008c0)=ANY=[@ANYBLOB='system_u::bject_r:ptch0 unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 0'], 0x67)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000300)={@empty, @dev, <r4=>0x0}, &(0x7f0000000500)=0xc)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x19, 0x4, 0x4, 0xc, 0x400, 0xffffffffffffffff, 0x0, '\x00', r4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000000000000000000004b84ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000400)='tlb_flush\x00', r5}, 0x10)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r6 = gettid()
process_vm_writev(r6, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)
madvise(&(0x7f000042f000/0x800000)=nil, 0x800002, 0x14)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000080)={0x2c, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0})

5.72533661s ago: executing program 3 (id=3611):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000540)={0x2c, &(0x7f0000000200)={0x0, 0x0, 0x5, {0x5, 0x0, "a8c6df"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, &(0x7f00000000c0)={0x0, 0x3, 0xf0}, 0x0, 0x0}, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000300)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r2}, 0x10)
syz_usb_control_io$hid(r0, &(0x7f0000000280)={0x24, 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0003"], 0x0, 0x0}, 0x0)

5.051860958s ago: executing program 0 (id=3612):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000300)='qdisc_dequeue\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000300)='qdisc_dequeue\x00', r2}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000640)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd020f4c0c8c56147d66527da307bf731fef97861750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3665f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447c2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72e7ead0509d380578673f8b6e74ce23877a6b24db0000000000000003629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d7b90dfae158b94f50adab988dd8e12b1b56073d0d10f7067c881434af5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf77bfc95769a9294df517d90bdc01e73835efd98ad5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b31592479ecf2392548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbe1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5646ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4766e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec859c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f250057931d828ec78e116ae46c4897e2795b6ff92e9a1f63a6ed8fb4f8f3a6ec4e76f8621e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403f02734137ff47257f164391c673b6071b6ad0f05eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb79f5589829b6b0679b5d65a81826fc9b38f791c8f1892b51ad65a89bc84646ebf78f5d5d4804d9abb071fd711b5e7cc163b42a6510b8f5ee6747df0b560eabe0499bf1fef7c18bb9f55effa018679845c6598fb78bf1b8d9d9f04a5f6062c2bbb91952755b3f7c948268cb647d0a0bb1286480615941154a01d23734bcafe3b164474e2f2efa77850686ee4541f3e79efa63545a7ae53d5f0c40cc86473f7eb093980bd0d97bb4750128d9c519984c5f731ea259e71b2f12d67ce12e52c283e74594dfc933e625737ed231d61263721d46daf093f770357cd78fe1431aef52b4a0a933f1a5334ad03f3876fc8a8e187f80318427b4c922075cf829e3cc49d71d52137b48e1fb6b05dd1c7b251a7059f0a4b4f3431f67fc65b75c202e43816e34ff41db85bacd77b25242830b788ae1e00"/2566], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x18000000000002a0, 0xe40, 0x0, &(0x7f0000000100)="b9ff03076844268cb89e14f005dd1be0ffff00fe3a21632f77fbac14141de007031762079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0x8, 0x60000000}, 0x1e)

4.968917055s ago: executing program 0 (id=3614):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000000), &(0x7f0000000180)}, 0x20)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x57e, 0x2009, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0xfd, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, &(0x7f0000000c00)={0x24, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="002205"], 0x0}, 0x0)

4.436769591s ago: executing program 2 (id=3618):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000090003206d0414c340000000000109022400010000a000090400000103010100092100080001220100090581", @ANYRES64], 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
r4 = openat$selinux_member(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
write$selinux_access(r4, &(0x7f00000008c0)=ANY=[@ANYBLOB='system_u::bject_r:ptch0 unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 0'], 0x67)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000300)={@empty, @dev, <r5=>0x0}, &(0x7f0000000500)=0xc)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x19, 0x4, 0x4, 0xc, 0x400, 0xffffffffffffffff, 0x0, '\x00', r5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000000000000000000004b84ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000400)='tlb_flush\x00', r6}, 0x10)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r7 = gettid()
process_vm_writev(r7, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)
madvise(&(0x7f000042f000/0x800000)=nil, 0x800002, 0x14)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000080)={0x2c, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0})

3.837482882s ago: executing program 4 (id=3620):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000066930108205050088000002030109021b000100000000090402000191baf20509050b02"], 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$inet(r3, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)

3.247885903s ago: executing program 4 (id=3621):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000090003206d0414c340000000000109022400010000a000090400000103010100092100080001220100090581", @ANYRES64], 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
syz_open_procfs(0x0, 0x0)
write$selinux_access(0xffffffffffffffff, &(0x7f00000008c0)=ANY=[@ANYBLOB='system_u::bject_r:ptch0 unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 0'], 0x67)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000300)={@empty, @dev, <r4=>0x0}, &(0x7f0000000500)=0xc)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x19, 0x4, 0x4, 0xc, 0x400, 0xffffffffffffffff, 0x0, '\x00', r4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000000000000000000004b84ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000400)='tlb_flush\x00', r5}, 0x10)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r6 = gettid()
process_vm_writev(r6, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)
madvise(&(0x7f000042f000/0x800000)=nil, 0x800002, 0x14)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000080)={0x2c, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0})

3.187909267s ago: executing program 3 (id=3623):
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f00000005c0)='./file1\x00', 0x1018ed8, &(0x7f0000000180)={[{@sysvgroups}, {@noload}, {@nobh}, {@noload}, {@journal_dev={'journal_dev', 0x3d, 0x4}}, {@norecovery}, {@errors_continue}, {@quota}]}, 0x6, 0x644, &(0x7f00000006c0)="$eJzs3c9rHG0dAPDvzCZ5kzS+6SsiNigGPLQgTZNarHqxrQd7KFiwBxEPDU1SQ7c/SFKwtdAEPCgoiHgt0ov/gHfp3ZsI6s2zUEUqFrR0ZWZnm81mN7ttsrtJ5vOBzT7zzLN5nm9mn8wzM/vsBFBas9mPNOJUxNubScR007qpqK+cLcq9+teTW9kjiVrtu/9MIinyGuWT4vlEsTAeEX+8EvHpyu561x89vrNYrdU9jTi3cffBufVHj8+u3l28vXx7+d7C+a9duDj/9YULC00N/XAniuer177z+V/85IdfXflT9WwSl+LG6I+XoiWOgzIbs/G2CLE5fyQiLmaJNn+Xo+YYhFBqleL9OBoRn43pqORLddOx+vOhNg7oq1olora3pFsB4KjSvaGsGuOAxrF9b8fBN/o8Khmcl5frB0C74x8pTjmM58dGk6+SpiOj+rmNkwdQf1bHmyfjz948mXkWO85DvH63dUYOoJ5ONrci4nPt4k/ytp3MI83iT3cc6ycRMR8RY0X7vrWPNiRN6X6ch9lLj/FXsvibt0MaEZeK5yz/ygfW33paa9DxA1BOLy4XO/LNbGl7/5eNPRrjn9ge/zxtvG5q/5dkcsPe/3Ue/zX29+P5uCdtGYdlY5br7X/laGvG33529Ved6q+P/2aeNR5Z/Y2x4CC83IqYaYn/p1mwxfgniz9pM/7Nity81Fsd3/7zP652Wjfs+GvPI063Pf7ZHpVmqT2uT55bWa0uz9d/tq3j93/4wW871d8+/o/6EGl72faf7BB/0/ZPW1+X/U0etP+VW60Zv7v+/G6n+qe6bv/072NJ/XhzrMj50dbGxtpCxFhyrShS5C9ubKyd3zveepnXtfx5oR7/mS+17/873v8tUU00/mX24MH37rzqtO5D3v9NF5Pf1npsQydZ/Evdt/+u/p/l/bLHOv7z/Ydf6LSuffzJvmICAAAAAACAskrza7BJOvcunaZzc/X5sp+JybR6f33jyyv3H95bijiTfx5yNI00yT8yMl1fTlZWq8sLxedhG8vnW5a/EhGfRMSvKxP58tyt+9WlYQcPAAAAAAAAAAAAAAAAAAAAh8SJYv5/4z7V/67U5/8DJdH9BnO77v8AHBP9vMEkcLjl/X+vXfzHg2sLMFj2/1Be+j+Ul/4P5aX/Q3np/1Be+j+Ul/4P5aX/AwAAAMCx9MkXX/w1iYjNb0zkj8xYsc6kXzjeRt+rdKVv7QAGT4+G8np36d9gH0qnp/H/f4svB+x/c4AhSNpl5oOD2t6d/0XbV27b2n/bAAAAAAAAAAAAAIC606c6z/9/v7nBwFFj2h+U1z7m//vqADjifPU/lJdjfKDLLP4Y77Si2/x/AAAAAAAAAAAAAODATOWPJJ0r5gJPRZrOzUV8KiJOxmiyslpdno+IjyPiL5XRj7LlhWE3GgAAAAAAAAAAAAAAAAAAAI6Z9UeP7yxWq8trzYn/7co53onGXVC7F671UGbPxDfjPV8VyeD/LBMRMfSN0rfESFNOErGZbflD0bC19TgczcgTQ/7HBAAAAAAAAAAAAAAAAAAAJdQ097i9md8MuEUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMHjb9//vkliarL+gp8I7E8OOEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4mv4fAAD//6AzO/k=")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000000002000000000000000000000d0a0000000000000002000005"], 0x0, 0x4a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120100009b23fd406d04c1088dee000000010902240001000000000904000000ff0100000724", @ANYRES16=r0], 0x0)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0)

2.949199378s ago: executing program 0 (id=3626):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

2.881737854s ago: executing program 2 (id=3628):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000780)={{r0}, &(0x7f00000005c0), &(0x7f0000000740)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f00000007c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000002c00000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000008c0)='page_pool_state_hold\x00', r2}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r1, 0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

2.872353335s ago: executing program 2 (id=3629):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000180), &(0x7f00000001c0)}, 0x20)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x2000002, &(0x7f0000000080), 0x1, 0x53a, &(0x7f0000000a80)="$eJzs3c9vHFcdAPDvjH82desEeoAKSIFCQFF2400bVb00uYBQVQlRcUAcUmNvLJPdrPGuS20s4f4NIIHECf4EDkgckHriwI0jEgeEVA5IBixQjATSopkdu1t7XW/j9S71fj7SaObN23nf9+LMvJm39rwAxtZzEbETEdMR8UZEzBf7k2KJO50l+9yjve2l/b3tpSTa7df/nuT52b7oOibzZFHmbER846sR30mOx21ubj1YrNWq60W63KqvlZubWzdW64sr1ZXqw0rl9sLtmy/derEysLZerf9y9yurr37zN7/+9Lu/3/nyD7JqzRV53e0YpE7Tpw7jZCYj4tXzCDYCE8V6esT14PGkEfGxiPhcfv7Px0T+vxMAuMja7floz3enAYCLLs3HwJK0VIwFzEWalkqdMbxn4lJaazRb1+83Nh4ud8bKLsdUen+1Vr15ZeaP38vvGKaSLL2Q5+X5ebpyJH0rIq5ExI9nnsjTpaVGbXl0tz0AMNaePNL//2um0//3oce3egDAR8bsqCsAAAyd/h8Axo/+HwDGTx/9f/Fl/8651wUAGA7P/wAwfvT/ADB+9P8AMFa+/tpr2dLeL95/vfzm5saDxps3lqvNB6X6xlJpqbG+VlppNFbyd/bUTyuv1misLbwQG2+VW9Vmq9zc3LpXb2w8bN3L3+t9rzo1lFYBAB/kytV3/pBExM7LT+RLdM3loK+Giy0ddQWAkZkYdQWAkTHbF4yv/p/xf3eu9QBGp+fLvGd7br7fTz9EEL9nBP9Xrn2y//F/czzDxWL8H8bX443/vzLwegDDZ/wfxle7nRyd83/6MAsAuJDO8Dv+7R8O6iYEGKnTJvMeyPf/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcMHMRcR3I0lLxVzgc5GmpVLEUxFxOaaS+6u16s2IeDquRsTUTJZeGHWlAYAzSv+aFPN/XZt/fu5o7nTy75l8HRHf/9nrP3lrsdVaX8j2/+Nw/8zB9GGV9447w7yCAECfnuvzc3n/XSnWXQ/yj/a2lw6W7s+nA67nUbt347/FVMRL+3vb+dLJmYzJfD2b30tc+mdSpDtzkT4bERMDiL/zdkR8olf7k3xs5HIx82l3/ChiPzXU+On74qd5Xmed3Xx9fAB1gXHzzt2IuNPr/EuLa2rv8382v0Kd3e7dTmEH1779rvgH17+JHvGTD3HN333ht187trM938l7O+LZyV7xk8P4yQnxn+8z/p8+9ZkfvXJCXvvnEdeid/zuWOVWfa3c3Ny6sVpfXKmuVB9WKrcXbt986daLlXI+Rl0+GKk+7m8vX3/6pLpl7b90QvzZnu2fPjz2C322/xf/eePbn/2A+F/6fO+f/zM943dkfeIX+4y/eOlXJ07fncVfPqH9p/38r/cZ/92/bC33+VEAYAiam1sPFmu16vqZNrKn0EGUc2wjq+JACzxl488xyALvnO3wqfP6Vz33jcnDe8XBlvytrMQhNycdeCvOtPGosxHnHmu01yXg/L130o+6JgAAAAAAAAAAAAAAwEmG8adLo24jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF9f/AgAA//91qMwl")
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081130000bfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071106200000000001d300500000000004704000001ed00000f030000000000001d44020000000000620a00fe040400007203000000000000b500f7ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a8641aa05a1336b3b4c4becea710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3380d28e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51bf900000000000000d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002120207bff00000000bfa100000000000007010000f8ffffffb70200000400b2cd"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, r4, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_serviced_recursive\x00', 0x275a, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000240)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./bus\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000180)='./bus\x00', &(0x7f0000000400), 0x0, &(0x7f0000000300)={[{@workdir={'workdir', 0x3d, './bus'}}, {@index_on}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file1'}}]})

2.709859719s ago: executing program 1 (id=3631):
syz_mount_image$ext4(&(0x7f0000000800)='ext4\x00', &(0x7f0000000540)='./bus\x00', 0x20c8d0, &(0x7f0000000580)={[{@jqfmt_vfsv0}, {@grpid}, {@usrjquota}, {@barrier}, {@test_dummy_encryption}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}]}, 0xff, 0x4ab, &(0x7f0000000080)="$eJzs3DtsHEUfAPD/nu34+/KyCeGREMAQEBEPO3ECSYHEQ0KiAIQERSgPx4lCLjGKjYQjixgUhQYJIiFaBKJBUFNQUSGgQqKhgB5FipCbhFSH9m7vOJ99j1wuPj9+P2m9M3t7NzO7O7szO94NYMMaSf8kEVsj4o+IGIqIXP0KI+XZtYW5iX8W5iaSKBZf+ztJvxZXF+YmKqsm2XxLOdKfznIXknh2mXSnZ8+dyhcKk2ez+NjM6bfHpmfPPXHydP7E5InJM+NHjhw6eODwU+NPdqWct6V53f3e1J5dL75x6eWJo5fe/PnbpCbTteWo2wIdGoj5mm1S7+EupLCabKsJJ/1NV+3GxqVLBiNKFXWgVP+Hou/C9upnQ/HCBz3NHHBLFYvF4njjj+eLwDqWRK9zAPRG5UJ/deGzibQPvLgfvP5dea7cAUrLfS2byp2e/mpHdaCuf9tNcxFxdP765+kUS+5DAAB03w9p++fxcrtjcfsvF3fWrLc9GxsazsZSdkTE7RGxMyLuiCite1dE3H2D6Y/UxZe2f3KXOypYm9L239PZ2FZlytKtrDLcl8W2lco/kBw/WZjcn22TfTEwmMYPLPvrSZQGgeK3jxulP1LT/kunNP1KWzDLx+X+wcXfOZafyd90wTNX3o/Y3b9c+bMBvGwMa1dE7O4wjZOPfr1n8ZK+aqh1+ZtoPs7UluIXEY+U9/981JW/Imk+Pjn2vyhM7h+rHBVL/fLrxVcbpX9T5e+CdP9vXvb4r5Z/OKkdr51e8hObWqVx8c8PG/ZpRiKeiQ6O/03J64sSfzc/M3O9GLEpeWnJ8rM1N7gr8dL8QLn8+/YuX/93xH9b4p6ISA/ieyPivoi4P9t3D0TEgxGxt0n5f3r+obealL+n+z++KZ+h2tr/lf1QPhCqR0SrQN+pH79vlHx7579DpdC+bEk75792M9jhVgMAAIA1JRcRWyPJjVbDudzoaPl/+HfG5lxhanrmseNT75w5Vn5GYDgGcpU7XUNZPLL7n8PleKn3PV6aR5zP7pcezO4bf9r3/1J8dGKqcKzXhYcNbkuD+p/6q6/XuQNuuS6MowFrVLP6/+XhFcwIsOI6v/5rOcBa16IWe2EDrGOu4rBxLVf/z/cgH8DKa3z9n9Q0gHWuWsk/aWPlmse96h/eBNYeF3nYuFrX/1du1fuvgN5p/yn+1RJIkkVL4quI5t9Kep/nDgIfrY5sNA5ErtFHgzf6goieBPKrIxutApWKOnvuVH/bb7WYLZ7PFwq/f3czqff2vAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANAt/wYAAP//gN/guA==")
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000640)='./file0\x00', 0x0, 0x101800, 0x0)
mount$bind(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)='./file0\x00', 0x0, 0x1000, 0x0)
mount$bind(&(0x7f0000000180)='.\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x45110, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='mounts\x00')
read$FUSE(r0, &(0x7f0000002140)={0x2020}, 0x2100)

2.57417993s ago: executing program 1 (id=3632):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x11, &(0x7f0000000980)={[{@nombcache}, {@sysvgroups}, {@norecovery}, {@grpid}, {@norecovery}]}, 0x9, 0x60b, &(0x7f00000001c0)="$eJzs3c1vVOUaAPDnTKcftPfeFnJz7+UupIkxkCgtLWCIMRHilhD82LmqtBCkUEJrtEhiSXCjMW5cmLhyIf4XSuLWhVsXblwZksYYFmJQxpzpmTofnTKdzkfb+f2SQ99zDnPe5ww8fd955z3nBNCzxtM/chEHI+J6EjFati8f2c7xtb/34NdbF9IliULhtV+SuPV+slJ+rCT7OZK9+M/RSL7PRRzoq613cfnmlZn5+bkb2frk0tXrk4vLN49evjpzae7S3LXp56dPnTxx8tTUsW2dX76sfPbOW++MfnjujS8/f5RMffXjuSROx+MstvS8ql87uK2a0/dsPAprHlbHdGqbx94pfhutfI9TSfUGdqyL2f/H/oj4b4xGX9m/5mh88EpXgwPaqpBEqY0Cek7SVP4PtT4QoMNK/YDSZ/uNPgfXyrW5VwJ0wuqZtQGAtdzvj4hS/ufXxgZjqDg2MPwgqRjnSSJieyNza9I6vvv23J10iTrjcEB7rNwujXJXt/9JMTfHYqi4NvwgV5H/ubIl3f5qk/WPV63Lf+icldsR8b+s/R+IpvP/zSbrl/8AAAAAAADQOvfORMRzG83/y63P/xnYYP7PSEScbkH9T/7+L3c/KyQtqA4os3om4sWa+b9/lM8OHuvLvuf/Z3E+QH/u4uX5uWMR8a+IOBL9g+n6VOVhKyYIH/34wGf16i+f/5cuaf2luYDZoe7nqy7EnZ1ZmmnN2UNvW70d8f/i/N9D2ZbK+T9p+5/UtP8fvZwm+PUG6zjwzN3z9fY9Of+Bdil8EXF4w+t//u5uJ5vfn2Oy2B+YLPUKaj313idf16tf/kP3pO3/8Ob5P5iU369ncWvHH4iI48v5Qr39zfb/B5LX+0rHT707s7R0YypiIDlbu316azHDXlXKh1K+pPl/5OnNx//W+/9lebgvIlYarPM/j0d+qrdP+w/dk+b/7Obt/1hl+7/VwlBM3x37JrvFWI3zDbX/J4pt+pFsi/E/KFd7P45GE7Qr4QIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADALpeLiH9EkptYL+dyExMRIxHx7xjOzS8sLj17ceHta7Ppvsrn/4+urSel5/+Pla1PV60fj4j9EfFp377i+sSFhfnZbp88AAAAAAAAAAAAAAAAAAAA7BAjxWv+C4PV1/+nfu7rdnRA2+Wzn/Idek++6VcWBlsaCNBxzec/sNs1nv/9bY0D6Lz6+f/wUaGoo+EAHaT/D72ryfz3dQHsAdp/6FUNjukNtTsOoBsabv9X2xsHAAAAAADQEvsP3fshiYiVF/YVl9RAts9kf9jbct0OAOgac3ihd+UXuh0B0C0+4wPJeun3DS/2rz/7P2lPQAAAAAAAAAAAAABAjcMHXf8PvSoXsckjvM3th71sk+v/N0p+twuAPaT+oz8aafsTPQTYxXzGB57Ujrv+HwAAAAAAAAAAAAB2gKGbV2bm5+duLC7vvsJLOyOMrRVWZnZEGC0tPG7PkfsjYmecYKcLpVtwdDGMLv9eAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1v0VAAD//wwXMFk=")
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
pivot_root(&(0x7f0000000300)='./file0/file0\x00', 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140))
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000280)={0x2})

2.369504578s ago: executing program 1 (id=3633):
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002000000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000deab4402850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000040)='9p_protocol_dump\x00', r0}, 0x10)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r3 = dup(r2)
write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

1.933348655s ago: executing program 2 (id=3635):
syz_usb_connect(0x0, 0x2d, &(0x7f0000000940)=ANY=[@ANYBLOB="1201000074020440fd07010099480102030109021b0001000000000904"], 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x70}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r2, <r3=>0xffffffffffffffff}, &(0x7f0000000040)=0x18, &(0x7f0000000140)}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000006020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b70300000000ecff850000000400000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r4}, 0x10)

1.710497324s ago: executing program 4 (id=3636):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r0, 0x400, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r1}, 0x0, &(0x7f00000002c0)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='leases_conflict\x00', r2}, 0x10)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0, 0x0)

1.64139826s ago: executing program 4 (id=3637):
r0 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r0, &(0x7f0000000000)={0x18, 0x2, {0x0, @dev={0xac, 0x14, 0x14, 0x11}}}, 0x1e)
connect$pptp(r0, &(0x7f00000000c0)={0x18, 0x2, {0x1, @multicast1}}, 0x1e)
r1 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r1, &(0x7f0000000000)={0x18, 0x2, {0x0, @dev={0xac, 0x14, 0x14, 0x2c}}}, 0x1e)
connect$pptp(r1, &(0x7f0000000040)={0x18, 0x2, {0x0, @multicast2}}, 0x1e)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0)
ioctl$EVIOCGPROP(r2, 0x40047438, &(0x7f0000000180)=""/246)

1.64089852s ago: executing program 2 (id=3638):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x11c2, 0x2208, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x80000000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r1}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
syz_usb_control_io(r0, &(0x7f0000000240)={0x2c, &(0x7f00000000c0)={0x0, 0x0, 0x5, {0x5, 0x0, "6874a7"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

1.64057186s ago: executing program 4 (id=3639):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000090003206d0414c340000000000109022400010000a000090400000103010100092100080001220100090581", @ANYRES64], 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
r4 = openat$selinux_member(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
write$selinux_access(r4, &(0x7f00000008c0)=ANY=[@ANYBLOB='system_u::bject_r:ptch0 unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 0'], 0x67)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000300)={@empty, @dev, <r5=>0x0}, &(0x7f0000000500)=0xc)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x19, 0x4, 0x4, 0xc, 0x400, 0xffffffffffffffff, 0x0, '\x00', r5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000000000000000000004b84ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000400)='tlb_flush\x00', r6}, 0x10)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r7 = gettid()
process_vm_writev(r7, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)
madvise(&(0x7f000042f000/0x800000)=nil, 0x800002, 0x14)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000080)={0x2c, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0})

1.597127594s ago: executing program 1 (id=3634):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000240)="67f30f09660fae7e0066b9c100000066b80d00000066ba000000000f3066670f30f2e18d0f20c06635000001000f22c066b9800000c00f326635008000000f30c02d1866b9ac0200000f32f30f01df", 0x4f}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000000)=@delchain={0x40, 0x65, 0x0, 0x0, 0x0, {}, [@TCA_CHAIN={0x8}, @TCA_RATE={0x6}, @filter_kind_options=@f_bpf={{0x8}, {0x4}}]}, 0x40}}, 0x0)

1.53024342s ago: executing program 3 (id=3641):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
write$char_usb(0xffffffffffffffff, &(0x7f0000000000)="4c5f165d12733650022884d9059e897913fa11cfe2d283afe908060282897f5a4085ffeb2e2bed3f5dde15ec11d3b39c15", 0x31)
syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f00000006c0)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0)
syz_usb_ep_write(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x2d, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="00222200000096231306e53f070c0000002a9000070d00be0083"], 0x0}, 0x0)

1.425496478s ago: executing program 1 (id=3642):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8c}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x442, 0x0)
pipe2(&(0x7f0000000000)={<r3=>0x0, <r4=>0x0}, 0x0)
write$binfmt_aout(r2, &(0x7f0000000380)=ANY=[], 0x20)
fcntl$setstatus(r3, 0x4, 0x42800)
splice(r2, &(0x7f0000000040), r4, 0x0, 0x808, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r6}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r8 = openat$cgroup_int(r7, &(0x7f0000000140)='cgroup.clone_children\x00', 0x2, 0x0)
r9 = openat$cgroup_procs(r7, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
sendfile(r9, r8, 0x0, 0x4)

998.190485ms ago: executing program 2 (id=3640):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000000)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000140)='mm_page_alloc\x00', r1}, 0x10)
syz_usb_connect$cdc_ecm(0x0, 0x56, &(0x7f00000006c0)=ANY=[@ANYBLOB="12010000020100102505a1a4400000000001090244000101000000090400001602020000052406000005240000000d240f01060000000000000000090581032000000000090582020800000000090503020002"], 0x0)

612.227168ms ago: executing program 1 (id=3643):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000180), &(0x7f00000001c0)}, 0x20)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x2000002, &(0x7f0000000080), 0x1, 0x53a, &(0x7f0000000a80)="$eJzs3c9vHFcdAPDvjH82desEeoAKSIFCQFF2400bVb00uYBQVQlRcUAcUmNvLJPdrPGuS20s4f4NIIHECf4EDkgckHriwI0jEgeEVA5IBixQjATSopkdu1t7XW/j9S71fj7SaObN23nf9+LMvJm39rwAxtZzEbETEdMR8UZEzBf7k2KJO50l+9yjve2l/b3tpSTa7df/nuT52b7oOibzZFHmbER846sR30mOx21ubj1YrNWq60W63KqvlZubWzdW64sr1ZXqw0rl9sLtmy/derEysLZerf9y9yurr37zN7/+9Lu/3/nyD7JqzRV53e0YpE7Tpw7jZCYj4tXzCDYCE8V6esT14PGkEfGxiPhcfv7Px0T+vxMAuMja7floz3enAYCLLs3HwJK0VIwFzEWalkqdMbxn4lJaazRb1+83Nh4ud8bKLsdUen+1Vr15ZeaP38vvGKaSLL2Q5+X5ebpyJH0rIq5ExI9nnsjTpaVGbXl0tz0AMNaePNL//2um0//3oce3egDAR8bsqCsAAAyd/h8Axo/+HwDGTx/9f/Fl/8651wUAGA7P/wAwfvT/ADB+9P8AMFa+/tpr2dLeL95/vfzm5saDxps3lqvNB6X6xlJpqbG+VlppNFbyd/bUTyuv1misLbwQG2+VW9Vmq9zc3LpXb2w8bN3L3+t9rzo1lFYBAB/kytV3/pBExM7LT+RLdM3loK+Giy0ddQWAkZkYdQWAkTHbF4yv/p/xf3eu9QBGp+fLvGd7br7fTz9EEL9nBP9Xrn2y//F/czzDxWL8H8bX443/vzLwegDDZ/wfxle7nRyd83/6MAsAuJDO8Dv+7R8O6iYEGKnTJvMeyPf/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcMHMRcR3I0lLxVzgc5GmpVLEUxFxOaaS+6u16s2IeDquRsTUTJZeGHWlAYAzSv+aFPN/XZt/fu5o7nTy75l8HRHf/9nrP3lrsdVaX8j2/+Nw/8zB9GGV9447w7yCAECfnuvzc3n/XSnWXQ/yj/a2lw6W7s+nA67nUbt347/FVMRL+3vb+dLJmYzJfD2b30tc+mdSpDtzkT4bERMDiL/zdkR8olf7k3xs5HIx82l3/ChiPzXU+On74qd5Xmed3Xx9fAB1gXHzzt2IuNPr/EuLa2rv8382v0Kd3e7dTmEH1779rvgH17+JHvGTD3HN333ht187trM938l7O+LZyV7xk8P4yQnxn+8z/p8+9ZkfvXJCXvvnEdeid/zuWOVWfa3c3Ny6sVpfXKmuVB9WKrcXbt986daLlXI+Rl0+GKk+7m8vX3/6pLpl7b90QvzZnu2fPjz2C322/xf/eePbn/2A+F/6fO+f/zM943dkfeIX+4y/eOlXJ07fncVfPqH9p/38r/cZ/92/bC33+VEAYAiam1sPFmu16vqZNrKn0EGUc2wjq+JACzxl488xyALvnO3wqfP6Vz33jcnDe8XBlvytrMQhNycdeCvOtPGosxHnHmu01yXg/L130o+6JgAAAAAAAAAAAAAAwEmG8adLo24jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF9f/AgAA//91qMwl")
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081130000bfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071106200000000001d300500000000004704000001ed00000f030000000000001d44020000000000620a00fe040400007203000000000000b500f7ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a8641aa05a1336b3b4c4becea710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3380d28e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51bf900000000000000d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df7"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002120207bff00000000bfa100000000000007010000f8ffffffb70200000400b2cd"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, r5, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_serviced_recursive\x00', 0x275a, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000240)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./bus\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000180)='./bus\x00', &(0x7f0000000400), 0x0, &(0x7f0000000300)={[{@workdir={'workdir', 0x3d, './bus'}}, {@index_on}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file1'}}]})

0s ago: executing program 4 (id=3644):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x840, &(0x7f0000000540)={[{@test_dummy_encryption}]}, 0x1, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=")
mkdir(&(0x7f00000002c0)='./bus\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
r6 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000140)={'syz_tun\x00', <r7=>0x0})
r8 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="180200000000000000000000000000008500000017000000950000000000000060bda108010da26a15544b2a4c738e0fa0f897aa278b325764f2dcd6b865984f599ffe6cad199d36bc80e98b17249acf845992d69cc4a092d0655f0e225d2f568bd76a618d10b49d26440819e5f1e36c54"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r8, r7, 0x25, 0x0, @void}, 0x10)
syz_emit_ethernet(0xfdef, &(0x7f0000000a40)=ANY=[], 0x0)

kernel console output (not intermixed with test programs):

 block 12: comm syz-executor: path /9/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[  986.311254][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  986.319778][T15235] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 13: comm syz-executor: path /9/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0
[  986.342388][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  986.346677][T15235] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 14: comm syz-executor: path /9/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  986.351344][T15426] loop1: detected capacity change from 0 to 128
[  986.370830][T15235] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 15: comm syz-executor: path /9/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[  986.385491][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  986.397493][T15235] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /9/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0
[  986.415493][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  986.426230][T15235] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 17: comm syz-executor: path /9/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  986.433969][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  986.454025][T15235] EXT4-fs error (device loop2): ext4_map_blocks:607: inode #2: block 18: comm syz-executor: lblock 23 mapped to illegal pblock 18 (length 1)
[  986.480397][T15426] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1)
[  986.545507][T15426] syz.1.3459: attempt to access beyond end of device
[  986.545507][T15426] loop1: rw=3, sector=6950, nr_sectors = 2 limit=128
[  986.563209][T15432] loop0: detected capacity change from 0 to 512
[  986.570799][T15426] syz.1.3459: attempt to access beyond end of device
[  986.570799][T15426] loop1: rw=2051, sector=6952, nr_sectors = 942 limit=128
[  986.593262][T15432] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  986.628079][T15235] EXT4-fs (loop2): unmounting filesystem.
[  986.633705][T15432] EXT4-fs (loop0): 1 truncate cleaned up
[  986.647231][T15436] loop4: detected capacity change from 0 to 1024
[  986.665507][T15432] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  986.676734][T15436] EXT4-fs: Ignoring removed nobh option
[  986.682125][T15436] EXT4-fs: Ignoring removed mblk_io_submit option
[  986.700097][T15424] loop3: detected capacity change from 0 to 40427
[  986.707368][T15424] F2FS-fs (loop3): invalid crc value
[  986.733048][T15424] F2FS-fs (loop3): Found nat_bits in checkpoint
[  986.734293][T15334] EXT4-fs (loop0): unmounting filesystem.
[  986.759810][T15445] loop1: detected capacity change from 0 to 512
[  986.766421][T15436] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  986.798095][T15445] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  986.823428][T15424] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  986.832836][T15075] EXT4-fs (loop4): unmounting filesystem.
[  986.867238][T15445] ext4 filesystem being mounted at /11/file0 supports timestamps until 2038 (0x7fffffff)
[  986.884990][T15424] syz.3.3437: attempt to access beyond end of device
[  986.884990][T15424] loop3: rw=2049, sector=40960, nr_sectors = 32 limit=40427
[  986.972958][   T43] device bridge_slave_1 left promiscuous mode
[  986.979048][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[  987.088286][   T43] device bridge_slave_0 left promiscuous mode
[  987.120129][T15460] EXT4-fs error (device loop1): ext4_search_dir:1548: inode #2: block 3: comm syz.1.3467: bad entry in directory: rec_len is smaller than minimal - offset=16444, inode=113, rec_len=0, size=2048 fake=0
[  987.184215][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[  987.201643][   T43] device bridge_slave_1 left promiscuous mode
[  987.214108][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[  987.229496][   T43] device bridge_slave_0 left promiscuous mode
[  987.241751][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[  987.262119][   T43] device veth1_macvtap left promiscuous mode
[  987.274817][   T43] device veth0_vlan left promiscuous mode
[  987.286603][   T43] device veth1_macvtap left promiscuous mode
[  987.296414][   T43] device veth0_vlan left promiscuous mode
[  987.325973][   T19] usb 5-1: new high-speed USB device number 52 using dummy_hcd
[  987.508816][T15452] bridge0: port 1(bridge_slave_0) entered blocking state
[  987.515721][T15452] bridge0: port 1(bridge_slave_0) entered disabled state
[  987.522892][T15452] device bridge_slave_0 entered promiscuous mode
[  987.530669][T15452] bridge0: port 2(bridge_slave_1) entered blocking state
[  987.537635][T15452] bridge0: port 2(bridge_slave_1) entered disabled state
[  987.544839][T15452] device bridge_slave_1 entered promiscuous mode
[  987.575203][   T19] usb 5-1: Using ep0 maxpacket: 16
[  987.585354][  T696] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  987.621892][T15300] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 3: comm syz-executor: path /11/file0: bad entry in directory: rec_len is smaller than minimal - offset=60, inode=113, rec_len=0, size=2048 fake=0
[  987.642800][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  987.643009][T15300] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 12: comm syz-executor: path /11/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[  987.650291][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  987.675832][T15300] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 13: comm syz-executor: path /11/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0
[  987.697912][T15452] device veth0_vlan entered promiscuous mode
[  987.705955][T15300] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 14: comm syz-executor: path /11/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  987.715451][   T19] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  987.726564][T15300] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 15: comm syz-executor: path /11/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[  987.735500][   T19] usb 5-1: config 0 has no interface number 0
[  987.754520][T15300] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /11/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0
[  987.760771][   T19] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  987.781637][T15300] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 17: comm syz-executor: path /11/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  987.792163][   T19] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  987.812249][  T515] usb 1-1: new high-speed USB device number 48 using dummy_hcd
[  987.828968][   T19] usb 5-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[  987.829592][T15300] EXT4-fs error (device loop1): ext4_map_blocks:607: inode #2: block 18: comm syz-executor: lblock 23 mapped to illegal pblock 18 (length 1)
[  987.837882][   T19] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  987.860323][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  987.868625][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  987.876663][   T19] usb 5-1: config 0 descriptor??
[  987.881699][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  987.889107][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  987.896463][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  987.904491][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  987.905258][  T696] usb 4-1: Using ep0 maxpacket: 8
[  987.912513][ T1824] bridge0: port 1(bridge_slave_0) entered blocking state
[  987.923978][ T1824] bridge0: port 1(bridge_slave_0) entered forwarding state
[  987.931701][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  987.939773][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  987.947766][ T1824] bridge0: port 2(bridge_slave_1) entered blocking state
[  987.954589][ T1824] bridge0: port 2(bridge_slave_1) entered forwarding state
[  987.961876][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  987.969741][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  987.984152][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  987.993361][T15452] device veth1_macvtap entered promiscuous mode
[  988.001162][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  988.011201][T14454] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  988.022675][T14454] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  988.033188][T15300] EXT4-fs (loop1): unmounting filesystem.
[  988.054258][T15475] loop2: detected capacity change from 0 to 512
[  988.078454][T15475] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  988.087427][T15475] ext4 filesystem being mounted at /0/file0 supports timestamps until 2038 (0x7fffffff)
[  988.165837][T15475] EXT4-fs error (device loop2): ext4_search_dir:1548: inode #2: block 3: comm syz.2.3475: bad entry in directory: rec_len is smaller than minimal - offset=16444, inode=113, rec_len=0, size=2048 fake=0
[  988.214613][T15479] bridge0: port 1(bridge_slave_0) entered blocking state
[  988.221636][T15479] bridge0: port 1(bridge_slave_0) entered disabled state
[  988.222232][T15452] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 3: comm syz-executor: path /0/file0: bad entry in directory: rec_len is smaller than minimal - offset=60, inode=113, rec_len=0, size=2048 fake=0
[  988.229113][T15479] device bridge_slave_0 entered promiscuous mode
[  988.250169][T15452] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 12: comm syz-executor: path /0/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[  988.255233][  T515] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  988.277542][T15479] bridge0: port 2(bridge_slave_1) entered blocking state
[  988.286395][  T696] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  988.294207][T15479] bridge0: port 2(bridge_slave_1) entered disabled state
[  988.308948][  T696] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  988.309637][T15452] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 13: comm syz-executor: path /0/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0
[  988.316788][  T696] usb 4-1: Product: syz
[  988.338485][T15479] device bridge_slave_1 entered promiscuous mode
[  988.341563][  T515] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  988.348750][T15452] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 14: comm syz-executor: path /0/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  988.357310][  T515] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  988.357342][  T515] usb 1-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.10
[  988.357363][  T515] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  988.360618][  T515] usb 1-1: config 0 descriptor??
[  988.392081][T15452] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 15: comm syz-executor: path /0/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[  988.398895][  T696] usb 4-1: Manufacturer: syz
[  988.411793][T15452] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /0/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0
[  988.431463][  T696] usb 4-1: SerialNumber: syz
[  988.440132][T15452] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 17: comm syz-executor: path /0/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  988.483350][T15452] EXT4-fs error (device loop2): ext4_map_blocks:607: inode #2: block 18: comm syz-executor: lblock 23 mapped to illegal pblock 18 (length 1)
[  988.537509][T15452] EXT4-fs (loop2): unmounting filesystem.
[  988.564939][  T444] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  988.572471][  T444] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  988.596888][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  988.605033][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  988.613384][   T24] bridge0: port 1(bridge_slave_0) entered blocking state
[  988.620247][   T24] bridge0: port 1(bridge_slave_0) entered forwarding state
[  988.628514][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  988.636690][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  988.644649][   T24] bridge0: port 2(bridge_slave_1) entered blocking state
[  988.651505][   T24] bridge0: port 2(bridge_slave_1) entered forwarding state
[  988.658640][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  988.666652][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  988.674457][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  988.680656][   T19] uclogic 0003:28BD:0071.0050: pen parameters not found
[  988.682574][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  988.689071][   T19] uclogic 0003:28BD:0071.0050: interface is invalid, ignoring
[  988.697039][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  988.736768][  T696] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 34 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  988.739073][T15479] device veth0_vlan entered promiscuous mode
[  988.754017][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  988.762145][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  988.771252][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  988.779126][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  988.779941][   T24] usb 5-1: USB disconnect, device number 52
[  988.794869][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  988.802847][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  988.834642][T15487] bridge0: port 1(bridge_slave_0) entered blocking state
[  988.841569][T15487] bridge0: port 1(bridge_slave_0) entered disabled state
[  988.849061][T15487] device bridge_slave_0 entered promiscuous mode
[  988.856663][T15487] bridge0: port 2(bridge_slave_1) entered blocking state
[  988.863585][T15487] bridge0: port 2(bridge_slave_1) entered disabled state
[  988.871008][T15487] device bridge_slave_1 entered promiscuous mode
[  988.884569][T14454] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  988.892557][T14454] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  988.909802][T15479] device veth1_macvtap entered promiscuous mode
[  988.930005][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  988.937939][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  988.946507][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  988.958930][  T515] prodikeys 0003:041E:2801.0051: unknown main item tag 0x0
[  988.974513][   T28] audit: type=1400 audit(2000000060.202:1675): avc:  denied  { read write } for  pid=15469 comm="syz.3.3473" name="lp0" dev="devtmpfs" ino=2378 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1
[  989.000585][   T19] usb 4-1: USB disconnect, device number 34
[  989.003160][  T515] prodikeys 0003:041E:2801.0051: unknown main item tag 0x0
[  989.009497][   T19] usblp0: removed
[  989.014500][  T515] prodikeys 0003:041E:2801.0051: unknown main item tag 0x0
[  989.023998][   T28] audit: type=1400 audit(2000000060.232:1676): avc:  denied  { open } for  pid=15469 comm="syz.3.3473" path="/dev/usb/lp0" dev="devtmpfs" ino=2378 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1
[  989.025868][  T515] prodikeys 0003:041E:2801.0051: unknown main item tag 0x0
[  989.056009][  T515] prodikeys 0003:041E:2801.0051: unknown main item tag 0x0
[  989.064025][  T515] prodikeys 0003:041E:2801.0051: hidraw0: USB HID v0.00 Device [HID 041e:2801] on usb-dummy_hcd.0-1/input0
[  989.105787][  T515] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  989.113915][  T515] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  989.135840][T15496] syz.1.3482[15496] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  989.135916][T15496] syz.1.3482[15496] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  989.173863][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  989.207192][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  989.219309][  T300] bridge0: port 1(bridge_slave_0) entered blocking state
[  989.226172][  T300] bridge0: port 1(bridge_slave_0) entered forwarding state
[  989.233629][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  989.243011][  T300] bridge0: port 2(bridge_slave_1) entered blocking state
[  989.249899][  T300] bridge0: port 2(bridge_slave_1) entered forwarding state
[  989.257188][   T24] usb 1-1: USB disconnect, device number 48
[  989.258306][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  989.488025][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  989.505812][   T43] device bridge_slave_1 left promiscuous mode
[  989.511819][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[  989.523135][   T43] device bridge_slave_0 left promiscuous mode
[  989.529195][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[  989.537057][   T43] device bridge_slave_1 left promiscuous mode
[  989.542980][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[  989.550282][   T43] device bridge_slave_0 left promiscuous mode
[  989.556347][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[  989.564029][   T43] device veth1_macvtap left promiscuous mode
[  989.570099][   T43] device veth0_vlan left promiscuous mode
[  989.576237][   T43] device veth1_macvtap left promiscuous mode
[  989.582092][   T43] device veth0_vlan left promiscuous mode
[  989.738318][T12288] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  989.753323][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  989.763015][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  989.771175][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  989.778986][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  989.790052][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  989.799631][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  989.807210][T15509] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  989.814934][T15509] IPv6: NLM_F_CREATE should be set when creating new route
[  989.823325][T15487] device veth0_vlan entered promiscuous mode
[  989.863646][T12288] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  989.871650][T12288] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  989.880352][T15487] device veth1_macvtap entered promiscuous mode
[  989.891100][  T444] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  989.898611][  T444] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  989.906772][  T444] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  989.920783][T14454] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  989.928794][  T515] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  989.938559][T14454] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  990.082206][T15521] loop1: detected capacity change from 0 to 1024
[  990.091381][T15521] EXT4-fs: Ignoring removed oldalloc option
[  990.113181][T15521] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  990.125452][   T24] usb 5-1: new high-speed USB device number 53 using dummy_hcd
[  990.295232][  T515] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  990.306082][  T515] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  990.315786][  T515] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  990.324759][  T515] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  990.333323][  T515] usb 4-1: config 0 descriptor??
[  990.378563][T15479] EXT4-fs (loop1): unmounting filesystem.
[  990.402943][T15528] loop1: detected capacity change from 0 to 512
[  990.409160][   T24] usb 5-1: Using ep0 maxpacket: 32
[  990.417514][T15528] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  990.426399][T15528] ext4 filesystem being mounted at /7/file0 supports timestamps until 2038 (0x7fffffff)
[  990.565420][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  990.593774][T15532] EXT4-fs error (device loop1): ext4_search_dir:1548: inode #2: block 3: comm syz.1.3494: bad entry in directory: rec_len is smaller than minimal - offset=16444, inode=113, rec_len=0, size=2048 fake=0
[  990.630146][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[  990.666184][   T24] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  990.683663][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  990.700432][   T24] usb 5-1: config 0 descriptor??
[  990.735331][T15513] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  990.755839][   T24] hub 5-1:0.0: USB hub found
[  990.815750][   T43] device bridge_slave_1 left promiscuous mode
[  990.821754][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[  990.829080][   T43] device bridge_slave_0 left promiscuous mode
[  990.835985][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[  990.836888][  T515] cp2112 0003:10C4:EA90.0052: unknown main item tag 0x0
[  990.850952][  T515] cp2112 0003:10C4:EA90.0052: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.3-1/input0
[  990.862333][   T43] device veth1_macvtap left promiscuous mode
[  990.868258][   T43] device veth0_vlan left promiscuous mode
[  991.025271][   T24] hub 5-1:0.0: config failed, can't read hub descriptor (err -22)
[  991.045254][  T515] cp2112 0003:10C4:EA90.0052: Part Number: 0x82 Device Version: 0xFE
[  991.075257][  T444] usb 1-1: new high-speed USB device number 49 using dummy_hcd
[  991.145260][   T24] usbhid 5-1:0.0: can't add hid device: -71
[  991.151061][   T24] usbhid: probe of 5-1:0.0 failed with error -71
[  991.185390][   T24] usb 5-1: USB disconnect, device number 53
[  991.252449][T15479] EXT4-fs (loop1): unmounting filesystem.
[  991.268121][T15551] loop1: detected capacity change from 0 to 512
[  991.277945][T15551] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  991.286751][  T696] usb 3-1: new high-speed USB device number 50 using dummy_hcd
[  991.286781][T15551] ext4 filesystem being mounted at /8/file0 supports timestamps until 2038 (0x7fffffff)
[  991.452508][T15555] EXT4-fs error (device loop1): ext4_search_dir:1548: inode #2: block 3: comm syz.1.3502: bad entry in directory: rec_len is smaller than minimal - offset=16444, inode=113, rec_len=0, size=2048 fake=0
[  991.472469][  T444] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  991.482422][  T444] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  991.508699][T15557] input: syz0 as /devices/virtual/input/input56
[  991.535340][  T696] usb 3-1: Using ep0 maxpacket: 32
[  991.575269][  T444] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  991.590319][  T444] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  991.598262][  T444] usb 1-1: SerialNumber: syz
[  991.611613][T15560] loop4: detected capacity change from 0 to 512
[  991.626372][T15560] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  991.635666][T15560] ext4 filesystem being mounted at /31/file0 supports timestamps until 2038 (0x7fffffff)
[  991.685274][  T696] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  991.696047][  T696] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  991.786547][T15565] EXT4-fs error (device loop4): ext4_search_dir:1548: inode #2: block 3: comm syz.4.3504: bad entry in directory: rec_len is smaller than minimal - offset=16444, inode=113, rec_len=0, size=2048 fake=0
[  991.845854][  T444] usb 1-1: 0:2 : does not exist
[  991.885295][  T696] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  991.894245][  T696] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  991.902386][  T696] usb 3-1: Product: syz
[  991.906397][  T696] usb 3-1: Manufacturer: syz
[  991.908904][ T1824] usb 4-1: USB disconnect, device number 35
[  991.945687][  T696] hub 3-1:4.0: USB hub found
[  992.116867][T15479] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 3: comm syz-executor: path /8/file0: bad entry in directory: rec_len is smaller than minimal - offset=60, inode=113, rec_len=0, size=2048 fake=0
[  992.137589][T15479] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 12: comm syz-executor: path /8/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[  992.158573][T15479] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 13: comm syz-executor: path /8/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0
[  992.179712][T15479] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 14: comm syz-executor: path /8/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  992.200160][T15479] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 15: comm syz-executor: path /8/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[  992.221010][T15479] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /8/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0
[  992.242125][T15479] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 17: comm syz-executor: path /8/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  992.262469][T15479] EXT4-fs error (device loop1): ext4_map_blocks:607: inode #2: block 18: comm syz-executor: lblock 23 mapped to illegal pblock 18 (length 1)
[  992.276716][  T696] hub 3-1:4.0: config failed, hub has too many ports! (err -19)
[  992.277238][T12288] usb 1-1: USB disconnect, device number 49
[  992.337767][T15479] EXT4-fs (loop1): unmounting filesystem.
[  992.431399][T15568] loop3: detected capacity change from 0 to 2048
[  992.472037][T15075] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 3: comm syz-executor: path /31/file0: bad entry in directory: rec_len is smaller than minimal - offset=60, inode=113, rec_len=0, size=2048 fake=0
[  992.472894][T15568] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  992.492901][T15075] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 12: comm syz-executor: path /31/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[  992.521909][T15075] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 13: comm syz-executor: path /31/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0
[  992.543308][T15075] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 14: comm syz-executor: path /31/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  992.577824][T15075] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 15: comm syz-executor: path /31/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[  992.598379][T15075] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /31/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0
[  992.598741][T15569] bridge0: port 1(bridge_slave_0) entered blocking state
[  992.626631][T15569] bridge0: port 1(bridge_slave_0) entered disabled state
[  992.629354][T15075] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 17: comm syz-executor: path /31/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  992.634011][T15569] device bridge_slave_0 entered promiscuous mode
[  992.657354][T15568] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  992.660727][T15075] EXT4-fs error (device loop4): ext4_map_blocks:607: inode #2: block 18: comm syz-executor: lblock 23 mapped to illegal pblock 18 (length 1)
[  992.675271][T12288] usb 3-1: USB disconnect, device number 50
[  992.700824][T15569] bridge0: port 2(bridge_slave_1) entered blocking state
[  992.707708][T15569] bridge0: port 2(bridge_slave_1) entered disabled state
[  992.708388][T15357] EXT4-fs (loop3): unmounting filesystem.
[  992.714996][T15569] device bridge_slave_1 entered promiscuous mode
[  992.738327][   T28] audit: type=1400 audit(2000000064.969:1677): avc:  denied  { bind } for  pid=15576 comm="syz.3.3509" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  992.829841][T15075] EXT4-fs (loop4): unmounting filesystem.
[  992.844990][T15582] loop0: detected capacity change from 0 to 128
[  992.885393][  T696] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  992.893341][T15582] EXT4-fs (loop0): Test dummy encryption mode enabled
[  992.903788][  T696] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  992.916492][T15582] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  992.930086][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  992.938139][T15582] ext4 filesystem being mounted at /13/mnt supports timestamps until 2038 (0x7fffffff)
[  992.938308][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  992.956935][   T60] bridge0: port 1(bridge_slave_0) entered blocking state
[  992.963787][   T60] bridge0: port 1(bridge_slave_0) entered forwarding state
[  992.971020][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  992.979944][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  992.988037][   T60] bridge0: port 2(bridge_slave_1) entered blocking state
[  992.994873][   T60] bridge0: port 2(bridge_slave_1) entered forwarding state
[  993.052563][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  993.060751][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  993.075278][  T696] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  993.082747][  T696] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  993.092614][  T696] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  993.100468][T15593] netlink: 'syz.3.3518': attribute type 2 has an invalid length.
[  993.127959][  T696] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  993.136600][  T696] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  993.156366][T15569] device veth0_vlan entered promiscuous mode
[  993.166343][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  993.174975][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  993.191959][T15569] device veth1_macvtap entered promiscuous mode
[  993.199268][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  993.207254][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  993.214438][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  993.222407][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  993.253289][  T515] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  993.262424][   T28] audit: type=1400 audit(2000000065.489:1678): avc:  denied  { validate_trans } for  pid=15603 comm="syz.3.3522" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  993.265885][  T515] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  993.330189][  T515] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  993.338742][  T515] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  993.350129][ T9785] device bridge_slave_1 left promiscuous mode
[  993.362790][ T9785] bridge0: port 2(bridge_slave_1) entered disabled state
[  993.370167][ T9785] device bridge_slave_0 left promiscuous mode
[  993.376163][ T9785] bridge0: port 1(bridge_slave_0) entered disabled state
[  993.383877][ T9785] device veth1_macvtap left promiscuous mode
[  993.389808][ T9785] device veth0_vlan left promiscuous mode
[  993.495232][  T515] usb 3-1: new high-speed USB device number 51 using dummy_hcd
[  993.621325][T15594] bridge0: port 1(bridge_slave_0) entered blocking state
[  993.628391][T15594] bridge0: port 1(bridge_slave_0) entered disabled state
[  993.635439][   T19] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  993.636103][T15594] device bridge_slave_0 entered promiscuous mode
[  993.652727][T15594] bridge0: port 2(bridge_slave_1) entered blocking state
[  993.659861][T15594] bridge0: port 2(bridge_slave_1) entered disabled state
[  993.668731][T15594] device bridge_slave_1 entered promiscuous mode
[  994.039183][  T515] usb 3-1: Using ep0 maxpacket: 16
[  994.046503][T15334] EXT4-fs (loop0): unmounting filesystem.
[  994.101721][T15627] loop0: detected capacity change from 0 to 512
[  994.116942][T15627] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  994.126518][T15627] ext4 filesystem being mounted at /17/file0 supports timestamps until 2038 (0x7fffffff)
[  994.157131][  T696] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  994.164635][  T696] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  994.178371][   T28] audit: type=1400 audit(2000000066.409:1679): avc:  denied  { ioctl } for  pid=15630 comm="syz.1.3530" path="/dev/usbmon1" dev="devtmpfs" ino=140 ioctlcmd=0x9204 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  994.225934][  T515] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  994.240038][T15633] syz.1.3531[15633] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  994.240112][T15633] syz.1.3531[15633] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  994.240270][  T696] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  994.270762][  T696] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  994.275312][   T19] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  994.278832][  T696] bridge0: port 1(bridge_slave_0) entered blocking state
[  994.294336][   T19] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  994.296108][  T696] bridge0: port 1(bridge_slave_0) entered forwarding state
[  994.306105][   T19] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  994.313099][  T696] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  994.330663][  T696] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  994.339231][  T696] bridge0: port 2(bridge_slave_1) entered blocking state
[  994.346076][  T696] bridge0: port 2(bridge_slave_1) entered forwarding state
[  994.367243][T15635] EXT4-fs error (device loop0): ext4_search_dir:1548: inode #2: block 3: comm syz.0.3529: bad entry in directory: rec_len is smaller than minimal - offset=16444, inode=113, rec_len=0, size=2048 fake=0
[  994.428856][  T696] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  994.437802][  T696] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  994.470880][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  994.495446][  T515] usb 3-1: New USB device found, idVendor=045e, idProduct=0721, bcdDevice=90.c4
[  994.503346][   T19] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  994.517223][   T19] usb 4-1: config 0 descriptor??
[  994.520939][  T515] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  994.537525][T15594] device veth0_vlan entered promiscuous mode
[  994.543404][  T515] usb 3-1: Product: syz
[  994.547694][  T515] usb 3-1: Manufacturer: syz
[  994.549725][T15594] device veth1_macvtap entered promiscuous mode
[  994.552141][  T515] usb 3-1: SerialNumber: syz
[  994.564681][  T515] usb 3-1: config 0 descriptor??
[  994.574317][  T696] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  994.582787][  T696] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  994.591187][  T696] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  994.599015][  T696] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  994.607024][  T696] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  994.614403][  T696] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  994.624378][T15640] SELinux:  Context ì is not valid (left unmapped).
[  994.631327][  T696] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  994.925300][  T300] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[  994.948541][T15334] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 3: comm syz-executor: path /17/file0: bad entry in directory: rec_len is smaller than minimal - offset=60, inode=113, rec_len=0, size=2048 fake=0
[  994.969822][T15334] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 12: comm syz-executor: path /17/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[  994.991965][T15334] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 13: comm syz-executor: path /17/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0
[  995.013338][T15334] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 14: comm syz-executor: path /17/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  995.014085][   T19] cp2112 0003:10C4:EA90.0053: item fetching failed at offset 5/7
[  995.034316][T15334] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 15: comm syz-executor: path /17/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[  995.041429][   T19] cp2112 0003:10C4:EA90.0053: parse failed
[  995.067528][   T19] cp2112: probe of 0003:10C4:EA90.0053 failed with error -22
[  995.075944][ T9785] device bridge_slave_1 left promiscuous mode
[  995.081973][ T9785] bridge0: port 2(bridge_slave_1) entered disabled state
[  995.089441][T15334] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /17/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0
[  995.110757][  T515] usb 3-1: Found UVC 0.00 device syz (045e:0721)
[  995.110782][ T9785] device bridge_slave_0 left promiscuous mode
[  995.117087][  T515] usb 3-1: No valid video chain found.
[  995.123061][ T9785] bridge0: port 1(bridge_slave_0) entered disabled state
[  995.128169][T15334] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 17: comm syz-executor: path /17/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  995.155191][   T24] usb 2-1: new high-speed USB device number 59 using dummy_hcd
[  995.156341][T15334] EXT4-fs error (device loop0): ext4_map_blocks:607: inode #2: block 18: comm syz-executor: lblock 23 mapped to illegal pblock 18 (length 1)
[  995.176912][ T9785] device veth1_macvtap left promiscuous mode
[  995.182753][ T9785] device veth0_vlan left promiscuous mode
[  995.185220][  T300] usb 5-1: Using ep0 maxpacket: 32
[  995.255477][   T60] usb 4-1: USB disconnect, device number 36
[  995.305329][  T300] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  995.319947][  T300] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[  995.331468][  T300] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  995.331879][T15334] EXT4-fs (loop0): unmounting filesystem.
[  995.340447][  T300] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  995.354024][  T444] usb 3-1: USB disconnect, device number 51
[  995.360514][  T300] usb 5-1: config 0 descriptor??
[  995.385459][T15644] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  995.406515][  T300] hub 5-1:0.0: USB hub found
[  995.466062][T15657] bridge0: port 1(bridge_slave_0) entered blocking state
[  995.472909][T15657] bridge0: port 1(bridge_slave_0) entered disabled state
[  995.480207][T15657] device bridge_slave_0 entered promiscuous mode
[  995.487023][T15657] bridge0: port 2(bridge_slave_1) entered blocking state
[  995.493841][T15657] bridge0: port 2(bridge_slave_1) entered disabled state
[  995.501159][T15657] device bridge_slave_1 entered promiscuous mode
[  995.535255][   T24] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  995.540604][T15657] bridge0: port 2(bridge_slave_1) entered blocking state
[  995.546025][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  995.552707][T15657] bridge0: port 2(bridge_slave_1) entered forwarding state
[  995.563811][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  995.570502][T15657] bridge0: port 1(bridge_slave_0) entered blocking state
[  995.580415][   T24] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  995.586840][T15657] bridge0: port 1(bridge_slave_0) entered forwarding state
[  995.599908][   T24] usb 2-1: New USB device found, idVendor=057e, idProduct=2009, bcdDevice= 0.00
[  995.615936][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  995.629320][   T24] usb 2-1: config 0 descriptor??
[  995.639873][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  995.647511][   T19] bridge0: port 1(bridge_slave_0) entered disabled state
[  995.654524][   T19] bridge0: port 2(bridge_slave_1) entered disabled state
[  995.664862][  T515] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  995.665280][  T300] hub 5-1:0.0: config failed, can't read hub descriptor (err -22)
[  995.674088][  T515] bridge0: port 1(bridge_slave_0) entered blocking state
[  995.687254][  T515] bridge0: port 1(bridge_slave_0) entered forwarding state
[  995.706173][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  995.714278][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  995.722033][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  995.729329][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  995.736595][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  995.744555][   T19] bridge0: port 2(bridge_slave_1) entered blocking state
[  995.751336][   T19] bridge0: port 2(bridge_slave_1) entered forwarding state
[  995.758982][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  995.766770][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  995.776249][T15657] device veth0_vlan entered promiscuous mode
[  995.785399][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  995.794474][T15657] device veth1_macvtap entered promiscuous mode
[  995.800620][  T300] usbhid 5-1:0.0: can't add hid device: -71
[  995.806809][  T300] usbhid: probe of 5-1:0.0 failed with error -71
[  995.820805][  T515] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  995.829165][  T515] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  995.839287][T15663] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  995.849098][  T300] usb 5-1: USB disconnect, device number 54
[  995.864833][T15665] loop0: detected capacity change from 0 to 128
[  995.874128][T15665] EXT4-fs (loop0): Test dummy encryption mode enabled
[  995.889630][T15665] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  995.898099][T15665] ext4 filesystem being mounted at /0/mnt supports timestamps until 2038 (0x7fffffff)
[  996.116375][   T24] nintendo 0003:057E:2009.0054: unknown main item tag 0x0
[  996.123332][   T24] nintendo 0003:057E:2009.0054: unknown main item tag 0x0
[  996.130612][   T24] nintendo 0003:057E:2009.0054: unknown main item tag 0x0
[  996.137608][   T24] nintendo 0003:057E:2009.0054: unknown main item tag 0x0
[  996.145894][   T24] nintendo 0003:057E:2009.0054: hidraw0: USB HID v80.00 Device [HID 057e:2009] on usb-dummy_hcd.1-1/input0
[  996.157175][  T515] usb 3-1: new high-speed USB device number 52 using dummy_hcd
[  996.225463][   T24] nintendo 0003:057E:2009.0054: failed reading SPI flash; ret=-38
[  996.233167][   T24] nintendo 0003:057E:2009.0054: using factory cal for left stick
[  996.240800][   T24] nintendo 0003:057E:2009.0054: failed reading SPI flash; ret=-38
[  996.248486][   T24] nintendo 0003:057E:2009.0054: using factory cal for right stick
[  996.256153][   T24] nintendo 0003:057E:2009.0054: failed reading SPI flash; ret=-38
[  996.263730][   T24] nintendo 0003:057E:2009.0054: Failed to read left stick cal, using defaults; e=-38
[  996.275044][   T24] nintendo 0003:057E:2009.0054: failed reading SPI flash; ret=-38
[  996.282950][   T24] nintendo 0003:057E:2009.0054: Failed to read right stick cal, using defaults; e=-38
[  996.292452][   T24] nintendo 0003:057E:2009.0054: failed reading SPI flash; ret=-38
[  996.300127][   T24] nintendo 0003:057E:2009.0054: using factory cal for IMU
[  996.307092][   T24] nintendo 0003:057E:2009.0054: failed reading SPI flash; ret=-38
[  996.314688][   T24] nintendo 0003:057E:2009.0054: Failed to read IMU cal, using defaults; ret=-38
[  996.323551][   T24] nintendo 0003:057E:2009.0054: Unable to read IMU calibration data
[  996.331516][   T24] nintendo 0003:057E:2009.0054: Failed to set report mode; ret=-38
[  996.339269][   T24] nintendo 0003:057E:2009.0054: Failed to initialize controller; ret=-38
[  996.350582][   T24] nintendo 0003:057E:2009.0054: probe - fail = -38
[  996.357033][   T24] nintendo: probe of 0003:057E:2009.0054 failed with error -38
[  996.368488][   T24] usb 2-1: USB disconnect, device number 59
[  996.395208][  T515] usb 3-1: Using ep0 maxpacket: 32
[  996.535302][  T515] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  996.546523][  T515] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[  996.557586][  T515] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  996.567078][  T515] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  996.568616][T15684] loop4: detected capacity change from 0 to 256
[  996.578776][  T515] usb 3-1: config 0 descriptor??
[  996.605738][T15668] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  996.621576][T15686] loop4: detected capacity change from 0 to 512
[  996.636301][  T515] hub 3-1:0.0: USB hub found
[  996.638286][T15686] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  996.649670][T15686] ext4 filesystem being mounted at /6/file0 supports timestamps until 2038 (0x7fffffff)
[  996.716266][T15657] EXT4-fs (loop0): unmounting filesystem.
[  996.731611][T15691] loop0: detected capacity change from 0 to 512
[  996.746340][T15691] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  996.755735][T15691] ext4 filesystem being mounted at /1/file0 supports timestamps until 2038 (0x7fffffff)
[  996.859939][T15695] EXT4-fs error (device loop4): ext4_search_dir:1548: inode #2: block 3: comm syz.4.3549: bad entry in directory: rec_len is smaller than minimal - offset=16444, inode=113, rec_len=0, size=2048 fake=0
[  996.935669][  T515] hub 3-1:0.0: config failed, can't read hub descriptor (err -22)
[  996.957158][T15697] EXT4-fs error (device loop0): ext4_search_dir:1548: inode #2: block 3: comm syz.0.3550: bad entry in directory: rec_len is smaller than minimal - offset=16444, inode=113, rec_len=0, size=2048 fake=0
[  997.145313][  T515] usbhid 3-1:0.0: can't add hid device: -71
[  997.152136][  T515] usbhid: probe of 3-1:0.0 failed with error -71
[  997.168808][  T103] udevd[103]: worker [556] terminated by signal 33 (Unknown signal 33)
[  997.177058][  T103] udevd[103]: worker [556] failed while handling '/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0'
[  997.188038][  T515] usb 3-1: USB disconnect, device number 52
[  997.476970][T15594] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 3: comm syz-executor: path /6/file0: bad entry in directory: rec_len is smaller than minimal - offset=60, inode=113, rec_len=0, size=2048 fake=0
[  997.497168][T15709] loop2: detected capacity change from 0 to 4096
[  997.497866][T15594] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 12: comm syz-executor: path /6/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[  997.524290][T15594] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 13: comm syz-executor: path /6/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0
[  997.533632][T15709] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  997.545915][T15594] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 14: comm syz-executor: path /6/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  997.575728][T15594] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 15: comm syz-executor: path /6/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[  997.600197][T15657] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 3: comm syz-executor: path /1/file0: bad entry in directory: rec_len is smaller than minimal - offset=60, inode=113, rec_len=0, size=2048 fake=0
[  997.602201][T15594] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /6/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0
[  997.621195][T15657] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 12: comm syz-executor: path /1/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[  997.641880][T15594] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 17: comm syz-executor: path /6/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  997.663490][T15487] EXT4-fs (loop2): unmounting filesystem.
[  997.687535][T15657] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 13: comm syz-executor: path /1/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0
[  997.708380][T15594] EXT4-fs error (device loop4): ext4_map_blocks:607: inode #2: block 18: comm syz-executor: lblock 23 mapped to illegal pblock 18 (length 1)
[  997.722920][T15657] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 14: comm syz-executor: path /1/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  997.743982][T15657] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 15: comm syz-executor: path /1/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[  997.764589][T15657] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /1/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0
[  997.786196][T15657] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 17: comm syz-executor: path /1/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  997.807266][T15657] EXT4-fs error (device loop0): ext4_map_blocks:607: inode #2: block 18: comm syz-executor: lblock 23 mapped to illegal pblock 18 (length 1)
[  997.885285][   T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  997.885418][T10138] Bluetooth: hci0: command 0x1003 tx timeout
[  997.900820][T15657] EXT4-fs (loop0): unmounting filesystem.
[  997.904239][T15594] EXT4-fs (loop4): unmounting filesystem.
[  998.094086][T15721] bridge0: port 1(bridge_slave_0) entered blocking state
[  998.101451][T15721] bridge0: port 1(bridge_slave_0) entered disabled state
[  998.109785][T15721] device bridge_slave_0 entered promiscuous mode
[  998.121786][T15722] bridge0: port 1(bridge_slave_0) entered blocking state
[  998.128756][T15722] bridge0: port 1(bridge_slave_0) entered disabled state
[  998.136203][T15722] device bridge_slave_0 entered promiscuous mode
[  998.142801][T15721] bridge0: port 2(bridge_slave_1) entered blocking state
[  998.150926][T15721] bridge0: port 2(bridge_slave_1) entered disabled state
[  998.158236][T15721] device bridge_slave_1 entered promiscuous mode
[  998.168594][T15722] bridge0: port 2(bridge_slave_1) entered blocking state
[  998.175556][T15722] bridge0: port 2(bridge_slave_1) entered disabled state
[  998.176587][ T1824] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  998.182754][T15722] device bridge_slave_1 entered promiscuous mode
[  998.204356][T15736] loop2: detected capacity change from 0 to 512
[  998.218870][T15736] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  998.227713][T15736] ext4 filesystem being mounted at /9/file0 supports timestamps until 2038 (0x7fffffff)
[  998.350168][  T444] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  998.358881][  T444] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  998.371622][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  998.379051][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  998.386447][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  998.394538][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  998.402998][   T19] bridge0: port 1(bridge_slave_0) entered blocking state
[  998.409861][   T19] bridge0: port 1(bridge_slave_0) entered forwarding state
[  998.419421][T15740] EXT4-fs error (device loop2): ext4_search_dir:1548: inode #2: block 3: comm syz.2.3567: bad entry in directory: rec_len is smaller than minimal - offset=16444, inode=113, rec_len=0, size=2048 fake=0
[  998.438981][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  998.447220][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  998.455244][   T19] bridge0: port 2(bridge_slave_1) entered blocking state
[  998.462071][   T19] bridge0: port 2(bridge_slave_1) entered forwarding state
[  998.469318][  T300] usb 2-1: new high-speed USB device number 60 using dummy_hcd
[  998.498584][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  998.507603][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  998.516266][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  998.524234][    T6] bridge0: port 1(bridge_slave_0) entered blocking state
[  998.531091][    T6] bridge0: port 1(bridge_slave_0) entered forwarding state
[  998.538414][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  998.547495][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  998.555656][    T6] bridge0: port 2(bridge_slave_1) entered blocking state
[  998.562480][    T6] bridge0: port 2(bridge_slave_1) entered forwarding state
[  998.569892][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  998.577509][ T1824] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2
[  998.586427][ T1824] usb 4-1: config 1 has no interface number 0
[  998.598896][ T1824] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  998.611291][ T1824] usb 4-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  998.618583][T15721] device veth0_vlan entered promiscuous mode
[  998.626159][ T1824] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 64895, setting to 1024
[  998.637917][ T1824] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1024
[  998.661810][T15722] device veth0_vlan entered promiscuous mode
[  998.670600][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  998.679263][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  998.687906][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  998.696290][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  998.703821][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  998.713095][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  998.720307][  T300] usb 2-1: Using ep0 maxpacket: 32
[  998.725768][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  998.733032][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  998.740580][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  998.748465][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  998.757287][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  998.765107][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  998.782443][  T444] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  998.791767][  T444] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  998.802050][T15721] device veth1_macvtap entered promiscuous mode
[  998.810715][T15722] device veth1_macvtap entered promiscuous mode
[  998.817991][   T43] device bridge_slave_1 left promiscuous mode
[  998.824151][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[  998.832865][ T1824] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  998.842280][   T43] device bridge_slave_0 left promiscuous mode
[  998.848365][  T300] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  998.859637][ T1824] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  998.867530][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[  998.874463][  T300] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[  998.885493][ T1824] usb 4-1: Product: syz
[  998.890310][   T43] device bridge_slave_1 left promiscuous mode
[  998.896295][ T1824] usb 4-1: Manufacturer: syz
[  998.900667][  T300] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  998.909590][ T1824] usb 4-1: SerialNumber: syz
[  998.914090][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[  998.925063][   T43] device bridge_slave_0 left promiscuous mode
[  998.931282][  T300] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  998.937917][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[  998.947960][  T300] usb 2-1: config 0 descriptor??
[  998.952886][   T43] device veth1_macvtap left promiscuous mode
[  998.958954][   T43] device veth0_vlan left promiscuous mode
[  998.964710][   T43] device veth1_macvtap left promiscuous mode
[  998.970609][T15734] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  998.970606][   T43] device veth0_vlan left promiscuous mode
[  998.985657][  T300] hub 2-1:0.0: USB hub found
[  999.049643][T15487] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 3: comm syz-executor: path /9/file0: bad entry in directory: rec_len is smaller than minimal - offset=60, inode=113, rec_len=0, size=2048 fake=0
[  999.070487][T15487] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 12: comm syz-executor: path /9/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[  999.091592][T15487] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 13: comm syz-executor: path /9/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0
[  999.113538][T15487] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 14: comm syz-executor: path /9/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  999.134038][T15487] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 15: comm syz-executor: path /9/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[  999.154370][T15487] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /9/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0
[  999.159218][T15715] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  999.175521][T15487] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 17: comm syz-executor: path /9/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  999.202904][T15487] EXT4-fs error (device loop2): ext4_map_blocks:607: inode #2: block 18: comm syz-executor: lblock 23 mapped to illegal pblock 18 (length 1)
[  999.227666][  T515] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  999.236431][  T515] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  999.244875][  T515] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  999.264293][  T515] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  999.272408][  T515] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  999.287146][T15487] EXT4-fs (loop2): unmounting filesystem.
[  999.298731][  T300] hub 2-1:0.0: config failed, can't read hub descriptor (err -22)
[  999.338126][T15749] loop4: detected capacity change from 0 to 512
[  999.357844][T15749] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  999.368749][T15749] ext4 filesystem being mounted at /1/file0 supports timestamps until 2038 (0x7fffffff)
[  999.405308][  T300] usbhid 2-1:0.0: can't add hid device: -71
[  999.411210][  T300] usbhid: probe of 2-1:0.0 failed with error -71
[  999.455585][  T300] usb 2-1: USB disconnect, device number 60
[  999.483359][T15757] bridge0: port 1(bridge_slave_0) entered blocking state
[  999.490701][T15757] bridge0: port 1(bridge_slave_0) entered disabled state
[  999.501232][T15757] device bridge_slave_0 entered promiscuous mode
[  999.511451][T15757] bridge0: port 2(bridge_slave_1) entered blocking state
[  999.519301][T15757] bridge0: port 2(bridge_slave_1) entered disabled state
[  999.529119][T15757] device bridge_slave_1 entered promiscuous mode
[  999.553580][T15762] EXT4-fs error (device loop4): ext4_search_dir:1548: inode #2: block 3: comm syz.4.3569: bad entry in directory: rec_len is smaller than minimal - offset=16444, inode=113, rec_len=0, size=2048 fake=0
[  999.703938][T15757] bridge0: port 2(bridge_slave_1) entered blocking state
[  999.710800][T15757] bridge0: port 2(bridge_slave_1) entered forwarding state
[  999.717908][T15757] bridge0: port 1(bridge_slave_0) entered blocking state
[  999.724681][T15757] bridge0: port 1(bridge_slave_0) entered forwarding state
[  999.744482][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  999.752067][   T19] bridge0: port 1(bridge_slave_0) entered disabled state
[  999.755282][  T515] usb 1-1: new high-speed USB device number 50 using dummy_hcd
[  999.766533][   T19] bridge0: port 2(bridge_slave_1) entered disabled state
[  999.786069][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  999.794226][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  999.802442][   T24] bridge0: port 1(bridge_slave_0) entered blocking state
[  999.809285][   T24] bridge0: port 1(bridge_slave_0) entered forwarding state
[  999.816657][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  999.824646][   T24] bridge0: port 2(bridge_slave_1) entered blocking state
[  999.831518][   T24] bridge0: port 2(bridge_slave_1) entered forwarding state
[  999.834232][T15765] loop1: detected capacity change from 0 to 128
[  999.846109][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  999.853950][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  999.859896][T15765] syz.1.3575: attempt to access beyond end of device
[  999.859896][T15765] loop1: rw=2049, sector=145, nr_sectors = 896 limit=128
[  999.861897][T15715] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  999.897332][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  999.905818][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  999.913467][ T1824] cdc_ncm 4-1:1.1: bind() failure
[  999.922571][T15769] loop1: detected capacity change from 0 to 512
[  999.923742][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  999.939057][T15757] device veth0_vlan entered promiscuous mode
[  999.947514][T15769] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  999.950908][  T444] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  999.956483][T15769] ext4 filesystem being mounted at /19/file0 supports timestamps until 2038 (0x7fffffff)
[  999.966082][T15757] device veth1_macvtap entered promiscuous mode
[  999.984811][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  999.998907][  T727] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1000.042937][T15775] loop2: detected capacity change from 0 to 128
[ 1000.065186][  T515] usb 1-1: Using ep0 maxpacket: 16
[ 1000.096113][   T28] audit: type=1400 audit(2000000072.329:1680): avc:  denied  { setopt } for  pid=15780 comm="syz.2.3581" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1000.111435][  T444] usb 4-1: USB disconnect, device number 37
[ 1000.154666][T15783] EXT4-fs error (device loop1): ext4_search_dir:1548: inode #2: block 3: comm syz.1.3577: bad entry in directory: rec_len is smaller than minimal - offset=16444, inode=113, rec_len=0, size=2048 fake=0
[ 1000.162786][   T28] audit: type=1400 audit(2000000072.329:1681): avc:  denied  { write } for  pid=15780 comm="syz.2.3581" path="socket:[107788]" dev="sockfs" ino=107788 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1000.225876][T15722] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 3: comm syz-executor: path /1/file0: bad entry in directory: rec_len is smaller than minimal - offset=60, inode=113, rec_len=0, size=2048 fake=0
[ 1000.250594][T15722] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 12: comm syz-executor: path /1/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[ 1000.260948][T15787] loop2: detected capacity change from 0 to 128
[ 1000.275216][  T515] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1000.291659][T15722] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 13: comm syz-executor: path /1/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0
[ 1000.316184][T15787] EXT4-fs (loop2): Test dummy encryption mode enabled
[ 1000.323104][  T515] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1000.323948][T15787] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 1000.341485][T15787] ext4 filesystem being mounted at /5/mnt supports timestamps until 2038 (0x7fffffff)
[ 1000.346368][  T515] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[ 1000.366426][T15722] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 14: comm syz-executor: path /1/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[ 1000.407845][T15722] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 15: comm syz-executor: path /1/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[ 1000.428393][T15722] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /1/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0
[ 1000.439182][  T515] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1000.455074][T15722] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 17: comm syz-executor: path /1/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[ 1000.463379][  T515] usb 1-1: config 0 descriptor??
[ 1000.477680][T15722] EXT4-fs error (device loop4): ext4_map_blocks:607: inode #2: block 18: comm syz-executor: lblock 23 mapped to illegal pblock 18 (length 1)
[ 1000.520602][T15757] EXT4-fs (loop2): unmounting filesystem.
[ 1000.541571][T15722] EXT4-fs (loop4): unmounting filesystem.
[ 1000.548408][   T43] device bridge_slave_1 left promiscuous mode
[ 1000.554451][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1000.562066][   T43] device bridge_slave_0 left promiscuous mode
[ 1000.568134][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1000.576236][   T43] device veth1_macvtap left promiscuous mode
[ 1000.582063][   T43] device veth0_vlan left promiscuous mode
[ 1000.666121][T15796] loop3: detected capacity change from 0 to 256
[ 1000.680563][T15796] FAT-fs (loop3): Directory bread(block 64) failed
[ 1000.690849][T15796] FAT-fs (loop3): Directory bread(block 65) failed
[ 1000.698345][T15796] FAT-fs (loop3): Directory bread(block 66) failed
[ 1000.704684][T15796] FAT-fs (loop3): Directory bread(block 67) failed
[ 1000.711352][T15796] FAT-fs (loop3): Directory bread(block 68) failed
[ 1000.717943][T15796] FAT-fs (loop3): Directory bread(block 69) failed
[ 1000.724558][T15796] FAT-fs (loop3): Directory bread(block 70) failed
[ 1000.731508][T15794] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1000.731756][T15796] FAT-fs (loop3): Directory bread(block 71) failed
[ 1000.738698][T15794] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1000.744845][T15796] FAT-fs (loop3): Directory bread(block 72) failed
[ 1000.758189][T15796] FAT-fs (loop3): Directory bread(block 73) failed
[ 1000.770508][T15794] device bridge_slave_0 entered promiscuous mode
[ 1000.778719][T15794] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1000.786067][T15794] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1000.793396][T15794] device bridge_slave_1 entered promiscuous mode
[ 1000.808697][T15796] syz.3.3588: attempt to access beyond end of device
[ 1000.808697][T15796] loop3: rw=0, sector=1816, nr_sectors = 4 limit=256
[ 1000.815480][T15569] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 3: comm syz-executor: path /19/file0: bad entry in directory: rec_len is smaller than minimal - offset=60, inode=113, rec_len=0, size=2048 fake=0
[ 1000.822023][T15796] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 326)
[ 1000.842438][   T19] usb 3-1: new high-speed USB device number 53 using dummy_hcd
[ 1000.850326][T15796] FAT-fs (loop3): Filesystem has been set read-only
[ 1000.858323][T15569] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 12: comm syz-executor: path /19/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[ 1000.863903][T15796] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 326)
[ 1000.884958][T15569] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 13: comm syz-executor: path /19/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0
[ 1000.928716][T15569] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 14: comm syz-executor: path /19/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[ 1000.949974][T15569] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 15: comm syz-executor: path /19/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[ 1000.974158][T15569] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /19/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0
[ 1000.996063][  T515] savu 0003:1E7D:2D5A.0055: item fetching failed at offset 2/5
[ 1000.996417][T15569] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 17: comm syz-executor: path /19/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[ 1001.003741][  T515] savu 0003:1E7D:2D5A.0055: parse failed
[ 1001.027512][T15569] EXT4-fs error (device loop1): ext4_map_blocks:607: inode #2: block 18: comm syz-executor: lblock 23 mapped to illegal pblock 18 (length 1)
[ 1001.030768][  T515] savu: probe of 0003:1E7D:2D5A.0055 failed with error -22
[ 1001.098375][T15794] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1001.105264][T15794] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1001.112348][T15794] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1001.119157][T15794] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1001.126451][   T19] usb 3-1: Using ep0 maxpacket: 32
[ 1001.138143][T15569] EXT4-fs (loop1): unmounting filesystem.
[ 1001.164257][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1001.172251][ T1824] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1001.179547][ T1824] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1001.208366][  T300] usb 1-1: USB disconnect, device number 50
[ 1001.229667][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1001.240287][ T1824] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1001.247177][ T1824] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1001.254414][   T19] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[ 1001.266269][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1001.274261][ T1824] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1001.281121][ T1824] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1001.288455][   T19] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[ 1001.299445][   T19] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[ 1001.308565][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1001.316122][   T19] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1001.324521][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1001.334880][   T19] usb 3-1: config 0 descriptor??
[ 1001.340114][T15804] loop3: detected capacity change from 0 to 40427
[ 1001.347752][T15804] F2FS-fs (loop3): Invalid Fs Meta Ino: node(0) meta(2) root(0)
[ 1001.355979][T15804] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[ 1001.364553][T15804] F2FS-fs (loop3): invalid crc value
[ 1001.369782][T15792] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1001.371024][T15804] F2FS-fs (loop3): Found nat_bits in checkpoint
[ 1001.382469][T15794] device veth0_vlan entered promiscuous mode
[ 1001.385738][   T19] hub 3-1:0.0: USB hub found
[ 1001.406077][  T444] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1001.414253][  T444] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1001.422958][  T444] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1001.425360][T15804] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[ 1001.430832][  T444] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1001.437625][T15804] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[ 1001.451099][T15794] device veth1_macvtap entered promiscuous mode
[ 1001.466203][T15357] syz-executor: attempt to access beyond end of device
[ 1001.466203][T15357] loop3: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[ 1001.480689][  T444] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1001.488428][  T444] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1001.496326][  T444] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1001.504267][  T444] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1001.512473][  T444] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1001.537344][  T444] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1001.553275][  T444] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1001.561569][  T444] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1001.570298][  T444] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1001.622081][T15806] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1001.629907][T15806] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1001.638813][   T28] audit: type=1400 audit(2000000073.869:1682): avc:  denied  { bind } for  pid=15815 comm="syz.3.3594" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 1001.639364][T15806] device bridge_slave_0 entered promiscuous mode
[ 1001.668342][T15806] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1001.675232][T15806] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1001.684524][T15806] device bridge_slave_1 entered promiscuous mode
[ 1001.685081][T15818] loop3: detected capacity change from 0 to 128
[ 1001.690824][   T19] hub 3-1:0.0: config failed, can't read hub descriptor (err -22)
[ 1001.699886][T15818] EXT4-fs (loop3): Test dummy encryption mode enabled
[ 1001.712138][T15818] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[ 1001.721194][T15818] ext4 filesystem being mounted at /25/mnt supports timestamps until 2038 (0x7fffffff)
[ 1001.786670][T15806] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1001.793579][T15806] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1001.800659][T15806] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1001.807438][T15806] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1001.817946][   T19] usbhid 3-1:0.0: can't add hid device: -71
[ 1001.824501][   T19] usbhid: probe of 3-1:0.0 failed with error -71
[ 1001.853110][  T515] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1001.860858][  T515] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1001.870648][T15357] EXT4-fs (loop3): unmounting filesystem.
[ 1001.879219][  T515] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1001.886472][   T60] usb 5-1: new high-speed USB device number 55 using dummy_hcd
[ 1001.886569][   T19] usb 3-1: USB disconnect, device number 53
[ 1001.916602][  T515] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1001.924623][  T515] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1001.931495][  T515] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1001.955278][  T515] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1001.963290][  T515] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1001.970144][  T515] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1001.977671][  T515] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1001.985566][  T515] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1002.006727][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1002.017808][T15806] device veth0_vlan entered promiscuous mode
[ 1002.026440][   T43] device bridge_slave_1 left promiscuous mode
[ 1002.032369][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1002.041644][   T43] device bridge_slave_0 left promiscuous mode
[ 1002.047696][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1002.055658][   T43] device veth1_macvtap left promiscuous mode
[ 1002.061491][   T43] device veth0_vlan left promiscuous mode
[ 1002.072252][T15822] loop0: detected capacity change from 0 to 40427
[ 1002.084673][T15822] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[ 1002.093807][T15822] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[ 1002.106339][T15822] F2FS-fs (loop0): invalid crc value
[ 1002.112993][T15822] F2FS-fs (loop0): Found nat_bits in checkpoint
[ 1002.136865][T15822] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[ 1002.143749][T15822] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[ 1002.154527][  T444] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1002.167830][T15806] device veth1_macvtap entered promiscuous mode
[ 1002.172040][T15822] syz.0.3596: attempt to access beyond end of device
[ 1002.172040][T15822] loop0: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[ 1002.176629][T15832] loop2: detected capacity change from 0 to 512
[ 1002.194045][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1002.205345][ T1824] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[ 1002.206192][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1002.220321][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1002.236882][  T444] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1002.245109][  T444] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1002.254063][T15832] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 1002.266333][T15832] ext4 filesystem being mounted at /8/file0 supports timestamps until 2038 (0x7fffffff)
[ 1002.309700][T15837] loop1: detected capacity change from 0 to 512
[ 1002.332172][   T60] usb 5-1: config 0 has no interfaces?
[ 1002.346755][T15837] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1002.357765][T15837] ext4 filesystem being mounted at /0/file0 supports timestamps until 2038 (0x7fffffff)
[ 1002.445245][ T1824] usb 4-1: Using ep0 maxpacket: 16
[ 1002.455279][   T60] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[ 1002.464131][   T60] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[ 1002.472284][   T60] usb 5-1: Manufacturer: syz
[ 1002.618355][T15845] EXT4-fs error (device loop1): ext4_search_dir:1548: inode #2: block 3: comm syz.1.3593: bad entry in directory: rec_len is smaller than minimal - offset=16444, inode=113, rec_len=0, size=2048 fake=0
[ 1002.638475][   T60] usb 5-1: config 0 descriptor??
[ 1002.669546][T15847] EXT4-fs error (device loop2): ext4_search_dir:1548: inode #2: block 3: comm syz.2.3599: bad entry in directory: rec_len is smaller than minimal - offset=16444, inode=113, rec_len=0, size=2048 fake=0
[ 1002.695337][ T1824] usb 4-1: config 0 has an invalid interface number: 2 but max is 0
[ 1002.709159][ T1824] usb 4-1: config 0 has no interface number 0
[ 1002.715404][ T1824] usb 4-1: config 0 interface 2 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024
[ 1002.845293][ T1824] usb 4-1: New USB device found, idVendor=0582, idProduct=0005, bcdDevice= 0.88
[ 1002.854227][ T1824] usb 4-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[ 1002.862667][ T1824] usb 4-1: Product: syz
[ 1002.866906][ T1824] usb 4-1: SerialNumber: syz
[ 1002.872109][ T1824] usb 4-1: config 0 descriptor??
[ 1002.890723][T15814] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1002.898959][T15826] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1002.899038][T15814] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1003.011695][T15757] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 3: comm syz-executor: path /8/file0: bad entry in directory: rec_len is smaller than minimal - offset=60, inode=113, rec_len=0, size=2048 fake=0
[ 1003.032550][T15757] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 12: comm syz-executor: path /8/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[ 1003.053537][T15757] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 13: comm syz-executor: path /8/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0
[ 1003.074804][T15757] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 14: comm syz-executor: path /8/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[ 1003.095305][   T60] usb 1-1: new high-speed USB device number 51 using dummy_hcd
[ 1003.096037][T15757] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 15: comm syz-executor: path /8/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[ 1003.124217][T15757] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /8/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0
[ 1003.145385][T15757] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 17: comm syz-executor: path /8/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[ 1003.166726][T15757] EXT4-fs error (device loop2): ext4_map_blocks:607: inode #2: block 18: comm syz-executor: lblock 23 mapped to illegal pblock 18 (length 1)
[ 1003.191924][T15806] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 3: comm syz-executor: path /0/file0: bad entry in directory: rec_len is smaller than minimal - offset=60, inode=113, rec_len=0, size=2048 fake=0
[ 1003.212548][T15806] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 12: comm syz-executor: path /0/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[ 1003.233767][T15806] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 13: comm syz-executor: path /0/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0
[ 1003.233924][ T1824] usb 4-1: invalid MIDI in EP 0
[ 1003.255843][T15806] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 14: comm syz-executor: path /0/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[ 1003.280260][T15806] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 15: comm syz-executor: path /0/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[ 1003.282637][ T1824] snd-usb-audio: probe of 4-1:0.2 failed with error -22
[ 1003.301207][T15806] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /0/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0
[ 1003.309555][ T1824] usb 4-1: USB disconnect, device number 38
[ 1003.333775][T15806] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 17: comm syz-executor: path /0/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[ 1003.338183][T10223] udevd[10223]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.2/sound/card0/controlC0/../uevent} for writing: No such file or directory
[ 1003.369777][T15806] EXT4-fs error (device loop1): ext4_map_blocks:607: inode #2: block 18: comm syz-executor: lblock 23 mapped to illegal pblock 18 (length 1)
[ 1003.373250][T15757] EXT4-fs (loop2): unmounting filesystem.
[ 1003.432966][  T444] usb 5-1: USB disconnect, device number 55
[ 1003.439630][   T60] usb 1-1: Using ep0 maxpacket: 32
[ 1003.450506][T15855] loop4: detected capacity change from 0 to 128
[ 1003.457392][T15855] EXT4-fs (loop4): Test dummy encryption mode enabled
[ 1003.470824][T15855] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[ 1003.479290][T15855] ext4 filesystem being mounted at /1/mnt supports timestamps until 2038 (0x7fffffff)
[ 1003.492117][T15806] EXT4-fs (loop1): unmounting filesystem.
[ 1003.526851][   T43] device bridge_slave_1 left promiscuous mode
[ 1003.532898][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1003.553371][   T43] device bridge_slave_0 left promiscuous mode
[ 1003.559443][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1003.572266][   T43] device veth1_macvtap left promiscuous mode
[ 1003.578346][   T43] device veth0_vlan left promiscuous mode
[ 1003.605300][   T60] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[ 1003.616424][   T60] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[ 1003.617357][T15794] EXT4-fs (loop4): unmounting filesystem.
[ 1003.627598][   T60] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[ 1003.644209][   T60] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1003.668691][   T60] usb 1-1: config 0 descriptor??
[ 1003.695239][T15852] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[ 1003.725751][   T60] hub 1-1:0.0: USB hub found
[ 1003.760559][T15857] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1003.767554][T15857] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1003.774683][T15857] device bridge_slave_0 entered promiscuous mode
[ 1003.782711][T15857] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1003.789606][T15857] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1003.796681][T15857] device bridge_slave_1 entered promiscuous mode
[ 1003.846065][T15861] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1003.852944][T15861] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1003.860376][T15861] device bridge_slave_0 entered promiscuous mode
[ 1003.870056][T15861] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1003.877049][T15861] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1003.884356][T15861] device bridge_slave_1 entered promiscuous mode
[ 1003.937621][T15857] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1003.944490][T15857] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1003.951604][T15857] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1003.958374][T15857] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1003.985205][   T60] hub 1-1:0.0: config failed, can't read hub descriptor (err -22)
[ 1003.996325][T15861] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1004.003155][T15861] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1004.010283][T15861] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1004.017062][T15861] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1004.028946][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1004.036291][ T1824] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1004.043368][ T1824] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1004.045226][   T24] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[ 1004.058569][ T1824] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1004.065966][ T1824] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1004.089473][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1004.097406][ T1824] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1004.104224][ T1824] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1004.105241][   T60] usbhid 1-1:0.0: can't add hid device: -71
[ 1004.111462][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1004.118638][   T60] usbhid: probe of 1-1:0.0 failed with error -71
[ 1004.125610][ T1824] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1004.137992][ T1824] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1004.159609][   T60] usb 1-1: USB disconnect, device number 51
[ 1004.165810][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1004.173760][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1004.181738][ T1824] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1004.188582][ T1824] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1004.195720][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1004.203529][ T1824] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1004.210289][ T1824] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1004.218325][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1004.226134][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1004.233840][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1004.241648][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1004.260281][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1004.271806][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1004.280706][  T727] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1004.288952][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1004.296302][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1004.304275][T15857] device veth0_vlan entered promiscuous mode
[ 1004.313738][T15861] device veth0_vlan entered promiscuous mode
[ 1004.323106][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1004.330926][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1004.338128][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1004.354587][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1004.364287][T15861] device veth1_macvtap entered promiscuous mode
[ 1004.371369][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1004.380361][T15857] device veth1_macvtap entered promiscuous mode
[ 1004.393759][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1004.404197][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1004.412379][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1004.424944][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1004.433317][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1004.467755][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1004.482044][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1004.501332][T15876] loop2: detected capacity change from 0 to 1024
[ 1004.508124][   T24] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1004.517219][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1004.530351][   T24] usb 4-1: config 0 descriptor??
[ 1004.536034][T15879] loop4: detected capacity change from 0 to 512
[ 1004.548094][T15876] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[ 1004.551148][T15879] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 1004.568709][T15879] ext4 filesystem being mounted at /3/file0 supports timestamps until 2038 (0x7fffffff)
[ 1004.587294][T15857] EXT4-fs (loop2): unmounting filesystem.
[ 1004.645925][   T43] device bridge_slave_1 left promiscuous mode
[ 1004.651938][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1004.659554][   T43] device bridge_slave_0 left promiscuous mode
[ 1004.665500][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1004.672955][   T43] device bridge_slave_1 left promiscuous mode
[ 1004.678937][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1004.686565][   T43] device bridge_slave_0 left promiscuous mode
[ 1004.692497][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1004.700698][   T43] device veth1_macvtap left promiscuous mode
[ 1004.724915][   T43] device veth0_vlan left promiscuous mode
[ 1004.730961][   T43] device veth1_macvtap left promiscuous mode
[ 1004.736972][   T43] device veth0_vlan left promiscuous mode
[ 1004.744295][T15892] EXT4-fs error (device loop4): ext4_search_dir:1548: inode #2: block 3: comm syz.4.3613: bad entry in directory: rec_len is smaller than minimal - offset=16444, inode=113, rec_len=0, size=2048 fake=0
[ 1004.805290][   T39] usb 2-1: new high-speed USB device number 61 using dummy_hcd
[ 1004.825251][   T60] usb 1-1: new high-speed USB device number 52 using dummy_hcd
[ 1005.025476][   T24] hid (null): bogus close delimiter
[ 1005.065430][   T39] usb 2-1: Using ep0 maxpacket: 16
[ 1005.195272][   T39] usb 2-1: config 0 has an invalid interface number: 2 but max is 0
[ 1005.203103][   T39] usb 2-1: config 0 has no interface number 0
[ 1005.209047][   T39] usb 2-1: config 0 interface 2 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[ 1005.218606][   T60] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[ 1005.229158][   T39] usb 2-1: config 0 interface 2 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[ 1005.238765][   T24] usb 4-1: string descriptor 0 read error: -22
[ 1005.244819][   T60] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1005.255554][   T60] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1005.265090][   T60] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1005.277913][   T60] usb 1-1: New USB device found, idVendor=057e, idProduct=2009, bcdDevice= 0.00
[ 1005.286708][   T60] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1005.294937][   T60] usb 1-1: config 0 descriptor??
[ 1005.355433][   T19] usb 3-1: new high-speed USB device number 54 using dummy_hcd
[ 1005.364518][T15794] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 3: comm syz-executor: path /3/file0: bad entry in directory: rec_len is smaller than minimal - offset=60, inode=113, rec_len=0, size=2048 fake=0
[ 1005.385701][T15794] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 12: comm syz-executor: path /3/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[ 1005.406729][T15794] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 13: comm syz-executor: path /3/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0
[ 1005.407026][   T39] usb 2-1: New USB device found, idVendor=0582, idProduct=0005, bcdDevice= 0.88
[ 1005.436951][T15794] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 14: comm syz-executor: path /3/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[ 1005.436970][   T39] usb 2-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[ 1005.436995][   T39] usb 2-1: Product: syz
[ 1005.469078][   T39] usb 2-1: SerialNumber: syz
[ 1005.469282][T15794] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 15: comm syz-executor: path /3/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[ 1005.474090][   T39] usb 2-1: config 0 descriptor??
[ 1005.495818][T15794] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /3/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0
[ 1005.519391][T15794] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 17: comm syz-executor: path /3/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[ 1005.540075][T15794] EXT4-fs error (device loop4): ext4_map_blocks:607: inode #2: block 18: comm syz-executor: lblock 23 mapped to illegal pblock 18 (length 1)
[ 1005.615375][   T19] usb 3-1: Using ep0 maxpacket: 32
[ 1005.622264][T15794] EXT4-fs (loop4): unmounting filesystem.
[ 1005.724096][T15902] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1005.731287][T15902] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1005.738371][   T19] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[ 1005.738820][T15902] device bridge_slave_0 entered promiscuous mode
[ 1005.749495][   T19] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[ 1005.759220][T15902] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1005.773819][   T19] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[ 1005.775854][T15902] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1005.786664][   T19] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1005.789864][   T60] nintendo 0003:057E:2009.0057: unknown main item tag 0x0
[ 1005.799361][T15902] device bridge_slave_1 entered promiscuous mode
[ 1005.805608][   T24] uclogic 0003:256C:006D.0056: failed retrieving string descriptor #100: -71
[ 1005.813084][   T19] usb 3-1: config 0 descriptor??
[ 1005.819472][   T60] nintendo 0003:057E:2009.0057: unknown main item tag 0x0
[ 1005.831123][   T24] uclogic 0003:256C:006D.0056: failed retrieving pen parameters: -71
[ 1005.835307][T15900] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22
[ 1005.839405][   T60] nintendo 0003:057E:2009.0057: item fetching failed at offset 2/5
[ 1005.854341][   T39] snd-usb-audio: probe of 2-1:0.2 failed with error -12
[ 1005.855777][   T19] hub 3-1:0.0: USB hub found
[ 1005.861181][   T24] uclogic 0003:256C:006D.0056: failed probing pen v1 parameters: -71
[ 1005.878706][   T39] usb 2-1: USB disconnect, device number 61
[ 1005.881502][  T911] udevd[911]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.2/sound/card0/controlC0/../uevent} for writing: No such file or directory
[ 1005.884949][   T24] uclogic 0003:256C:006D.0056: failed probing parameters: -71
[ 1005.907386][   T60] nintendo 0003:057E:2009.0057: HID parse failed
[ 1005.914195][   T24] uclogic: probe of 0003:256C:006D.0056 failed with error -71
[ 1005.914233][   T60] nintendo 0003:057E:2009.0057: probe - fail = -22
[ 1005.928401][   T60] nintendo: probe of 0003:057E:2009.0057 failed with error -22
[ 1005.938480][   T24] usb 4-1: USB disconnect, device number 39
[ 1005.981206][  T300] usb 1-1: USB disconnect, device number 52
[ 1006.000382][T15902] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1006.007988][T15902] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1006.014999][T15902] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1006.021831][T15902] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1006.041727][  T727] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1006.049306][  T727] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1006.056563][  T727] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1006.065084][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1006.073283][   T60] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1006.080159][   T60] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1006.097798][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1006.105770][ T1824] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1006.112590][ T1824] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1006.119977][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1006.128240][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1006.135899][   T19] hub 3-1:0.0: config failed, can't read hub descriptor (err -22)
[ 1006.155363][  T727] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1006.166048][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1006.173806][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1006.181122][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1006.190995][T15902] device veth0_vlan entered promiscuous mode
[ 1006.200665][  T727] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1006.209642][T15902] device veth1_macvtap entered promiscuous mode
[ 1006.219035][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1006.229078][  T727] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1006.237254][   T19] usbhid 3-1:0.0: can't add hid device: -71
[ 1006.243399][   T19] usbhid: probe of 3-1:0.0 failed with error -71
[ 1006.276733][   T19] usb 3-1: USB disconnect, device number 54
[ 1006.286203][   T43] device bridge_slave_1 left promiscuous mode
[ 1006.297956][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1006.308912][T15913] loop3: detected capacity change from 0 to 1024
[ 1006.317934][T15913] EXT4-fs: Ignoring removed nobh option
[ 1006.318719][T15911] loop1: detected capacity change from 0 to 1024
[ 1006.323761][   T43] device bridge_slave_0 left promiscuous mode
[ 1006.337144][T15913] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #11: comm syz.3.3623: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[ 1006.355697][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1006.358703][T15913] EXT4-fs error (device loop3): ext4_orphan_get:1401: comm syz.3.3623: couldn't read orphan inode 11 (err -117)
[ 1006.374869][T15913] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[ 1006.376497][T15911] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[ 1006.392138][   T43] device veth1_macvtap left promiscuous mode
[ 1006.400332][   T43] device veth0_vlan left promiscuous mode
[ 1006.416777][T15861] EXT4-fs (loop1): unmounting filesystem.
[ 1006.437623][T15918] loop1: detected capacity change from 0 to 1024
[ 1006.444820][T15918] EXT4-fs (loop1): Test dummy encryption mode enabled
[ 1006.454105][T15918] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1006.469195][   T28] audit: type=1400 audit(2000000078.699:1683): avc:  denied  { rename } for  pid=15917 comm="syz.1.3624" name=131377C5FC35D41454D5D41D29AD1A6029598146E6BE166E41AD0DBD4054033C9F33BBDA8224A2F3D772E7636E48B33CBF708372E8F1B9933EC5127743BE2206209EF02DF9CBF2F6E880D338 dev="loop1" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[ 1006.505774][T15861] EXT4-fs (loop1): unmounting filesystem.
[ 1006.522341][T15921] loop1: detected capacity change from 0 to 2048
[ 1006.535329][  T727] usb 5-1: new high-speed USB device number 56 using dummy_hcd
[ 1006.538887][T15921] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[ 1006.567139][T15861] EXT4-fs (loop1): unmounting filesystem.
[ 1006.646272][T15932] loop2: detected capacity change from 0 to 512
[ 1006.656819][T15932] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 1006.665603][T15932] ext4 filesystem being mounted at /6/file0 supports timestamps until 2038 (0x7fffffff)
[ 1006.714144][   T60] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[ 1006.752226][T15936] loop1: detected capacity change from 0 to 128
[ 1006.758888][T15936] EXT4-fs (loop1): Test dummy encryption mode enabled
[ 1006.766573][T15936] ext4 filesystem being mounted at /5/mnt supports timestamps until 2038 (0x7fffffff)
[ 1006.785193][  T727] usb 5-1: Using ep0 maxpacket: 32
[ 1006.839923][T15941] loop1: detected capacity change from 0 to 512
[ 1006.848821][T15942] EXT4-fs error (device loop2): ext4_search_dir:1548: inode #2: block 3: comm syz.2.3629: bad entry in directory: rec_len is smaller than minimal - offset=16444, inode=113, rec_len=0, size=2048 fake=0
[ 1006.874791][T15941] EXT4-fs (loop1): Test dummy encryption mode enabled
[ 1006.875210][   T24] usb 1-1: new high-speed USB device number 53 using dummy_hcd
[ 1006.892037][T15941] EXT4-fs (loop1): 1 truncate cleaned up
[ 1006.905295][  T727] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[ 1006.925293][  T727] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[ 1006.937599][T15861] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 13: comm syz-executor: path /6/bus: bad entry in directory: rec_len % 4 != 0 - offset=92, inode=0, rec_len=127, size=1024 fake=0
[ 1006.957042][  T727] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[ 1006.966069][  T727] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1006.974735][T15861] EXT4-fs error (device loop1): ext4_validate_block_bitmap:429: comm syz-executor: bg 0: block 7: invalid block bitmap
[ 1006.990692][  T727] usb 5-1: config 0 descriptor??
[ 1006.996382][T15861] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6173: Corrupt filesystem
[ 1007.006082][T15861] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 13: comm syz-executor: path /6/bus/file0: bad entry in directory: rec_len % 4 != 0 - offset=92, inode=0, rec_len=127, size=1024 fake=0
[ 1007.025654][T15909] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1007.045617][  T727] hub 5-1:0.0: USB hub found
[ 1007.125294][   T60] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1007.142016][   T60] usb 4-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d
[ 1007.153243][   T60] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1007.170768][   T60] usb 4-1: config 0 descriptor??
[ 1007.255876][   T24] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1007.281024][T15945] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1007.287944][T15945] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1007.295014][T15945] device bridge_slave_0 entered promiscuous mode
[ 1007.301831][T15945] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1007.308742][  T727] hub 5-1:0.0: config failed, can't read hub descriptor (err -22)
[ 1007.309213][T15945] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1007.323716][T15945] device bridge_slave_1 entered promiscuous mode
[ 1007.365122][T15945] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1007.372006][T15945] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1007.379124][T15945] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1007.385897][T15945] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1007.406081][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1007.413398][   T39] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1007.420933][   T39] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1007.425241][  T727] usbhid 5-1:0.0: can't add hid device: -71
[ 1007.433611][  T727] usbhid: probe of 5-1:0.0 failed with error -71
[ 1007.445349][   T24] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1007.454317][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1007.463140][   T24] usb 1-1: Product: syz
[ 1007.463321][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1007.467272][   T60] usb 4-1: string descriptor 0 read error: -71
[ 1007.476757][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1007.488657][   T24] usb 1-1: Manufacturer: syz
[ 1007.489213][  T727] usb 5-1: USB disconnect, device number 56
[ 1007.502509][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1007.503195][   T24] usb 1-1: SerialNumber: syz
[ 1007.509939][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1007.514273][   T60] usb 4-1: Found UVC 0.00 device <unnamed> (046d:08c1)
[ 1007.528194][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1007.536950][ T1824] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1007.537834][   T60] usb 4-1: No valid video chain found.
[ 1007.543802][ T1824] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1007.556768][T15857] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 3: comm syz-executor: path /6/file0: bad entry in directory: rec_len is smaller than minimal - offset=60, inode=113, rec_len=0, size=2048 fake=0
[ 1007.560824][   T60] usb 4-1: USB disconnect, device number 40
[ 1007.578154][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1007.591509][ T1824] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1007.594027][T15857] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 12: comm syz-executor: path /6/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[ 1007.598537][ T1824] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1007.598929][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1007.619851][T15857] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 13: comm syz-executor: path /6/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0
[ 1007.626692][ T1824] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1007.633956][T15857] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 14: comm syz-executor: path /6/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[ 1007.662821][T15945] device veth0_vlan entered promiscuous mode
[ 1007.682765][T15857] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 15: comm syz-executor: path /6/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[ 1007.708656][T15857] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /6/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0
[ 1007.729872][T15857] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 17: comm syz-executor: path /6/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[ 1007.750653][T15857] EXT4-fs error (device loop2): ext4_map_blocks:607: inode #2: block 18: comm syz-executor: lblock 23 mapped to illegal pblock 18 (length 1)
[ 1007.774506][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1007.782652][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1007.793836][T15945] device veth1_macvtap entered promiscuous mode
[ 1007.808970][  T727] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1007.817694][  T727] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1007.826174][  T727] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1007.830689][   T28] audit: type=1400 audit(2000000080.059:1684): avc:  denied  { bind } for  pid=15952 comm="syz.4.3637" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[ 1007.860386][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1007.878875][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1007.946256][   T43] device bridge_slave_1 left promiscuous mode
[ 1007.952357][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1007.961284][T15958] kvm [15957]: vcpu0, guest rIP: 0x1b disabled perfctr wrmsr: 0xc1 data 0xd
[ 1007.961404][   T43] device bridge_slave_0 left promiscuous mode
[ 1007.976850][T15958] kvm [15957]: vcpu0, guest rIP: 0x1d disabled perfctr wrmsr: 0xc1 data 0xd
[ 1007.980928][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1008.002726][   T43] device veth1_macvtap left promiscuous mode
[ 1008.010696][   T43] device veth0_vlan left promiscuous mode
[ 1008.114452][T15960] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1008.121358][T15960] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1008.129173][T15960] device bridge_slave_0 entered promiscuous mode
[ 1008.136145][T15960] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1008.142983][T15960] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1008.150501][T15960] device bridge_slave_1 entered promiscuous mode
[ 1008.165195][   T60] usb 5-1: new high-speed USB device number 57 using dummy_hcd
[ 1008.237523][T15960] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1008.244399][T15960] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1008.251512][T15960] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1008.258288][T15960] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1008.275227][   T39] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[ 1008.298272][  T727] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1008.305885][  T727] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1008.312999][  T727] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1008.329164][  T727] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1008.337241][  T727] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1008.344085][  T727] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1008.351697][  T727] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1008.359726][  T727] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1008.366576][  T727] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1008.387698][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1008.396058][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1008.403850][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1008.416198][T15960] device veth0_vlan entered promiscuous mode
[ 1008.423736][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1008.432749][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1008.435184][   T60] usb 5-1: Using ep0 maxpacket: 32
[ 1008.440301][  T300] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1008.463274][T15960] device veth1_macvtap entered promiscuous mode
[ 1008.471498][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1008.483586][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1008.499627][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1008.545370][   T39] usb 4-1: Using ep0 maxpacket: 16
[ 1008.575586][   T60] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[ 1008.586669][   T60] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[ 1008.597862][   T60] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[ 1008.606791][   T60] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1008.615873][   T60] usb 5-1: config 0 descriptor??
[ 1008.635257][T15955] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1008.655709][   T60] hub 5-1:0.0: USB hub found
[ 1008.675253][   T24] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 1008.681516][   T24] cdc_ncm 1-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 1008.688857][   T24] cdc_ncm 1-1:1.0: setting rx_max = 2048
[ 1008.695272][   T39] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1008.706027][   T39] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1008.715583][   T39] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1008.728272][   T39] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1008.737145][   T39] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1008.745476][   T39] usb 4-1: config 0 descriptor??
[ 1008.806050][  T444] usb 3-1: new high-speed USB device number 55 using dummy_hcd
[ 1008.907074][T15975] loop1: detected capacity change from 0 to 512
[ 1008.917429][T15975] ext4 filesystem being mounted at /2/file0 supports timestamps until 2038 (0x7fffffff)
[ 1008.927425][   T60] hub 5-1:0.0: config failed, can't read hub descriptor (err -22)
[ 1008.964772][   T43] device bridge_slave_1 left promiscuous mode
[ 1008.970821][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1008.978330][   T43] device bridge_slave_0 left promiscuous mode
[ 1008.984312][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1008.991745][   T43] device veth1_macvtap left promiscuous mode
[ 1008.997787][   T43] device veth0_vlan left promiscuous mode
[ 1009.055257][   T60] usbhid 5-1:0.0: can't add hid device: -71
[ 1009.061167][  T444] usb 3-1: Using ep0 maxpacket: 16
[ 1009.066731][   T60] usbhid: probe of 5-1:0.0 failed with error -71
[ 1009.110705][T15980] EXT4-fs error (device loop1): ext4_search_dir:1548: inode #2: block 3: comm syz.1.3643: bad entry in directory: rec_len is smaller than minimal - offset=16444, inode=113, rec_len=0, size=2048 fake=0
[ 1009.195571][   T24] cdc_ncm 1-1:1.0: setting tx_max = 88
[ 1009.220691][   T60] usb 5-1: USB disconnect, device number 57
[ 1009.228246][   T24] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 1009.240230][  T444] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1009.253804][   T39] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.0058/input/input57
[ 1009.266320][  T444] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8
[ 1009.278218][   T24] usb 1-1: USB disconnect, device number 53
[ 1009.284561][   T28] audit: type=1400 audit(2000000081.509:1685): avc:  denied  { read } for  pid=141 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1
[ 1009.290293][   T24] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
[ 1009.320053][  T444] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[ 1009.342124][   T28] audit: type=1400 audit(2000000081.539:1686): avc:  denied  { search } for  pid=141 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 1009.367308][  T444] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1009.385443][  T444] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1009.403817][   T28] audit: type=1400 audit(2000000081.539:1687): avc:  denied  { read } for  pid=141 comm="dhcpcd" name="n19" dev="tmpfs" ino=28707 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 1009.425996][T15972] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22
[ 1009.425999][   T28] audit: type=1400 audit(2000000081.539:1688): avc:  denied  { open } for  pid=141 comm="dhcpcd" path="/run/udev/data/n19" dev="tmpfs" ino=28707 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 1009.426023][   T28] audit: type=1400 audit(2000000081.539:1689): avc:  denied  { getattr } for  pid=141 comm="dhcpcd" path="/run/udev/data/n19" dev="tmpfs" ino=28707 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 1009.465582][  T444] cdc_acm 3-1:1.0: Control and data interfaces are not separated!
[ 1009.487615][   T28] audit: type=1400 audit(2000000081.559:1690): avc:  denied  { read } for  pid=15983 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=299 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 1009.518802][T15996] loop4: detected capacity change from 0 to 128
[ 1009.524980][   T28] audit: type=1400 audit(2000000081.559:1691): avc:  denied  { open } for  pid=15983 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=299 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 1009.542821][   T39] microsoft 0003:045E:07DA.0058: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0
[ 1009.559154][   T28] audit: type=1400 audit(2000000081.559:1692): avc:  denied  { getattr } for  pid=15983 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=299 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 1009.569518][   T39] usb 4-1: USB disconnect, device number 41
[ 1009.586679][T15996] EXT4-fs (loop4): Test dummy encryption mode enabled
[ 1009.613280][   T39] ==================================================================
[ 1009.621173][   T39] BUG: KASAN: use-after-free in __list_del_entry_valid+0xa6/0x130
[ 1009.623759][T15996] ext4 filesystem being mounted at /4/mnt supports timestamps until 2038 (0x7fffffff)
[ 1009.629241][   T39] Read of size 8 at addr ffff888109e26cf0 by task kworker/1:1/39
[ 1009.629261][   T39] 
[ 1009.629266][   T39] CPU: 1 PID: 39 Comm: kworker/1:1 Not tainted 6.1.99-syzkaller-00007-g19e119d2d0fe #0
[ 1009.629286][   T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1009.629298][   T39] Workqueue: usb_hub_wq hub_event
[ 1009.672554][   T39] Call Trace:
[ 1009.675679][   T39]  <TASK>
[ 1009.678455][   T39]  dump_stack_lvl+0x151/0x1b7
[ 1009.682971][   T39]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 1009.688266][   T39]  ? _printk+0xd1/0x111
[ 1009.692256][   T39]  ? __virt_addr_valid+0x242/0x2f0
[ 1009.697205][   T39]  print_report+0x158/0x4e0
[ 1009.701543][   T39]  ? __virt_addr_valid+0x242/0x2f0
[ 1009.706491][   T39]  ? kasan_complete_mode_report_info+0x90/0x1b0
[ 1009.712574][   T39]  ? __list_del_entry_valid+0xa6/0x130
[ 1009.717862][   T39]  kasan_report+0x13c/0x170
[ 1009.722196][   T39]  ? __list_del_entry_valid+0xa6/0x130
[ 1009.727493][   T39]  __asan_report_load8_noabort+0x14/0x20
[ 1009.732962][   T39]  __list_del_entry_valid+0xa6/0x130
[ 1009.738078][   T39]  try_to_grab_pending+0x3ea/0x5d0
[ 1009.743025][   T39]  ? mod_delayed_work_on+0x190/0x190
[ 1009.748144][   T39]  ? rwsem_mark_wake+0x136/0x770
[ 1009.752920][   T39]  ? __kasan_check_write+0x14/0x20
[ 1009.757870][   T39]  ? _raw_spin_lock_irqsave+0xf9/0x210
[ 1009.763159][   T39]  __cancel_work_timer+0x132/0x630
[ 1009.768114][   T39]  ? __kasan_check_write+0x14/0x20
[ 1009.773054][   T39]  ? wake_up_q+0x11c/0x1d0
[ 1009.777309][   T39]  ? cancel_work_sync+0x20/0x20
[ 1009.781994][   T39]  ? rwsem_spin_on_owner+0x4a0/0x4a0
[ 1009.787116][   T39]  ? __kasan_slab_free+0x11/0x20
[ 1009.791974][   T39]  ? kernfs_put+0x392/0x520
[ 1009.796317][   T39]  cancel_delayed_work_sync+0x1a/0x20
[ 1009.801521][   T39]  power_supply_unregister+0x8e/0x130
[ 1009.806736][   T39]  hidinput_disconnect+0x7b/0x310
[ 1009.811590][   T39]  ? sysfs_remove_file_ns+0x64/0x70
[ 1009.816624][   T39]  hid_hw_stop+0x76/0x1e0
[ 1009.820790][   T39]  ms_remove+0x23/0xa0
[ 1009.824695][   T39]  ? ms_probe+0x460/0x460
[ 1009.828862][   T39]  hid_device_remove+0x250/0x370
[ 1009.833640][   T39]  ? hid_device_probe+0x3a0/0x3a0
[ 1009.838495][   T39]  device_release_driver_internal+0x4db/0x870
[ 1009.844397][   T39]  device_release_driver+0x19/0x20
[ 1009.849349][   T39]  bus_remove_device+0x2fa/0x360
[ 1009.854117][   T39]  device_del+0x663/0xe90
[ 1009.858285][   T39]  ? kill_device+0xd0/0xd0
[ 1009.862535][   T39]  ? __kasan_check_write+0x14/0x20
[ 1009.867484][   T39]  ? _raw_spin_lock_irq+0xa5/0x1b0
[ 1009.872430][   T39]  ? _raw_spin_lock_irqsave+0x210/0x210
[ 1009.877836][   T39]  hid_destroy_device+0x68/0x110
[ 1009.882585][   T39]  usbhid_disconnect+0x9e/0xc0
[ 1009.887185][   T39]  usb_unbind_interface+0x1fa/0x8c0
[ 1009.892219][   T39]  ? sysfs_remove_groups+0x91/0xb0
[ 1009.897165][   T39]  ? usb_driver_release_interface+0x1b0/0x1b0
[ 1009.903072][   T39]  device_release_driver_internal+0x53e/0x870
[ 1009.908968][   T39]  device_release_driver+0x19/0x20
[ 1009.913916][   T39]  bus_remove_device+0x2fa/0x360
[ 1009.918690][   T39]  device_del+0x663/0xe90
[ 1009.922855][   T39]  ? kill_device+0xd0/0xd0
[ 1009.927106][   T39]  ? device_unregister+0x27/0x40
[ 1009.931880][   T39]  usb_disable_device+0x380/0x720
[ 1009.936754][   T39]  usb_disconnect+0x32a/0x890
[ 1009.941255][   T39]  hub_event+0x1ed8/0x4830
[ 1009.945513][   T39]  ? led_work+0x590/0x590
[ 1009.949673][   T39]  ? _raw_spin_unlock+0x4c/0x70
[ 1009.954360][   T39]  ? __kasan_check_write+0x14/0x20
[ 1009.959306][   T39]  ? _raw_spin_lock_irq+0xa5/0x1b0
[ 1009.964255][   T39]  ? __kasan_check_read+0x11/0x20
[ 1009.969114][   T39]  ? read_word_at_a_time+0x12/0x20
[ 1009.974071][   T39]  ? strscpy+0x9c/0x260
[ 1009.978054][   T39]  process_one_work+0x73d/0xcb0
[ 1009.982752][   T39]  worker_thread+0xd71/0x1260
[ 1009.987259][   T39]  kthread+0x26d/0x300
[ 1009.991159][   T39]  ? worker_clr_flags+0x1a0/0x1a0
[ 1009.996022][   T39]  ? kthread_blkcg+0xd0/0xd0
[ 1010.000449][   T39]  ret_from_fork+0x1f/0x30
[ 1010.004704][   T39]  </TASK>
[ 1010.007565][   T39] 
[ 1010.009750][   T39] Allocated by task 24:
[ 1010.013727][   T39]  kasan_set_track+0x4b/0x70
[ 1010.018151][   T39]  kasan_save_alloc_info+0x1f/0x30
[ 1010.023276][   T39]  __kasan_kmalloc+0x9c/0xb0
[ 1010.027704][   T39]  __kmalloc_node+0xb4/0x1e0
[ 1010.032124][   T39]  kvmalloc_node+0x221/0x640
[ 1010.036550][   T39]  alloc_netdev_mqs+0x8c/0xf90
[ 1010.041151][   T39]  alloc_etherdev_mqs+0x36/0x40
[ 1010.045837][   T39]  usbnet_probe+0x207/0x27c0
[ 1010.050263][   T39]  usb_probe_interface+0x5b6/0xa90
[ 1010.055211][   T39]  really_probe+0x2b8/0x920
[ 1010.059552][   T39]  __driver_probe_device+0x1a0/0x310
[ 1010.064671][   T39]  driver_probe_device+0x54/0x3d0
[ 1010.069530][   T39]  __device_attach_driver+0x2e3/0x490
[ 1010.074740][   T39]  bus_for_each_drv+0x183/0x200
[ 1010.079425][   T39]  __device_attach+0x312/0x510
[ 1010.084025][   T39]  device_initial_probe+0x1a/0x20
[ 1010.088886][   T39]  bus_probe_device+0xbe/0x1e0
[ 1010.093485][   T39]  device_add+0xb60/0xf10
[ 1010.097654][   T39]  usb_set_configuration+0x190f/0x1e80
[ 1010.102946][   T39]  usb_generic_driver_probe+0x8b/0x150
[ 1010.108241][   T39]  usb_probe_device+0x144/0x260
[ 1010.112927][   T39]  really_probe+0x2b8/0x920
[ 1010.117266][   T39]  __driver_probe_device+0x1a0/0x310
[ 1010.122391][   T39]  driver_probe_device+0x54/0x3d0
[ 1010.127247][   T39]  __device_attach_driver+0x2e3/0x490
[ 1010.132457][   T39]  bus_for_each_drv+0x183/0x200
[ 1010.137142][   T39]  __device_attach+0x312/0x510
[ 1010.141743][   T39]  device_initial_probe+0x1a/0x20
[ 1010.146602][   T39]  bus_probe_device+0xbe/0x1e0
[ 1010.151203][   T39]  device_add+0xb60/0xf10
[ 1010.155369][   T39]  usb_new_device+0xf2f/0x1820
[ 1010.159966][   T39]  hub_event+0x2db1/0x4830
[ 1010.164222][   T39]  process_one_work+0x73d/0xcb0
[ 1010.168908][   T39]  worker_thread+0xa60/0x1260
[ 1010.173420][   T39]  kthread+0x26d/0x300
[ 1010.177325][   T39]  ret_from_fork+0x1f/0x30
[ 1010.181580][   T39] 
[ 1010.183750][   T39] Freed by task 24:
[ 1010.187395][   T39]  kasan_set_track+0x4b/0x70
[ 1010.191820][   T39]  kasan_save_free_info+0x2b/0x40
[ 1010.196681][   T39]  ____kasan_slab_free+0x131/0x180
[ 1010.201628][   T39]  __kasan_slab_free+0x11/0x20
[ 1010.206228][   T39]  __kmem_cache_free+0x218/0x3b0
[ 1010.211000][   T39]  kfree+0x7a/0xf0
[ 1010.214560][   T39]  kvfree+0x35/0x40
[ 1010.218206][   T39]  netdev_freemem+0x3f/0x60
[ 1010.222544][   T39]  netdev_release+0x7f/0xb0
[ 1010.226884][   T39]  device_release+0x95/0x1c0
[ 1010.231310][   T39]  kobject_put+0x178/0x260
[ 1010.235563][   T39]  put_device+0x1f/0x30
[ 1010.239556][   T39]  free_netdev+0x393/0x480
[ 1010.243808][   T39]  usbnet_disconnect+0x245/0x390
[ 1010.248581][   T39]  usb_unbind_interface+0x1fa/0x8c0
[ 1010.253617][   T39]  device_release_driver_internal+0x53e/0x870
[ 1010.259517][   T39]  device_release_driver+0x19/0x20
[ 1010.264466][   T39]  bus_remove_device+0x2fa/0x360
[ 1010.269238][   T39]  device_del+0x663/0xe90
[ 1010.273404][   T39]  usb_disable_device+0x380/0x720
[ 1010.278291][   T39]  usb_disconnect+0x32a/0x890
[ 1010.282778][   T39]  hub_event+0x1ed8/0x4830
[ 1010.287032][   T39]  process_one_work+0x73d/0xcb0
[ 1010.291717][   T39]  worker_thread+0xd71/0x1260
[ 1010.296230][   T39]  kthread+0x26d/0x300
[ 1010.300137][   T39]  ret_from_fork+0x1f/0x30
[ 1010.304389][   T39] 
[ 1010.306558][   T39] Last potentially related work creation:
[ 1010.312114][   T39]  kasan_save_stack+0x3b/0x60
[ 1010.316627][   T39]  __kasan_record_aux_stack+0xb4/0xc0
[ 1010.321836][   T39]  kasan_record_aux_stack_noalloc+0xb/0x10
[ 1010.327476][   T39]  insert_work+0x56/0x310
[ 1010.331642][   T39]  __queue_work+0x9b6/0xd70
[ 1010.335981][   T39]  queue_work_on+0x105/0x170
[ 1010.340407][   T39]  usbnet_link_change+0xeb/0x100
[ 1010.345180][   T39]  usbnet_probe+0x1dbe/0x27c0
[ 1010.349695][   T39]  usb_probe_interface+0x5b6/0xa90
[ 1010.354647][   T39]  really_probe+0x2b8/0x920
[ 1010.358982][   T39]  __driver_probe_device+0x1a0/0x310
[ 1010.364102][   T39]  driver_probe_device+0x54/0x3d0
[ 1010.368963][   T39]  __device_attach_driver+0x2e3/0x490
[ 1010.374169][   T39]  bus_for_each_drv+0x183/0x200
[ 1010.378856][   T39]  __device_attach+0x312/0x510
[ 1010.383456][   T39]  device_initial_probe+0x1a/0x20
[ 1010.388317][   T39]  bus_probe_device+0xbe/0x1e0
[ 1010.392916][   T39]  device_add+0xb60/0xf10
[ 1010.397083][   T39]  usb_set_configuration+0x190f/0x1e80
[ 1010.402377][   T39]  usb_generic_driver_probe+0x8b/0x150
[ 1010.407672][   T39]  usb_probe_device+0x144/0x260
[ 1010.412357][   T39]  really_probe+0x2b8/0x920
[ 1010.416702][   T39]  __driver_probe_device+0x1a0/0x310
[ 1010.421818][   T39]  driver_probe_device+0x54/0x3d0
[ 1010.426677][   T39]  __device_attach_driver+0x2e3/0x490
[ 1010.431887][   T39]  bus_for_each_drv+0x183/0x200
[ 1010.436580][   T39]  __device_attach+0x312/0x510
[ 1010.441173][   T39]  device_initial_probe+0x1a/0x20
[ 1010.446032][   T39]  bus_probe_device+0xbe/0x1e0
[ 1010.450632][   T39]  device_add+0xb60/0xf10
[ 1010.454797][   T39]  usb_new_device+0xf2f/0x1820
[ 1010.459397][   T39]  hub_event+0x2db1/0x4830
[ 1010.463653][   T39]  process_one_work+0x73d/0xcb0
[ 1010.468337][   T39]  worker_thread+0xa60/0x1260
[ 1010.472851][   T39]  kthread+0x26d/0x300
[ 1010.476757][   T39]  ret_from_fork+0x1f/0x30
[ 1010.481009][   T39] 
[ 1010.483178][   T39] The buggy address belongs to the object at ffff888109e26000
[ 1010.483178][   T39]  which belongs to the cache kmalloc-4k of size 4096
[ 1010.497066][   T39] The buggy address is located 3312 bytes inside of
[ 1010.497066][   T39]  4096-byte region [ffff888109e26000, ffff888109e27000)
[ 1010.510347][   T39] 
[ 1010.512515][   T39] The buggy address belongs to the physical page:
[ 1010.518777][   T39] page:ffffea0004278800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109e20
[ 1010.528834][   T39] head:ffffea0004278800 order:3 compound_mapcount:0 compound_pincount:0
[ 1010.536990][   T39] flags: 0x4000000000010200(slab|head|zone=1)
[ 1010.542985][   T39] raw: 4000000000010200 dead000000000100 dead000000000122 ffff888100043380
[ 1010.551402][   T39] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
[ 1010.559817][   T39] page dumped because: kasan: bad access detected
[ 1010.566071][   T39] page_owner tracks the page as allocated
[ 1010.571620][   T39] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 12234, tgid 12234 (syz-executor), ts 782761508311, free_ts 777611011284
[ 1010.594534][   T39]  post_alloc_hook+0x213/0x220
[ 1010.599132][   T39]  prep_new_page+0x1b/0x110
[ 1010.603470][   T39]  get_page_from_freelist+0x27ea/0x2870
[ 1010.608853][   T39]  __alloc_pages+0x3a1/0x780
[ 1010.613280][   T39]  alloc_slab_page+0x6c/0xf0
[ 1010.617706][   T39]  new_slab+0x90/0x3e0
[ 1010.621613][   T39]  ___slab_alloc+0x6f9/0xb80
[ 1010.626040][   T39]  __slab_alloc+0x5d/0xa0
[ 1010.630204][   T39]  __kmem_cache_alloc_node+0x1af/0x250
[ 1010.635502][   T39]  kmalloc_trace+0x2a/0xa0
[ 1010.639750][   T39]  kobject_uevent_env+0x262/0x720
[ 1010.644611][   T39]  kobject_uevent+0x1f/0x30
[ 1010.648951][   T39]  net_rx_queue_update_kobjects+0x239/0x4a0
[ 1010.654682][   T39]  netdev_register_kobject+0x231/0x320
[ 1010.659974][   T39]  register_netdevice+0xe43/0x1490
[ 1010.664920][   T39]  veth_newlink+0x7fc/0xc70
[ 1010.669261][   T39] page last free stack trace:
[ 1010.673778][   T39]  free_unref_page_prepare+0x83d/0x850
[ 1010.679067][   T39]  free_unref_page+0xb2/0x5c0
[ 1010.683670][   T39]  __free_pages+0x61/0xf0
[ 1010.687833][   T39]  __free_slab+0xce/0x1a0
[ 1010.692016][   T39]  __unfreeze_partials+0x165/0x1a0
[ 1010.696948][   T39]  put_cpu_partial+0xa9/0x100
[ 1010.701462][   T39]  __slab_free+0x1c8/0x280
[ 1010.705713][   T39]  ___cache_free+0xc6/0xd0
[ 1010.709965][   T39]  qlist_free_all+0xc5/0x140
[ 1010.714391][   T39]  kasan_quarantine_reduce+0x15a/0x180
[ 1010.719685][   T39]  __kasan_slab_alloc+0x24/0x80
[ 1010.724372][   T39]  slab_post_alloc_hook+0x53/0x2c0
[ 1010.729319][   T39]  __kmem_cache_alloc_node+0x191/0x250
[ 1010.734699][   T39]  kmalloc_trace+0x2a/0xa0
[ 1010.738955][   T39]  kobject_uevent_env+0x262/0x720
[ 1010.743815][   T39]  kobject_uevent+0x1f/0x30
[ 1010.748155][   T39] 
[ 1010.750324][   T39] Memory state around the buggy address:
[ 1010.755793][   T39]  ffff888109e26b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1010.763692][   T39]  ffff888109e26c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1010.771590][   T39] >ffff888109e26c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1010.779484][   T39]                                                              ^
[ 1010.787037][   T39]  ffff888109e26d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1010.794936][   T39]  ffff888109e26d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1010.802838][   T39] ==================================================================
[ 1010.810731][   T39] Disabling lock debugging due to kernel taint
[ 1010.848561][T15945] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 3: comm syz-executor: path /2/file0: bad entry in directory: rec_len is smaller than minimal - offset=60, inode=113, rec_len=0, size=2048 fake=0
[ 1010.870972][  T444] cdc_acm 3-1:1.0: ttyACM0: USB ACM device
[ 1010.871412][T15945] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 12: comm syz-executor: path /2/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[ 1010.879168][  T444] usb 3-1: USB disconnect, device number 55
[ 1010.901107][T15945] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 13: comm syz-executor: path /2/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0
[ 1010.931506][T15945] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 14: comm syz-executor: path /2/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[ 1010.951880][T15945] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 15: comm syz-executor: path /2/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[ 1010.973286][T15945] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /2/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0
[ 1010.994504][T15945] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 17: comm syz-executor: path /2/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[ 1011.014997][T15945] EXT4-fs error (device loop1): ext4_map_blocks:607: inode #2: block 18: comm syz-executor: lblock 23 mapped to illegal pblock 18 (length 1)
[ 1011.545822][T11919] device bridge_slave_1 left promiscuous mode
[ 1011.551782][T11919] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1011.559403][T11919] device bridge_slave_0 left promiscuous mode
[ 1011.566737][T11919] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1011.574957][T11919] device veth1_macvtap left promiscuous mode
[ 1011.581094][T11919] device veth0_vlan left promiscuous mode