last executing test programs:

3.321980568s ago: executing program 2 (id=1447):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10)
r2 = open(&(0x7f0000000100)='./bus\x00', 0x141042, 0x0)
pwritev(r2, &(0x7f0000000200)=[{&(0x7f0000000080)='\a', 0x1}], 0x1, 0x0, 0x0)
fallocate(r2, 0x20, 0x0, 0xfffffeff000)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x3, 0xc, &(0x7f0000000840)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES64=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f00000003c0)='syzkaller\x00', 0x27, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x36, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r3}, 0x10)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0x10, 0x4, 0x7, 0x7f, 0x18a, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0xffffffff, 0x1}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000900)=@framed={{0x18, 0x3}, [@map_fd={0x18, 0x2, 0x1, 0x0, r5}, @call={0x85, 0x0, 0x0, 0x1b}]}, &(0x7f0000000000)='GPL\x00'}, 0x80)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
pipe(&(0x7f0000000000)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
splice(r7, 0x0, r9, 0x0, 0xf3a, 0x0)
tee(r8, r4, 0x80000001, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setreuid(0xee00, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./bus\x00', 0x1010000, &(0x7f00000005c0)=ANY=[@ANYBLOB="6e6f6e756d7461696c3d302c696f636861727365743d63703837342c726f6469720000000000ff746e695f786c6174653d302c755466383d302c636f6465706167653d3835302c6e66733d6eef7374616c655f726f2c73686f72746e616d651e77696e6e742c73686f72546e616d653d6c6f7765722c73686f72746e616d653d77696e39352c636865636b3d7200000000010000006f6e756d7461696c3d302c73686f72467351c4e0d5f973746e616d653d6d697865642c696f636861727365743d69736f383835392d362d616c6c6f775f7574696d653d30303030303030303030303030303030303030303737372c0032430ca03e60532ef86b0a9222c8599ca7a085d00d3529cc645673c171bc14b4466b7e68b8b2867f1aae1b157a1dda8f5571fd7758e957f51b9b2556454c6b28c440eca523b3ece936d6f9ce8232095a49c4648cd7dfe19669fc12560b21d77af9c9e4de610283486b0a4b54c90d602daee6152d39400c9484877458a5f59e6e5d1de8dd7ab4543873f463b5a7a7efe9fe9979a18cdd7099596bae9d241e05999532b0797db3f5d81526273165dcb2eb211ab900fc9644b8064b7319e2cf5d85c2ad776a958259864dd81275f5c23074794b261e9b5ce9b71e24a0abc354efcbc86e30120c6f890bf54076cce959febe5a2268a185fcd9099b0cdf50136b6e0a72afb12a8403d0772a8d8a8045ed9e04b85057934f60efcde687d0a137b39d7976446c6cb52d15311e4cf5b644616f1d84047cc0310b7438d84dc598fa4f8a7e622823011bb7bda69089a02824fc0415156580e652704276b489abbe49789945b004bfb8bb02217e46d945b9b6d400"/634], 0x1, 0x363, &(0x7f0000001a40)="$eJzs3U1oY1UbAOA3vWnSGfi+dicKQnQnaJnOTje2SAcGu1EJ/izE4HRUkiq0WGwX09aF4lJwqSt3CrpwIS5FUMSdC7eOIKPiQmc34OCR5OYmt0naaQerFJ8Hmpy+57znnPtDcntJTp9bjPal6bh8/fq1mJmpRHXxkcW4UYm5yKKwG+NqE2IAwOlwI6X4PeWOmFI54SkBACes9/7/QkQ0Yi6PvP7lYe2Td38AOPX6f/+fOazNzEEVr5zIlACAEzZ2///efdW13k+1+LVa+lQAAHBaPfH0M48urUQ83mjMRKy9udncbMZDw/qly/FSdGI1zsVs3IzILxS6D5Xe44WLK8vnGo3GTvw0F82ImOonNvMrhaWsl1+PhZiNuX5+/2ojpZRd+GRleaHRExG7O73xY62y2ZyOs/3xvz8bq8MLj6KT3lPExZXl841+B821In8nYm9436I7//mYjW+fH3STUvEJxpXlKwvFpIf5m816XBrshQPvgAAAAAAAAAAAAAAAAAAAAAAAwG2ZbwzMDdbPSd3nfKWc+fkJ9b31cfL8/vpAe/n6QKmeIqXfXnug+VYW+9YHGl2fZ9NCggAAAAAAAAAAAAAAAAAAADCwsVWLVqezur6xtd0uF3bWN7amIqIbefnrj744E+NtblGo5kPUIwZDNPrDbrdbKSsapyxiPD3rDl5EPvh0MONym/pgKyZOo35wVafzv3t+fHcYuTsrev5z2CaLyRuYlabx8EjPa//Pp3ScHTUonC9H6uOjX00plSJvlNOvPDveYVQiqsc/cNvtqTi4TeoWvrr24p3F3m99nnL33T/75NV33v+l3ep0R47eEaytb9xM7ValaHy83dLd1UWkEnmhUj4Tqoel7+2PtLLvfn3qrre/OdroqRx5tXs+j7TJ8s35eDS9lhe60xypOjNMn+5vRGd1esLJf6vCbRzTO9777MOUfvj5yEMMTY29bFT+nlcfAAAAAAAAAAAAAAAAAACgrPRd8b7+l32nD8t68LGTnxkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/HOG//+/VNjbjZHIUQp/7EzIqq+ub0TU/u3NBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgP+6vAAAA///tLFqQ")
write(r6, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
sendmsg$inet(r10, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)

2.839755212s ago: executing program 2 (id=1456):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x2, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2.690247155s ago: executing program 2 (id=1457):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={<r0=>0xffffffffffffffff})
close(r0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
close(r0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r2}, &(0x7f0000000040), &(0x7f00000002c0)}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000400)='block_split\x00', r3}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000400)='block_split\x00', r4}, 0x10)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700)
write$cgroup_int(r5, &(0x7f0000000200), 0x43400)

2.6579297s ago: executing program 2 (id=1458):
syz_mount_image$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
chdir(&(0x7f0000004340)='./file0\x00')
write$FUSE_INIT(r0, &(0x7f00000066c0)={0x50, 0x0, r1, {0x7, 0x21}}, 0x50)
read$FUSE(r0, &(0x7f0000006740)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INTERRUPT(r0, &(0x7f00000063c0)={0x10, 0x0, r2}, 0x10)
read$FUSE(r0, &(0x7f0000004380)={0x2020, 0x0, <r3=>0x0}, 0x2020)
open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
write$FUSE_ENTRY(r0, &(0x7f0000004200)={0x90, 0x0, r3, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}}}, 0x90)

2.414442817s ago: executing program 2 (id=1459):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18004000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ff1900b802000000000000b703000000000000850000007300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f00000002c0)='timer_start\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000400008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='timer_start\x00', r2}, 0x10)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000940))

2.414121928s ago: executing program 2 (id=1460):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x97, &(0x7f0000000440)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902850002010000000904000001020d0000052406000105240000000d240f0100000000000000000006241a00000808241c00000001800c241bf341000000005900001524120000a317a88b045e4f01a607c0ffcb7e392a0905810300020000000904010000020d00000904010102020d0000090582024000000000090503020002"], 0x0)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
syz_open_pts(0xffffffffffffffff, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5412, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)

2.290294507s ago: executing program 3 (id=1461):
socket$key(0xf, 0x3, 0x2)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
socket$unix(0x1, 0x2, 0x0)
r1 = socket$igmp6(0xa, 0x3, 0x2)
ioctl$TIOCGDEV(r0, 0x80045432, &(0x7f0000000000))
sendmmsg$inet6(r1, &(0x7f00000066c0)=[{{&(0x7f00000019c0)={0xa, 0x0, 0x0, @private1}, 0x1c, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1400000000000000290000000413650000007a1ac4c55944bd599900ae73713ac6a600cbefd09fcb5484aa219742a6262db7f05ca02471362eaf01d8179d19"], 0x18}}], 0x1, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000040), &(0x7f0000cab000)=0xc)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'xfrm0\x00', <r2=>0x0})
r3 = socket$packet(0x11, 0x3, 0x300)
r4 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r4, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000000)=[{0x30, 0x0, 0x0, 0xfffff00c}, {0x6}]}, 0x10)
sendto$packet(r3, &(0x7f0000000180)='`', 0xca, 0x0, &(0x7f0000000240)={0x6, 0x0, r2, 0x1, 0x0, 0x6, @random="4a99fee2a74d"}, 0x14)

1.859709743s ago: executing program 3 (id=1465):
r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
write$tcp_congestion(r0, &(0x7f0000000100)='reno\x00', 0x5)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x17, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000d3a0719685880e4b9af693640b5110ddf187aa641e5015a5662ab1dbb197cb7fea672973927f8b0ad0662784a3219ac59a561f140b016415cfbe0fea1c395292caeae7c4950b2a521a46683ed9833f1ba86ae2ab2e7bf769a5c40862444a6a0002"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xa0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000002c0)={@cgroup=r2, r1, 0x12, 0x0, 0x0, @prog_id}, 0x20)
write$tcp_congestion(r0, &(0x7f0000000300)='reno\x00', 0x5)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10)
mkdir(&(0x7f0000000540)='./file0\x00', 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000340), 0x0, &(0x7f0000000cc0)=ANY=[@ANYBLOB='fd=', @ANYBLOB=',rootmode=00000000000000000000000,user_id=', @ANYRESHEX, @ANYRES16=r3, @ANYRES32=r3, @ANYRES64=r6, @ANYRES32=r2, @ANYRES64=r5])
r7 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCL_GETMOUSEREPORTING(r7, 0x5412, &(0x7f0000000100)=0x13)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f00000008c0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc6751dfb265a0e3ccae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce935b0f327cb3f011a7d06602e2fd52347125907000000000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7511d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df262ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71d20fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada12f7a1527bad77b813b44c5320e716660000000000b02b001500a710eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d3294000000000000000000000000000000000000000000000000000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2356b9997fc455a17690b6f7f9ccbe4b1701941b18a904c0e585a66c3b84b138efc20a546d3d5227e23b03f2a834391ad24fe977076ce7d9b20cf92cb151763d41f5c76e2ff3e93ee296c4082ee73e7e197253a2b66c353312c9d75711ce43a51814d714aae6a09e878e1623e9c54bdff59d1a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1c77a211bfa02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc084275ad10727522934a87a4ddcdb112754ca5bdec0ead14b6c0f19a4b126bbe0c2b8c9ff68236c8600000000000000000000000066e034c88dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839f40ac968165c40a0d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f2243471221c158ae8f44bfbfa7c2730302b66a99f66705b70e6205e7cbf36435e1eabb9a63fcd604d5cc27e1317ad94cf438d7187a2fe4e06fa6cbf84ef1efa82cb2c4af6bd1370616cdbe2b98fd89b79824ba089df1f81e6fcef073059f5f1d6a221d791839d7826ed1759c2153532c393fd1bd7be2e7f5abf2f080000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x10)
r9 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TCSETSW(r9, 0x5403, &(0x7f0000000040)={0x3d17, 0x0, 0x0, 0x0, 0x0, "7e12105588e633bbb1df022dace17a32d211ee"})
ioctl$TIOCL_GETMOUSEREPORTING(r9, 0x5412, &(0x7f00000006c0)=0xd)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x2, 0x4, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000080000007b8af8ff000000deb41500d6af9132bcbfa2"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$netlink(0x10, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)

1.714198276s ago: executing program 4 (id=1468):
r0 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000100)={@empty}, 0x14)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
close(r1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000500))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
write$cgroup_devices(r3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1e0306003c5c9801288463ff0f46667004"], 0xffdd)

1.381173787s ago: executing program 4 (id=1472):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x9, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000001000000000000071181d00f0ffffff9500009d277a1816275c0000000000"], &(0x7f0000000180)='syzkaller\x00', 0x4, 0x9d, &(0x7f0000000280)=""/157, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x80)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_NL_MON_GET(r1, &(0x7f0000000500)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000005c0)={0x0, 0x88}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x19, 0x4, 0x4, 0x1, 0x0, 0x1}, 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={r2, &(0x7f0000000000), &(0x7f0000000380)=@udp=r1, 0x2}, 0x20)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
write$binfmt_aout(r3, &(0x7f0000000080)=ANY=[], 0xff2e)
sendmsg$nl_route_sched(r1, &(0x7f0000000b00)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000bc0), 0x80}, 0x1, 0x0, 0x0, 0x4844}, 0x1)
ioctl$TCSETSF(r3, 0x5404, &(0x7f0000000080)={0x0, 0x0, 0xfffffffe, 0xc4f100c8, 0x6, "526120fa17c0a0ffffffff99511e0d828c2b26"})
ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "0040001e1d113c0000000000000100"})
r4 = syz_open_pts(r3, 0x0)
r5 = dup3(r4, r3, 0x0)
read$FUSE(r5, &(0x7f0000008440)={0x2020, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}, 0x2020)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r2, &(0x7f0000000080)="de5956f3ba900ccdb80bd6bb60d09c3e7cc53a11", &(0x7f0000000240)=@udp=r5}, 0x20)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000680), r1)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TDLS_MGMT(0xffffffffffffffff, &(0x7f0000000d80)={&(0x7f0000000bc0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000d40)={&(0x7f0000000c00)={0x114, r7, 0x1, 0x70bd25, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0xac, 0x1d}}}}, [@NL80211_ATTR_TDLS_ACTION={0x5, 0x88, 0x1}, @NL80211_ATTR_IE={0xeb, 0x2a, [@ht={0x2d, 0x1a, {0x8000, 0x1, 0x6, 0x0, {0x9, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x1, 0x2}, 0x400, 0x3, 0x8}}, @mesh_config={0x71, 0x7, {0x0, 0x0, 0x1, 0x0, 0x2, 0x3f, 0x1}}, @measure_req={0x26, 0xc0, {0x5, 0x3f, 0x3f, "fe9c08b2d965792722a55cd8b934903791d3fbd601797f7700d692b91b534094ccb65da1fca1d132d4a3a008a79b5261439e2d2d0786ee7dff9ec1930033dedae75bd03a01d3fe7b1dd41d030d8a8fbcb2da455a6980ce72f4e7fbc426a3199d3fd2fefd763f4045a72e6dbf99bfe02fa47e78b99a0ce228d0c2838930318870356906c703097465cbccaf39f4dea6387cf1c8b353822757b9a40bcd9bec430a65c89db3521773469aca7fb1a6266367f6bcd282d908ef0cabd748bf61"}}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x10}, 0x48000)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r9=>0x0})
r10 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_FRAME(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)={0x68, r8, 0x7562f43b63fde81f, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_FRAME={0x4a, 0x33, @action={{}, @sp_mp_open={0xf, 0x1, {0x0, {}, @val={0x72, 0x6}, @val={0x2d, 0x1a}}}}}]}, 0x68}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r1, &(0x7f00000008c0)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000880)={&(0x7f0000000a40)=ANY=[@ANYBLOB="ea132a8a7acffed2d5552ba1d305ab69461ed8986c107694aac505aca8bd78b9a67f676192cea45553be09", @ANYRES16=r8, @ANYBLOB="200027bd7000fedbdf252000000008000300", @ANYRES32=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0xc0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r5, 0x89f1, &(0x7f0000000600)={'ip_vti0\x00', &(0x7f0000000540)={'tunl0\x00', <r11=>0x0, 0x40, 0x7800, 0x8001, 0x34, {{0xc, 0x4, 0x1, 0x1, 0x30, 0x67, 0x0, 0xbf, 0x29, 0x0, @remote, @loopback, {[@cipso={0x86, 0x14, 0x2, [{0x6, 0x6, "0c311310"}, {0x5, 0x2}, {0x1, 0x4, "02d6"}, {0x7, 0x2}]}, @lsrr={0x83, 0x7, 0xd3, [@loopback]}]}}}}})
r12 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1012c0, 0x0)
ioctl$FS_IOC_GETFSMAP(r12, 0xc0c0583b, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, '\x00', [{0xffffffff}]})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000980)={0x11, 0x2, &(0x7f0000000040)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0xc0000000}], &(0x7f0000000400)='syzkaller\x00', 0x3ff, 0xbd, &(0x7f0000000740)=""/189, 0x40f00, 0x2, '\x00', r11, 0x0, r12, 0x8, &(0x7f0000000640)={0x4, 0x5}, 0x8, 0x10, &(0x7f00000006c0)={0x4, 0xe, 0x3, 0x2}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000940)=[r2]}, 0x80)
sendmsg$IPSET_CMD_TEST(r12, &(0x7f0000000700)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000140)={&(0x7f0000000e40)=ANY=[@ANYRES32=r6], 0x98}, 0x1, 0x0, 0x0, 0x4010}, 0x20000002)
ioctl$BTRFS_IOC_INO_PATHS(r1, 0xc0389423, &(0x7f0000000b80)={0x0, 0x28, [0x101, 0x5fbe, 0x1, 0x5], &(0x7f0000000b40)=[0x0, 0x0, 0x0, 0x0, 0x0]})
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r13=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0xffffffef, &(0x7f0000000300)={&(0x7f0000001bc0)=@newlink={0x84, 0x10, 0xffffff1f, 0xee020000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x35288}, [@IFLA_LINKINFO={0x5c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x4c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_TYPE={0x6}, @IFLA_IPTUN_REMOTE={0x14, 0x3, @private0}, @IFLA_IPTUN_COLLECT_METADATA={0x4}, @IFLA_IPTUN_LINK={0x8, 0x1, r13}, @IFLA_IPTUN_COLLECT_METADATA={0x4}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @remote}, @IFLA_IPTUN_PROTO={0x5, 0x9, 0x29}]}}}, @IFLA_MASTER={0x8, 0xa, r13}]}, 0x84}}, 0x4000080)

960.530112ms ago: executing program 3 (id=1483):
syz_mount_image$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
chdir(&(0x7f0000004340)='./file0\x00')
write$FUSE_INIT(r0, &(0x7f00000066c0)={0x50, 0x0, r1, {0x7, 0x21}}, 0x50)
read$FUSE(r0, &(0x7f0000006740)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INTERRUPT(r0, &(0x7f00000063c0)={0x10, 0x0, r2}, 0x10)
read$FUSE(r0, &(0x7f0000004380)={0x2020, 0x0, <r3=>0x0}, 0x2020)
open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
write$FUSE_ENTRY(r0, &(0x7f0000004200)={0x90, 0x0, r3, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}}}, 0x90)

884.764903ms ago: executing program 1 (id=1484):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000007c0)='./file0\x00', 0x3004400, &(0x7f0000000400)={[{@errors_remount}, {@resuid}, {@block_validity}, {@min_batch_time={'min_batch_time', 0x3d, 0x7}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x8000000}}, {@noblock_validity}, {@dioread_nolock}]}, 0x1, 0x790, &(0x7f0000001740)="$eJzs3c9rHFUcAPDvTHaT/k4qClZRAx5aEPPLgj9QaMGjiKCevDQkaSnd/qCJYEOEFrEnjwXBiwiCF2+KF0FKT4p46UX6H0ilSBBaxUNkprPJttlNds1upnU/H5jkvXm7+95k+c6bHy/zAuhbo9mPNOJARFxMIoaL9UlEVPNUJeLI3dfdWV6a+Wt5aSaJlZW3/0jy19xeXpqJhvdkdhdv2xER168l8cjA+nrnLyyemq7V5s4X+fGF0+fG5y8sPn/y9PSJuRNzZ6ampl6eOjz54sRU17b1o6d+/uafy29+/Om+G1d+v/7dviSOxJ6irHE7umU0Rlf/Jo0qEfF6tysryUCxPWnDuqRSYoPoSNrwHT4ewzEQa1/ecFz7ttTGAQA9sZItAECfSfT/ANBn6tcBbi8vzdSXcq9IANvl1tHIb9RncX+nWO6WVOJI/ntHPg5g159JNN7WTepjB7Yo+4yv36t+ni3Ro/vwQHMXL+U3/pv0/0ke/yP5KJ718T8QUewftub+fYj4h+2zlfh/qwv1i38AAAAAAADonqtHI+KlZvf/0tXxP9Hk/t9QREx0of7N7/+lN7tQDdDEraMRrxbP9rl3/N/qE11GBorc3oh4LKrJ8ZO1uSz290XEoagOZfnJ5h+f7zLevTz5Q6v6G8f/ZUtWf30sYNGOm5Whe98zO70wvdXtBiJuXYp4otIs/pPV/j9pMf73WJt1fL/01dOtyjaPf6BXVr6IONi0/197cl2y8fP5xvPjgfH6UcF6i8de+7BV/W3F/9q/KQFdlPX/uzaO/5Gk8Xmd853X8cntic9alf3X4//B5J38qaKDxboPphcWzk9GDCZvrF/fvUeIwkOtHg/1eMni/9Czzc//Nzr+r0bEuTbr/PLH6q+tykbzSHX8D2XI4n+2o/6/88TfvzzZclfRXv9/OO/TDxVrXP+DjbUboGW3EwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuimNiD2RpGOr6TQdG4vYHRGPxq60dnZ+4bnjZ98/M5uVRYxENT1+sjY3ERHDd/NJlp/M02v5qfvyL0TE/oi4MrQzz4/NnK3Nlr3xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFDY3WL+/8xvQ2W3DgDomR1lNwAA2Hb6fwDoP/p/AOg/Hff/P+3tTUMAgG3j/B8A+o/+HwAAAAAAAAAAAAAAAAAAAAAAAAB6av8zV28kEXHxlZ35khksyqqltgzotbTsBgClGSi7AUBpKu28KElWzwmA/w/n+ECySXnrKUJcQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoH8cPNDu/P9tzRQKPETM3gf9y/z/0L8c1UP/Mv8/YP5/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADY3PyFxVPTtdrceYluJyoPRjMehMRQRDwAzZDoIFH2ngkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIfBvwEAAP//snoPXw==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x103042, 0x0)
mknod$loop(&(0x7f0000000080)='./file0/bus\x00', 0x0, 0x1)
pwritev2(r0, &(0x7f0000000000)=[{&(0x7f0000000140)='y', 0x1}], 0x1, 0x7fff, 0x0, 0x0)

710.37038ms ago: executing program 3 (id=1485):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={<r0=>0xffffffffffffffff})
close(r0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
close(r0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r2}, &(0x7f0000000040), &(0x7f00000002c0)}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000400)='block_split\x00', r3}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000400)='block_split\x00', r4}, 0x10)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700)
write$cgroup_int(r5, &(0x7f0000000200), 0x43400)

517.019849ms ago: executing program 4 (id=1486):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000600000000000000008500000007000000040000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="2400000068000100000000000000000000000000000000000c00020000000000727f"], 0x24}}, 0x0)

506.798321ms ago: executing program 3 (id=1487):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f00000001c0)={0x0, 0x2c, &(0x7f0000000180)={0x0, 0x3d2}}, 0x0)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000300)=0x14)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
r2 = socket$inet6(0xa, 0x1, 0x0)
connect$inet6(r2, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @mcast1, 0x8001}, 0x1c)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'sit0\x00', <r3=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r1}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x1, r3}]}}}]}, 0x3c}}, 0x0)
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f00000008c0)={0x0, @rand_addr, @loopback}, 0x0)
r4 = socket(0x10, 0x803, 0x0)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000300)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x1, r5}]}}}]}, 0x3c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

503.607852ms ago: executing program 1 (id=1488):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x8, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8c18cffb703000008000000b704000000000000850000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r2}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

483.995975ms ago: executing program 4 (id=1489):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

481.376905ms ago: executing program 3 (id=1490):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f00000000c0)="044aac2f202c5feda71e039a57a93088fdcce4afe28aac61837792741a190670ccbe1a2b00aa77a87d56a3f12c7920ad02928a5d1014e5b896f000fcf6521928480be9af82613a5c661f4110adba358afd8b5b4ef1702051e393ede2698112a1f1bdf1d0f568546ed322ab4c53545bd2cd6e48522f0c154cb3c6864dc30ae921db100f1ee97a234503338f8fdf356472da0c7ab62f274f34", 0xadf29f33fb903ae1, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c)
recvmsg(r0, 0x0, 0x40000110)
keyctl$reject(0x13, 0x0, 0x0, 0x204, 0xfffffffffffffffc)
r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/tcp6\x00')
preadv(r1, &(0x7f00000005c0)=[{&(0x7f0000000700)=""/181, 0xb5}], 0x1, 0x0, 0x0)

461.046588ms ago: executing program 4 (id=1491):
r0 = socket$inet6(0xa, 0x80002, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x240c8080, &(0x7f0000000280)={0xa, 0x2e22, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
setsockopt$inet6_udp_int(r0, 0x88, 0x1, &(0x7f0000000080), 0x4)

447.27516ms ago: executing program 4 (id=1492):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xc086, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x4, &(0x7f0000000300)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x5}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
syz_usb_control_io(r0, &(0x7f0000000600)={0x2c, &(0x7f00000003c0)={0x0, 0x0, 0x6, {0x6, 0x0, "849517d9"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

444.380631ms ago: executing program 1 (id=1493):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000080)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x19}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90)

395.826228ms ago: executing program 1 (id=1494):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x2, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

302.533903ms ago: executing program 1 (id=1496):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
r2 = userfaultfd(0x1)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
read(r2, &(0x7f00000002c0)=""/196, 0xc4)
close(r2)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000b4bffc), 0x4)
io_setup(0x0, 0x0)
io_submit(0x0, 0x1, &(0x7f00000019c0)=[0x0])
eventfd(0x0)

236.243753ms ago: executing program 1 (id=1497):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x9, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000001000000000000071181d00f0ffffff9500009d277a1816275c0000000000"], &(0x7f0000000180)='syzkaller\x00', 0x4, 0x9d, &(0x7f0000000280)=""/157, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x80)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$TIPC_NL_MON_GET(r1, &(0x7f0000000500)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000005c0)={0x0, 0x88}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x19, 0x4, 0x4, 0x1, 0x0, 0x1}, 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={r2, &(0x7f0000000000), &(0x7f0000000380)=@udp=r1, 0x2}, 0x20)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
write$binfmt_aout(r3, &(0x7f0000000080)=ANY=[], 0xff2e)
sendmsg$nl_route_sched(r1, &(0x7f0000000b00)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000bc0), 0x80}, 0x1, 0x0, 0x0, 0x4844}, 0x1)
ioctl$TCSETSF(r3, 0x5404, &(0x7f0000000080)={0x0, 0x0, 0xfffffffe, 0xc4f100c8, 0x6, "526120fa17c0a0ffffffff99511e0d828c2b26"})
ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "0040001e1d113c0000000000000100"})
r4 = syz_open_pts(r3, 0x0)
r5 = dup3(r4, r3, 0x0)
read$FUSE(r5, &(0x7f0000008440)={0x2020, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}, 0x2020)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r2, &(0x7f0000000080)="de5956f3ba900ccdb80bd6bb60d09c3e7cc53a11", &(0x7f0000000240)=@udp=r5}, 0x20)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000680), r1)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TDLS_MGMT(0xffffffffffffffff, &(0x7f0000000d80)={&(0x7f0000000bc0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000d40)={&(0x7f0000000c00)={0x114, r7, 0x1, 0x70bd25, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0xac, 0x1d}}}}, [@NL80211_ATTR_TDLS_ACTION={0x5, 0x88, 0x1}, @NL80211_ATTR_IE={0xeb, 0x2a, [@ht={0x2d, 0x1a, {0x8000, 0x1, 0x6, 0x0, {0x9, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x1, 0x2}, 0x400, 0x3, 0x8}}, @mesh_config={0x71, 0x7, {0x0, 0x0, 0x1, 0x0, 0x2, 0x3f, 0x1}}, @measure_req={0x26, 0xc0, {0x5, 0x3f, 0x3f, "fe9c08b2d965792722a55cd8b934903791d3fbd601797f7700d692b91b534094ccb65da1fca1d132d4a3a008a79b5261439e2d2d0786ee7dff9ec1930033dedae75bd03a01d3fe7b1dd41d030d8a8fbcb2da455a6980ce72f4e7fbc426a3199d3fd2fefd763f4045a72e6dbf99bfe02fa47e78b99a0ce228d0c2838930318870356906c703097465cbccaf39f4dea6387cf1c8b353822757b9a40bcd9bec430a65c89db3521773469aca7fb1a6266367f6bcd282d908ef0cabd748bf61"}}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x10}, 0x48000)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r9=>0x0})
r10 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_FRAME(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)={0x68, r8, 0x7562f43b63fde81f, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_FRAME={0x4a, 0x33, @action={{}, @sp_mp_open={0xf, 0x1, {0x0, {}, @val={0x72, 0x6}, @val={0x2d, 0x1a}}}}}]}, 0x68}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r1, &(0x7f00000008c0)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000880)={&(0x7f0000000a40)=ANY=[@ANYBLOB="ea132a8a7acffed2d5552ba1d305ab69461ed8986c107694aac505aca8bd78b9a67f676192cea45553be09", @ANYRES16=r8, @ANYBLOB="200027bd7000fedbdf252000000008000300", @ANYRES32=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0xc0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r5, 0x89f1, &(0x7f0000000600)={'ip_vti0\x00', &(0x7f0000000540)={'tunl0\x00', <r11=>0x0, 0x40, 0x7800, 0x8001, 0x34, {{0xc, 0x4, 0x1, 0x1, 0x30, 0x67, 0x0, 0xbf, 0x29, 0x0, @remote, @loopback, {[@cipso={0x86, 0x14, 0x2, [{0x6, 0x6, "0c311310"}, {0x5, 0x2}, {0x1, 0x4, "02d6"}, {0x7, 0x2}]}, @lsrr={0x83, 0x7, 0xd3, [@loopback]}]}}}}})
r12 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1012c0, 0x0)
ioctl$FS_IOC_GETFSMAP(r12, 0xc0c0583b, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, '\x00', [{0xffffffff}]})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000980)={0x11, 0x2, &(0x7f0000000040)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0xc0000000}], &(0x7f0000000400)='syzkaller\x00', 0x3ff, 0xbd, &(0x7f0000000740)=""/189, 0x40f00, 0x2, '\x00', r11, 0x0, r12, 0x8, &(0x7f0000000640)={0x4, 0x5}, 0x8, 0x10, &(0x7f00000006c0)={0x4, 0xe, 0x3, 0x2}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000940)=[r2]}, 0x80)
sendmsg$IPSET_CMD_TEST(r12, &(0x7f0000000700)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000140)={&(0x7f0000000e40)=ANY=[@ANYRES32=r6], 0x98}, 0x1, 0x0, 0x0, 0x4010}, 0x20000002)
ioctl$BTRFS_IOC_INO_PATHS(r1, 0xc0389423, &(0x7f0000000b80)={0x0, 0x28, [0x101, 0x5fbe, 0x1, 0x5], &(0x7f0000000b40)=[0x0, 0x0, 0x0, 0x0, 0x0]})
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r13=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0xffffffef, &(0x7f0000000300)={&(0x7f0000001bc0)=@newlink={0x84, 0x10, 0xffffff1f, 0xee020000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x35288}, [@IFLA_LINKINFO={0x5c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x4c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_TYPE={0x6}, @IFLA_IPTUN_REMOTE={0x14, 0x3, @private0}, @IFLA_IPTUN_COLLECT_METADATA={0x4}, @IFLA_IPTUN_LINK={0x8, 0x1, r13}, @IFLA_IPTUN_COLLECT_METADATA={0x4}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @remote}, @IFLA_IPTUN_PROTO={0x5, 0x9, 0x29}]}}}, @IFLA_MASTER={0x8, 0xa, r13}]}, 0x84}}, 0x4000080)

110.022142ms ago: executing program 0 (id=1499):
socket$inet_udp(0x2, 0x2, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@bloom_filter={0x1e, 0x40000, 0xd488, 0x200, 0x20, 0xffffffffffffffff, 0x7ff, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2, 0x4, 0x7}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
accept4$bt_l2cap(r6, &(0x7f0000000040), &(0x7f0000000200)=0xe, 0x800)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r5}, 0x10)
tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r3}, 0x10)
setgid(0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10)
r7 = syz_io_uring_setup(0x4bdb, &(0x7f0000000100), &(0x7f0000000000), &(0x7f0000000000))
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
io_uring_register$IORING_REGISTER_FILES(r7, 0x2, &(0x7f00000003c0)=[0xffffffffffffffff], 0x1)
dup2(r7, r8)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000595fca429a9cf8d9351a114ecea2040000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000b00)={{r9}, &(0x7f0000000a80), &(0x7f0000000ac0)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000600)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0)
fcntl$lock(r10, 0x26, &(0x7f0000000000))

92.435415ms ago: executing program 0 (id=1500):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000600000000000000008500000007000000040000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="2400000068000100000000000000000000000000000000000c00020000000000727f"], 0x24}}, 0x0)

65.588359ms ago: executing program 0 (id=1501):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

22.212826ms ago: executing program 0 (id=1502):
r0 = socket$inet6(0xa, 0x80002, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x240c8080, &(0x7f0000000280)={0xa, 0x2e22, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
setsockopt$inet6_udp_int(r0, 0x88, 0x1, &(0x7f0000000080), 0x4)

12.064947ms ago: executing program 0 (id=1503):
r0 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x1c}}, 0x0)
getsockname$packet(r0, &(0x7f0000000180)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4006}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x1, r1}]}}}, @IFLA_MTU={0x8, 0x4, 0x871}]}, 0x40}}, 0x0)

0s ago: executing program 0 (id=1504):
syz_mount_image$erofs(&(0x7f0000000040), &(0x7f00000001c0)='./file2\x00', 0x2000000, &(0x7f0000000000)=ANY=[], 0x7e, 0x1cf, &(0x7f0000000200)="$eJxiGAWjYBSMWPDo4dcHvU4WIToMDAw8DCoM7FDxF8wMDIyMEDYTkvo7M0u1p9q6ztl0e+mRPL7aXejmgbT8/48mgAewMDAwHHBkZiiB8v//R9HNoAKlQxiY4OxQBiYGTSg7nIGRQQ/KTmBgYgiDslMZGBkioewsJHY+SL2eXlpmTqpecn5OCohhACIMQYQRiDBGd9/bRkaGFCT3IXupuLIqOzEnJ7UIicEClcMiRRaDUPi9dWRisEVyHyi+IjqaG0F8WNgYIIWfIQMTgyHUE8YMjAzBUHELBnZY2ECCBMn/UiwI85kx/E+RbzmoEUZYGYK65GnXoGLkVVYxMNDMg8QyWKjoHUyGHyi/EaO4b0ADgUiG2NtdpzGlng68w4YYA1E+/V/IyKCOVD6xIJUf+iW5BfrFlVW6mbmJ6anpqXlGRsZmBowMBqZG+uCCCELiKf84weUTF5L5rDjUsjGxMVQklpQUGUJINkYo3whCIpW4wdvy34D1MDEwlDB4MDAwKEPMABWbbHjKY0Y2iBomsFoQS4MZj/JRMApGwSgYBaNgFIyCUTAKRsEoGAWjYBSMglEwCkbBKCAByDMwgkdBCQCjALBqQAAAAP//K/hxXQ==")
mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f0000000480))
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='configfs\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000011540)=ANY=[@ANYBLOB="bf16000000000000b7070000000100004070000000800000500000000000000095000000000000002ba728041598fbd30cb599e83d24a3aa81d36bb3019c13bd23212fb56fa54f2641d8b02c3815e79c1414eb07eae6f0711e6bd917487960717142fa9ea4318123f602000000000080de89e661168c1886d0d4dd4f204e345c65c26e278ef5b915395b19284a1a4bc72fbc1626e3a2a2ad358061d0ae0209e62f51ee988e6ea604ce974a22a550d6f97080980400003e05df3ceb9f1feae5737ecaa80a666963c474c2a100c788b277beee1cbf9b0a4d3881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3431abe802f5ab3e89cf6c662ed4048d3b3e22278d00ce00000000d3a02762c2951257b85802189d74005d2a1bcf9436e192e23fd255985bf31b714f000bcab6fcd610f25f5888000000003f11afc9bd08c6ebfbb89432fb465bc52f49129b9b6150e320c9901de2ebb9000000018e3095c4c5c7a156cec33a667dccaff950ca1e5efdd4c968dacf81baa3a509b1041d06f6b0097c430481824a3f4fddd3c643f630ba175d876defd3541772f26e27c44cfdb2d85d6d29983e830a9cdd79837b3468e8c67a571d0a017c100344c52a6f387a1340bdc8889464f90cc4cd1f570dd39877dfb2ff1ae66e1ce917474b2e650ae630afd014a337ac5d58bcb5e51723257c872c5255f20100000000000000f041b665ab21372c8d8b7bac5b5c784d20a4a24d8dbd75062e1daef9dead619cc6e7baa72707157791c3d2a286ffb8d35452bb5d36c2a8682bf7ecbd53f950ef4709ec01e230d2f53594ef4839c6130c4c13a0cca84b9935f771fd49e480cd9d48aeb12b1d6acabd38a817bcd222614d1f62734d679039a97d2b74f9e8e997ccd314000f7477137f4e8e7025123e783df8b8a17e3aa9fe1f662aef87a065b03cfb65b4dfe4f1b56e1f23128d743753a1de172d683d5892ce9414a1d98ea93e3d35dbb6c23b90cf36e83b8a434a97d09343d7f83079ccb02e69c584146056d125cfa788237874dd42dae334bda042819a2aa24dba1c25be2794448b4f63483026b5e34d44705b76ef29241adab0dd7d68bf975e02069f6f2425e1bc97a3d588085f16bef63a06578d4f5de7bfb6aaa75f16996d536256c02284cb1d3a6fb8cae87691fae365a70c3fc69e1565bba8dd8a8c7049f798abe646f738bebd69413afc9d8a5edd7aaa000000000000001e6c2f2a287c5278a218dbfaffffff00a14db5cfa6819eb1d39c48cfdc80d215c9e16e0c4736c819363154cca4e2f89800d18c89d7f46f679df6c9e2952ae1ebfd0ca88368ee6ce139e8b5822c22cf2e9dde943d34c432e1001171792c65986146666a5490928441f47e0fe5eac41824ca1fd0eb71aa243c88d5480efd8329d9a733d8f9ffffff5f912ac4e34bf6ea8a86da707b03bddb491ba0cc98f6be92c50008a2b50025419d1476c73132ca7ca26ce8a7e3ffb700f09e157f9b844051f1a642aca9ff98c9036471ccff0522903e7bcf62e18f7696bbc280b95e8e0d6fd5644b0ebde3a95b06548862de809d3dae3cccf109f7c78e8479a345e800000000000000000000009455bf417627ce723a5d9103706aba69239500bb82f6b5a3ddc0bd9856712945b70c75ce5b722578820820d010d7a3cffc99fc647d0b82ef26ab708c0b19ed144be51c3b398f0e6bb7a30006000000cba12953d58cff0f0378740fe6662f377b97d8e7cdb047acd083d3cd3856476a60a49ad127ba6570bafc2bbcf9ee721fd9cb467ff071e5604fbf0491245c0000007d932d7a64de4c4aa433fc0840aff7c47da3a4c6966d0000000000000000f6bfbae29e8a6e2a889f6ef6869d82d6bd73eb76b65c7a35a54a4a6b8ad4600e3a972a0bb5971a5f16590b0a03dafa3fd1118765cc8ab9fccf3b51c41a339f200f2fa33006910a679a9ae0187b4d750c4bd244cb0cbfd23b265f4d4da448a7a0d19c5e43eae50a31609dfa2dde267551467eb6475293dd7012cc449009981f22820e57a0eff234ccfe21d7a2302e000669753d3c3432cc14ee1abe724adb6b5431befedd3e22971118f0e21aed1823cb7dde8212a8531bd9691dd4cc6a370e9eb56b3d790b98f2bd0db1e5de6a146597b2cbb7103040d2a39d7965d34df524b760ab92efcce7dd1574052c735935bf6a752c015c7f5ffee9ff66e5dd2866b15b6e0d17618cb1f5c1ee4b05ebf1445ea110f499f840a5c965443d725556351ee25fe09f69494b053678dcadcf02e063dff2fa4bef1ac3bbbebe6c74d71ec3b23e29895eff1d1017024fe3e8cc759b05785adc346b7ffd05963f92c1d0d7d90ba878ad89e490f3e29ac51d30632869a534418f916bf6fe8167827a8e6c8f8b391c822805cb0adf1b8bd6947ff208753eb0d208ce14f7b206b2e02c21e963abc5ceb735c1b3c46b0a843de52a903375dfb663a8d8ee9c2b2705c1a81d9d3b9656b219c8cd99c9cafcd0d0540884d97aecb19983fc6af29ab44a82aff9cba921192c665b877af6539bdb1b567f481ba07982e7ad758f4e1eac69e7e88a63960975f490e161e371ec8534791e3b61c685d900a9c0839208356b53750e76fcc3c2d1bddcbd83897921414d0c02e8188f3df79ea2a5c5444004830e6cb227ca1bdafb977c00000000003a417193b8c5d793687335a930867094fd6a78218218e04b705ec62f1608cb569b81914e68f175b392af6bc4fd2121d7fd276af2c97a441b56e7a0687d98b8e76d8d0d231e4fe00be1de76bd19cc12e2bd938eb681ed6bc951c1b4f7c51af59eea4d40c6000000000200778a677b72786311153271a3313da02645e11761699e4d04ac86dd14ff7b9a10d3fa74696fe3953a5b7706bf5d1faba4b18808d9cb0e9db696dec4e0820ee4028d7225a2c9c427cf64cbde6fba056b2006b7a37c1181070000005e235cd302f3b4071ee5237ada986b9e5e3144bf479f277f10656ad3744037ccc9c63685a6f1109d2ea73773d3635f61497f1fa1ea4a16f601800bf3e59141fbf05a96113320c445f9ba8504000000000000004fbd99ccefb7c09269dd2c5c25e56e169ac15980f3f85f7ca36dd5950ef5b64fd46f123311829534a82940994199b3cf7a8fabea9930952f5da9b909c1946e55289f668c423fcbb31ae91864c882313151741a67538c9689dc8ecc9903c7041e5c0704e2fa55a756487517a7445cbd9e3f5175e41c00000000000000000000000000bf98efd587fffe326f474b0b089c017b16c0062cbce96f5adebec52a79f9363909842f79c50a1520be46d87003137e4c5031f00123e812a5e37cd52c9eb7336281cb8c6ce9934b157d7875a70eaf103cb3d99e3568c51cd1eab8a26b232ac46bf0ab829c26dab637538b2eb1420d812d2b80c777710ba0f18e4661681aa218d9ba54023ab4305d77eb15611ae2545835e9d30e9f6d4fb43a291c69545a1eea0f8720431132d89f99bf6c5cb060da70cbb59d0a000000000034d083fc37d2449f72de0cbea4bc1dc89c136cdbc504f849d5502d77a95c7bfff4cd9c03058d0d4d07ea64824f1acf2b39389f675f39d01719cdbab3f1ce10609c8d7b3e37cb99b41da5e485a441b6a103549f55ab09dc98767763d1f2fafd45bb7d2b40050d1f8292f4d9ec6d0000000000003932062290c7536fdd55b06023437e9e2072daf7f5d82f6f1b5b89a41134f4dc2e65bb11272fdf8c8141f41d6160b3d8b6ecd16d14267f61b4881adee7f07f3d6af5ae79e16fe2c3f55ac7a6392d2e1d9b4286b6c3e1f5a76b85ed6e1f0000c67e6c5fcdc8c39381be4799b8cb2d08b8262c807dd755e22b801162381aa9d1af2bbc9cfd497585337eac408b8475b47a392a10cae349160f128e5f873a58064eb400c36a90624f6aed398a215e9ce64522ab249f67c38a656d32ecff5cdb2b039c4abf349d2c0f88a42e9189bbfa7f5cf35b6e7ef8f9d33163b7ea87550fb1ba334c83e3aec4714c9c4ca3ecb04f2720237615a28bf310b58ffa2a103216fdcc8c2d8f5d55e5e7ebf147105272aaae56e86d856b3cf79a3f7306436762dd1a08ce873e07cebc7892ec6f9f696da38feed3dc0001500e34adae1ba89a32bad2af9030f840f1ba4664f35547cdadd5cbacc59352c290f55d971b65953533668c25f21d8d62d849e9058eaa97c63491568887548f668cdbca2abf01a361a0b64d8b523e669da350e3ec7445dfbf366b0b3bc5e76824a1e43eaaeca70db90f2fa39596443447671933079a24fe3681ad9ac361f71ac279a688f10a1cc4df1112105edebc5e3bbc394c8305ab129ca2dfb9b7c5e9d097bd01b495cccefddce569117f7f5d6a6270ff0f0f4c371029ca8489571b55841bf3dd003bc81460fcfcbb616c2070237881afdb314cecd1623f3e55ab8b7627fa1be349145a8d6313cbc790eefe2020138e82fb9d351be4ddcbcc9bc048dd3db5828d16baec6e07a007f0030f34ea3cfd524d6fa1d45da5641d6c94e1d3ae7fba1c85035d2a60ef0a96e0d96aa1c60019f73ae0aa6113cd66ef26b5777337c26e1461405d86fdf091edd526f25cada439bb3609ed5c35ab60a539ade786bd6004d0ea3edbd6c4da0d8e8be8c771c8c8a0b07d9859e04adb18964dcce9bce546074c26dffbc2df372a016e8c845d4257000000000000000000000000000000000000f29657697d9c2b132b2dc2f5ea5122836582a7e85fe2bc166f17aefd9d861de0191f5277d4a3b5afb6f23d9eea2459f7844606e1202768d83c24cc791bde44a448022bbfa571fe029a7b2d5152639ee283894ab6168992ff0acc01b39a078f285ce615351f262019586eb9447bb3eaffd7b53d8f37ca6c5f1027dd5b7592996c8a7789ba108979cc9ad07ed86682843e2eaa855dd01443ee6ffde1811f10039d5d14458177096e15cc4d8f2582a1bea5cc98d992f3de7d1cdfb24384b9f10f615c87c441dc970ec896a5af6bf69b50a244bc138a1cae9868c3079bafe69769000000000000000000e99b63029d219cd3545a8426b56554a9f265d3557eefb3602894507c256cb8ee9ebadfecb6afeb84ba757bfa8d00a5af0dd6aa1e8144ef8ef04410d52204c335408941b8eccc5c734cc6a05247142ed647f89bcb5c043acfb382b9cc918bc3cdc368983157851cdf678800aa7eb2a6cbc12c7ae23bc88b8f10223ab2a093429f3f6965bc5af0114cf6f246bae0b04bec8e30b6772b8950f32e87beda060f9af2a0ccd4a8eab8e395ee3628eb976b7fff835e6c1bdc4a6e00acd0fe63ba8425b21845db903b38c80148e6aa497dbf0e2baf938d3ecbd433527602d89f10aca419ff54e47354194f75e343d4c75227448530b0d8d59b9f94a3fa0ca9210177926c58ef46dcd09e79c343d35aa954d12f89410c47ac29c881f8a6bda8dd40df0d1e5881338d2c5a01bf1ee6b28169fef18df13c759e767d3442ae6598106496f42b73074bb804e8763915c3e04400ad44e9f3130e904062d204d385c026722a094255db1572d66e7a4917bba2a0f6a1a57482cdb4070de8dd60fd65dacb9ec5003fb1cca05ce1c9f924cc2ec45e8d5adf7c89e3b0b8da35c1aa7fbbee6f839a8f05294a6c02281afb7601252611583408f1"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x8}, 0x8}, 0x90)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000040)=r2, 0x4)
r3 = syz_usb_connect(0x0, 0x10b, &(0x7f0000000000)=ANY=[@ANYBLOB="05010900b24b6a10e6040300770100000001090224000b010000000904000302ccd4280009050b02000000040009058a02"], 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000080)='mm_page_alloc\x00', r5}, 0x10)
syz_usb_control_io(r3, 0x0, 0x0)
sendmsg$inet(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000340)="25b096f681cd731c3f3a9badc4e3cf5edeae1f3b5082d7ab3a97c053df68744e7c7e24d0b59997bab4bccff8363b275de3510b0ebe4275d8d2f153395668e3d608e358fc2294263c03f8dc4f8bf194e4fde4600a2dec2f483a914e2fde0cbc344a2b9fc18dd198966045a6d4d4eb8571e8bb69e6724e37fcbaa6e4c64050b47256b9bb17f5c0aa5101e015ecdcb62fec46fc0205512535", 0x97}, {&(0x7f0000000280)="d3a88bea5916e313729a3989393caca70c74cd74e62e524bdd37be131ad827f911027e70ccf679d8e7c0cd3333095f83d6d473db345ded2ac8acaa87503de74c82431758e8e11e3ecb7bce02d6cd65f4eb88cc49ceb9e39f7117eb0f62323dc9b80dea447b0c96a383f14281bb87b09de0a6153ceeaae2b50a2b0f0f41810f379f9c3a1f3938461829d716a4bda86ab11b41f754bc15d71b", 0xfed0}], 0x2}, 0x0)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r7, &(0x7f00000023c0)={0x2020}, 0x2020)
r8 = socket$netlink(0x10, 0x3, 0xf)
sendmsg$NL80211_CMD_GET_PROTOCOL_FEATURES(r8, &(0x7f0000001a00)={&(0x7f0000001a40)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000019c0)={&(0x7f0000001980)={0x14, 0x0, 0x400, 0x70bd25, 0x25dfdbfe, {}, [""]}, 0x14}}, 0x40004)
r9 = dup(r6)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
mkdir(&(0x7f00000003c0)='./file1\x00', 0x0)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r11}, 0x10)
mount$incfs(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)='./file1\x00', &(0x7f0000000080), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="636f6e746578743dd5"])
ioctl$TIOCL_SETSEL(r9, 0x541c, &(0x7f0000001900)={0x2, {0x2, 0xa00, 0x0, 0x0, 0x100}})

kernel console output (not intermixed with test programs):

pacity change from 0 to 256
[   86.596013][  T303] usb 2-1: USB disconnect, device number 10
[   86.609105][ T2624] device veth1_macvtap entered promiscuous mode
[   86.622445][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   86.630884][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   86.648208][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   86.656602][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   86.665513][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   86.682794][ T2647] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[   86.703882][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   86.740542][ T2647] loop3: detected capacity change from 256 to 64
[   86.748368][   T43] device bridge_slave_1 left promiscuous mode
[   86.756446][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.767934][ T2659] buffer_io_error: 2 callbacks suppressed
[   86.767960][ T2659] Buffer I/O error on dev loop3, logical block 136, lost sync page write
[   86.852560][   T43] device bridge_slave_0 left promiscuous mode
[   86.859021][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[   86.875998][   T43] device veth1_macvtap left promiscuous mode
[   86.987199][ T2659] Buffer I/O error on dev loop3, logical block 136, lost sync page write
[   87.006900][   T43] device veth0_vlan left promiscuous mode
[   87.015826][ T2663] Buffer I/O error on dev loop3, logical block 161, lost sync page write
[   87.024721][ T2659] Buffer I/O error on dev loop3, logical block 136, lost sync page write
[   87.050489][ T2659] Buffer I/O error on dev loop3, logical block 136, lost sync page write
[   87.059026][ T2659] exFAT-fs (loop3): error, failed to bmap (inode : ffff88812a5dd990 iblock : 24, err : -5)
[   87.068926][ T2659] exFAT-fs (loop3): Filesystem has been set read-only
[   87.712178][ T2680] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.719484][ T2680] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.728070][ T2680] device bridge_slave_0 entered promiscuous mode
[   87.744389][ T2680] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.751538][ T2680] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.759531][ T2680] device bridge_slave_1 entered promiscuous mode
[   87.864400][ T2680] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.871282][ T2680] bridge0: port 2(bridge_slave_1) entered forwarding state
[   87.878391][ T2680] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.885204][ T2680] bridge0: port 1(bridge_slave_0) entered forwarding state
[   87.908507][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   87.916256][  T311] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.924988][  T311] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.940866][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   87.948998][  T311] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.955852][  T311] bridge0: port 1(bridge_slave_0) entered forwarding state
[   87.964075][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   87.972122][  T311] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.978986][  T311] bridge0: port 2(bridge_slave_1) entered forwarding state
[   87.994917][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   88.002854][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   88.019335][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   88.033116][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   88.041407][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   88.048614][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   88.059237][ T2680] device veth0_vlan entered promiscuous mode
[   88.069902][  T303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   88.078874][ T2680] device veth1_macvtap entered promiscuous mode
[   88.088776][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   88.090242][    T6] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[   88.110465][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   88.231411][   T43] device bridge_slave_0 left promiscuous mode
[   88.242626][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[   88.251277][   T43] device veth1_macvtap left promiscuous mode
[   88.281721][  T312] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[   88.319634][   T28] audit: type=1400 audit(1719647655.510:484): avc:  denied  { write } for  pid=2714 comm="syz.3.882" name="urandom" dev="devtmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:urandom_device_t tclass=chr_file permissive=1
[   88.510336][    T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 0, changing to 7
[   88.521067][    T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 51, changing to 9
[   88.531993][    T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 33540, setting to 1024
[   88.543087][  T312] usb 2-1: Using ep0 maxpacket: 32
[   88.548697][    T6] usb 5-1: New USB device found, idVendor=05ac, idProduct=030a, bcdDevice=65.8c
[   88.557809][    T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   88.566771][    T6] usb 5-1: config 0 descriptor??
[   88.610748][    T6] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[   88.680302][  T312] usb 2-1: config 0 has no interfaces?
[   88.686378][  T312] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[   88.695420][  T312] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   88.704066][  T312] usb 2-1: config 0 descriptor??
[   88.877163][ T2733] rtc_cmos 00:00: Alarms can be up to one day in the future
[   88.991451][ T2707] loop1: detected capacity change from 0 to 2048
[   89.020305][  T315] udevd[315]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system
[   89.025308][ T2707] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[   89.041596][ T2696] bridge0: port 2(bridge_slave_1) entered disabled state
[   89.049985][ T2696] device bridge_slave_1 left promiscuous mode
[   89.056245][ T2696] bridge0: port 2(bridge_slave_1) entered disabled state
[   89.249910][ T2734] loop1: detected capacity change from 0 to 512
[   89.278679][  T315] udevd[315]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system
[   89.317388][ T2734] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   89.320958][  T312] usb 5-1: USB disconnect, device number 8
[   89.337520][ T2734] ext4 filesystem being mounted at /root/syzkaller.KJHWeH/3/file0 supports timestamps until 2038 (0x7fffffff)
[   89.371427][  T315] udevd[315]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system
[   89.379135][   T28] audit: type=1400 audit(1719647656.570:485): avc:  denied  { setattr } for  pid=2706 comm="syz.1.880" name="file1" dev="loop1" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   89.502958][   T28] audit: type=1400 audit(1719647656.700:486): avc:  denied  { setattr } for  pid=2706 comm="syz.1.880" path="/root/syzkaller.KJHWeH/3/file0/hugetlb.2MB.rsvd.usage_in_bytes" dev="loop1" ino=20 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   89.590615][ T2734] EXT4-fs error (device loop1): ext4_do_update_inode:5212: inode #21: comm syz.1.880: corrupted inode contents
[   89.602652][ T2734] EXT4-fs error (device loop1): ext4_dirty_inode:6074: inode #21: comm syz.1.880: mark_inode_dirty error
[   89.614420][ T2734] EXT4-fs error (device loop1): ext4_do_update_inode:5212: inode #21: comm syz.1.880: corrupted inode contents
[   89.626350][ T2734] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2955: inode #21: comm syz.1.880: mark_inode_dirty error
[   89.638388][ T2734] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2958: inode #21: comm syz.1.880: mark inode dirty (error -117)
[   89.658686][ T2734] EXT4-fs warning (device loop1): ext4_evict_inode:299: xattr delete (err -117)
[   90.323428][   T28] audit: type=1400 audit(1719647657.510:487): avc:  denied  { ioctl } for  pid=2743 comm="syz.3.890" path="/root/syzkaller.9HE94Q/8/file0/.pending_reads" dev="incremental-fs" ino=2 ioctlcmd=0x6726 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   90.566709][ T2755] netlink: 20 bytes leftover after parsing attributes in process `syz.2.894'.
[   90.604861][   T28] audit: type=1326 audit(1719647657.770:488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2754 comm="syz.2.894" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff8bc375b99 code=0x0
[   91.014493][   T28] audit: type=1326 audit(1719647658.200:489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2754 comm="syz.2.894" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff8bc375b99 code=0x0
[   91.038623][   T37] usb 2-1: USB disconnect, device number 11
[   91.053150][   T28] audit: type=1400 audit(1719647658.250:490): avc:  denied  { create } for  pid=2768 comm="syz.0.899" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=blk_file permissive=1
[   91.074593][   T28] audit: type=1400 audit(1719647658.250:491): avc:  denied  { mounton } for  pid=2768 comm="syz.0.899" path="/root/syzkaller.KxZcs3/21/file0" dev="sda1" ino=2005 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=blk_file permissive=1
[   91.077490][ T2560] EXT4-fs (loop1): unmounting filesystem.
[   91.099477][   T28] audit: type=1400 audit(1719647658.250:492): avc:  denied  { unlink } for  pid=2456 comm="syz-executor" name="file0" dev="sda1" ino=2005 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=blk_file permissive=1
[   91.130919][ T2770] loop3: detected capacity change from 0 to 128
[   91.143739][ T2770] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1)
[   91.170566][ T2780] syz.1.903[2780] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   91.170669][ T2780] syz.1.903[2780] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   91.179199][ T2770] bio_check_eod: 11 callbacks suppressed
[   91.179219][ T2770] syz.3.898: attempt to access beyond end of device
[   91.179219][ T2770] loop3: rw=3, sector=6950, nr_sectors = 2 limit=128
[   91.211288][ T2770] syz.3.898: attempt to access beyond end of device
[   91.211288][ T2770] loop3: rw=2051, sector=6952, nr_sectors = 942 limit=128
[   92.484749][ T2797] device pim6reg1 entered promiscuous mode
[   92.990326][ T2790] loop4: detected capacity change from 0 to 40427
[   93.002804][ T2790] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[   93.006781][  T315] udevd[315]: symlink '../../loop4' '/dev/disk/by-uuid/922c7623-35ee-4af3-bdd7-07040bb1b7db.tmp-b7:4' failed: Read-only file system
[   93.012061][ T2790] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[   93.035994][ T2790] F2FS-fs (loop4): invalid crc value
[   93.078105][ T2816] loop3: detected capacity change from 0 to 128
[   93.088100][ T2816] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1)
[   93.111826][ T2790] F2FS-fs (loop4): Found nat_bits in checkpoint
[   93.113597][ T2816] syz.3.914: attempt to access beyond end of device
[   93.113597][ T2816] loop3: rw=3, sector=6950, nr_sectors = 2 limit=128
[   93.131029][ T2816] syz.3.914: attempt to access beyond end of device
[   93.131029][ T2816] loop3: rw=2051, sector=6952, nr_sectors = 942 limit=128
[   93.482841][ T2790] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[   93.489750][ T2790] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   93.528126][ T2825] syz.1.917[2825] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   93.528239][ T2825] syz.1.917[2825] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   93.547335][  T315] udevd[315]: symlink '../../loop4' '/dev/disk/by-uuid/922c7623-35ee-4af3-bdd7-07040bb1b7db.tmp-b7:4' failed: Read-only file system
[   95.295515][  T320] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[   95.317801][ T2852] netlink: 4 bytes leftover after parsing attributes in process `syz.2.925'.
[   95.328849][ T2852] device syz_tun entered promiscuous mode
[   95.335025][ T2852] device macsec1 entered promiscuous mode
[   95.340731][  T320] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[   95.351807][ T2852] device syz_tun left promiscuous mode
[   95.372252][ T2850] device pim6reg1 entered promiscuous mode
[   95.509871][ T2872] netlink: 24 bytes leftover after parsing attributes in process `syz.2.934'.
[   96.105847][   T28] audit: type=1400 audit(1719647663.300:493): avc:  denied  { getattr } for  pid=2882 comm="syz.4.938" name="KEY" dev="sockfs" ino=26809 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[   96.485263][ T1980] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[   96.716813][ T2894] SELinux:  Context system_u:object_r:hugetlbfs_t:s0 is not valid (left unmapped).
[   96.728339][ T2892] netlink: 4 bytes leftover after parsing attributes in process `syz.3.940'.
[   96.746419][ T2892] device syz_tun entered promiscuous mode
[   96.753041][ T2892] device macsec1 entered promiscuous mode
[   96.761662][ T2892] device syz_tun left promiscuous mode
[   96.776133][ T2896] device pim6reg1 entered promiscuous mode
[   96.888742][ T2908] syz.3.947[2908] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   96.888821][ T2908] syz.3.947[2908] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   96.918556][ T2877] loop2: detected capacity change from 0 to 40427
[   96.959497][  T315] udevd[315]: symlink '../../loop2' '/dev/disk/by-uuid/922c7623-35ee-4af3-bdd7-07040bb1b7db.tmp-b7:2' failed: Read-only file system
[   96.973896][   T28] audit: type=1400 audit(1719647664.170:494): avc:  denied  { ioctl } for  pid=2911 comm="syz.1.950" path="socket:[26858]" dev="sockfs" ino=26858 ioctlcmd=0x8983 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   96.983532][ T2877] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[   97.007375][ T2910] loop4: detected capacity change from 0 to 1024
[   97.009981][ T2877] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[   97.014920][ T2910] EXT4-fs: Ignoring removed nomblk_io_submit option
[   97.026906][ T2877] F2FS-fs (loop2): Unrecognized mount option "0xffffffffffffffff" or missing value
[   97.031463][ T1058] udevd[1058]: symlink '../../loop4' '/dev/disk/by-label/syzkaller.tmp-b7:4' failed: Read-only file system
[   97.048536][ T1980] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   97.051414][ T2910] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   97.070454][ T1980] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   97.080485][ T1980] usb 1-1: New USB device found, idVendor=05ac, idProduct=0269, bcdDevice= 0.00
[   97.089365][ T1980] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   97.109875][ T2910] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[   97.148570][ T1980] usb 1-1: config 0 descriptor??
[   97.315781][ T2910] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e055c01c, mo2=0002]
[   97.324035][ T2910] System zones: 0-1, 3-36
[   97.330835][ T2910] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[   97.345943][  T315] udevd[315]: symlink '../../loop4' '/dev/disk/by-label/syzkaller.tmp-b7:4' failed: Read-only file system
[   97.380718][ T2624] EXT4-fs (loop4): unmounting filesystem.
[   97.497644][ T2929] netlink: 4 bytes leftover after parsing attributes in process `syz.4.955'.
[   97.510484][ T2929] device syz_tun entered promiscuous mode
[   97.516113][ T2929] device macsec1 entered promiscuous mode
[   97.537197][ T2929] device syz_tun left promiscuous mode
[   97.753907][ T1980] magicmouse 0003:05AC:0269.0004: hidraw0: USB HID v0.00 Device [HID 05ac:0269] on usb-dummy_hcd.0-1/input0
[   97.806345][ T2941] syzkaller0: tun_chr_ioctl cmd 1074025676
[   97.812196][ T2943] netlink: 4 bytes leftover after parsing attributes in process `syz.4.962'.
[   97.814792][ T2941] syzkaller0: owner set to 0
[   97.842394][ T2945] loop4: detected capacity change from 0 to 1024
[   97.859107][  T315] udevd[315]: symlink '../../loop4' '/dev/disk/by-label/syzkaller.tmp-b7:4' failed: Read-only file system
[   97.876396][ T2945] EXT4-fs: Ignoring removed nomblk_io_submit option
[   97.886632][ T2945] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   97.898039][ T2945] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[   97.951668][ T2945] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e055c01c, mo2=0002]
[   97.953107][ T1980] usb 1-1: USB disconnect, device number 7
[   97.962791][ T2945] System zones: 0-1, 3-36
[   97.981022][ T2945] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[   97.996286][  T315] udevd[315]: symlink '../../loop4' '/dev/disk/by-label/syzkaller.tmp-b7:4' failed: Read-only file system
[   98.311227][ T2624] EXT4-fs (loop4): unmounting filesystem.
[   98.400034][ T2973] loop3: detected capacity change from 0 to 256
[   98.414453][ T2973] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[   98.441521][ T2976] syzkaller0: tun_chr_ioctl cmd 1074025676
[   98.452156][ T2976] syzkaller0: owner set to 0
[   98.466727][ T2980] netlink: 16 bytes leftover after parsing attributes in process `syz.4.976'.
[   98.470430][ T2973] loop3: detected capacity change from 256 to 64
[   98.475984][ T2980] syz_tun: refused to change device tx_queue_len
[   98.485434][ T2973] syz.3.972: attempt to access beyond end of device
[   98.485434][ T2973] loop3: rw=2049, sector=136, nr_sectors = 1 limit=64
[   98.512034][ T2973] Buffer I/O error on dev loop3, logical block 136, lost sync page write
[   98.522724][ T2973] syz.3.972: attempt to access beyond end of device
[   98.522724][ T2973] loop3: rw=2049, sector=136, nr_sectors = 1 limit=64
[   98.535642][ T2984] loop1: detected capacity change from 0 to 1024
[   98.538255][ T2973] Buffer I/O error on dev loop3, logical block 136, lost sync page write
[   98.549581][  T315] udevd[315]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system
[   98.559475][ T2973] syz.3.972: attempt to access beyond end of device
[   98.559475][ T2973] loop3: rw=2049, sector=136, nr_sectors = 1 limit=64
[   98.574845][ T2984] EXT4-fs: Ignoring removed nomblk_io_submit option
[   98.580353][ T2973] Buffer I/O error on dev loop3, logical block 136, lost sync page write
[   98.590427][ T2984] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   98.598710][ T2987] syz.3.972: attempt to access beyond end of device
[   98.598710][ T2987] loop3: rw=2049, sector=161, nr_sectors = 1 limit=64
[   98.617870][ T2984] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[   98.634126][ T2987] Buffer I/O error on dev loop3, logical block 161, lost sync page write
[   98.642770][ T2984] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e055c01c, mo2=0002]
[   98.656148][ T2987] syz.3.972: attempt to access beyond end of device
[   98.656148][ T2987] loop3: rw=0, sector=161, nr_sectors = 1 limit=64
[   98.660258][ T2984] System zones: 
[   98.669182][ T2973] syz.3.972: attempt to access beyond end of device
[   98.669182][ T2973] loop3: rw=2049, sector=136, nr_sectors = 1 limit=64
[   98.672708][ T2984] 0-1
[   98.693036][ T2973] Buffer I/O error on dev loop3, logical block 136, lost sync page write
[   98.696419][ T2984] , 3-36
[   98.706213][ T2973] exFAT-fs (loop3): error, failed to bmap (inode : ffff888133563250 iblock : 24, err : -5)
[   98.717480][ T2973] exFAT-fs (loop3): Filesystem has been set read-only
[   98.724281][ T2987] syz.3.972: attempt to access beyond end of device
[   98.724281][ T2987] loop3: rw=0, sector=161, nr_sectors = 1 limit=64
[   98.737448][ T2973] syz.3.972: attempt to access beyond end of device
[   98.737448][ T2973] loop3: rw=0, sector=161, nr_sectors = 1 limit=64
[   98.751038][ T2973] syz.3.972: attempt to access beyond end of device
[   98.751038][ T2973] loop3: rw=2049, sector=208, nr_sectors = 24 limit=64
[   98.755662][ T2984] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   98.780327][  T312] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[   98.794204][  T315] udevd[315]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system
[   98.818851][ T2680] syz-executor: attempt to access beyond end of device
[   98.818851][ T2680] loop3: rw=0, sector=161, nr_sectors = 1 limit=64
[   98.833739][ T2560] EXT4-fs (loop1): unmounting filesystem.
[   98.912578][ T3009] netlink: 'syz.4.991': attribute type 4 has an invalid length.
[   98.930190][ T3009] netlink: 24 bytes leftover after parsing attributes in process `syz.4.991'.
[   99.000812][   T28] audit: type=1400 audit(1719647666.200:495): avc:  denied  { read write } for  pid=3008 comm="syz.4.991" name="loop-control" dev="devtmpfs" ino=113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[   99.038234][ T3017] loop1: detected capacity change from 0 to 256
[   99.050251][   T28] audit: type=1400 audit(1719647666.200:496): avc:  denied  { open } for  pid=3008 comm="syz.4.991" path="/dev/loop-control" dev="devtmpfs" ino=113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[   99.075224][ T3009] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[   99.082578][   T28] audit: type=1400 audit(1719647666.230:497): avc:  denied  { ioctl } for  pid=3008 comm="syz.4.991" path="/dev/loop-control" dev="devtmpfs" ino=113 ioctlcmd=0x4c81 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[   99.120593][ T3017] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[   99.180267][ T3017] loop1: detected capacity change from 256 to 64
[   99.187184][ T3017] Buffer I/O error on dev loop1, logical block 136, lost sync page write
[   99.196466][ T3018] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.196870][ T3017] Buffer I/O error on dev loop1, logical block 136, lost sync page write
[   99.203711][ T3018] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.212030][ T3017] Buffer I/O error on dev loop1, logical block 136, lost sync page write
[   99.219244][ T3018] device bridge_slave_0 entered promiscuous mode
[   99.226762][  T312] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   99.234150][ T3017] Buffer I/O error on dev loop1, logical block 136, lost sync page write
[   99.250121][  T312] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   99.252140][ T3017] exFAT-fs (loop1): error, failed to bmap (inode : ffff888133561150 iblock : 24, err : -5)
[   99.271503][  T312] usb 1-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00
[   99.272170][ T3017] exFAT-fs (loop1): Filesystem has been set read-only
[   99.280427][  T312] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   99.295479][  T312] usb 1-1: config 0 descriptor??
[   99.300591][ T3017] Buffer I/O error on dev loop1, logical block 161, lost sync page write
[   99.317075][ T3018] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.324082][ T3018] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.332197][ T3018] device bridge_slave_1 entered promiscuous mode
[   99.358964][ T3019] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.365987][ T3019] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.374010][ T3019] device bridge_slave_0 entered promiscuous mode
[   99.381262][ T3019] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.388099][ T3019] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.395459][ T3019] device bridge_slave_1 entered promiscuous mode
[   99.529236][ T3018] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.536180][ T3018] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.543304][ T3018] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.550057][ T3018] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.559919][ T3019] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.566785][ T3019] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.573852][ T3019] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.580672][ T3019] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.629163][ T3029] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.636099][ T3029] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.643456][ T3029] device bridge_slave_0 entered promiscuous mode
[   99.650284][ T3029] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.657118][ T3029] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.664604][ T3029] device bridge_slave_1 entered promiscuous mode
[   99.675341][  T608] device bridge_slave_1 left promiscuous mode
[   99.681282][  T608] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.688498][  T608] device bridge_slave_0 left promiscuous mode
[   99.694545][  T608] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.702324][  T608] device veth1_macvtap left promiscuous mode
[   99.708131][  T608] device veth0_vlan left promiscuous mode
[   99.762678][  T312] logitech-hidpp-device 0003:046D:C086.0005: hidraw0: USB HID v0.00 Device [HID 046d:c086] on usb-dummy_hcd.0-1/input0
[   99.807999][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   99.815615][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   99.823791][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   99.832550][  T312] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.839743][  T312] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.849176][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   99.856974][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   99.889772][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   99.897048][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   99.917581][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   99.925762][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   99.933947][ T1980] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.940800][ T1980] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.948020][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   99.956509][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   99.964583][ T1980] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.971446][ T1980] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.972163][  T312] usb 1-1: USB disconnect, device number 8
[   99.998804][ T3018] device veth0_vlan entered promiscuous mode
[  100.005577][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  100.013653][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  100.021767][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  100.029887][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  100.038066][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  100.046155][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  100.053970][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  100.061631][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  100.080686][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  100.087963][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  100.095240][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  100.103467][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  100.119908][ T3019] device veth0_vlan entered promiscuous mode
[  100.129814][  T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  100.137870][  T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  100.149711][ T3018] device veth1_macvtap entered promiscuous mode
[  100.157777][  T293] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  100.165439][  T293] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  100.172782][  T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  100.180770][  T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  100.188682][  T293] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  100.211171][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  100.219148][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  100.228068][ T3019] device veth1_macvtap entered promiscuous mode
[  100.242232][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  100.249695][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  100.257843][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  100.265962][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  100.274086][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  100.302526][ T1890] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  100.310651][ T1890] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  100.319099][ T1890] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  100.328885][ T1890] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  100.343827][ T3035] syzkaller0: tun_chr_ioctl cmd 1074025676
[  100.350336][ T3035] syzkaller0: owner set to 0
[  100.420458][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  100.427807][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  100.435436][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  100.443948][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  100.451974][ T1980] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.458796][ T1980] bridge0: port 1(bridge_slave_0) entered forwarding state
[  100.472955][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  100.826359][ T3029] device veth0_vlan entered promiscuous mode
[  100.921915][ T1890] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  100.930294][ T1890] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  100.938217][ T1890] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  100.955419][ T1890] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  100.974242][ T1890] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  100.980447][  T315] udevd[315]: setting mode of /dev/loop0 to 060660 failed: Read-only file system
[  100.982717][ T1890] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  100.991945][ T2456] block device autoloading is deprecated and will be removed.
[  100.999428][ T1890] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.013166][ T1890] bridge0: port 2(bridge_slave_1) entered forwarding state
[  101.019655][  T315] udevd[315]: setting owner of /dev/loop0 to uid=0, gid=6 failed: Read-only file system
[  101.026172][ T1890] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  101.030374][ T1733] Bluetooth: hci0: command 0x1003 tx timeout
[  101.037722][ T1890] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  101.043155][   T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  101.106193][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  101.128921][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  101.155929][ T3029] device veth1_macvtap entered promiscuous mode
[  101.232852][  T293] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  101.240434][  T293] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  101.248803][  T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  101.264023][  T293] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  101.280498][  T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  101.348040][   T28] audit: type=1400 audit(1719647668.540:498): avc:  denied  { mounton } for  pid=3060 comm="syz.1.1006" path="/root/syzkaller.ansgIa/0/file0" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  101.484532][ T3073] netlink: 'syz.4.1012': attribute type 4 has an invalid length.
[  101.506552][ T3073] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1012'.
[  101.534538][  T608] device bridge_slave_1 left promiscuous mode
[  101.542534][  T608] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.564691][  T608] device bridge_slave_0 left promiscuous mode
[  101.581508][ T3080] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  101.587711][  T608] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.598206][  T608] device bridge_slave_1 left promiscuous mode
[  101.604755][  T608] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.612493][  T608] device bridge_slave_0 left promiscuous mode
[  101.618496][  T608] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.627325][  T608] device veth1_macvtap left promiscuous mode
[  101.635331][  T608] device veth0_vlan left promiscuous mode
[  101.642087][  T608] device veth1_macvtap left promiscuous mode
[  101.649234][  T608] device veth0_vlan left promiscuous mode
[  101.947607][ T3083] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.954662][ T3083] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.962137][ T3083] device bridge_slave_0 entered promiscuous mode
[  101.968986][ T3083] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.975863][ T3083] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.985501][ T3083] device bridge_slave_1 entered promiscuous mode
[  102.334336][   T28] audit: type=1400 audit(1719647669.530:499): avc:  denied  { create } for  pid=3099 comm="syz.0.1024" name="#2a" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=chr_file permissive=1
[  102.380316][   T28] audit: type=1400 audit(1719647669.530:500): avc:  denied  { link } for  pid=3099 comm="syz.0.1024" name="#2a" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=chr_file permissive=1
[  102.403209][   T28] audit: type=1400 audit(1719647669.530:501): avc:  denied  { rename } for  pid=3099 comm="syz.0.1024" name="#2b" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=chr_file permissive=1
[  102.457815][ T3083] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.464707][ T3083] bridge0: port 2(bridge_slave_1) entered forwarding state
[  102.471794][ T3083] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.478558][ T3083] bridge0: port 1(bridge_slave_0) entered forwarding state
[  102.534108][  T293] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.541593][  T293] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.549097][  T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  102.562277][  T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  102.575836][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  102.584357][ T2716] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.591246][ T2716] bridge0: port 1(bridge_slave_0) entered forwarding state
[  102.602723][  T293] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  102.610871][  T293] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.617715][  T293] bridge0: port 2(bridge_slave_1) entered forwarding state
[  102.641137][  T293] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  102.648878][  T293] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  102.674937][ T3102] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.681862][ T3102] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.689185][ T3102] device bridge_slave_0 entered promiscuous mode
[  102.724837][ T3083] device veth0_vlan entered promiscuous mode
[  102.732308][ T3102] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.742630][ T3102] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.750845][ T3102] device bridge_slave_1 entered promiscuous mode
[  102.758563][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  102.767388][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  102.776047][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  102.783584][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  102.798645][ T3083] device veth1_macvtap entered promiscuous mode
[  102.815155][ T1890] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  102.835176][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  102.914797][  T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  103.057399][  T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  103.070446][  T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  103.090796][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  103.108228][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  103.116744][ T1980] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.123624][ T1980] bridge0: port 1(bridge_slave_0) entered forwarding state
[  103.131066][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  103.139264][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  103.147405][ T1980] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.154261][ T1980] bridge0: port 2(bridge_slave_1) entered forwarding state
[  103.176409][  T293] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  103.203493][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  103.203862][ T3131] serio: Serial port pts0
[  103.213210][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  103.223511][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  103.232368][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  103.248839][ T3102] device veth0_vlan entered promiscuous mode
[  103.257008][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  103.265019][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  103.272555][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  103.279743][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  103.287935][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  103.313702][ T3125] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.320722][ T3125] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.327845][ T3125] device bridge_slave_0 entered promiscuous mode
[  103.339203][ T3125] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.346295][ T3125] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.353657][ T3125] device bridge_slave_1 entered promiscuous mode
[  103.362552][ T3102] device veth1_macvtap entered promiscuous mode
[  103.369571][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  103.403625][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  103.412319][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  103.426517][ T1890] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  103.434891][ T1890] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  103.474447][  T608] device bridge_slave_1 left promiscuous mode
[  103.480768][  T608] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.488016][  T608] device bridge_slave_0 left promiscuous mode
[  103.494110][  T608] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.502155][  T608] device bridge_slave_1 left promiscuous mode
[  103.511741][  T608] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.519294][  T608] device bridge_slave_0 left promiscuous mode
[  103.525528][  T608] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.534234][  T608] device veth1_macvtap left promiscuous mode
[  103.540542][  T608] device veth0_vlan left promiscuous mode
[  103.546459][  T608] device veth1_macvtap left promiscuous mode
[  103.553187][  T608] device veth0_vlan left promiscuous mode
[  103.590235][ T1734] Bluetooth: hci0: command 0x1003 tx timeout
[  103.590580][ T3047] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  103.728737][   T28] audit: type=1400 audit(1719647670.920:502): avc:  denied  { read write } for  pid=3139 comm="syz.1.1039" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  103.763997][   T28] audit: type=1400 audit(1719647670.920:503): avc:  denied  { open } for  pid=3139 comm="syz.1.1039" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  103.896305][ T3125] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.903205][ T3125] bridge0: port 2(bridge_slave_1) entered forwarding state
[  103.950516][ T2716] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.988121][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  103.995751][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  104.021256][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  104.031738][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  104.049819][ T2716] bridge0: port 1(bridge_slave_0) entered blocking state
[  104.056721][ T2716] bridge0: port 1(bridge_slave_0) entered forwarding state
[  104.064983][   T28] audit: type=1400 audit(1719647671.260:504): avc:  denied  { unlink } for  pid=83 comm="syslogd" name="messages.0" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  104.067361][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  104.122122][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  104.130435][ T2716] bridge0: port 2(bridge_slave_1) entered blocking state
[  104.137316][ T2716] bridge0: port 2(bridge_slave_1) entered forwarding state
[  104.165336][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  104.173317][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  104.188551][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  104.196970][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  104.214787][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  104.223171][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  104.233489][ T3125] device veth0_vlan entered promiscuous mode
[  104.240504][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  104.248661][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  104.272303][ T3125] device veth1_macvtap entered promiscuous mode
[  104.281550][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  104.289322][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  104.296789][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  104.308870][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  104.317272][ T2716] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  104.331881][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  104.340473][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  104.360269][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  104.368349][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  104.452793][   T28] audit: type=1400 audit(1719647671.650:505): avc:  denied  { bind } for  pid=3169 comm="syz.0.1049" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  104.495941][   T28] audit: type=1400 audit(1719647671.650:506): avc:  denied  { name_bind } for  pid=3169 comm="syz.0.1049" src=512 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1
[  104.502644][ T3177] syz.1.1053[3177] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  104.516682][   T28] audit: type=1400 audit(1719647671.650:507): avc:  denied  { node_bind } for  pid=3169 comm="syz.0.1049" saddr=::1800:0:0:0 src=512 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1
[  104.525465][ T3177] syz.1.1053[3177] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  104.656308][ T3185] fscrypt: Adiantum using implementation "adiantum(xchacha12-simd,aes-aesni,nhpoly1305-generic)"
[  104.933628][ T3200] bridge0: port 1(bridge_slave_0) entered blocking state
[  104.940621][ T3200] bridge0: port 1(bridge_slave_0) entered disabled state
[  104.948086][ T3200] device bridge_slave_0 entered promiscuous mode
[  104.967598][ T3200] bridge0: port 2(bridge_slave_1) entered blocking state
[  104.974528][ T3200] bridge0: port 2(bridge_slave_1) entered disabled state
[  104.982124][ T3200] device bridge_slave_1 entered promiscuous mode
[  105.017618][ T3218] syz.3.1071[3218] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  105.017695][ T3218] syz.3.1071[3218] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  105.107272][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  105.127198][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  105.165776][ T3200] device veth0_vlan entered promiscuous mode
[  105.177016][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  105.185944][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  105.194166][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  105.202515][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  105.209722][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  105.217961][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  105.230525][    T6] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.237353][    T6] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.244713][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  105.252898][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  105.260918][    T6] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.267749][    T6] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.275155][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  105.282937][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  105.290929][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  105.302823][  T608] device bridge_slave_1 left promiscuous mode
[  105.308774][  T608] bridge0: port 2(bridge_slave_1) entered disabled state
[  105.316192][  T608] device bridge_slave_0 left promiscuous mode
[  105.322317][  T608] bridge0: port 1(bridge_slave_0) entered disabled state
[  105.330055][  T608] device veth1_macvtap left promiscuous mode
[  105.336316][  T608] device veth0_vlan left promiscuous mode
[  105.466821][ T3200] device veth1_macvtap entered promiscuous mode
[  105.479173][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  105.587154][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  105.595549][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  105.755160][ T3260] loop3: detected capacity change from 0 to 1024
[  105.964045][ T3260] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  106.059789][  T315] udevd[315]: symlink '../../loop3' '/dev/disk/by-label/syzkaller.tmp-b7:3' failed: Read-only file system
[  106.352641][  T315] udevd[315]: symlink '../../loop3' '/dev/disk/by-label/syzkaller.tmp-b7:3' failed: Read-only file system
[  106.380203][  T293] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  106.492652][ T3272] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.515469][ T3272] bridge0: port 1(bridge_slave_0) entered disabled state
[  106.526851][ T3272] device bridge_slave_0 entered promiscuous mode
[  106.539431][ T3272] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.546866][ T3272] bridge0: port 2(bridge_slave_1) entered disabled state
[  106.556453][ T3272] device bridge_slave_1 entered promiscuous mode
[  106.620505][  T293] usb 1-1: Using ep0 maxpacket: 32
[  106.678253][ T3083] EXT4-fs (loop3): unmounting filesystem.
[  106.718333][   T28] kauditd_printk_skb: 1 callbacks suppressed
[  106.718347][   T28] audit: type=1400 audit(1719647673.910:509): avc:  denied  { map } for  pid=3286 comm="syz.4.1100" path="socket:[30780]" dev="sockfs" ino=30780 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  106.748145][  T293] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  106.749593][   T28] audit: type=1400 audit(1719647673.910:510): avc:  denied  { read } for  pid=3286 comm="syz.4.1100" path="socket:[30780]" dev="sockfs" ino=30780 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  106.772407][  T293] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  106.809620][ T3272] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.816525][ T3272] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.823626][ T3272] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.830516][ T3272] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.894486][ T1890] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  106.904711][ T1890] bridge0: port 1(bridge_slave_0) entered disabled state
[  106.909093][ T3301] loop4: detected capacity change from 0 to 256
[  106.913885][   T28] audit: type=1400 audit(1719647674.120:511): avc:  denied  { read } for  pid=3302 comm="syz.2.1106" laddr=::1 lport=7 faddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  106.930642][ T3301] exfat: Deprecated parameter 'namecase'
[  106.942790][ T3304] input: syz0 as /devices/virtual/input/input9
[  106.951372][ T1890] bridge0: port 2(bridge_slave_1) entered disabled state
[  106.961554][  T293] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  106.974710][ T1890] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  106.980113][  T293] usb 1-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  106.988852][ T1890] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.997653][ T1890] bridge0: port 1(bridge_slave_0) entered forwarding state
[  107.007781][ T3301] exFAT-fs (loop4): failed to load upcase table (idx : 0x00011fc6, chksum : 0x5c39844e, utbl_chksum : 0xe619d30d)
[  107.007907][ T1890] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  107.023557][  T293] usb 1-1: Product: syz
[  107.028064][ T1890] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.033270][  T293] usb 1-1: Manufacturer: syz
[  107.038296][ T1890] bridge0: port 2(bridge_slave_1) entered forwarding state
[  107.070163][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  107.083089][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  107.095049][ T3309] serio: Serial port pts0
[  107.095327][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  107.101878][  T293] hub 1-1:4.0: USB hub found
[  107.108171][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  107.148212][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  107.157480][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  107.187802][ T3272] device veth0_vlan entered promiscuous mode
[  107.217447][ T1890] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  107.228742][ T1890] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  107.239676][ T1890] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  107.250427][ T1890] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  107.268765][ T3272] device veth1_macvtap entered promiscuous mode
[  107.278820][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  107.287099][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  107.296678][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  107.311521][  T608] device bridge_slave_1 left promiscuous mode
[  107.317473][  T608] bridge0: port 2(bridge_slave_1) entered disabled state
[  107.324479][  T293] hub 1-1:4.0: config failed, hub doesn't have any ports! (err -19)
[  107.340663][  T608] device bridge_slave_0 left promiscuous mode
[  107.355917][  T608] bridge0: port 1(bridge_slave_0) entered disabled state
[  107.364418][  T608] device bridge_slave_0 left promiscuous mode
[  107.370580][  T608] bridge0: port 1(bridge_slave_0) entered disabled state
[  107.379060][  T608] device veth1_macvtap left promiscuous mode
[  107.385235][  T608] device veth0_vlan left promiscuous mode
[  107.391355][  T608] device veth1_macvtap left promiscuous mode
[  107.397260][  T608] device veth0_vlan left promiscuous mode
[  107.566757][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  107.574926][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  107.583115][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  107.591264][   T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  107.660322][ T1890] usb 1-1: USB disconnect, device number 9
[  107.696595][ T3324] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.708169][ T3324] bridge0: port 1(bridge_slave_0) entered disabled state
[  107.715717][ T3324] device bridge_slave_0 entered promiscuous mode
[  107.723067][ T3324] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.729977][ T3324] bridge0: port 2(bridge_slave_1) entered disabled state
[  107.737196][ T3324] device bridge_slave_1 entered promiscuous mode
[  107.802498][ T3338] loop1: detected capacity change from 0 to 256
[  107.809248][ T3338] exfat: Deprecated parameter 'namecase'
[  107.817685][ T3338] exFAT-fs (loop1): failed to load upcase table (idx : 0x00011fc6, chksum : 0x5c39844e, utbl_chksum : 0xe619d30d)
[  107.859730][ T3324] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.866636][ T3324] bridge0: port 2(bridge_slave_1) entered forwarding state
[  107.873742][ T3324] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.880504][ T3324] bridge0: port 1(bridge_slave_0) entered forwarding state
[  107.910598][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  107.918771][    T6] bridge0: port 1(bridge_slave_0) entered disabled state
[  107.931253][    T6] bridge0: port 2(bridge_slave_1) entered disabled state
[  107.954654][ T1890] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  107.963865][ T1890] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.970739][ T1890] bridge0: port 1(bridge_slave_0) entered forwarding state
[  107.983340][ T1890] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  107.991783][ T1890] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.998634][ T1890] bridge0: port 2(bridge_slave_1) entered forwarding state
[  108.029554][ T1890] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  108.057246][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  108.066624][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  108.075175][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  108.090255][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  108.132273][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  108.165129][ T3324] device veth0_vlan entered promiscuous mode
[  108.197244][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  108.219390][ T3362] serio: Serial port pts0
[  108.219877][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  108.235690][   T28] audit: type=1400 audit(1719647675.430:512): avc:  denied  { bind } for  pid=3363 comm="syz.4.1131" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  108.237467][ T3324] device veth1_macvtap entered promiscuous mode
[  108.278256][ T1890] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  108.286244][ T1890] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  108.295780][ T1890] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  108.310590][ T1890] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  108.330557][ T1890] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  108.523920][ T3400] loop1: detected capacity change from 0 to 2048
[  108.550420][    T6] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  108.560632][ T3400]  loop1: p1 < > p4
[  108.564847][ T3400] loop1: p4 size 8388608 extends beyond EOD, truncated
[  108.578664][  T315] udevd[315]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory
[  108.587068][ T3400] fuse: Unknown parameter '017777777777777777777770x0000000000000003'
[  108.589531][ T1058] udevd[1058]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory
[  108.607202][   T28] audit: type=1400 audit(1719647675.810:513): avc:  denied  { unlink } for  pid=3374 comm="syz.3.1115" name="file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  108.643777][  T315] udevd[315]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory
[  108.644849][ T1058] udevd[1058]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory
[  108.681204][ T1058] udevd[1058]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory
[  108.696887][  T315] udevd[315]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory
[  108.714574][ T3410] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3410 comm=syz.1.1150
[  108.751426][  T608] device bridge_slave_1 left promiscuous mode
[  108.759615][  T608] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.767660][  T608] device bridge_slave_0 left promiscuous mode
[  108.773890][  T608] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.784312][  T608] device veth1_macvtap left promiscuous mode
[  108.790321][  T608] device veth0_vlan left promiscuous mode
[  108.816749][ T3416] loop1: detected capacity change from 0 to 1024
[  108.824944][ T3416] EXT4-fs: Ignoring removed mblk_io_submit option
[  108.832411][ T3416] EXT4-fs (loop1): VFS: Can't find ext4 filesystem
[  108.868580][ T3416] loop1: detected capacity change from 0 to 512
[  108.879878][  T315] udevd[315]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system
[  108.902601][ T3416] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.1153: bg 0: block 248: padding at end of block bitmap is not set
[  108.918241][ T3416] Quota error (device loop1): write_blk: dquota write failed
[  108.925758][ T3416] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[  108.937081][ T3416] EXT4-fs (loop1): 1 truncate cleaned up
[  108.942907][ T3416] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  108.954194][    T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  108.959511][ T3416] ext4 filesystem being mounted at /root/syzkaller.khYL7D/16/file0 supports timestamps until 2038 (0x7fffffff)
[  108.974525][    T6] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  108.992625][  T315] udevd[315]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system
[  109.009115][    T6] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  109.021290][    T6] usb 3-1: config 0 descriptor??
[  109.097738][ T3272] EXT4-fs (loop1): unmounting filesystem.
[  109.121013][ T3437] input: syz0 as /devices/virtual/input/input10
[  109.166705][   T28] audit: type=1400 audit(1719647676.360:514): avc:  denied  { read } for  pid=3432 comm="syz.0.1159" name="snapshot" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  109.189512][   T28] audit: type=1400 audit(1719647676.360:515): avc:  denied  { open } for  pid=3432 comm="syz.0.1159" path="/dev/snapshot" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  109.238648][ T3446] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3446 comm=syz.1.1164
[  109.417253][   T28] audit: type=1400 audit(1719647676.610:516): avc:  denied  { execute_no_trans } for  pid=3468 comm="syz.3.1173" path=2F6D656D66643A237DA9E4FC1EFFE0A59DC8CA332712785921A49C97F1FCB0E87E91D504697D03202864656C6574656429 dev="tmpfs" ino=1176 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  109.463064][ T3465] loop1: detected capacity change from 0 to 1024
[  109.501945][ T3465] EXT4-fs: Ignoring removed mblk_io_submit option
[  109.776622][ T3465] EXT4-fs (loop1): VFS: Can't find ext4 filesystem
[  109.784028][    T6] keytouch 0003:0926:3333.0006: fixing up Keytouch IEC report descriptor
[  109.794131][ T3474] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3474 comm=syz.3.1175
[  109.808098][    T6] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.0006/input/input11
[  109.831163][ T3465] loop1: detected capacity change from 0 to 512
[  109.846762][ T3465] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.1172: bg 0: block 248: padding at end of block bitmap is not set
[  109.861994][ T3465] EXT4-fs (loop1): 1 truncate cleaned up
[  109.867482][ T3465] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  109.876390][ T3465] ext4 filesystem being mounted at /root/syzkaller.khYL7D/23/file0 supports timestamps until 2038 (0x7fffffff)
[  109.895892][    T6] keytouch 0003:0926:3333.0006: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0
[  109.976715][ T3485] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.985331][ T3485] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  110.050796][ T3465] syz.1.1172 (3465) used greatest stack depth: 19368 bytes left
[  110.064059][ T3272] EXT4-fs (loop1): unmounting filesystem.
[  110.158211][ T3498] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3498 comm=syz.3.1186
[  110.171302][ T3498] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1186'.
[  110.193125][ T3500] netlink: 'syz.1.1184': attribute type 4 has an invalid length.
[  110.536305][ T3500] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1184'.
[  110.763950][ T3500] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  110.992084][ T3535] syz.3.1199[3535] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  110.992160][ T3535] syz.3.1199[3535] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  110.997477][ T2456] block device autoloading is deprecated and will be removed.
[  112.351048][    T6] usb 3-1: USB disconnect, device number 5
[  112.406410][ T3547] syz.0.1203[3547] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  112.406481][ T3547] syz.0.1203[3547] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  112.425522][ T3547] syz.0.1203[3547] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  112.436839][ T3547] syz.0.1203[3547] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  112.582027][ T3570] loop3: detected capacity change from 0 to 128
[  112.810898][ T3047] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  112.810955][   T45] Bluetooth: hci0: command 0x1003 tx timeout
[  113.010960][ T3580] loop0: detected capacity change from 0 to 1024
[  113.071942][ T3580] EXT4-fs: Ignoring removed mblk_io_submit option
[  113.099137][ T3580] EXT4-fs (loop0): VFS: Can't find ext4 filesystem
[  113.125277][ T3561] loop2: detected capacity change from 0 to 40427
[  113.135652][ T3561] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  113.143335][ T3561] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  113.143416][  T315] udevd[315]: symlink '../../loop2' '/dev/disk/by-uuid/922c7623-35ee-4af3-bdd7-07040bb1b7db.tmp-b7:2' failed: Read-only file system
[  113.165331][ T3561] F2FS-fs (loop2): invalid crc value
[  113.196481][ T3561] F2FS-fs (loop2): Found nat_bits in checkpoint
[  113.224792][ T3577] loop0: detected capacity change from 0 to 512
[  113.252846][  T315] udevd[315]: symlink '../../loop0' '/dev/disk/by-label/syzkaller.tmp-b7:0' failed: Read-only file system
[  113.278942][ T3561] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  113.295238][ T3577] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.1217: bg 0: block 248: padding at end of block bitmap is not set
[  113.296369][ T3561] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  113.320622][ T3577] __quota_error: 5 callbacks suppressed
[  113.320638][ T3577] Quota error (device loop0): write_blk: dquota write failed
[  113.326740][  T315] udevd[315]: symlink '../../loop2' '/dev/disk/by-uuid/922c7623-35ee-4af3-bdd7-07040bb1b7db.tmp-b7:2' failed: Read-only file system
[  113.334504][ T3577] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  113.362111][ T3577] EXT4-fs (loop0): 1 truncate cleaned up
[  113.371890][ T3577] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  113.395691][ T3600] syz.1.1223[3600] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  113.395762][ T3600] syz.1.1223[3600] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  113.408813][ T3577] ext4 filesystem being mounted at /root/syzkaller.KxZcs3/78/file0 supports timestamps until 2038 (0x7fffffff)
[  113.438240][ T3600] syz.1.1223[3600] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  113.438324][ T3600] syz.1.1223[3600] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  113.464940][  T315] udevd[315]: symlink '../../loop0' '/dev/disk/by-label/syzkaller.tmp-b7:0' failed: Read-only file system
[  113.587773][ T2456] EXT4-fs (loop0): unmounting filesystem.
[  113.616073][ T3611] netlink: 'syz.1.1228': attribute type 4 has an invalid length.
[  113.623701][ T3611] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1228'.
[  113.686431][ T3612] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  113.715475][ T3618] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1230'.
[  113.759914][ T3618] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1230'.
[  113.976075][   T28] audit: type=1400 audit(1719647681.170:520): avc:  denied  { wake_alarm } for  pid=3625 comm="syz.3.1233" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  114.038361][  T608] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  114.042769][ T3633] loop3: detected capacity change from 0 to 128
[  114.047720][  T608] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  114.086589][   T28] audit: type=1400 audit(1719647681.280:521): avc:  denied  { mounton } for  pid=3632 comm="syz.3.1236" path="/root/syzkaller.ZrM05q/29/file2/file0" dev="loop3" ino=1048759 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=dir permissive=1
[  114.118663][ T3562] loop4: detected capacity change from 0 to 131072
[  114.140648][ T3562] F2FS-fs (loop4): Invalid log blocks per segment (1)
[  114.160678][ T3562] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  114.163866][  T315] udevd[315]: symlink '../../loop4' '/dev/disk/by-uuid/36fde3fc-a519-493c-8baa-e32931e9a89c.tmp-b7:4' failed: Read-only file system
[  114.182373][ T3562] F2FS-fs (loop4): invalid crc value
[  114.206097][ T3562] F2FS-fs (loop4): Found nat_bits in checkpoint
[  114.240767][ T3324] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100)
[  114.248505][ T3324] FAT-fs (loop3): Filesystem has been set read-only
[  114.264862][ T3562] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  114.271928][ T3562] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  114.287129][  T315] udevd[315]: symlink '../../loop4' '/dev/disk/by-uuid/36fde3fc-a519-493c-8baa-e32931e9a89c.tmp-b7:4' failed: Read-only file system
[  114.381670][ T3650] loop2: detected capacity change from 0 to 1024
[  114.396893][ T3656] loop3: detected capacity change from 0 to 256
[  114.400981][ T3650] EXT4-fs: Ignoring removed nomblk_io_submit option
[  114.412084][  T315] udevd[315]: symlink '../../loop2' '/dev/disk/by-label/syzkaller.tmp-b7:2' failed: Read-only file system
[  114.437657][ T3650] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  114.449418][ T3656] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xc61f63e4, utbl_chksum : 0xe619d30d)
[  114.469067][  T315] udevd[315]: symlink '../../loop2' '/dev/disk/by-label/syzkaller.tmp-b7:2' failed: Read-only file system
[  114.494428][ T3125] EXT4-fs (loop2): unmounting filesystem.
[  116.114420][ T1734] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  116.170546][ T3047] Bluetooth: hci0: command 0x1003 tx timeout
[  116.234259][    T6] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  116.381994][ T3697] loop0: detected capacity change from 0 to 1024
[  116.388836][ T3697] EXT4-fs: Ignoring removed nomblk_io_submit option
[  116.394299][  T315] udevd[315]: symlink '../../loop0' '/dev/disk/by-label/syzkaller.tmp-b7:0' failed: Read-only file system
[  116.432660][ T3697] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  116.531427][ T3708] loop4: detected capacity change from 0 to 256
[  116.548229][ T3708] exFAT-fs (loop4): bogus sector size bits : 0
[  116.554464][ T3708] exFAT-fs (loop4): failed to read boot sector
[  116.560482][ T3708] exFAT-fs (loop4): failed to recognize exfat type
[  116.973699][    T6] usb 3-1: Using ep0 maxpacket: 16
[  117.009130][ T1058] udevd[1058]: symlink '../../loop0' '/dev/disk/by-label/syzkaller.tmp-b7:0' failed: Read-only file system
[  117.037906][ T2456] EXT4-fs (loop0): unmounting filesystem.
[  117.068929][ T3711] loop0: detected capacity change from 0 to 2048
[  117.101809][ T3711] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  117.111104][ T3711] ext4 filesystem being mounted at /root/syzkaller.KxZcs3/85/bus supports timestamps until 2038 (0x7fffffff)
[  117.143979][ T2456] EXT4-fs (loop0): unmounting filesystem.
[  117.350206][    T6] usb 3-1: New USB device found, idVendor=133e, idProduct=0815, bcdDevice=94.d7
[  117.364935][    T6] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  117.375944][    T6] usb 3-1: Product: syz
[  117.379926][    T6] usb 3-1: Manufacturer: syz
[  117.384680][    T6] usb 3-1: SerialNumber: syz
[  117.392532][    T6] usb 3-1: config 0 descriptor??
[  117.780165][    T6] usb 3-1: can't set config #0, error -71
[  117.787609][    T6] usb 3-1: USB disconnect, device number 6
[  117.793242][ T3732] incfs: ino conflict with backing FS 1
[  117.793831][ T3732] incfs: ino conflict with backing FS 2
[  117.810379][ T3732] incfs: ino conflict with backing FS 5
[  117.828255][ T3732] incfs: ino conflict with backing FS 6
[  117.870642][   T28] audit: type=1400 audit(1719647685.040:522): avc:  denied  { rename } for  pid=3729 comm="syz.1.1269" name=131377C5FC35D41454D5D41D29AD1A6029598146E6BE166E41AD0DBD4054033C9F33BBDA8224A2F3D772E7636E48B33CBF708372E8F1B9933EC5127743BE2206209EF02DF9CBF2F6E880D338 dev="incremental-fs" ino=6 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  117.929099][   T28] audit: type=1400 audit(1719647685.040:523): avc:  denied  { reparent } for  pid=3729 comm="syz.1.1269" name=131377C5FC35D41454D5D41D29AD1A6029598146E6BE166E41AD0DBD4054033C9F33BBDA8224A2F3D772E7636E48B33CBF708372E8F1B9933EC5127743BE2206209EF02DF9CBF2F6E880D338 dev="incremental-fs" ino=6 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  117.965305][   T28] audit: type=1400 audit(1719647685.040:524): avc:  denied  { create } for  pid=3729 comm="syz.1.1269" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  118.078903][ T3739] overlayfs: failed to create directory ./file0/work (errno: 126); mounting read-only
[  118.379148][ T3681] loop3: detected capacity change from 0 to 131072
[  118.388057][ T3681] F2FS-fs (loop3): Invalid log blocks per segment (1)
[  118.395467][ T3681] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  118.409460][ T3681] F2FS-fs (loop3): invalid crc value
[  118.413136][  T315] udevd[315]: symlink '../../loop3' '/dev/disk/by-uuid/36fde3fc-a519-493c-8baa-e32931e9a89c.tmp-b7:3' failed: Read-only file system
[  118.435453][ T3681] F2FS-fs (loop3): Found nat_bits in checkpoint
[  118.524074][ T3681] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  118.531209][ T3681] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  118.567849][  T315] udevd[315]: symlink '../../loop3' '/dev/disk/by-uuid/36fde3fc-a519-493c-8baa-e32931e9a89c.tmp-b7:3' failed: Read-only file system
[  118.976387][ T3770] loop0: detected capacity change from 0 to 1024
[  119.035299][ T3774] syz.3.1276[3774] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  119.035761][ T3774] syz.3.1276[3774] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  119.067302][ T3775] netlink: 'syz.2.1280': attribute type 4 has an invalid length.
[  119.137543][ T3775] netlink: 'syz.2.1280': attribute type 4 has an invalid length.
[  119.198915][ T3770] EXT4-fs: Ignoring removed nomblk_io_submit option
[  119.248380][  T315] udevd[315]: symlink '../../loop0' '/dev/disk/by-label/syzkaller.tmp-b7:0' failed: Read-only file system
[  119.278595][ T3774] syz.3.1276[3774] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  119.278671][ T3774] syz.3.1276[3774] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  119.311698][ T3770] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  119.337546][  T315] udevd[315]: symlink '../../loop0' '/dev/disk/by-label/syzkaller.tmp-b7:0' failed: Read-only file system
[  119.454799][ T2456] EXT4-fs (loop0): unmounting filesystem.
[  119.623396][ T3800] overlayfs: failed to create directory ./file0/work (errno: 126); mounting read-only
[  120.303515][   T28] audit: type=1400 audit(1719647687.500:525): avc:  denied  { module_load } for  pid=3819 comm="syz.4.1301" path=2F6D656D66643A1037202864656C6574656429 dev="tmpfs" ino=1204 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=system permissive=1
[  120.303550][ T3820] Invalid ELF section name index: 0 || e_shstrndx (0) >= e_shnum (0)
[  120.485318][ T3840] loop0: detected capacity change from 0 to 1024
[  120.501006][  T315] udevd[315]: symlink '../../loop0' '/dev/disk/by-label/syzkaller.tmp-b7:0' failed: Read-only file system
[  120.512589][ T3840] EXT4-fs: Ignoring removed nomblk_io_submit option
[  120.525561][ T3840] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  120.546626][ T3847] loop4: detected capacity change from 0 to 256
[  120.557169][ T3840] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  120.590334][ T3840] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  120.600246][   T24] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  120.615499][  T315] udevd[315]: symlink '../../loop0' '/dev/disk/by-label/syzkaller.tmp-b7:0' failed: Read-only file system
[  120.628793][ T2456] EXT4-fs (loop0): unmounting filesystem.
[  120.840203][   T24] usb 2-1: Using ep0 maxpacket: 16
[  121.120202][   T24] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00
[  121.129046][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  121.136895][   T24] usb 2-1: Product: syz
[  121.140874][   T24] usb 2-1: Manufacturer: syz
[  121.145272][   T24] usb 2-1: SerialNumber: syz
[  121.150422][   T24] usb 2-1: config 0 descriptor??
[  121.190811][   T24] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected
[  121.198346][   T24] usb 2-1: Detected FT232H
[  121.410164][   T24] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[  121.891389][   T24] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  122.092138][ T2716] usb 2-1: USB disconnect, device number 12
[  122.098740][ T2716] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  122.108092][ T2716] ftdi_sio 2-1:0.0: device disconnected
[  122.621178][ T3862] loop3: detected capacity change from 0 to 128
[  122.635441][ T3862] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[  123.109634][ T3868] overlayfs: failed to create directory ./file0/work (errno: 126); mounting read-only
[  123.413220][ T3857] loop0: detected capacity change from 0 to 256
[  123.419880][ T3857] exfat: Deprecated parameter 'utf8'
[  123.428321][ T3857] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5040162d, utbl_chksum : 0xe619d30d)
[  123.445273][   T28] audit: type=1326 audit(1719647690.640:526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3855 comm="syz.0.1314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bcb975b99 code=0x7ffc0000
[  123.548704][ T3872] netlink: 'syz.2.1316': attribute type 4 has an invalid length.
[  123.622040][ T3872] netlink: 'syz.2.1316': attribute type 4 has an invalid length.
[  123.800780][   T28] audit: type=1326 audit(1719647690.640:527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3855 comm="syz.0.1314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bcb975b99 code=0x7ffc0000
[  123.906262][ T2716] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  123.972233][   T28] audit: type=1326 audit(1719647690.670:528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3855 comm="syz.0.1314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f4bcb975b99 code=0x7ffc0000
[  123.994861][ T3877] loop2: detected capacity change from 0 to 512
[  124.024641][  T315] udevd[315]: symlink '../../loop2' '/dev/disk/by-label/syzkaller.tmp-b7:2' failed: Read-only file system
[  124.040274][   T28] audit: type=1326 audit(1719647690.670:529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3855 comm="syz.0.1314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bcb975b99 code=0x7ffc0000
[  124.040477][ T3877] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  124.111648][ T3877] EXT4-fs (loop2): 1 truncate cleaned up
[  124.120375][ T3877] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  124.152911][   T28] audit: type=1326 audit(1719647690.670:530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3855 comm="syz.0.1314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bcb975b99 code=0x7ffc0000
[  124.178346][ T3877] EXT4-fs warning (device loop2): __ext4fs_dirhash:270: inode #2: comm syz.2.1321: Siphash requires key
[  124.190749][  T315] udevd[315]: symlink '../../loop2' '/dev/disk/by-label/syzkaller.tmp-b7:2' failed: Read-only file system
[  124.202387][ T3877] EXT4-fs warning (device loop2): dx_probe:844: inode #2: comm syz.2.1321: Hash code is SIPHASH, but hash not in dirent
[  124.215084][   T28] audit: type=1326 audit(1719647690.950:531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3855 comm="syz.0.1314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f4bcb975b99 code=0x7ffc0000
[  124.234918][ T3877] EXT4-fs warning (device loop2): dx_probe:965: inode #2: comm syz.2.1321: Corrupt directory, running e2fsck is recommended
[  124.238790][   T28] audit: type=1400 audit(1719647690.950:532): avc:  denied  { read } for  pid=3855 comm="syz.0.1314" name="uhid" dev="devtmpfs" ino=175 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  124.270656][ T3877] EXT4-fs warning (device loop2): dx_probe:844: inode #2: comm syz.2.1321: Hash code is SIPHASH, but hash not in dirent
[  124.287176][   T28] audit: type=1400 audit(1719647690.950:533): avc:  denied  { open } for  pid=3855 comm="syz.0.1314" path="/dev/uhid" dev="devtmpfs" ino=175 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  124.364345][ T3885] loop0: detected capacity change from 0 to 1024
[  124.373520][   T24] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  124.471917][ T3877] EXT4-fs warning (device loop2): dx_probe:965: inode #2: comm syz.2.1321: Corrupt directory, running e2fsck is recommended
[  124.499165][ T3885] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  124.504051][   T28] audit: type=1326 audit(1719647690.950:534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3855 comm="syz.0.1314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bcb975b99 code=0x7ffc0000
[  124.510566][  T315] udevd[315]: symlink '../../loop0' '/dev/disk/by-label/syzkaller.tmp-b7:0' failed: Read-only file system
[  124.622372][ T3125] EXT4-fs (loop2): unmounting filesystem.
[  124.725519][ T2716] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  124.736940][ T2716] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  124.746604][ T2716] usb 2-1: New USB device found, idVendor=172f, idProduct=0501, bcdDevice= 0.00
[  124.755493][ T2716] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  124.764183][ T2716] usb 2-1: config 0 descriptor??
[  124.910098][   T24] usb 5-1: Using ep0 maxpacket: 32
[  124.964109][  T315] udevd[315]: symlink '../../loop0' '/dev/disk/by-label/syzkaller.tmp-b7:2' failed: Read-only file system
[  125.015935][ T3890] loop2: detected capacity change from 0 to 512
[  125.048032][  T315] udevd[315]: symlink '../../loop2' '/dev/disk/by-label/syzkaller.tmp-b7:2' failed: Read-only file system
[  125.071094][ T3890] EXT4-fs (loop2): 1 truncate cleaned up
[  125.076585][ T3890] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  125.106097][  T315] udevd[315]: symlink '../../loop2' '/dev/disk/by-label/syzkaller.tmp-b7:2' failed: Read-only file system
[  125.195794][ T2456] EXT4-fs (loop0): unmounting filesystem.
[  125.223453][  T315] udevd[315]: symlink '../../loop2' '/dev/disk/by-label/syzkaller.tmp-b7:0' failed: Read-only file system
[  125.243822][ T2716] waltop 0003:172F:0501.0007: hidraw0: USB HID v0.00 Device [HID 172f:0501] on usb-dummy_hcd.1-1/input0
[  125.250229][   T24] usb 5-1: New USB device found, idVendor=257a, idProduct=260c, bcdDevice=a6.30
[  125.270822][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  125.278839][   T24] usb 5-1: Product: syz
[  125.282856][   T24] usb 5-1: Manufacturer: syz
[  125.291900][   T24] usb 5-1: SerialNumber: syz
[  125.300173][   T24] usb 5-1: config 0 descriptor??
[  125.446612][   T24] usb 2-1: USB disconnect, device number 13
[  125.545154][  T311] usb 5-1: USB disconnect, device number 9
[  125.590112][ T2716] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  125.839474][ T3125] EXT4-fs (loop2): unmounting filesystem.
[  125.845180][ T2716] usb 1-1: Using ep0 maxpacket: 16
[  125.960193][    T6] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  125.980222][ T2716] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  125.991067][ T2716] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  126.000711][ T2716] usb 1-1: New USB device found, idVendor=056a, idProduct=0003, bcdDevice= 0.00
[  126.009591][ T2716] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  126.018517][ T2716] usb 1-1: config 0 descriptor??
[  126.160153][  T311] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  126.300660][   T28] kauditd_printk_skb: 20 callbacks suppressed
[  126.300749][   T28] audit: type=1400 audit(1719647693.460:555): avc:  denied  { mounton } for  pid=3903 comm="syz.1.1329" path="/root/syzkaller.khYL7D/52/file0" dev="incremental-fs" ino=2050 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  126.440141][    T6] usb 4-1: Using ep0 maxpacket: 8
[  126.560150][    T6] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  126.570162][  T311] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  126.579691][  T311] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  126.589181][  T311] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  126.611638][ T2716] wacom 0003:056A:0003.0008: Unknown device_type for 'HID 056a:0003'. Assuming pen.
[  126.621406][ T2716] input: Wacom Cintiq Partner Pen as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:056A:0003.0008/input/input12
[  126.634624][ T2716] wacom 0003:056A:0003.0008: hidraw0: USB HID v0.00 Device [HID 056a:0003] on usb-dummy_hcd.0-1/input0
[  126.670200][    T6] usb 4-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d
[  126.679156][    T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105
[  126.680184][  T311] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  126.687165][    T6] usb 4-1: SerialNumber: syz
[  126.697203][  T311] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  126.704363][    T6] usb 4-1: config 0 descriptor??
[  126.710893][  T311] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  126.800197][  T311] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  126.809754][  T311] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  126.825852][  T311] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  126.838736][  T293] usb 1-1: USB disconnect, device number 10
[  126.920214][  T311] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  126.929897][  T311] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  126.939436][  T311] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  126.980179][    T6] usb 4-1: Found UVC 0.00 device <unnamed> (05ac:8501)
[  126.991754][    T6] usb 4-1: No valid video chain found.
[  127.030192][  T311] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  127.039853][  T311] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  127.049504][  T311] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  127.140191][  T311] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  127.149859][  T311] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  127.160967][  T311] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  127.207452][   T24] usb 4-1: USB disconnect, device number 12
[  127.260159][   T37] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  127.330195][  T311] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  127.348252][  T311] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  127.357868][  T311] usb 3-1: Product: syz
[  127.362168][  T311] usb 3-1: Manufacturer: syz
[  127.367065][  T311] usb 3-1: SerialNumber: syz
[  127.500113][   T37] usb 5-1: Using ep0 maxpacket: 32
[  127.620135][   T37] usb 5-1: config 0 has no interfaces?
[  127.625477][   T37] usb 5-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  127.635993][  T311] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 7 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  127.655332][   T37] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  127.666408][   T37] usb 5-1: config 0 descriptor??
[  127.860206][ T1890] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  127.894705][   T37] usb 3-1: USB disconnect, device number 7
[  127.911488][   T37] usblp0: removed
[  127.924336][ T3923] loop4: detected capacity change from 0 to 2048
[  127.935778][ T3923] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  127.945821][  T315] udevd[315]: symlink '../../loop4' '/dev/disk/by-label/syzkaller.tmp-b7:4' failed: Read-only file system
[  128.049204][ T3933] loop4: detected capacity change from 0 to 512
[  128.072005][  T315] udevd[315]: symlink '../../loop4' '/dev/disk/by-label/syzkaller.tmp-b7:4' failed: Read-only file system
[  128.098343][ T3933] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  128.107207][    T6] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  128.114910][ T3933] ext4 filesystem being mounted at /root/syzkaller.OsER4i/68/file0 supports timestamps until 2038 (0x7fffffff)
[  128.132622][  T315] udevd[315]: symlink '../../loop4' '/dev/disk/by-label/syzkaller.tmp-b7:4' failed: Read-only file system
[  128.164244][ T3942] loop1: detected capacity change from 0 to 512
[  128.173901][ T3942] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  128.184811][ T3942] EXT4-fs (loop1): 1 truncate cleaned up
[  128.190453][ T3942] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  128.202205][ T3933] EXT4-fs error (device loop4): ext4_do_update_inode:5212: inode #21: comm syz.4.1337: corrupted inode contents
[  128.207724][ T3942] EXT4-fs warning (device loop1): __ext4fs_dirhash:270: inode #2: comm syz.1.1343: Siphash requires key
[  128.214201][ T3933] EXT4-fs error (device loop4): ext4_dirty_inode:6074: inode #21: comm syz.4.1337: mark_inode_dirty error
[  128.229594][ T3942] EXT4-fs warning (device loop1): dx_probe:844: inode #2: comm syz.1.1343: Hash code is SIPHASH, but hash not in dirent
[  128.236709][ T3933] EXT4-fs error (device loop4): ext4_do_update_inode:5212: inode #21: comm syz.4.1337: corrupted inode contents
[  128.248835][ T3942] EXT4-fs warning (device loop1): dx_probe:965: inode #2: comm syz.1.1343: Corrupt directory, running e2fsck is recommended
[  128.260594][ T3933] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2955: inode #21: comm syz.4.1337: mark_inode_dirty error
[  128.284485][ T3942] EXT4-fs warning (device loop1): dx_probe:844: inode #2: comm syz.1.1343: Hash code is SIPHASH, but hash not in dirent
[  128.290679][ T3933] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2958: inode #21: comm syz.4.1337: mark inode dirty (error -117)
[  128.296867][ T1890] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  128.309260][ T3942] EXT4-fs warning (device loop1): dx_probe:965: inode #2: comm syz.1.1343: Corrupt directory, running e2fsck is recommended
[  128.320373][ T1890] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  128.342074][ T3933] EXT4-fs warning (device loop4): ext4_evict_inode:299: xattr delete (err -117)
[  128.351381][ T1890] usb 1-1: New USB device found, idVendor=172f, idProduct=0501, bcdDevice= 0.00
[  128.360520][ T3272] EXT4-fs (loop1): unmounting filesystem.
[  128.366381][ T1890] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  128.374857][ T1890] usb 1-1: config 0 descriptor??
[  128.400138][    T6] usb 4-1: Using ep0 maxpacket: 32
[  128.623981][ T3951] netlink: 'syz.1.1344': attribute type 4 has an invalid length.
[  128.681386][ T3951] netlink: 'syz.1.1344': attribute type 4 has an invalid length.
[  128.891906][ T3949] loop2: detected capacity change from 0 to 40427
[  128.899091][ T3949] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  128.907018][ T3949] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  128.915962][ T3949] F2FS-fs (loop2): invalid crc value
[  128.922553][ T3949] F2FS-fs (loop2): Found nat_bits in checkpoint
[  128.930323][    T6] usb 4-1: New USB device found, idVendor=257a, idProduct=260c, bcdDevice=a6.30
[  128.939355][    T6] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  128.947356][    T6] usb 4-1: Product: syz
[  128.951737][    T6] usb 4-1: Manufacturer: syz
[  128.956174][    T6] usb 4-1: SerialNumber: syz
[  128.964232][    T6] usb 4-1: config 0 descriptor??
[  128.968933][ T3949] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  128.975907][ T3949] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  129.012665][ T1890] waltop 0003:172F:0501.0009: hidraw0: USB HID v0.00 Device [HID 172f:0501] on usb-dummy_hcd.0-1/input0
[  129.618875][ T1890] usb 1-1: USB disconnect, device number 11
[  129.634450][   T37] usb 4-1: USB disconnect, device number 13
[  129.676178][  T608] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  129.685545][  T608] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  130.004174][   T37] usb 5-1: USB disconnect, device number 10
[  130.103698][ T3200] EXT4-fs (loop4): unmounting filesystem.
[  130.311322][ T3978] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1352'.
[  130.340241][ T3978] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1352'.
[  130.496241][ T3988] bridge0: port 3(gretap0) entered blocking state
[  130.502527][ T3988] bridge0: port 3(gretap0) entered disabled state
[  130.509259][ T3988] device gretap0 entered promiscuous mode
[  130.514926][ T3988] bridge0: port 3(gretap0) entered blocking state
[  130.521170][ T3988] bridge0: port 3(gretap0) entered forwarding state
[  130.528767][ T3988] device gretap0 left promiscuous mode
[  130.534170][ T3988] bridge0: port 3(gretap0) entered disabled state
[  131.085598][ T4003] loop2: detected capacity change from 0 to 1024
[  131.269400][  T311] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  131.278872][  T315] udevd[315]: symlink '../../loop2' '/dev/disk/by-label/syzkaller.tmp-b7:2' failed: Read-only file system
[  131.292579][ T4003] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  131.973942][ T3125] EXT4-fs (loop2): unmounting filesystem.
[  132.017627][ T4016] netlink: 'syz.3.1367': attribute type 27 has an invalid length.
[  132.090092][  T311] usb 2-1: Using ep0 maxpacket: 32
[  132.230163][   T28] audit: type=1400 audit(1719647699.410:556): avc:  denied  { create } for  pid=4024 comm="syz.2.1368" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  132.253787][  T311] usb 2-1: config 0 has no interfaces?
[  132.259262][  T311] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  132.268382][  T311] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  132.280312][  T311] usb 2-1: config 0 descriptor??
[  132.296079][   T28] audit: type=1400 audit(1719647699.410:557): avc:  denied  { connect } for  pid=4024 comm="syz.2.1368" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  132.396122][ T4029] fuse: Bad value for 'fd'
[  133.066683][ T4038] bridge0: port 3(gretap0) entered blocking state
[  133.073025][ T4038] bridge0: port 3(gretap0) entered disabled state
[  133.080338][ T4038] device gretap0 entered promiscuous mode
[  133.086224][ T4038] bridge0: port 3(gretap0) entered blocking state
[  133.092528][ T4038] bridge0: port 3(gretap0) entered forwarding state
[  133.103400][ T4038] device gretap0 left promiscuous mode
[  133.108870][ T4038] bridge0: port 3(gretap0) entered disabled state
[  133.357388][ T3999] loop1: detected capacity change from 0 to 2048
[  133.448073][ T3999] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  133.470209][   T28] audit: type=1400 audit(1719647700.670:558): avc:  denied  { setopt } for  pid=4045 comm="syz.0.1376" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  133.535190][  T315] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  133.874543][   T28] audit: type=1400 audit(1719647701.070:559): avc:  denied  { lock } for  pid=4045 comm="syz.0.1376" path="socket:[34369]" dev="sockfs" ino=34369 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[  133.877139][ T4050] loop1: detected capacity change from 0 to 512
[  133.968743][ T4055] netlink: 'syz.3.1373': attribute type 4 has an invalid length.
[  134.057136][ T4055] netlink: 'syz.3.1373': attribute type 4 has an invalid length.
[  134.379504][  T315] udevd[315]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system
[  134.383172][ T4062] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1380'.
[  134.447079][ T4050] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  134.456097][ T4062] sch_tbf: burst 0 is lower than device bridge1 mtu (1514) !
[  134.468461][ T4050] ext4 filesystem being mounted at /root/syzkaller.khYL7D/61/file0 supports timestamps until 2038 (0x7fffffff)
[  134.522953][  T353] udevd[353]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system
[  134.592263][ T4050] EXT4-fs error (device loop1): ext4_do_update_inode:5212: inode #21: comm syz.1.1360: corrupted inode contents
[  134.610311][ T4050] EXT4-fs error (device loop1): ext4_dirty_inode:6074: inode #21: comm syz.1.1360: mark_inode_dirty error
[  134.859876][ T4089] bridge0: port 3(gretap0) entered blocking state
[  134.866172][ T4089] bridge0: port 3(gretap0) entered disabled state
[  134.872854][ T4089] device gretap0 entered promiscuous mode
[  134.878492][ T4089] bridge0: port 3(gretap0) entered blocking state
[  134.884655][ T4089] bridge0: port 3(gretap0) entered forwarding state
[  134.893173][ T4089] device gretap0 left promiscuous mode
[  134.898588][ T4089] bridge0: port 3(gretap0) entered disabled state
[  134.931993][ T4050] EXT4-fs error (device loop1): ext4_do_update_inode:5212: inode #21: comm syz.1.1360: corrupted inode contents
[  135.026447][ T4050] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2955: inode #21: comm syz.1.1360: mark_inode_dirty error
[  135.068205][ T4050] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2958: inode #21: comm syz.1.1360: mark inode dirty (error -117)
[  135.485735][ T4050] EXT4-fs warning (device loop1): ext4_evict_inode:299: xattr delete (err -117)
[  135.736139][   T28] audit: type=1326 audit(1719647702.930:560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4107 comm="syz.0.1397" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4bcb975b99 code=0x0
[  135.850870][ T4114] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1399'.
[  135.872822][ T4114] sch_tbf: burst 0 is lower than device bridge1 mtu (1514) !
[  136.001304][  T312] usb 2-1: USB disconnect, device number 14
[  136.053561][ T3272] EXT4-fs (loop1): unmounting filesystem.
[  136.416251][ T4128] bridge0: port 3(gretap0) entered blocking state
[  136.416274][ T4128] bridge0: port 3(gretap0) entered disabled state
[  136.416763][ T4128] device gretap0 entered promiscuous mode
[  136.416881][ T4128] bridge0: port 3(gretap0) entered blocking state
[  136.416895][ T4128] bridge0: port 3(gretap0) entered forwarding state
[  136.418821][ T4128] device gretap0 left promiscuous mode
[  136.418890][ T4128] bridge0: port 3(gretap0) entered disabled state
[  136.883885][   T28] audit: type=1400 audit(1719647704.080:561): avc:  denied  { mount } for  pid=4137 comm="syz.1.1407" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  136.884519][ T4138] loop1: detected capacity change from 0 to 128
[  136.975044][ T4138] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  137.031209][ T4138] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  137.144038][ T4145] request_module fs-autofs succeeded, but still no fs?
[  137.154526][   T28] audit: type=1400 audit(1719647704.270:562): avc:  denied  { unmount } for  pid=3272 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  137.161745][ T4145] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1410'.
[  137.303093][ T4151] loop4: detected capacity change from 0 to 1024
[  137.354990][   T28] audit: type=1326 audit(1719647704.550:563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4144 comm="syz.0.1410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bcb975b99 code=0x7ffc0000
[  137.471499][   T28] audit: type=1326 audit(1719647704.590:564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4144 comm="syz.0.1410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4bcb975b99 code=0x7ffc0000
[  137.495351][   T28] audit: type=1326 audit(1719647704.600:565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4144 comm="syz.0.1410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bcb975b99 code=0x7ffc0000
[  137.503574][  T315] udevd[315]: symlink '../../loop4' '/dev/disk/by-label/syzkaller.tmp-b7:4' failed: Read-only file system
[  137.526055][   T28] audit: type=1326 audit(1719647704.610:566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4144 comm="syz.0.1410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f4bcb975b99 code=0x7ffc0000
[  137.552847][ T4151] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  137.558024][   T28] audit: type=1326 audit(1719647704.630:567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4144 comm="syz.0.1410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bcb975b99 code=0x7ffc0000
[  137.591744][   T28] audit: type=1326 audit(1719647704.720:568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4144 comm="syz.0.1410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4bcb975b99 code=0x7ffc0000
[  137.871190][ T4165] fuse: Bad value for 'fd'
[  138.819234][  T315] udevd[315]: symlink '../../loop4' '/dev/disk/by-label/syzkaller.tmp-b7:4' failed: Read-only file system
[  138.878361][ T4174] loop1: detected capacity change from 0 to 512
[  138.925267][  T315] udevd[315]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system
[  138.963732][  T315] udevd[315]: symlink '../../loop1' '/dev/disk/by-uuid/07000000-0000-0000-0000-000000000000.tmp-b7:1' failed: Read-only file system
[  138.995853][ T4174] EXT4-fs error (device loop1): __ext4_iget:5046: inode #14: block 1886221359: comm syz.1.1417: invalid block
[  139.055402][ T4174] EXT4-fs error (device loop1): ext4_orphan_get:1401: comm syz.1.1417: couldn't read orphan inode 14 (err -117)
[  139.068711][ T3200] EXT4-fs (loop4): unmounting filesystem.
[  139.073239][ T4174] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  139.083128][ T4174] ext4 filesystem being mounted at /root/syzkaller.khYL7D/66/bus supports timestamps until 2038 (0x7fffffff)
[  139.100731][  T315] udevd[315]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system
[  139.121586][ T1058] udevd[1058]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:4' failed: Read-only file system
[  139.209606][  T315] udevd[315]: symlink '../../loop1' '/dev/disk/by-uuid/07000000-0000-0000-0000-000000000000.tmp-b7:1' failed: Read-only file system
[  139.250139][  T312] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  139.342099][ T4196] loop2: detected capacity change from 0 to 16
[  139.413170][ T4196] erofs: (device loop2): mounted with root inode @ nid 36.
[  139.513713][ T4174] loop1: detected capacity change from 512 to 96
[  139.541715][  T315] udevd[315]: symlink '../../loop2' '/dev/disk/by-uuid/dc99752b-953d-459c-b2db-a5c46e0e7dba.tmp-b7:2' failed: Read-only file system
[  139.559491][ T4195] bio_check_eod: 13 callbacks suppressed
[  139.559508][ T4195] syz.1.1417: attempt to access beyond end of device
[  139.559508][ T4195] loop1: rw=12288, sector=272, nr_sectors = 8 limit=96
[  139.582025][ T4195] EXT4-fs error (device loop1): ext4_get_inode_loc:4635: inode #18: block 34: comm syz.1.1417: unable to read itable block
[  139.598573][ T1058] udevd[1058]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system
[  139.611161][ T1058] udevd[1058]: symlink '../../loop1' '/dev/disk/by-uuid/07000000-0000-0000-0000-000000000000.tmp-b7:1' failed: Read-only file system
[  139.626391][ T4195] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: IO failure
[  139.635466][ T4195] EXT4-fs error (device loop1): ext4_alloc_file_blocks:4495: inode #18: comm syz.1.1417: mark_inode_dirty error
[  139.672940][ T3272] syz-executor: attempt to access beyond end of device
[  139.672940][ T3272] loop1: rw=12288, sector=272, nr_sectors = 8 limit=96
[  139.686652][ T3272] EXT4-fs error (device loop1): __ext4_get_inode_loc_noinmem:4620: inode #11: block 34: comm syz-executor: unable to read itable block
[  139.701553][ T3272] syz-executor: attempt to access beyond end of device
[  139.701553][ T3272] loop1: rw=12288, sector=272, nr_sectors = 8 limit=96
[  139.715383][ T3272] EXT4-fs error (device loop1): __ext4_get_inode_loc_noinmem:4620: inode #11: block 34: comm syz-executor: unable to read itable block
[  139.991261][ T4203] netlink: 'syz.4.1423': attribute type 4 has an invalid length.
[  140.019677][ T4203] netlink: 'syz.4.1423': attribute type 4 has an invalid length.
[  140.111010][ T3272] syz-executor: attempt to access beyond end of device
[  140.111010][ T3272] loop1: rw=12288, sector=272, nr_sectors = 8 limit=96
[  140.334170][ T3272] EXT4-fs error (device loop1): ext4_get_inode_loc:4635: inode #2: block 34: comm syz-executor: unable to read itable block
[  140.347526][ T3272] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: IO failure
[  140.356357][ T3272] EXT4-fs error (device loop1): ext4_dirty_inode:6074: inode #2: comm syz-executor: mark_inode_dirty error
[  140.368099][ T3602] kworker/u4:6: attempt to access beyond end of device
[  140.368099][ T3602] loop1: rw=12288, sector=272, nr_sectors = 8 limit=96
[  140.440225][  T312] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  140.441259][ T3602] EXT4-fs error (device loop1): ext4_get_inode_loc:4635: inode #18: block 34: comm kworker/u4:6: unable to read itable block
[  140.460486][  T312] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 64
[  140.475950][ T3602] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: IO failure
[  140.485313][ T3602] kworker/u4:6: attempt to access beyond end of device
[  140.485313][ T3602] loop1: rw=12288, sector=272, nr_sectors = 8 limit=96
[  140.499243][ T3602] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 5
[  140.511353][ T3602] EXT4-fs (loop1): This should not happen!! Data will be lost
[  140.511353][ T3602] 
[  140.520926][ T3602] kworker/u4:6: attempt to access beyond end of device
[  140.520926][ T3602] loop1: rw=12288, sector=272, nr_sectors = 8 limit=96
[  140.599530][ T4213] bridge0: port 1(gretap0) entered blocking state
[  140.605851][ T4213] bridge0: port 1(gretap0) entered disabled state
[  140.614785][ T4213] device gretap0 entered promiscuous mode
[  140.620797][ T4213] bridge0: port 1(gretap0) entered blocking state
[  140.627032][ T4213] bridge0: port 1(gretap0) entered forwarding state
[  140.654653][ T4213] device gretap0 left promiscuous mode
[  140.660344][ T4213] bridge0: port 1(gretap0) entered disabled state
[  140.688271][ T3602] kworker/u4:6: attempt to access beyond end of device
[  140.688271][ T3602] loop1: rw=12288, sector=272, nr_sectors = 8 limit=96
[  140.733921][ T3272] EXT4-fs (loop1): unmounting filesystem.
[  140.907264][ T4208] loop4: detected capacity change from 0 to 40427
[  140.915906][ T4208] F2FS-fs (loop4): invalid crc value
[  140.932139][ T4208] F2FS-fs (loop4): Found nat_bits in checkpoint
[  140.940156][  T312] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  140.949010][  T312] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  140.978617][  T312] usb 4-1: Product: syz
[  140.982713][  T312] usb 4-1: Manufacturer: syz
[  140.984965][ T4208] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  140.987065][  T312] usb 4-1: SerialNumber: syz
[  141.013240][ T3200] syz-executor: attempt to access beyond end of device
[  141.013240][ T3200] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  141.128180][ T4219] bridge0: port 1(bridge_slave_0) entered blocking state
[  141.135210][ T4219] bridge0: port 1(bridge_slave_0) entered disabled state
[  141.143023][ T4219] device bridge_slave_0 entered promiscuous mode
[  141.150078][ T4219] bridge0: port 2(bridge_slave_1) entered blocking state
[  141.156947][ T4219] bridge0: port 2(bridge_slave_1) entered disabled state
[  141.164298][ T4219] device bridge_slave_1 entered promiscuous mode
[  141.171223][  T319] device bridge_slave_1 left promiscuous mode
[  141.177205][  T319] bridge0: port 2(bridge_slave_1) entered disabled state
[  141.184809][  T319] device bridge_slave_0 left promiscuous mode
[  141.190851][  T319] bridge0: port 1(bridge_slave_0) entered disabled state
[  141.203344][  T319] device veth1_macvtap left promiscuous mode
[  141.209357][  T319] device veth0_vlan left promiscuous mode
[  141.231642][ T4182] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  141.255460][ T4229] loop4: detected capacity change from 0 to 256
[  141.269335][ T4229] FAT-fs (loop4): Directory bread(block 64) failed
[  141.275963][ T4229] FAT-fs (loop4): Directory bread(block 65) failed
[  141.282785][ T4229] FAT-fs (loop4): Directory bread(block 66) failed
[  141.289151][ T4229] FAT-fs (loop4): Directory bread(block 67) failed
[  141.295978][ T4229] FAT-fs (loop4): Directory bread(block 68) failed
[  141.302602][ T4229] FAT-fs (loop4): Directory bread(block 69) failed
[  141.309045][ T4229] FAT-fs (loop4): Directory bread(block 70) failed
[  141.318482][ T4229] FAT-fs (loop4): Directory bread(block 71) failed
[  141.328762][ T4229] FAT-fs (loop4): Directory bread(block 72) failed
[  141.335925][ T4229] FAT-fs (loop4): Directory bread(block 73) failed
[  141.614457][ T4244] loop2: detected capacity change from 0 to 512
[  141.798183][ T4219] bridge0: port 2(bridge_slave_1) entered blocking state
[  141.805156][ T4219] bridge0: port 2(bridge_slave_1) entered forwarding state
[  141.812272][ T4219] bridge0: port 1(bridge_slave_0) entered blocking state
[  141.819128][ T4219] bridge0: port 1(bridge_slave_0) entered forwarding state
[  141.827726][ T1980] bridge0: port 1(bridge_slave_0) entered disabled state
[  141.839549][ T4244] EXT4-fs (loop2): 1 truncate cleaned up
[  141.845805][ T1980] bridge0: port 2(bridge_slave_1) entered disabled state
[  141.853372][ T4244] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  141.880312][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  141.887595][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  141.970304][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  141.978700][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  141.986857][   T24] bridge0: port 1(bridge_slave_0) entered blocking state
[  141.993731][   T24] bridge0: port 1(bridge_slave_0) entered forwarding state
[  142.001907][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  142.021809][ T4250] loop4: detected capacity change from 0 to 40427
[  142.045968][ T4250] F2FS-fs (loop4): invalid crc value
[  142.052597][ T4182] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  142.061140][ T4250] F2FS-fs (loop4): Found nat_bits in checkpoint
[  142.112997][ T4250] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  142.158828][ T3200] syz-executor: attempt to access beyond end of device
[  142.158828][ T3200] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  142.167288][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  142.180733][ T1980] bridge0: port 2(bridge_slave_1) entered blocking state
[  142.187590][ T1980] bridge0: port 2(bridge_slave_1) entered forwarding state
[  142.236867][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  142.248093][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  142.267344][  T410] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  142.275343][  T312] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42
[  142.282377][  T312] cdc_ncm 4-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[  142.289918][  T410] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  142.300145][  T312] cdc_ncm 4-1:1.0: setting rx_max = 2048
[  142.318981][  T410] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  142.327804][  T410] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  142.336573][  T410] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  142.344445][  T410] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  142.353155][ T4219] device veth0_vlan entered promiscuous mode
[  142.360320][ T1890] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  142.367577][ T1890] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  142.381311][ T4219] device veth1_macvtap entered promiscuous mode
[  142.388627][ T4033] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  142.411562][ T3125] EXT4-fs (loop2): unmounting filesystem.
[  142.421077][ T4033] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  142.428996][ T4033] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  142.443447][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  142.452239][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  142.460457][   T28] audit: type=1400 audit(1719647709.650:569): avc:  denied  { create } for  pid=4262 comm="syz.2.1445" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1
[  142.480148][  T312] cdc_ncm 4-1:1.0: setting tx_max = 184
[  142.481544][   T28] audit: type=1400 audit(1719647709.650:570): avc:  denied  { sys_admin } for  pid=4262 comm="syz.2.1445" capability=21  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[  142.529826][ T4267] fuse: Bad value for 'fd'
[  142.771030][  T410] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  142.789881][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  142.811378][ T1980] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  142.821945][  T312] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[  142.836997][  T312] usb 4-1: USB disconnect, device number 14
[  142.843656][  T312] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM (NO ZLP)
[  142.854088][   T28] audit: type=1400 audit(1719647710.060:571): avc:  denied  { read } for  pid=139 comm="dhcpcd" name="n18" dev="tmpfs" ino=8734 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  142.877706][   T28] audit: type=1400 audit(1719647710.060:572): avc:  denied  { open } for  pid=139 comm="dhcpcd" path="/run/udev/data/n18" dev="tmpfs" ino=8734 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  142.901381][   T28] audit: type=1400 audit(1719647710.060:573): avc:  denied  { getattr } for  pid=139 comm="dhcpcd" path="/run/udev/data/n18" dev="tmpfs" ino=8734 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  142.945853][   T28] audit: type=1400 audit(1719647710.140:574): avc:  denied  { search } for  pid=4275 comm="dhcpcd-run-hook" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  142.955196][ T4277] loop2: detected capacity change from 0 to 256
[  142.978079][   T28] audit: type=1400 audit(1719647710.140:575): avc:  denied  { read } for  pid=4276 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=299 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  143.005257][   T28] audit: type=1400 audit(1719647710.140:576): avc:  denied  { open } for  pid=4276 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=299 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  143.005289][   T28] audit: type=1400 audit(1719647710.140:577): avc:  denied  { getattr } for  pid=4276 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=299 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  143.026243][ T4277] FAT-fs (loop2): Directory bread(block 64) failed
[  143.031293][  T410] usb 1-1: Using ep0 maxpacket: 32
[  143.064523][ T4277] FAT-fs (loop2): Directory bread(block 65) failed
[  143.087307][ T4277] FAT-fs (loop2): Directory bread(block 66) failed
[  143.109958][ T4277] FAT-fs (loop2): Directory bread(block 67) failed
[  143.116648][   T28] audit: type=1400 audit(1719647710.310:578): avc:  denied  { write } for  pid=4275 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=298 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  143.120233][ T4277] FAT-fs (loop2): Directory bread(block 68) failed
[  143.154459][ T4277] FAT-fs (loop2): Directory bread(block 69) failed
[  143.165265][ T4277] FAT-fs (loop2): Directory bread(block 70) failed
[  143.171836][ T4277] FAT-fs (loop2): Directory bread(block 71) failed
[  143.178193][ T4277] FAT-fs (loop2): Directory bread(block 72) failed
[  143.186469][ T4277] FAT-fs (loop2): Directory bread(block 73) failed
[  143.411297][  T410] usb 1-1: New USB device found, idVendor=257a, idProduct=260c, bcdDevice=a6.30
[  143.430501][  T410] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  143.443158][  T410] usb 1-1: Product: syz
[  143.456273][  T410] usb 1-1: Manufacturer: syz
[  143.470933][  T410] usb 1-1: SerialNumber: syz
[  143.481223][  T410] usb 1-1: config 0 descriptor??
[  143.542256][ T4299] loop1: detected capacity change from 0 to 40427
[  143.564858][  T315] udevd[315]: symlink '../../loop1' '/dev/disk/by-uuid/922c7623-35ee-4af3-bdd7-07040bb1b7db.tmp-b7:1' failed: Read-only file system
[  143.581493][ T4299] F2FS-fs (loop1): Found nat_bits in checkpoint
[  143.582174][ T4300] loop3: detected capacity change from 0 to 40427
[  143.603160][  T315] udevd[315]: symlink '../../loop3' '/dev/disk/by-uuid/922c7623-35ee-4af3-bdd7-07040bb1b7db.tmp-b7:3' failed: Read-only file system
[  143.616871][ T4300] F2FS-fs (loop3): invalid crc value
[  143.623736][ T4300] F2FS-fs (loop3): Found nat_bits in checkpoint
[  143.631372][ T4299] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  143.644258][  T315] udevd[315]: symlink '../../loop1' '/dev/disk/by-uuid/922c7623-35ee-4af3-bdd7-07040bb1b7db.tmp-b7:1' failed: Read-only file system
[  143.712091][ T4300] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  143.735459][  T315] udevd[315]: symlink '../../loop3' '/dev/disk/by-uuid/922c7623-35ee-4af3-bdd7-07040bb1b7db.tmp-b7:3' failed: Read-only file system
[  143.765114][ T1980] usb 1-1: USB disconnect, device number 12
[  144.010219][   T24] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  144.155602][  T315] udevd[315]: symlink '../../loop1' '/dev/disk/by-uuid/922c7623-35ee-4af3-bdd7-07040bb1b7db.tmp-b7:3' failed: Read-only file system
[  144.383275][ T4360] device syzkaller0 entered promiscuous mode
[  144.463463][ T4363] fuse: Bad value for 'fd'
[  144.550343][   T24] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  144.626071][   T24] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 64
[  144.728109][ T4367] loop1: detected capacity change from 0 to 2048
[  144.736854][ T4367] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  144.755662][  T315] udevd[315]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system
[  144.758006][ T4367] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  144.779246][ T4367] EXT4-fs error (device loop1): ext4_find_dest_de:2112: inode #12: block 9: comm syz.1.1471: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=13, rec_len=21, size=56 fake=0
[  144.781065][  T315] udevd[315]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system
[  144.803986][ T4367] EXT4-fs (loop1): Remounting filesystem read-only
[  144.821727][ T4219] EXT4-fs (loop1): unmounting filesystem.
[  144.920255][   T24] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  144.931912][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  144.940524][   T24] usb 3-1: Product: syz
[  144.944603][   T24] usb 3-1: Manufacturer: syz
[  144.949327][   T24] usb 3-1: SerialNumber: syz
[  145.025973][ T4374] loop0: detected capacity change from 0 to 40427
[  145.045682][  T315] udevd[315]: symlink '../../loop0' '/dev/disk/by-uuid/922c7623-35ee-4af3-bdd7-07040bb1b7db.tmp-b7:0' failed: Read-only file system
[  145.063260][ T4374] F2FS-fs (loop0): Found nat_bits in checkpoint
[  145.076599][ T4394] device syzkaller0 entered promiscuous mode
[  145.108464][ T4374] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  145.135912][  T315] udevd[315]: symlink '../../loop0' '/dev/disk/by-uuid/922c7623-35ee-4af3-bdd7-07040bb1b7db.tmp-b7:0' failed: Read-only file system
[  145.203376][ T4340] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  145.237171][ T4404] loop1: detected capacity change from 0 to 2048
[  145.244517][ T4404] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  145.249618][  T315] udevd[315]: symlink '../../loop1' '/dev/disk/by-label/syzkaller.tmp-b7:1' failed: Read-only file system
[  145.257845][ T4404] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  145.501187][ T4404] EXT4-fs error (device loop1): ext4_find_dest_de:2112: inode #12: block 9: comm syz.1.1484: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=13, rec_len=21, size=56 fake=0
[  145.564016][ T4404] EXT4-fs (loop1): Remounting filesystem read-only
[  145.614234][ T4219] EXT4-fs (loop1): unmounting filesystem.
[  145.716421][ T2456] bio_check_eod: 2 callbacks suppressed
[  145.716436][ T2456] syz-executor: attempt to access beyond end of device
[  145.716436][ T2456] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  145.850677][ T4340] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  145.950096][   T37] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  146.070256][   T24] cdc_ncm 3-1:1.0: MAC-Address: 42:42:42:42:42:42
[  146.076793][   T24] cdc_ncm 3-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[  146.084196][   T24] cdc_ncm 3-1:1.0: setting rx_max = 2048
[  146.115945][ T4452] loop0: detected capacity change from 0 to 16
[  146.123852][ T4452] erofs: (device loop0): mounted with root inode @ nid 36.
[  146.300162][   T24] cdc_ncm 3-1:1.0: setting tx_max = 184
[  146.321697][   T24] cdc_ncm 3-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.2-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[  146.334167][   T24] usb 3-1: USB disconnect, device number 8
[  146.340890][   T37] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  146.351961][   T24] cdc_ncm 3-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.2-1, CDC NCM (NO ZLP)
[  146.361112][   T37] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  146.379253][   T37] usb 5-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00
[  146.388279][   T37] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  146.399189][   T37] usb 5-1: config 0 descriptor??
[  146.404076][ T1980] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  146.416900][  T293] ==================================================================
[  146.424790][  T293] BUG: KASAN: use-after-free in __list_del_entry_valid+0xa6/0x130
[  146.432440][  T293] Read of size 8 at addr ffff888113010cf0 by task kworker/1:2/293
[  146.440066][  T293] 
[  146.442238][  T293] CPU: 1 PID: 293 Comm: kworker/1:2 Not tainted 6.1.78-syzkaller-00049-gc2dad37627f9 #0
[  146.451781][  T293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  146.461676][  T293] Workqueue:  0x0 (events)
[  146.465927][  T293] Call Trace:
[  146.469051][  T293]  <TASK>
[  146.471830][  T293]  dump_stack_lvl+0x151/0x1b7
[  146.476343][  T293]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[  146.481639][  T293]  ? _printk+0xd1/0x111
[  146.485631][  T293]  ? __virt_addr_valid+0x242/0x2f0
[  146.490577][  T293]  print_report+0x158/0x4e0
[  146.494916][  T293]  ? __virt_addr_valid+0x242/0x2f0
[  146.499867][  T293]  ? kasan_complete_mode_report_info+0x90/0x1b0
[  146.505940][  T293]  ? __list_del_entry_valid+0xa6/0x130
[  146.511233][  T293]  kasan_report+0x13c/0x170
[  146.515579][  T293]  ? __list_del_entry_valid+0xa6/0x130
[  146.520872][  T293]  ? finish_task_switch+0x167/0x7b0
[  146.525911][  T293]  __asan_report_load8_noabort+0x14/0x20
[  146.531369][  T293]  __list_del_entry_valid+0xa6/0x130
[  146.536509][  T293]  move_linked_works+0x7c/0x260
[  146.541173][  T293]  ? led_work+0x590/0x590
[  146.545342][  T293]  process_one_work+0x30a/0xcb0
[  146.550025][  T293]  ? _raw_spin_lock_irqsave+0x210/0x210
[  146.555410][  T293]  ? wq_worker_running+0xa6/0x1b0
[  146.560273][  T293]  worker_thread+0xa60/0x1260
[  146.564788][  T293]  kthread+0x26d/0x300
[  146.568684][  T293]  ? worker_clr_flags+0x1a0/0x1a0
[  146.573548][  T293]  ? kthread_blkcg+0xd0/0xd0
[  146.577972][  T293]  ret_from_fork+0x1f/0x30
[  146.582231][  T293]  </TASK>
[  146.585090][  T293] 
[  146.587261][  T293] Allocated by task 24:
[  146.591254][  T293]  kasan_set_track+0x4b/0x70
[  146.595681][  T293]  kasan_save_alloc_info+0x1f/0x30
[  146.600626][  T293]  __kasan_kmalloc+0x9c/0xb0
[  146.605052][  T293]  __kmalloc_node+0xb4/0x1e0
[  146.609481][  T293]  kvmalloc_node+0x221/0x640
[  146.613906][  T293]  alloc_netdev_mqs+0x8c/0xf90
[  146.618505][  T293]  alloc_etherdev_mqs+0x36/0x40
[  146.623195][  T293]  usbnet_probe+0x207/0x27c0
[  146.627619][  T293]  usb_probe_interface+0x5b6/0xa90
[  146.632566][  T293]  really_probe+0x2b8/0x920
[  146.636907][  T293]  __driver_probe_device+0x1a0/0x310
[  146.642026][  T293]  driver_probe_device+0x54/0x3d0
[  146.646890][  T293]  __device_attach_driver+0x2e3/0x490
[  146.652094][  T293]  bus_for_each_drv+0x183/0x200
[  146.656784][  T293]  __device_attach+0x312/0x510
[  146.661381][  T293]  device_initial_probe+0x1a/0x20
[  146.666240][  T293]  bus_probe_device+0xbe/0x1e0
[  146.670841][  T293]  device_add+0xb60/0xf10
[  146.675011][  T293]  usb_set_configuration+0x190f/0x1e80
[  146.680304][  T293]  usb_generic_driver_probe+0x8b/0x150
[  146.685599][  T293]  usb_probe_device+0x144/0x260
[  146.690283][  T293]  really_probe+0x2b8/0x920
[  146.694623][  T293]  __driver_probe_device+0x1a0/0x310
[  146.699743][  T293]  driver_probe_device+0x54/0x3d0
[  146.704603][  T293]  __device_attach_driver+0x2e3/0x490
[  146.709820][  T293]  bus_for_each_drv+0x183/0x200
[  146.714500][  T293]  __device_attach+0x312/0x510
[  146.719098][  T293]  device_initial_probe+0x1a/0x20
[  146.723961][  T293]  bus_probe_device+0xbe/0x1e0
[  146.728565][  T293]  device_add+0xb60/0xf10
[  146.732726][  T293]  usb_new_device+0xf32/0x1810
[  146.737325][  T293]  hub_event+0x2db1/0x4830
[  146.741584][  T293]  process_one_work+0x73d/0xcb0
[  146.746265][  T293]  worker_thread+0xa60/0x1260
[  146.750777][  T293]  kthread+0x26d/0x300
[  146.754685][  T293]  ret_from_fork+0x1f/0x30
[  146.758941][  T293] 
[  146.761105][  T293] Freed by task 24:
[  146.764750][  T293]  kasan_set_track+0x4b/0x70
[  146.769178][  T293]  kasan_save_free_info+0x2b/0x40
[  146.774038][  T293]  ____kasan_slab_free+0x131/0x180
[  146.778985][  T293]  __kasan_slab_free+0x11/0x20
[  146.783588][  T293]  __kmem_cache_free+0x218/0x3b0
[  146.788360][  T293]  kfree+0x7a/0xf0
[  146.791919][  T293]  kvfree+0x35/0x40
[  146.795563][  T293]  netdev_freemem+0x3f/0x60
[  146.799903][  T293]  netdev_release+0x7f/0xb0
[  146.804244][  T293]  device_release+0x95/0x1c0
[  146.808672][  T293]  kobject_put+0x178/0x260
[  146.812921][  T293]  put_device+0x1f/0x30
[  146.816915][  T293]  free_netdev+0x393/0x480
[  146.821167][  T293]  usbnet_disconnect+0x245/0x390
[  146.825941][  T293]  usb_unbind_interface+0x1fa/0x8c0
[  146.830976][  T293]  device_release_driver_internal+0x53e/0x870
[  146.836877][  T293]  device_release_driver+0x19/0x20
[  146.841827][  T293]  bus_remove_device+0x2fa/0x360
[  146.846598][  T293]  device_del+0x663/0xe90
[  146.850763][  T293]  usb_disable_device+0x380/0x720
[  146.855624][  T293]  usb_disconnect+0x32a/0x890
[  146.860138][  T293]  hub_event+0x1ed8/0x4830
[  146.864390][  T293]  process_one_work+0x73d/0xcb0
[  146.869078][  T293]  worker_thread+0xd71/0x1260
[  146.873592][  T293]  kthread+0x26d/0x300
[  146.877498][  T293]  ret_from_fork+0x1f/0x30
[  146.881749][  T293] 
[  146.883922][  T293] Last potentially related work creation:
[  146.889475][  T293]  kasan_save_stack+0x3b/0x60
[  146.893987][  T293]  __kasan_record_aux_stack+0xb4/0xc0
[  146.899194][  T293]  kasan_record_aux_stack_noalloc+0xb/0x10
[  146.904844][  T293]  insert_work+0x56/0x310
[  146.909004][  T293]  __queue_work+0x9b6/0xd70
[  146.913343][  T293]  queue_work_on+0x105/0x170
[  146.917770][  T293]  usbnet_link_change+0xeb/0x100
[  146.922632][  T293]  usbnet_probe+0x1dbe/0x27c0
[  146.927230][  T293]  usb_probe_interface+0x5b6/0xa90
[  146.932177][  T293]  really_probe+0x2b8/0x920
[  146.936523][  T293]  __driver_probe_device+0x1a0/0x310
[  146.941650][  T293]  driver_probe_device+0x54/0x3d0
[  146.946497][  T293]  __device_attach_driver+0x2e3/0x490
[  146.951706][  T293]  bus_for_each_drv+0x183/0x200
[  146.956392][  T293]  __device_attach+0x312/0x510
[  146.960992][  T293]  device_initial_probe+0x1a/0x20
[  146.965855][  T293]  bus_probe_device+0xbe/0x1e0
[  146.970452][  T293]  device_add+0xb60/0xf10
[  146.974617][  T293]  usb_set_configuration+0x190f/0x1e80
[  146.979915][  T293]  usb_generic_driver_probe+0x8b/0x150
[  146.985208][  T293]  usb_probe_device+0x144/0x260
[  146.989893][  T293]  really_probe+0x2b8/0x920
[  146.994235][  T293]  __driver_probe_device+0x1a0/0x310
[  146.999355][  T293]  driver_probe_device+0x54/0x3d0
[  147.004216][  T293]  __device_attach_driver+0x2e3/0x490
[  147.009430][  T293]  bus_for_each_drv+0x183/0x200
[  147.014111][  T293]  __device_attach+0x312/0x510
[  147.018718][  T293]  device_initial_probe+0x1a/0x20
[  147.023586][  T293]  bus_probe_device+0xbe/0x1e0
[  147.028171][  T293]  device_add+0xb60/0xf10
[  147.032339][  T293]  usb_new_device+0xf32/0x1810
[  147.036940][  T293]  hub_event+0x2db1/0x4830
[  147.041189][  T293]  process_one_work+0x73d/0xcb0
[  147.045876][  T293]  worker_thread+0xa60/0x1260
[  147.050396][  T293]  kthread+0x26d/0x300
[  147.054296][  T293]  ret_from_fork+0x1f/0x30
[  147.058546][  T293] 
[  147.060720][  T293] The buggy address belongs to the object at ffff888113010000
[  147.060720][  T293]  which belongs to the cache kmalloc-4k of size 4096
[  147.074615][  T293] The buggy address is located 3312 bytes inside of
[  147.074615][  T293]  4096-byte region [ffff888113010000, ffff888113011000)
[  147.087971][  T293] 
[  147.090144][  T293] The buggy address belongs to the physical page:
[  147.096395][  T293] page:ffffea00044c0400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x113010
[  147.106465][  T293] head:ffffea00044c0400 order:3 compound_mapcount:0 compound_pincount:0
[  147.114618][  T293] flags: 0x4000000000010200(slab|head|zone=1)
[  147.120529][  T293] raw: 4000000000010200 0000000000000000 dead000000000001 ffff888100043380
[  147.128942][  T293] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
[  147.137357][  T293] page dumped because: kasan: bad access detected
[  147.143622][  T293] page_owner tracks the page as allocated
[  147.149162][  T293] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 2524, tgid 2524 (syz-executor), ts 81376864358, free_ts 81373772755
[  147.171734][  T293]  post_alloc_hook+0x213/0x220
[  147.176329][  T293]  prep_new_page+0x1b/0x110
[  147.180669][  T293]  get_page_from_freelist+0x27ea/0x2870
[  147.186147][  T293]  __alloc_pages+0x3a1/0x780
[  147.190579][  T293]  alloc_slab_page+0x6c/0xf0
[  147.195101][  T293]  new_slab+0x90/0x3e0
[  147.198998][  T293]  ___slab_alloc+0x6f9/0xb80
[  147.203414][  T293]  __slab_alloc+0x5d/0xa0
[  147.207600][  T293]  __kmem_cache_alloc_node+0x1af/0x250
[  147.212878][  T293]  kmalloc_trace+0x2a/0xa0
[  147.217133][  T293]  ipv6_add_dev+0x5dd/0x11a0
[  147.221556][  T293]  addrconf_notify+0x6d2/0xe10
[  147.226158][  T293]  raw_notifier_call_chain+0x8c/0xf0
[  147.231278][  T293]  call_netdevice_notifiers+0x145/0x1b0
[  147.236660][  T293]  register_netdevice+0x10cf/0x1490
[  147.241692][  T293]  register_vlan_dev+0x280/0x5e0
[  147.246470][  T293] page last free stack trace:
[  147.250985][  T293]  free_unref_page_prepare+0x83d/0x850
[  147.256273][  T293]  free_unref_page+0xb2/0x5c0
[  147.260786][  T293]  __free_pages+0x61/0xf0
[  147.264953][  T293]  __free_slab+0xce/0x1a0
[  147.269119][  T293]  __unfreeze_partials+0x165/0x1a0
[  147.274066][  T293]  put_cpu_partial+0xa9/0x100
[  147.278586][  T293]  __slab_free+0x1c8/0x280
[  147.282831][  T293]  ___cache_free+0xc6/0xd0
[  147.287087][  T293]  qlist_free_all+0xc5/0x140
[  147.291511][  T293]  kasan_quarantine_reduce+0x15a/0x180
[  147.296805][  T293]  __kasan_slab_alloc+0x24/0x80
[  147.301493][  T293]  slab_post_alloc_hook+0x53/0x2c0
[  147.306462][  T293]  __kmem_cache_alloc_node+0x191/0x250
[  147.311733][  T293]  kmalloc_trace+0x2a/0xa0
[  147.315987][  T293]  ref_tracker_alloc+0x138/0x450
[  147.320762][  T293]  net_rx_queue_update_kobjects+0x14d/0x4a0
[  147.326577][  T293] 
[  147.328745][  T293] Memory state around the buggy address:
[  147.334217][  T293]  ffff888113010b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  147.342112][  T293]  ffff888113010c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  147.350010][  T293] >ffff888113010c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  147.357907][  T293]                                                              ^
[  147.365460][  T293]  ffff888113010d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  147.373359][  T293]  ffff888113010d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  147.381255][  T293] ==================================================================
[  147.389242][  T293] Disabling lock debugging due to kernel taint
[  147.640105][ T1980] usb 1-1: Using ep0 maxpacket: 16
[  147.760169][ T1980] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 11
[  147.768959][ T1980] usb 1-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0
[  147.778430][ T1980] usb 1-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0
[  147.787875][ T1980] usb 1-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0
[  147.797444][ T1980] usb 1-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0
[  147.806958][ T1980] usb 1-1: config 1 interface 0 has no altsetting 0
[  147.813400][ T1980] usb 1-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77
[  147.822240][ T1980] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  147.861858][   T37] logitech-hidpp-device 0003:046D:C086.000A: hidraw0: USB HID v0.00 Device [HID 046d:c086] on usb-dummy_hcd.4-1/input0
[  147.880467][ T1980] ums-sddr09 1-1:1.0: USB Mass Storage device detected
[  148.063242][   T37] usb 5-1: USB disconnect, device number 11
[  148.090737][ T1980] scsi host1: usb-storage 1-1:1.0
[  148.331396][   T28] kauditd_printk_skb: 8 callbacks suppressed
[  148.331411][   T28] audit: type=1400 audit(1719647715.530:587): avc:  denied  { mounton } for  pid=4451 comm="syz.0.1504" path="/root/syzkaller.KxZcs3/133/file2/file1" dev="loop0" ino=86 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  148.331437][ T4452] SELinux: security_context_str_to_sid (�{���e���Iι�q�b2=ɸ�D{����B������<��
[  148.331437][ T4452] +A�7��:98F)����j�A�T��1���ÆQ>�_�Ƞ�T>� ��%��ŕU������y%�����s?:�����^ޮ;P�׫:��S�htN|~$е�������6;']�Q�Bu���S9Vh���X��&<��O�����`
[  148.331437][ T4452] -�/H:�N/��4J+���ј�`E����q�i�rN7�����@P�r./file1) failed with errno=-22
[  148.402371][  T312] usb 1-1: USB disconnect, device number 13
[  148.926191][   T28] audit: type=1400 audit(1719647716.120:588): avc:  denied  { unmount } for  pid=2456 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[  148.926457][ T2456] erofs: (device loop0): erofs_read_inode: bogus i_mode (0) @ nid 305
[  148.954219][ T2456] erofs: (device loop0): erofs_read_inode: bogus i_mode (0) @ nid 305
[  149.460761][  T319] device bridge_slave_1 left promiscuous mode
[  149.466744][  T319] bridge0: port 2(bridge_slave_1) entered disabled state
[  149.474445][  T319] device veth1_macvtap left promiscuous mode
[  149.480318][  T319] device veth0_vlan left promiscuous mode